* Copyright (C) 2007 Rodolphe Quiedeville * Copyright (C) 2007-2012 Regis Houssin * Copyright (C) 2015-2025 Frédéric France * Copyright (C) 2017 Nicolas ZABOURI * Copyright (C) 2024-2025 MDW * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /** * \file htdocs/admin/system/filecheck.php * \brief Page to check Dolibarr files integrity */ // Load Dolibarr environment require '../../main.inc.php'; /** * @var Conf $conf * @var DoliDB $db * @var Form $form * @var HookManager $hookmanager * @var Societe $mysoc * @var Translate $langs * @var User $user */ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; $langs->load("admin"); $mode = GETPOST('mode', 'aZ09'); if (!$user->admin) { accessforbidden(); } $error = 0; /* * View */ @set_time_limit(300); llxHeader('', '', '', '', 0, 0, '', '', '', 'mod-admin page-system_filecheck'); print load_fiche_titre($langs->trans("FileCheckDolibarr"), '', 'title_setup'); print '
'.$langs->trans("FileCheckDesc").'


'; // Version print '
'; print ''; print ''."\n"; $htmltooltip = ''; $htmltooltip .= $langs->trans("VersionLastInstall").': '.getDolGlobalString('MAIN_VERSION_LAST_INSTALL').'
'."\n"; $htmltooltip .= $langs->trans("VersionLastUpgrade").': '.getDolGlobalString('MAIN_VERSION_LAST_UPGRADE').'
'."\n"; print ''."\n"; print '
'.$langs->trans("Version").'
'.$langs->trans("VersionProgram").''; print ''.DOL_VERSION.''; // If current version differs from last upgrade if (!getDolGlobalString('MAIN_VERSION_LAST_UPGRADE')) { // Compare version with last install database version (upgrades never occurred) if (in_array(versioncompare(versiondolibarrarray(), preg_split('/[\-\.]/', getDolGlobalString('MAIN_VERSION_LAST_INSTALL'))), array(-2, -1, 1, 2))) { print ' '.img_warning($langs->trans("RunningUpdateProcessMayBeRequired", DOL_VERSION, getDolGlobalString('MAIN_VERSION_LAST_INSTALL'))); } } else { // Compare version with last upgrade database version if (in_array(versioncompare(versiondolibarrarray(), preg_split('/[\-\.]/', getDolGlobalString('MAIN_VERSION_LAST_UPGRADE'))), array(-2, -1, 1, 2))) { print ' '.img_warning($langs->trans("RunningUpdateProcessMayBeRequired", DOL_VERSION, getDolGlobalString('MAIN_VERSION_LAST_UPGRADE'))); } } print ' '.$form->textwithpicto('', $htmltooltip); print '
'; print '
'; print '
'; // Modified or missing files $file_list = array('missing' => array(), 'updated' => array()); // Local file to compare to $xmlshortfile = dol_sanitizeFileName(GETPOST('xmlshortfile', 'alpha') ? GETPOST('xmlshortfile', 'alpha') : 'filelist-'.DOL_VERSION.getDolGlobalString('MAIN_FILECHECK_LOCAL_SUFFIX').'.xml'.getDolGlobalString('MAIN_FILECHECK_LOCAL_EXT')); $xmlfile = DOL_DOCUMENT_ROOT.'/install/'.$xmlshortfile; if (!preg_match('/\.zip$/i', $xmlfile) && dol_is_file($xmlfile.'.zip')) { $xmlfile .= '.zip'; } // Remote file to compare to $xmlremote = GETPOST('xmlremote', 'alphanohtml'); if (empty($xmlremote) && getDolGlobalString('MAIN_FILECHECK_URL')) { $xmlremote = getDolGlobalString('MAIN_FILECHECK_URL'); } $param = 'MAIN_FILECHECK_URL_'.DOL_VERSION; if (empty($xmlremote) && getDolGlobalString($param)) { $xmlremote = getDolGlobalString($param); } if (empty($xmlremote)) { $xmlremote = 'https://www.dolibarr.org/files/stable/signatures/filelist-'.DOL_VERSION.'.xml'; } if ($xmlremote && !preg_match('/^https?:\/\//', $xmlremote)) { $langs->load("errors"); setEventMessages($langs->trans("ErrorURLMustStartWithHttp", $xmlremote), null, 'errors'); $error++; } elseif ($xmlremote && !preg_match('/\.xml$/', $xmlremote)) { $langs->load("errors"); setEventMessages($langs->trans("ErrorURLMustEndWith", $xmlremote, '.xml'), null, 'errors'); $error++; } // Test if remote test is ok $enableremotecheck = true; if (preg_match('/beta|alpha|rc/i', DOL_VERSION) || getDolGlobalString('MAIN_ALLOW_INTEGRITY_CHECK_ON_UNSTABLE')) { $enableremotecheck = false; } $enableremotecheck = true; print '
