dolibarr  13.0.2
security.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2013-2019 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  */
17 
23 require '../../main.inc.php';
24 require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php';
25 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
26 require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
27 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
28 require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';
29 
30 // Load translation files required by the page
31 $langs->loadLangs(array("install", "other", "admin"));
32 
33 if (!$user->admin)
34  accessforbidden();
35 
36 if (GETPOST('action', 'aZ09') == 'donothing')
37 {
38  exit;
39 }
40 
41 
42 /*
43  * View
44  */
45 
46 llxHeader();
47 
48 print load_fiche_titre($langs->trans("Security"), '', 'title_setup');
49 
50 print '<span class="opacitymedium">'.$langs->trans("YouMayFindSecurityAdviceHere", 'hhttps://wiki.dolibarr.org/index.php/Security_information').'</span> (<a href="'.$_SERVER["PHP_SELF"].'">'.$langs->trans("Reload").'</a>)<br>';
51 print '<br>';
52 
53 print load_fiche_titre($langs->trans("PHPSetup"), '', 'folder');
54 
55 // Get version of PHP
56 $phpversion = version_php();
57 print "<strong>PHP</strong> - ".$langs->trans("Version").": ".$phpversion."<br>\n";
58 
59 // Get versionof web server
60 print "<br><strong>Web server</strong> - ".$langs->trans("Version").": ".$_SERVER["SERVER_SOFTWARE"]."<br>\n";
61 print '<br>';
62 
63 print "<strong>PHP safe_mode</strong> = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0))."<br>\n";
64 print "<strong>PHP open_basedir</strong> = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0))."<br>\n";
65 print '<br>';
66 
67 // XDebug
68 print '<strong>'.$langs->trans("XDebug").'</strong>: ';
69 $test = !function_exists('xdebug_is_enabled');
70 if ($test) print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
71 else {
72  print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("XDebug"));
73  print ' - '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php">XDebug admin page</a>';
74 }
75 print '<br>';
76 
77 print '<br>';
78 print load_fiche_titre($langs->trans("ConfigurationFile"), '', 'folder');
79 
80 print '<strong>'.$langs->trans("dolibarr_main_prod").'</strong>: '.$dolibarr_main_prod;
81 if (empty($dolibarr_main_prod)) {
82  print ' &nbsp; '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1);
83 }
84 print '<br>';
85 
86 print '<strong>'.$langs->trans("dolibarr_nocsrfcheck").'</strong>: '.$dolibarr_nocsrfcheck;
87 if (!empty($dolibarr_nocsrfcheck)) {
88  print img_picto('', 'warning').' &nbsp; '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
89 }
90 print '<br>';
91 
92 print '<strong>'.$langs->trans("dolibarr_main_restrict_ip").'</strong>: '.$dolibarr_main_restrict_ip;
93 /*if (empty($dolibarr_main_restrict_ip)) {
94  print ' &nbsp; '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1);
95 }*/
96 print '<br>';
97 
98 print '<br>';
99 print '<br>';
100 print load_fiche_titre($langs->trans("Permissions"), '', 'folder');
101 
102 print '<strong>'.$langs->trans("PermissionsOnFilesInWebRoot").'</strong>: ';
103 // TODO Check permission are read only except for custom dir
104 print 'TODO';
105 print '<br>';
106 
107 print '<strong>'.$langs->trans("PermissionsOnFile", $conffile).'</strong>: '; // $conffile is defined into filefunc.inc.php
108 $perms = fileperms($dolibarr_main_document_root.'/'.$conffile);
109 if ($perms) {
110  if (($perms & 0x0004) || ($perms & 0x0002)) {
111  print img_warning().' '.$langs->trans("ConfFileIsReadableOrWritableByAnyUsers");
112  } else {
113  print img_picto('', 'tick');
114  }
115 } else {
116  print img_warning().' '.$langs->trans("FailedToReadFile", $conffile);
117 }
118 print '<br>';
119 
120 print '<br>';
121 
122 print '<br>';
123 print load_fiche_titre($langs->trans("Modules"), '', 'folder');
