php-e107/e107_admin/phpinfo.php

<?php
/*
 * e107 website system
 *
 * Copyright (C) 2008-2009 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 *
 *
 * $Source: /cvs_backup/e107_0.8/e107_admin/phpinfo.php,v $
 * $Revision$
 * $Date$
 * $Author$
 */

require_once("../class2.php");
if (!getperms("0"))
{
	e107::redirect('admin');
    exit;
}
$e_sub_cat = 'phpinfo';
require_once("auth.php");

ob_start();
phpinfo();
$phpinfo = ob_get_contents();

$phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
$phpinfo = str_replace("font","span",$phpinfo);
$phpinfo = str_replace("</body></html>","",$phpinfo);
$phpinfo = str_replace('border="0"','',$phpinfo);
//$phpinfo = str_replace('<table ','<table class="table table-striped adminlist" ',$phpinfo);
$phpinfo = str_replace('name=','id=',$phpinfo);
$phpinfo = str_replace('class="e"','class="forumheader2 text-left"',$phpinfo);
$phpinfo = str_replace('class="v"','class="forumheader3 text-left"',$phpinfo);
$phpinfo = str_replace('class="v"','class="forumheader3 text-left"',$phpinfo);
$phpinfo = str_replace('class="h"','class="fcaption"',$phpinfo);
$phpinfo = preg_replace('/<table[^>]*>/i', '<table class="table table-striped adminlist"><colgroup><col style="width:30%" /><col style="width:auto" /></colgroup>', $phpinfo);


$mes = e107::getMessage();

$security_risks = array(
    "allow_url_fopen"   => 'If you have Curl enabled, you should consider disabling this feature.',
    "allow_url_include" => 'This is a security risk and is not needed by e107.',
    "display_errors"    => 'On a production server, it is better to disable the displaying of errors in the browser.',
    "expose_php"        => 'Disabling this will hide your PHP version from browsers.',
    "register_globals"  => 'This is a security risk and should be disabled.'
    );

    foreach($security_risks as $risk=>$diz)
    {
        if(ini_get($risk))
        {
            $srch = '<tr><td class="forumheader2 text-left">'.$risk.'</td><td class="forumheader3">';
            $repl = '<tr><td class="forumheader2 text-left">'.$risk.'</td><td  title="'.$tp->toAttribute($diz).'" class="forumheader3 alert alert-danger">';
            $phpinfo = str_replace($srch,$repl,$phpinfo);   
            $mes->addWarning("<b>".$risk."</b>: ".$diz);
        }   
    }
	
	if($sessionSavePath = ini_get('session.save_path'))
	{
		if(!is_writable($sessionSavePath))
		{
			$mes->addError("<b>session.save_path</b> is not writable! That can cause major issues with your site.");	
		}
	}


// $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
ob_end_clean();


if(deftrue('e_DEBUG'))
{
	$mes->addDebug("Session ID: ".session_id());
}

$ns->tablerender("PHPInfo", $mes->render(). $phpinfo);
require_once("footer.php");
?>
new module creation 2006-12-02 04:36:16 +00:00			`<?php`
			`/*`
charset and badchars 2009-11-12 14:30:07 +00:00			`* e107 website system`
			`*`
Fix copyright info. 2009-11-18 01:06:08 +00:00			`* Copyright (C) 2008-2009 e107 Inc (e107.org)`
charset and badchars 2009-11-12 14:30:07 +00:00			`* Released under the terms and conditions of the`
			`* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)`
			`*`
			`*`
			`*`
			`* $Source: /cvs_backup/e107_0.8/e107_admin/phpinfo.php,v $`
svn keywords added (v0.8) 2010-02-10 18:18:01 +00:00			`* $Revision$`
			`* $Date$`
			`* $Author$`
charset and badchars 2009-11-12 14:30:07 +00:00			`*/`

new module creation 2006-12-02 04:36:16 +00:00			`require_once("../class2.php");`
Header location cleanup. From now, please use e107::redirect(); to redirect to the home page, or e107::redirect('admin'); to redirect to the admin start page or e107::redirect($url); 2016-01-13 19:17:37 -08:00			`if (!getperms("0"))`
			`{`
			`e107::redirect('admin');`
Php Info styling 2013-02-28 14:27:01 -08:00			`exit;`
new module creation 2006-12-02 04:36:16 +00:00			`}`
			`$e_sub_cat = 'phpinfo';`
			`require_once("auth.php");`
Php Info styling 2013-02-28 14:27:01 -08:00
new module creation 2006-12-02 04:36:16 +00:00			`ob_start();`
			`phpinfo();`
Issue #1356 - PHP 7 auto-detection in mysql class. PHPInfo formatting. 2016-02-16 15:14:56 -08:00			`$phpinfo = ob_get_contents();`