'; print ''; print $langs->trans("MakeIntegrityAnalysisFrom").':
'; print '
'; print ''."\n"; if (dol_is_file($xmlfile)) { print ' = '; print ''; print '
'; } else { print ' '; print '
'; } print '
'; print ''."\n"; if ($enableremotecheck) { print ' = '; print '
'; } else { print ' '.$langs->trans("RemoteSignature").' = '.dol_escape_htmltag($xmlremote); if (!GETPOST('xmlremote')) { print ' ('.$langs->trans("FeatureAvailableOnlyOnStable").')'; } print '
'; } print '
'; // Option unalterable log print '
'; if ($mysoc->country_code == 'FR') { print ''; print '
'; } print ''; print '
'; print '
'; print '
'; print '
'; if (GETPOST('target') == 'local') { if (dol_is_file($xmlfile)) { // If file is a zip file (.../filelist-x.y.z.xml.zip), we uncompress it before if (preg_match('/\.zip$/i', $xmlfile)) { dol_mkdir($conf->admin->dir_temp); $xmlfilenew = preg_replace('/\.zip$/i', '', $xmlfile); $result = dol_uncompress($xmlfile, $conf->admin->dir_temp); if (empty($result['error'])) { $xmlfile = $conf->admin->dir_temp.'/'.basename($xmlfilenew); } else { print $langs->trans('FailedToUncompressFile').': '.$xmlfile; $error++; } } $xml = simplexml_load_file($xmlfile); if ($xml === false) { print '
'.$langs->trans('XmlCorrupted').': '.$xmlfile.''; $error++; } } else { print '
'.$langs->trans('XmlNotFound').': '.$xmlfile.''; $error++; } } if (GETPOST('target') == 'remote') { $xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only. Same is used into api_setup.class.php. // Return array('content'=>response,'curl_error_no'=>errno,'curl_error_msg'=>errmsg...) if (!$xmlarray['curl_error_no'] && $xmlarray['http_code'] != 400 && $xmlarray['http_code'] != 404) { $xmlfile = $xmlarray['content']; //print "xmlfilestart".$xmlfile."xmlfileend"; if (LIBXML_VERSION < 20900) { // Avoid load of external entities (security problem). // Required only if LIBXML_VERSION < 20900 // @phan-suppress-next-line PhanDeprecatedFunctionInternal libxml_disable_entity_loader(true); } $xml = simplexml_load_string($xmlfile, 'SimpleXMLElement', LIBXML_NOCDATA | LIBXML_NONET); } else { $errormsg = $langs->trans('XmlNotFound').': '.$xmlremote.' - '.$xmlarray['http_code'].(($xmlarray['http_code'] == 400 && $xmlarray['content']) ? ' '.$xmlarray['content'] : '').' '.$xmlarray['curl_error_no'].' '.$xmlarray['curl_error_msg']; setEventMessages($errormsg, null, 'errors'); $error++; } } if (empty($error) && !empty($xml)) { $checksumconcat = array(); $file_list = array(); $out = ''; // Forced constants if (is_object($xml->dolibarr_constants[0]) || $mode == 'unalterable') { $out .= load_fiche_titre($langs->trans("ForcedConstants")); $out .= '
'; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''."\n"; if ($mode == 'unalterable') { $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } $i = 0; foreach ($xml->dolibarr_constants[0]->constant as $constant) { // $constant is a simpleXMLElement $constname = (string) $constant['name']; $constvalue = (string) $constant; $constvalue = (empty($constvalue) ? '0' : $constvalue); // Value found $value = ''; if ($constname && getDolGlobalString($constname) != '') { $value = getDolGlobalString($constname); } $valueforchecksum = (empty($value) ? '0' : $value); $checksumconcat[$constname] = $valueforchecksum; $i++; $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } if ($i == 0 && $mode != 'unalterable') { $out .= ''; } $out .= '
#'.$langs->trans("Parameter").''.$langs->trans("ExpectedValue").''.$langs->trans("CurrentValue").'
'.$langs->trans("Country").''.$mysoc->country_code.'
'.$langs->trans("ModuleMustBeEnabled", $langs->transnoentitiesnoconv("BlockedLog")).''.yn(1).''.yn(isModEnabled('blockedlog') ? 1 : 0).'
'.$i.''.dol_escape_htmltag($constname).''.dol_escape_htmltag($constvalue).''.dol_escape_htmltag($valueforchecksum).'
'.$langs->trans("None").'
