From 19881691bdef7beba3b9ed41049dab9b6f856f93 Mon Sep 17 00:00:00 2001
From: till <till@php.net>
Date: Mon, 11 Feb 2008 23:21:15 +0000
Subject: * removed check.php (security issue) * added check.php-dist * new in
 check(.php-dist): smtp check, prettyfied errors

---
 check.php      | 179 ----------------------------------
 check.php-dist | 297 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 297 insertions(+), 179 deletions(-)
 delete mode 100644 check.php
 create mode 100644 check.php-dist

diff --git a/check.php b/check.php
deleted file mode 100644
index 4378f17a7..000000000
--- a/check.php
+++ /dev/null
@@ -1,179 +0,0 @@
-<?php
-/**
- * Copyright (c) 2008, Till Klampaeckel
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
- * 
- *  * Redistributions of source code must retain the above copyright notice, this
- *    list of conditions and the following disclaimer.
- *  * Redistributions in binary form must reproduce the above copyright notice, this
- *    list of conditions and the following disclaimer in the documentation and/or
- *    other materials provided with the distribution.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * PHP Version 5
- *
- * @category Config
- * @package  RoundCube
- * @author   Till Klampaeckel <till@php.net>
- * @license  http://www.opensource.org/licenses/bsd-license.php The BSD License
- * @version  CVS: $Id$
- * @link     https://svn.roundcube.net/trunk
- * @todo     Check IMAP settings.
- * @todo     Check SMTP settings.
- * @todo     HTML/CSS to make it pretty.
- * @todo     In devel-next, use bootstrap.
- */
-
-$include_path  = dirname(__FILE__) . '/program/lib/';
-$include_path .= PATH_SEPARATOR;
-$include_path .= dirname(__FILE__) . '/program/';
-$include_path .= PATH_SEPARATOR;
-$include_path .= get_include_path();
-
-set_include_path($include_path);
-
-$writable_dirs = array('logs/', 'temp/');
-$create_files  = array('config/db.inc.php', 'config/main.inc.php');
-
-$path = dirname(__FILE__) . '/';
-?>
-<html>
-<head>
-    <link rel="shortcut icon" href="skins/default/images/favicon.ico"/>
-    <link rel="stylesheet" type="text/css" href="skins/default/common.css" />
-    <title>RoundCube :: check</title>
-</head>
-<body>
-<img src="skins/default/images/roundcube_logo.png" width="165" height="55" border="0" alt="RoundCube Webmail" hspace="12" vspace="2"/>
-
-<?php
-echo '<h3>Check if directories are writable</h3>';
-echo '<p>RoundCube may need to write/save files into these directories.</p>';
-
-foreach ($writable_dirs AS $dir) {
-    echo "Directory $dir: ";
-    if (!is_writable($path . $dir)) {
-        echo 'NOT OK';
-    } else {
-        echo 'OK';
-    }
-    echo "<br />";
-}
-
-echo '<h3>Check if you setup config files</h3>';
-echo '<p>Checks if the files exist and if they are readable.</p>';
-
-foreach ($create_files AS $file) {
-    echo "File $file: ";
-    if (file_exists($path . $file) && is_readable($path . $file)) {
-        echo 'OK';
-    } else {
-        echo 'NOT OK';
-    }
-    echo '<br />';
-}
-
-echo '<h3>Check supplied DB settings</h3>';
-@include $path . 'config/db.inc.php';
-
-$db_working = false;