new module creation 2006-12-02 04:36:16 +00:00			`$phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);`
Php Info styling 2013-02-28 14:27:01 -08:00			`$phpinfo = str_replace("font","span",$phpinfo);`
			`$phpinfo = str_replace("</body></html>","",$phpinfo);`
			`$phpinfo = str_replace('border="0"','',$phpinfo);`
Issue #1138 - PHPInfo page fixes. 2015-07-16 14:02:32 -07:00			`//$phpinfo = str_replace('<table ','<table class="table table-striped adminlist" ',$phpinfo);`
Php Info styling 2013-02-28 14:27:01 -08:00			`$phpinfo = str_replace('name=','id=',$phpinfo);`
Issue #1138 - PHPInfo page fixes. 2015-07-16 14:02:32 -07:00			`$phpinfo = str_replace('class="e"','class="forumheader2 text-left"',$phpinfo);`
			`$phpinfo = str_replace('class="v"','class="forumheader3 text-left"',$phpinfo);`
			`$phpinfo = str_replace('class="v"','class="forumheader3 text-left"',$phpinfo);`
Php Info styling 2013-02-28 14:27:01 -08:00			`$phpinfo = str_replace('class="h"','class="fcaption"',$phpinfo);`
Issue #1356 - PHP 7 auto-detection in mysql class. PHPInfo formatting. 2016-02-16 15:14:56 -08:00			`$phpinfo = preg_replace('/<table[^>]*>/i', '<table class="table table-striped adminlist"><colgroup><col style="width:30%" /><col style="width:auto" /></colgroup>', $phpinfo);`

Php Info styling 2013-02-28 14:27:01 -08:00
			`$mes = e107::getMessage();`

			`$security_risks = array(`
			`"allow_url_fopen" => 'If you have Curl enabled, you should consider disabling this feature.',`
			`"allow_url_include" => 'This is a security risk and is not needed by e107.',`
			`"display_errors" => 'On a production server, it is better to disable the displaying of errors in the browser.',`
			`"expose_php" => 'Disabling this will hide your PHP version from browsers.',`
			`"register_globals" => 'This is a security risk and should be disabled.'`
			`);`

			`foreach($security_risks as $risk=>$diz)`
			`{`
			`if(ini_get($risk))`
			`{`
Issue #1138 - PHPInfo page fixes. 2015-07-16 14:02:32 -07:00			`$srch = '<tr><td class="forumheader2 text-left">'.$risk.'</td><td class="forumheader3">';`
			`$repl = '<tr><td class="forumheader2 text-left">'.$risk.'</td><td title="'.$tp->toAttribute($diz).'" class="forumheader3 alert alert-danger">';`
Php Info styling 2013-02-28 14:27:01 -08:00			`$phpinfo = str_replace($srch,$repl,$phpinfo);`
			`$mes->addWarning("<b>".$risk."</b>: ".$diz);`
			`}`
			`}`
Issue #368 - added a message to the PHPInfo page if session save path is not writable. 2013-06-01 02:53:06 -07:00
			`if($sessionSavePath = ini_get('session.save_path'))`
			`{`
			`if(!is_writable($sessionSavePath))`
			`{`
			`$mes->addError("<b>session.save_path</b> is not writable! That can cause major issues with your site.");`
			`}`
			`}`
Php Info styling 2013-02-28 14:27:01 -08:00

			`// $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);`
new module creation 2006-12-02 04:36:16 +00:00			`ob_end_clean();`
Issues #1254 #1208 #1211 #1245 Option to define the session.save_path (relative to e107's root directory) in e107_config.php: define('SESSION_SAVE_PATH','relative-path-to-folder'); example: define('SESSION_SAVE_PATH','../_sessions/'); Use the PHPInfo page in the admin area to check it has worked. Will only work if the path to the folder exists. session.hash_function is now set to sha512 by default when the security level is BALANCED or higher. 2015-11-30 14:30:37 -08:00

			`if(deftrue('e_DEBUG'))`
			`{`
			`$mes->addDebug("Session ID: ".session_id());`
			`}`

Php Info styling 2013-02-28 14:27:01 -08:00			`$ns->tablerender("PHPInfo", $mes->render(). $phpinfo);`
new module creation 2006-12-02 04:36:16 +00:00			`require_once("footer.php");`
			`?>`