'; $out .= '
'; $out .= '
'; } $onlymodifiedorremoved = 0; if ($mode == 'unalterable') { $listoffilestoanalyze = $xml->dolibarr_unalterable_files[0]; $onlymodifiedorremoved = 1; } else { $listoffilestoanalyze = $xml->dolibarr_htdocs_dir[0]; $onlymodifiedorremoved = 0; } // Scan htdocs if (is_object($listoffilestoanalyze)) { // @phan-suppress-next-line PhanTypeArraySuspicious $includecustom = (empty($listoffilestoanalyze['includecustom']) ? 0 : $listoffilestoanalyze['includecustom']); // Define qualified files (must be same than into generate_filelist_xml.php and in api_setup.class.php) $regextoinclude = '\.(php|php3|php4|php5|phtml|phps|phar|inc|css|scss|html|xml|js|json|tpl|jpg|jpeg|png|gif|ico|sql|lang|txt|yml|bak|md|mp3|mp4|wav|mkv|z|gz|zip|rar|tar|less|svg|eot|woff|woff2|ttf|manifest)$'; $regextoexclude = '('.($includecustom ? '' : 'custom|').'documents|conf|install|dejavu-fonts-ttf-.*|public\/test|sabre\/sabre\/.*\/tests|Shared\/PCLZip|nusoap\/lib\/Mail|php\/example|php\/test|geoip\/sample.*\.php|ckeditor\/samples|ckeditor\/adapters)$'; // Exclude dirs $scanfiles = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude); // Fill file_list with files in signature, new files, modified files getFilesUpdated($file_list, $listoffilestoanalyze, '', DOL_DOCUMENT_ROOT, $checksumconcat); // Fill array $file_list '@phan-var-force array{insignature:string[],missing?:array,updated:array} $file_list'; // Complete with list of new files into $file_list['added'] if ($onlymodifiedorremoved) { foreach ($scanfiles as $valfile) { $tmprelativefilename = preg_replace('/^'.preg_quote(DOL_DOCUMENT_ROOT, '/').'/', '', $valfile['fullname']); if (!in_array($tmprelativefilename, $file_list['insignature'])) { $md5newfile = @md5_file($valfile['fullname']); // Can fails if we don't have permission to open/read file $file_list['added'][] = array('filename' => $tmprelativefilename, 'md5' => $md5newfile); } } } // Files missing $out .= load_fiche_titre($langs->trans("FilesMissing")); $out .= '
'; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''."\n"; $tmpfilelist = dol_sort_array($file_list['missing'], 'filename'); if (is_array($tmpfilelist) && count($tmpfilelist)) { $i = 0; foreach ($tmpfilelist as $file) { $i++; $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } } else { $out .= ''; } $out .= '
#'.$langs->trans("Filename").''.$langs->trans("ExpectedSize").''.$langs->trans("ExpectedChecksum").'
'.$i.''.dol_escape_htmltag($file['filename']).''; if (!empty($file['expectedsize'])) { $out .= dol_print_size((int) $file['expectedsize']); } $out .= ''.dol_escape_htmltag($file['expectedmd5']).'
'.$langs->trans("None").'
'; $out .= '
'; $out .= '
'; // Files modified $out .= load_fiche_titre($langs->trans("FilesModified")); $totalsize = 0; $out .= '
'; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''."\n"; $tmpfilelist2 = dol_sort_array($file_list['updated'], 'filename'); if (is_array($tmpfilelist2) && count($tmpfilelist2)) { $i = 0; foreach ($tmpfilelist2 as $file) { $i++; $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $size = dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename']); $totalsize += $size; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } else { $out .= ''; } $out .= '
#'.$langs->trans("Filename").''.$langs->trans("ExpectedChecksum").''.$langs->trans("CurrentChecksum").''.$langs->trans("ExpectedSize").''.$langs->trans("CurrentSize").''.$langs->trans("DateModification").'
'.$i.''.dol_escape_htmltag($file['filename']).''.dol_escape_htmltag($file['expectedmd5']).''.dol_escape_htmltag($file['md5']).''; if ($file['expectedsize']) { $out .= dol_print_size((int) $file['expectedsize']); } $out .= ''.dol_print_size($size).''.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']), 'dayhour').'
'.$langs->trans("Total").''.dol_print_size($totalsize).'
'.$langs->trans("None").'
