* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /** * \file htdocs/admin/system/security.php * \brief Page to show Security information */ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // Load translation files required by the page $langs->loadLangs(array("install", "other", "admin")); if (!$user->admin) accessforbidden(); if (GETPOST('action', 'aZ09') == 'donothing') { exit; } /* * View */ $form = new Form($db); $nowstring = dol_print_date(dol_now(), 'dayhourlog'); llxHeader(); print load_fiche_titre($langs->trans("Security"), '', 'title_setup'); print ''.$langs->trans("YouMayFindSecurityAdviceHere", 'hhttps://wiki.dolibarr.org/index.php/Security_information').' ('.$langs->trans("Reload").')
'; print '
'; print load_fiche_titre($langs->trans("PHPSetup"), '', ''); // Get version of PHP $phpversion = version_php(); print "PHP - ".$langs->trans("Version").": ".$phpversion."
\n"; // Get versionof web server print "
Web server - ".$langs->trans("Version").": ".$_SERVER["SERVER_SOFTWARE"]."
\n"; print '
'; print "PHP safe_mode = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0))."
\n"; print "PHP open_basedir = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0))."
\n"; print '
'; // XDebug print ''.$langs->trans("XDebug").': '; $test = !function_exists('xdebug_is_enabled'); if ($test) print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); else { print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("XDebug")); print ' - '.$langs->trans("MoreInformation").' XDebug admin page'; } print '
'; print '
'; print load_fiche_titre($langs->trans("ConfigFile"), '', ''); print ''.$langs->trans("dolibarr_main_prod").': '.$dolibarr_main_prod; if (empty($dolibarr_main_prod)) { print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1); } print '
'; print ''.$langs->trans("dolibarr_nocsrfcheck").': '.$dolibarr_nocsrfcheck; if (!empty($dolibarr_nocsrfcheck)) { print img_picto('', 'warning').'   '.$langs->trans("IfYouAreOnAProductionSetThis", 0); } print '
'; print '
'; print '
'; print load_fiche_titre($langs->trans("Permissions"), '', ''); print ''.$langs->trans("PermissionsOnFilesInWebRoot").': '; // TODO Check permission are read only except for custom dir print 'TODO'; print '
'; print ''.$langs->trans("PermissionsOnFile", 'conf.php').': '; // TODO Check permission on file conf.php (read only for the web user) print 'TODO'; print '
'; print '
'; print '
'; print load_fiche_titre($langs->trans("DolibarrModules"), '', ''); // Module log print ''.$langs->trans("Syslog").': '; $test = empty($conf->syslog->enabled); if ($test) print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); else { print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("Syslog")); //print ' '.$langs->trans("MoreInformation").' XDebug admin page'; } print '
'; // Module debugbar print ''.$langs->trans("DebugBar").': '; $test = empty($conf->debugbar->enabled); if ($test) print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); else { print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar")); //print ' '.$langs->trans("MoreInformation").' XDebug admin page'; } print '
'; print '
'; print '
'; print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', ''); //print ''.$langs->trans("PasswordEncryption").': '; print 'MAIN_SECURITY_HASH_ALGO = '.$conf->global->MAIN_SECURITY_HASH_ALGO."   (Recommanded value: 'password_hash')
"; print 'MAIN_SECURITY_SALT = '.$conf->global->MAIN_SECURITY_SALT.'
'; print '
'; // TODO print ''.$langs->trans("AntivirusEnabledOnUpload").': '; print yn($conf->global->MAIN_ANTIVIRUS_COMMAND ? 1 : 0); if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { print '   - '.$conf->global->MAIN_ANTIVIRUS_COMMAND; if (defined('MAIN_ANTIVIRUS_COMMAND')) { print ' - '.$langs->trans("ValueIsForcedBySystem").''; } } print '
'; print '
'; print ''.$langs->trans("SecurityAudit").': '; // TODO Disabled or enabled ? print '
'; // End of page llxFooter(); $db->close();