diff options
author | till <till@php.net> | 2008-02-11 23:21:15 +0000 |
---|---|---|
committer | till <till@php.net> | 2008-02-11 23:21:15 +0000 |
commit | 19881691bdef7beba3b9ed41049dab9b6f856f93 (patch) | |
tree | 08b2dbe6e808cc50275ef04a4a030f0a243ed113 /check.php-dist | |
parent | ddbdb8516b470a1451ea0d72647e3be44b50b330 (diff) |
* removed check.php (security issue)
* added check.php-dist
* new in check(.php-dist): smtp check, prettyfied errors
Diffstat (limited to 'check.php-dist')
-rw-r--r-- | check.php-dist | 297 |
1 files changed, 297 insertions, 0 deletions
diff --git a/check.php-dist b/check.php-dist new file mode 100644 index 000000000..d1f3e295e --- /dev/null +++ b/check.php-dist @@ -0,0 +1,297 @@ +<?php +/** + * Copyright (c) 2008, Till Klampaeckel + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, this + * list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * PHP Version 5 + * + * @category Config + * @package RoundCube + * @author Till Klampaeckel <till@php.net> + * @license http://www.opensource.org/licenses/bsd-license.php The BSD License + * @version CVS: $Id$ + * @link https://svn.roundcube.net/trunk + * @todo Check IMAP settings. + * @todo Check SMTP settings. + * @todo HTML/CSS to make it pretty. + * @todo In devel-next, use bootstrap. + * @todo Refactor to use RoundCube classes. + */ + +$rctest_config = array(); +$rctest_config['from'] = '_yourfrom_'; + +/* + ******************************************** + ******************************************** + ** Don't edit anything else in this file. ** + ** Unless (of course) you know what you ** + ** are doing. ** + ******************************************** + ******************************************** + */ + +$include_path = dirname(__FILE__) . '/program/lib/'; +$include_path .= PATH_SEPARATOR; +$include_path .= dirname(__FILE__) . '/program/'; +$include_path .= PATH_SEPARATOR; +$include_path .= get_include_path(); + +set_include_path($include_path); + +$writable_dirs = array('logs/', 'temp/'); +$create_files = array('config/db.inc.php', 'config/main.inc.php'); + +$path = dirname(__FILE__) . '/'; +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2002/REC-xhtml1-20020801/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + <link rel="shortcut icon" href="skins/default/images/favicon.ico"/> + <link rel="stylesheet" type="text/css" href="skins/default/common.css" /> + <style type="text/css"> + /* <![CDATA[ */ + label { display:block; } + .success { color:#006400;font-weight:bold !important; } + .fail { color:#ff0000 !important;font-weight:bold !important; } + /* ]]> */ + </style> + <title>RoundCube :: check</title> +</head> +<body> +<img src="skins/default/images/roundcube_logo.png" width="165" height="55" border="0" alt="RoundCube Webmail" hspace="12" vspace="2"/> + +<h3>Check <?php echo basename(__FILE__); ?> Configuration</h3> +From correctly set: +<?php +if ($rctest_config['from'] == '_yourfrom_') { + echo '<span class="fail">NOT OK</span></span>'; +} else { + echo $rctest_config['from'] . '<br /><br />'; + echo '<i>We do not check if this is a <b>valid</b> email address. Since this serves as from & to, make sure it is correct!</i>'; +} +?> +<br /> +<?php +echo '<h3>Check if directories are writable</h3>'; +echo '<p>RoundCube may need to write/save files into these directories.</p>'; + +foreach ($writable_dirs AS $dir) { + echo "Directory $dir: "; + if (!is_writable($path . $dir)) { + echo '<span class="fail">NOT OK</span></span>'; + } else { + echo '<span class="success">OK</span>'; + } + echo "<br />"; +} + +echo '<h3>Check if you setup config files</h3>'; +echo '<p>Checks if the files exist and if they are readable.</p>'; + +foreach ($create_files AS $file) { + echo "File $file: "; + if (file_exists($path . $file) && is_readable($path . $file)) { + echo '<span class="success">OK</span>'; + } else { + echo '<span class="fail">NOT OK</span></span>'; + } + echo '<br />'; +} + +echo '<h3>Check supplied DB settings</h3>'; +@include $path . 'config/db.inc.php'; + +$db_working = false; +if (isset($rcmail_config)) { + echo 'DB settings: '; + include_once 'MDB2.php'; + $db = MDB2::connect($rcmail_config['db_dsnw']); + if (!MDB2::IsError($db)) { + echo '<span class="success">OK</span>'; + $db->disconnect(); + $db_working = true; + } else { + echo '<span class="fail">NOT OK</span></span>'; + } + echo '<br />'; +} else { + echo 'Could not open db.inc.php config file, or file is empty.