'; $out .= '
'; $out .= '
'; // Files added if (empty($onlymodifiedorremoved)) { $out .= load_fiche_titre($langs->trans("FilesAdded")); $totalsize = 0; $out .= '
'; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''; $out .= ''."\n"; $tmpfilelist3 = dol_sort_array($file_list['added'], 'filename'); if (is_array($tmpfilelist3) && count($tmpfilelist3)) { $i = 0; foreach ($tmpfilelist3 as $file) { $i++; $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; // @phan-suppress-current-line PhanTypeInvalidDimOffset $out .= ''."\n"; $size = dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename']); $totalsize += $size; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } $out .= ''; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= ''."\n"; $out .= "\n"; } else { $out .= ''; } $out .= '
#'.$langs->trans("Filename").''.$langs->trans("ExpectedChecksum").''.$langs->trans("CurrentChecksum").''.$langs->trans("Size").''.$langs->trans("DateModification").'
'.$i.''.dol_escape_htmltag($file['filename']); if (!preg_match('/^win/i', PHP_OS)) { $htmltext = $langs->trans("YouCanDeleteFileOnServerWith", 'rm '.DOL_DOCUMENT_ROOT.$file['filename']); // The slash is included int file['filename'] $out .= ' '.$form->textwithpicto('', $htmltext, 1, 'help', '', 0, 2, 'helprm'.$i); } $out .= ''.dol_escape_htmltag((string) $file['expectedmd5']).''.dol_escape_htmltag($file['md5']).''.dol_print_size($size).''.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']), 'dayhour').'
'.$langs->trans("Total").''.dol_print_size($totalsize).'
'.$langs->trans("None").'
'; $out .= '
'; } } else { print '
'; print 'Error: Failed to found dolibarr_htdocs_dir into content of XML file:
'.dol_escape_htmltag(dol_trunc($xmlfile, 500)); print '

'; $error++; } // Scan scripts /* if (is_object($xml->dolibarr_script_dir[0])) { $file_list = array(); $ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', ???, $checksumconcat); // Fill array $file_list '@phan-var-force array{insignature:string[],missing?:array,updated:array} $file_list'; }*/ // Section Globalchecksum asort($checksumconcat); // Sort list of checksum $checksumget = md5(implode(',', $checksumconcat)); if ($mode == 'unalterable') { $nameofsection = 'dolibarr_unalterable_files_checksum'; $checksumtoget = trim((string) $xml->dolibarr_unalterable_files_checksum); } else { $nameofsection = 'dolibarr_htdocs_dir_checksum'; $checksumtoget = trim((string) $xml->dolibarr_htdocs_dir_checksum); } //var_dump(count($file_list['added'])); //var_dump($checksumget); //var_dump($checksumtoget); //var_dump($checksumget == $checksumtoget); $resultcomment = ''; $outexpectedchecksum = ($checksumtoget ? $checksumtoget : $langs->trans("Unknown")); if ($checksumget == $checksumtoget) { if (empty($onlymodifiedorremoved) && !empty($file_list['added'])) { $resultcode = 'warning'; $resultcomment = 'FileIntegrityIsOkButFilesWereAdded'; $outcurrentchecksum = $checksumget; $outcurrentchecksum .= '

'.img_picto('', 'tick').' '.$langs->trans($resultcomment).''; } else { $resultcode = 'ok'; $resultcomment = 'Success'; $outcurrentchecksum = ''.$checksumget.''; $outcurrentchecksum.= '

'.img_picto('', 'tick').' '.$langs->trans($resultcomment).''; } } else { $resultcode = 'error'; $resultcomment = 'FileIntegrityIsKO'; $outcurrentchecksum = ''.$checksumget.''; $outcurrentchecksum .= '

'.img_picto('', 'error').' '.$langs->trans($resultcomment).''; } // Show warning if (empty($tmpfilelist) && empty($tmpfilelist2) && empty($tmpfilelist3) && $resultcode == 'ok') { setEventMessages($langs->trans("FileIntegrityIsStrictlyConformedWithReference"), null, 'mesgs'); } else { if ($resultcode == 'warning') { setEventMessages($langs->trans($resultcomment), null, 'warnings'); } else { setEventMessages($langs->trans("FileIntegritySomeFilesWereRemovedOrModified"), null, 'errors'); } } $outforlistoffiles = ''; if ($mode == 'unalterable') { print load_fiche_titre($langs->trans("UnalterableFilesChecksum")); // Print list of files $outforlistoffiles = ''.$langs->trans("ShowListOfFiles").'
'; $outforlistoffiles .= ''; $outforlistoffiles .= '
'; } else { print load_fiche_titre($langs->trans("GlobalChecksum")); } print $langs->trans("ExpectedChecksum").' = '; print ''; print $outexpectedchecksum; print '
'; print $langs->trans("CurrentChecksum").' = '.$outcurrentchecksum; print '

'; print $outforlistoffiles; print '
'; // Output detail print $out; } // End of page llxFooter(); $db->close(); exit($error);