-if (isset($rcmail_config)) {
-    echo 'DB settings: ';
-    include_once 'MDB2.php';
-    $db = MDB2::connect($rcmail_config['db_dsnw']);
-    if (!MDB2::IsError($db)) {
-        echo 'OK';
-        $db->disconnect();
-        $db_working = true;
-    } else {
-        echo 'NOT OK';
-    }
-    echo '<br />';
-} else {
-    echo 'Could not open db.inc.php config file, or file is empty.<br />';
-}
-
-echo '<h3>TimeZone</h3>';
-echo 'Checks if web- and databaseserver are in the same timezone.<br /><br />';
-echo 'Status: ';
-if ($db_working === true) {
-    require_once 'include/rcube_mdb2.inc';
-    $DB = new rcube_mdb2($rcmail_config['db_dsnw'], '', false);
-    $DB->db_connect('w');
-    
-    $tz_db    = "SELECT " . $DB->unixtimestamp($DB->now()) . " AS tz_db";
-    $tz_db    = $DB->query($tz_db);
-    $tz_db    = $DB->fetch_assoc($tz_db);
-    $tz_db    = (int) $tz_db['tz_db'];
-    $tz_local = (int) time();
-    $tz_diff  = $tz_local - $tz_db;
-
-    if ($tz_db != $tz_local) {
-        echo 'NOT OK';
-    } else {
-        echo 'OK';
-    }
-} else {
-    echo 'Could not test (fix DB first).';
-}
-echo '<br />';
-
-echo '<h3>Checking .ini settings</h3>';
-
-$auto_start   = ini_get('session.auto_start');
-$file_uploads = ini_get('file_uploads');
-
-echo '<h4>session.auto_start = 0</h4>';
-echo 'status: ';
-if ($auto_start == 1) {
-    echo 'NOT OK';
-} else {
-    echo 'OK';
-}
-echo '<br />';
-
-echo '<h4>file_uploads = On</h4>';
-echo 'status: ';
-if ($file_uploads == 1) {
-    echo 'OK';
-} else {
-    echo 'NOT OK';
-}
-
-/*
- * Probably not needed because we have a custom handler
-echo '<h4>session.save_path <i>is set</i></h4>';
-echo 'status: ';
-$save_path = ini_get('session.save_path');
-if (empty($save_path)) {
-    echo 'NOT OK';
-} else {
-    echo "OK: $save_path";
-    if (!file_exists($save_path)) {
-        echo ', but it does not exist';
-    } else {
-        if (!is_readable($save_path) || !is_writable($save_path)) {
-            echo ', but permissions to read and/or write are missing';
-        }
-    }
-}
-echo '<br />';
- */
-?>
-</body>
-</html>
diff --git a/check.php-dist b/check.php-dist
new file mode 100644
index 000000000..d1f3e295e
--- /dev/null
+++ b/check.php-dist
@@ -0,0 +1,297 @@
+<?php
+/**
+ * Copyright (c) 2008, Till Klampaeckel
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ * 
+ *  * Redistributions of source code must retain the above copyright notice, this
+ *    list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright notice, this
+ *    list of conditions and the following disclaimer in the documentation and/or
+ *    other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * PHP Version 5
+ *
+ * @category Config
+ * @package  RoundCube
+ * @author   Till Klampaeckel <till@php.net>
+ * @license  http://www.opensource.org/licenses/bsd-license.php The BSD License
+ * @version  CVS: $Id$
+ * @link     https://svn.roundcube.net/trunk
+ * @todo     Check IMAP settings.
+ * @todo     Check SMTP settings.
+ * @todo     HTML/CSS to make it pretty.
+ * @todo     In devel-next, use bootstrap.
+ * @todo     Refactor to use RoundCube classes.