<br />'; +} + +echo '<h3>TimeZone</h3>'; +echo 'Checks if web- and databaseserver are in the same timezone.<br /><br />'; +echo 'Status: '; +if ($db_working === true) { + require_once 'include/rcube_mdb2.inc'; + $DB = new rcube_mdb2($rcmail_config['db_dsnw'], '', false); + $DB->db_connect('w'); + + $tz_db = "SELECT " . $DB->unixtimestamp($DB->now()) . " AS tz_db"; + $tz_db = $DB->query($tz_db); + $tz_db = $DB->fetch_assoc($tz_db); + $tz_db = (int) $tz_db['tz_db']; + $tz_local = (int) time(); + $tz_diff = $tz_local - $tz_db; + + if ($tz_db != $tz_local) { + echo '<span class="fail">NOT OK</span></span>'; + } else { + echo '<span class="success">OK</span>'; + } +} else { + echo 'Could not test (fix DB first).'; +} +echo '<br />'; + +echo '<h3>Checking .ini settings</h3>'; + +$auto_start = ini_get('session.auto_start'); +$file_uploads = ini_get('file_uploads'); + +echo '<h4>session.auto_start = 0</h4>'; +echo 'status: '; +if ($auto_start == 1) { + echo '<span class="fail">NOT OK</span></span>'; +} else { + echo '<span class="success">OK</span>'; +} +echo '<br />'; + +echo '<h4>file_uploads = On</h4>'; +echo 'status: '; +if ($file_uploads == 1) { + echo '<span class="success">OK</span>'; +} else { + echo '<span class="fail">NOT OK</span></span>'; +} + +/* + * Probably not needed because we have a custom handler +echo '<h4>session.save_path <i>is set</i></h4>'; +echo 'status: '; +$save_path = ini_get('session.save_path'); +if (empty($save_path)) { + echo '<span class="fail">NOT OK</span></span>'; +} else { + echo "<span class="success">OK</span>: $save_path"; + if (!file_exists($save_path)) { + echo ', but it does not exist'; + } else { + if (!is_readable($save_path) || !is_writable($save_path)) { + echo ', but permissions to read and/or write are missing'; + } + } +} +echo '<br />'; + */ + +@include_once $path . '/config/main.inc.php'; +?> +<h3>Check email settings</h3> +<h4>SMTP Settings</h4> +<?php +echo 'Fetch config from config/main.inc.php: '; +if (is_array($rcmail_config) && count($rcmail_config)) { + echo '<span class="success">OK</span><br />'; + echo 'server: ' . $rcmail_config['smtp_server'] . '<br />'; + echo 'port: ' . $rcmail_config['smtp_port'] . '<br />'; + echo 'user: ' . (($rcmail_config['smtp_user'] == '%u')?'<i>use current session</i>':$rcmail_config['smtp_user']) . '<br />'; + echo 'pass: ' . (($rcmail_config['smtp_pass'] == '%p')?'<i>use current session</i>':$rcmail_config['smtp_pass']) . '<br />'; + //var_dump($rcmail_config); +?> +<h3>Test SMTP settings - send an email</h3> +<p>Don't abuse this!</p> +<form action="check.php" method="post"> +<?php +if ($rcmail_config['smtp_server'] != ''): + if ($rcmail_config['smtp_user'] == '%u'): +?> +<label>Username:</label><input type="text" name="smtp_test[user]" /> +<label>Passwort:</label><input type="text" name="smtp_test[pass]" /><br /> +<?php + endif; +endif; +?> +Recipient:<br /> +<?php echo $rctest_config['from']; ?><br /><br /> +<input type="submit" value="send an email" /> +</form> +<?php + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + echo 'Trying to send email: '; + if ($rctest_config['from'] == '_yourfrom_') { + echo '<span class="fail">NOT OK</span></span><br />'; + echo '<i>Please edit $rctest_config in ' . basename(__FILE__) . '</i><br />'; + } else { + + $data = $_POST['smtp_test']; + + require_once 'Mail.php'; + + $recipients = $rctest_config['from']; + + $headers['From'] = $rctest_config['from']; + $headers['To'] = $recipients; + $headers['Subject'] = 'Test message from RoundCube'; + + $body = 'This is a test to confirm that RoundCube can send email.'; + + $params = array(); + $mail_driver = ''; + + if ($rcmail_config['smtp_server'] != '') { + $mail_driver = 'smtp'; + + if (isset($data['user'])) { + $params['username'] = $data['user']; + $params['password'] = $data['pass']; + $params['auth'] = true; + } + + $params['host'] = $rcmail_config['smtp_server']; + $params['port'] = $rcmail_config['smtp_port']; + + } else { + $mail_driver = 'mail'; + } + + $mail_object =& Mail::factory($mail_driver, $params); + $status = $mail_object->send($recipients, $headers, $body); + if (!PEAR::isError($status)) { + echo '<span class="success">OK</span><br />'; + } else { + echo '<span class="fail">NOT OK</span></span>'; + echo '<br />' . $status->getMessage(); + } + } + } +} else { + echo '<span class="fail">NOT OK</span></span>'; +} +?> +</body> +</html>
\ No newline at end of file |