124 
125 // Module log
126 print '<strong>'.$langs->trans("Syslog").'</strong>: ';
127 $test = empty($conf->syslog->enabled);
128 if ($test) print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
129 else {
130  print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("Syslog"));
131  //print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
132 }
133 print '<br>';
134 
135 // Module debugbar
136 print '<strong>'.$langs->trans("DebugBar").'</strong>: ';
137 $test = empty($conf->debugbar->enabled);
138 if ($test) print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
139 else {
140  print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar"));
141  //print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
142 }
143 print '<br>';
144 
145 print '<br>';
146 print '<br>';
147 print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
148 
149 //print '<strong>'.$langs->trans("PasswordEncryption").'</strong>: ';
150 print '<strong>MAIN_SECURITY_HASH_ALGO</strong> = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? $langs->trans("Undefined") : '')." &nbsp; ";
151 print '<span class="opacitymedium"> &nbsp; If unset: \'md5\'</span> ';
152 print '<span class="opacitymedium"> - Recommanded value: \'password_hash\'</span><br>';
153 print '<strong>MAIN_SECURITY_SALT</strong> = '.(empty($conf->global->MAIN_SECURITY_SALT) ? $langs->trans("Undefined") : '').'<br>';
154 print '<br>';
155 // TODO
156 
157 print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
158 print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? '' : img_picto('', 'tick').' ';
159 print yn($conf->global->MAIN_ANTIVIRUS_COMMAND ? 1 : 0);
160 if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) {
161  print ' &nbsp; - '.$conf->global->MAIN_ANTIVIRUS_COMMAND;
162  if (defined('MAIN_ANTIVIRUS_COMMAND')) {
163  print ' - <span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
164  }
165 }
166 print '<br>';
167 
168 print '<br>';
169 
170 $securityevent = new Events($db);
171 $eventstolog = $securityevent->eventstolog;
172 
173 print '<strong>'.$langs->trans("LogEvents").'</strong>: ';
174 // Loop on each event type
175 foreach ($eventstolog as $key => $arr)
176 {
177  if ($arr['id'])
178  {
179  $key = 'MAIN_LOGEVENTS_'.$arr['id'];
180  $value = empty($conf->global->$key) ? '' : $conf->global->$key;
181  if ($value) print $key.', ';
182  }
183 }
184 
185 
186 
187 
188 
189 
190 
191 
192 // End of page
193 llxFooter();
194 $db->close();
GETPOST
GETPOST($paramname, $check= 'alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:309
yn
yn($yesno, $case=1, $color=0)
Return yes or no in current language.
Definition: functions.lib.php:5609
img_warning
img_warning($titlealt= 'default', $moreatt= '', $morecss= 'pictowarning')
Show warning logo.
Definition: functions.lib.php:3784
llxHeader
llxHeader()
Empty header.
Definition: wrapper.php:45
load_fiche_titre
load_fiche_titre($titre, $morehtmlright= '', $picto= 'generic', $pictoisfullpath=0, $id= '', $morecssontable= '', $morehtmlcenter= '')
Load a title with picto.
Definition: functions.lib.php:4436
img_picto
img_picto($titlealt, $picto, $moreatt= '', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt= '', $morecss= '', $marginleftonlyshort=2)
Show picto whatever it&#39;s its name (generic function)
Definition: functions.lib.php:3244
accessforbidden
accessforbidden($message= '', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Definition: security.lib.php:649
version_php
version_php()
Return PHP version.
Definition: functions2.lib.php:1527
$_SERVER
print $_SERVER["PHP_SELF"]
Edit parameters.
Definition: company_socialnetworks.php:101
print
print
Draft customers invoices.
Definition: index.php:89
llxFooter
llxFooter()
Empty footer.
Definition: wrapper.php:59
Events
Events class.
Definition: events.class.php:29
Generated on Sat Aug 23 2025 13:17:07 for dolibarr by Doxygen 1.8.5