+ */
+
+$rctest_config         = array();
+$rctest_config['from'] = '_yourfrom_';
+
+/*
+ ********************************************
+ ********************************************
+ ** Don't edit anything else in this file. **
+ ** Unless (of course) you know what you   **
+ ** are doing.                             **
+ ********************************************
+ ********************************************
+ */
+
+$include_path  = dirname(__FILE__) . '/program/lib/';
+$include_path .= PATH_SEPARATOR;
+$include_path .= dirname(__FILE__) . '/program/';
+$include_path .= PATH_SEPARATOR;
+$include_path .= get_include_path();
+
+set_include_path($include_path);
+
+$writable_dirs = array('logs/', 'temp/');
+$create_files  = array('config/db.inc.php', 'config/main.inc.php');
+
+$path = dirname(__FILE__) . '/';
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2002/REC-xhtml1-20020801/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+    <link rel="shortcut icon" href="skins/default/images/favicon.ico"/>
+    <link rel="stylesheet" type="text/css" href="skins/default/common.css" />
+    <style type="text/css">
+    /* <![CDATA[ */
+    label { display:block; }
+    .success { color:#006400;font-weight:bold !important; }
+    .fail { color:#ff0000 !important;font-weight:bold !important; }
+    /* ]]> */
+    </style>
+    <title>RoundCube :: check</title>
+</head>
+<body>
+<img src="skins/default/images/roundcube_logo.png" width="165" height="55" border="0" alt="RoundCube Webmail" hspace="12" vspace="2"/>
+
+<h3>Check <?php echo basename(__FILE__); ?> Configuration</h3>
+From correctly set:
+<?php
+if ($rctest_config['from'] == '_yourfrom_') {
+    echo '<span class="fail">NOT OK</span></span>';
+} else {
+    echo $rctest_config['from'] . '<br /><br />';
+    echo '<i>We do not check if this is a <b>valid</b> email address. Since this serves as from &amp; to, make sure it is correct!</i>';
+}
+?>
+<br />
+<?php
+echo '<h3>Check if directories are writable</h3>';
+echo '<p>RoundCube may need to write/save files into these directories.</p>';
+
+foreach ($writable_dirs AS $dir) {
+    echo "Directory $dir: ";
+    if (!is_writable($path . $dir)) {
+        echo '<span class="fail">NOT OK</span></span>';
+    } else {
+        echo '<span class="success">OK</span>';
+    }
+    echo "<br />";
+}
+
+echo '<h3>Check if you setup config files</h3>';
+echo '<p>Checks if the files exist and if they are readable.</p>';
+
+foreach ($create_files AS $file) {
+    echo "File $file: ";
+    if (file_exists($path . $file) && is_readable($path . $file)) {
+        echo '<span class="success">OK</span>';
+    } else {
+        echo '<span class="fail">NOT OK</span></span>';
+    }
+    echo '<br />';
+}
+
+echo '<h3>Check supplied DB settings</h3>';
+@include $path . 'config/db.inc.php';
+
+$db_working = false;
+if (isset($rcmail_config)) {
+    echo 'DB settings: ';
+    include_once 'MDB2.php';
+    $db = MDB2::connect($rcmail_config['db_dsnw']);
+    if (!MDB2::IsError($db)) {
+        echo '<span class="success">OK</span>';
+        $db->disconnect();
+        $db_working = true;
+    } else {
+        echo '<span class="fail">NOT OK</span></span>';
+    }
+    echo '<br />';
+} else {
+    echo 'Could not open db.inc.php config file, or file is empty.<br />';
+}
+
+echo '<h3>TimeZone</h3>';
+echo 'Checks if web- and databaseserver are in the same timezone.<br /><br />';
+echo 'Status: ';
+if ($db_working === true) {
+    require_once 'include/rcube_mdb2.inc';
+    $DB = new rcube_mdb2($rcmail_config['db_dsnw'], '', false);
+    $DB->db_connect('w');
+    
+    $tz_db    = "SELECT " . $DB->unixtimestamp($DB->now()) . " AS tz_db";
+    $tz_db    = $DB->query($tz_db);
+    $tz_db    = $DB->fetch_assoc($tz_db);
+    $tz_db    = (int) $tz_db['tz_db'];
+    $tz_local = (int) time();
+    $tz_diff  = $tz_local - $tz_db;
+
+    if ($tz_db != $tz_local) {
+        echo '<span class="fail">NOT OK</span></span>';
+    } else {
+        echo '<span class="success">OK</span>';
+    }
+} else {
+    echo 'Could not test (fix DB first).';
+}
+echo '<br />';
+
+echo '<h3>Checking .ini settings</h3>';
+
+$auto_start   = ini_get('session.auto_start');
+$file_uploads = ini_get('file_uploads');
+
+echo '<h4>session.auto_start = 0</h4>';
+echo 'status: ';
+if ($auto_start == 1) {
+    echo '<span class="fail">NOT OK</span></span>';
+} else {
+    echo '<span class="success">OK</span>';
+}
+echo '<br />';
+
+echo '<h4>file_uploads = On</h4>';
+echo 'status: ';
+if ($file_uploads == 1) {
+    echo '<span class="success">OK</span>';
+} else {
+    echo '<span class="fail">NOT OK</span></span>';
+}
+
+/*
+ * Probably not needed because we have a custom handler
+echo '<h4>session.save_path <i>is set</i></h4>';
+echo 'status: ';
+$save_path = ini_get('session.save_path');
+if (empty($save_path)) {
+    echo '<span class="fail">NOT OK</span></span>';
+} else {
+    echo "<span class="success">OK</span>: $save_path";
+    if (!file_exists($save_path)) {
+        echo ', but it does not exist';
+    } else {
+        if (!is_readable($save_path) || !is_writable($save_path)) {
+            echo ', but permissions to read and/or write are missing';
+        }
+    }
+}
+echo '<br />';
+ */
+
+@include_once $path . '/config/main.inc.php';
+?>
+<h3>Check email settings</h3>
+<h4>SMTP Settings</h4>
+<?php
+echo 'Fetch config from config/main.inc.php: ';
+if (is_array($rcmail_config) && count($rcmail_config)) {
+    echo '<span class="success">OK</span><br />';
+    echo 'server: ' . $rcmail_config['smtp_server'] . '<br />';
+    echo 'port: ' . $rcmail_config['smtp_port'] . '<br />';
+    echo 'user: ' . (($rcmail_config['smtp_user'] == '%u')?'<i>use current session</i>':$rcmail_config['smtp_user']) . '<br />';
+    echo 'pass: ' . (($rcmail_config['smtp_pass'] == '%p')?'<i>use current session</i>':$rcmail_config['smtp_pass']) . '<br />';
+    //var_dump($rcmail_config);
+?>
+<h3>Test SMTP settings - send an email</h3>
+<p>Don't abuse this!</p>
+<form action="check.php" method="post">
+<?php
+if ($rcmail_config['smtp_server'] != ''):
+    if ($rcmail_config['smtp_user'] == '%u'):
+?>
+<label>Username:</label><input type="text" name="smtp_test[user]" />
+<label>Passwort:</label><input type="text" name="smtp_test[pass]" /><br />
+<?php
+    endif;
+endif;
+?>
+Recipient:<br />
+<?php echo $rctest_config['from']; ?><br /><br />
+<input type="submit" value="send an email" />
+</form>
+<?php
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+        echo 'Trying to send email: ';
+        if ($rctest_config['from'] == '_yourfrom_') {
+            echo '<span class="fail">NOT OK</span></span><br />';
+            echo '<i>Please edit $rctest_config in ' . basename(__FILE__) . '</i><br />';
+        } else {
+
+            $data = $_POST['smtp_test'];
+
+            require_once 'Mail.php';
+
+            $recipients = $rctest_config['from'];
+
+            $headers['From']    = $rctest_config['from'];
+            $headers['To']      = $recipients;
+            $headers['Subject'] = 'Test message from RoundCube';
+
+            $body = 'This is a test to confirm that RoundCube can send email.';
+
+            $params      = array();
+            $mail_driver = '';
+
+            if ($rcmail_config['smtp_server'] != '') {
+                $mail_driver = 'smtp';
+
+                if (isset($data['user'])) {
+                    $params['username'] = $data['user'];
+                    $params['password'] = $data['pass'];
+                    $params['auth']     = true;
+                }
+
+                $params['host'] = $rcmail_config['smtp_server'];
+                $params['port'] = $rcmail_config['smtp_port'];
+
+            } else {
+                $mail_driver = 'mail';
+            }
+
+            $mail_object =& Mail::factory($mail_driver, $params);
+            $status = $mail_object->send($recipients, $headers, $body);
+            if (!PEAR::isError($status)) {
+                echo '<span class="success">OK</span><br />';
+            } else {
+                echo '<span class="fail">NOT OK</span></span>';
+                echo '<br />' . $status->getMessage();
+            }
+        }
+    }
+} else {
+    echo '<span class="fail">NOT OK</span></span>';
+}
+?>
+</body>
+</html>
\ No newline at end of file
-- 
cgit v1.2.3