From 19881691bdef7beba3b9ed41049dab9b6f856f93 Mon Sep 17 00:00:00 2001
From: till <till@php.net>
Date: Mon, 11 Feb 2008 18:21:15 -0500
Subject: [PATCH] * removed check.php (security issue) * added check.php-dist * new in check(.php-dist): smtp check, prettyfied errors
---
/dev/null | 179 ----------------------
check.php-dist | 297 +++++++++++++++++++++++++++++++++++++
2 files changed, 297 insertions(+), 179 deletions(-)
diff --git a/check.php b/check.php
deleted file mode 100644
index 4378f17..0000000
--- a/check.php
+++ /dev/null
@@ -1,179 +0,0 @@
-<?php
-/**
- * Copyright (c) 2008, Till Klampaeckel
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, this
- * list of conditions and the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * PHP Version 5
- *
- * @category Config
- * @package RoundCube
- * @author Till Klampaeckel <till@php.net>
- * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
- * @version CVS: $Id$
- * @link https://svn.roundcube.net/trunk
- * @todo Check IMAP settings.
- * @todo Check SMTP settings.
- * @todo HTML/CSS to make it pretty.
- * @todo In devel-next, use bootstrap.
- */
-
-$include_path = dirname(__FILE__) . '/program/lib/';
-$include_path .= PATH_SEPARATOR;
-$include_path .= dirname(__FILE__) . '/program/';
-$include_path .= PATH_SEPARATOR;
-$include_path .= get_include_path();
-
-set_include_path($include_path);
-
-$writable_dirs = array('logs/', 'temp/');
-$create_files = array('config/db.inc.php', 'config/main.inc.php');
-
-$path = dirname(__FILE__) . '/';
-?>
-<html>
-<head>
- <link rel="shortcut icon" href="skins/default/images/favicon.ico"/>
- <link rel="stylesheet" type="text/css" href="skins/default/common.css" />
- <title>RoundCube :: check</title>
-</head>
-<body>
-<img src="skins/default/images/roundcube_logo.png" width="165" height="55" border="0" alt="RoundCube Webmail" hspace="12" vspace="2"/>
-
-<?php
-echo '<h3>Check if directories are writable</h3>';
-echo '<p>RoundCube may need to write/save files into these directories.</p>';
-
-foreach ($writable_dirs AS $dir) {
- echo "Directory $dir: ";
- if (!is_writable($path . $dir)) {
- echo 'NOT OK';
- } else {
- echo 'OK';
- }
- echo "<br />";
-}
-
-echo '<h3>Check if you setup config files</h3>';
-echo '<p>Checks if the files exist and if they are readable.</p>';
-
-foreach ($create_files AS $file) {
- echo "File $file: ";
- if (file_exists($path . $file) && is_readable($path . $file)) {
- echo 'OK';
- } else {
- echo 'NOT OK';
- }
- echo '<br />';
-}
-
-echo '<h3>Check supplied DB settings</h3>';
-@include $path . 'config/db.inc.php';
-
-$db_working = false;
-if (isset($rcmail_config)) {
- echo 'DB settings: ';
- include_once 'MDB2.php';
- $db = MDB2::connect($rcmail_config['db_dsnw']);
- if (!MDB2::IsError($db)) {
- echo 'OK';
- $db->disconnect();
- $db_working = true;
- } else {
- echo 'NOT OK';
- }
- echo '<br />';
-} else {
- echo 'Could not open db.inc.php config file, or file is empty.<br />';
-}
-
-echo '<h3>TimeZone</h3>';
-echo 'Checks if web- and databaseserver are in the same timezone.<br /><br />';
-echo 'Status: ';
-if ($db_working === true) {
- require_once 'include/rcube_mdb2.inc';
- $DB = new rcube_mdb2($rcmail_config['db_dsnw'], '', false);
- $DB->db_connect('w');
-
- $tz_db = "SELECT " . $DB->unixtimestamp($DB->now()) . " AS tz_db";
- $tz_db = $DB->query($tz_db);
- $tz_db = $DB->fetch_assoc($tz_db);
- $tz_db = (int) $tz_db['tz_db'];
- $tz_local = (int) time();
- $tz_diff = $tz_local - $tz_db;
-
- if ($tz_db != $tz_local) {
- echo 'NOT OK';
- } else {
- echo 'OK';
- }
-} else {
- echo 'Could not test (fix DB first).';
-}
-echo '<br />';
-
-echo '<h3>Checking .ini settings</h3>';
-
-$auto_start = ini_get('session.auto_start');
-$file_uploads = ini_get('file_uploads');
-
-echo '<h4>session.auto_start = 0</h4>';
-echo 'status: ';
-if ($auto_start == 1) {
- echo 'NOT OK';
-} else {
- echo 'OK';
-}
-echo '<br />';
-
-echo '<h4>file_uploads = On</h4>';
-echo 'status: ';
-if ($file_uploads == 1) {
- echo 'OK';
-} else {
- echo 'NOT OK';
-}
-
-/*
- * Probably not needed because we have a custom handler
-echo '<h4>session.save_path <i>is set</i></h4>';
-echo 'status: ';
-$save_path = ini_get('session.save_path');
-if (empty($save_path)) {
- echo 'NOT OK';
-} else {
- echo "OK: $save_path";
- if (!file_exists($save_path)) {
- echo ', but it does not exist';
- } else {
- if (!is_readable($save_path) || !is_writable($save_path)) {
- echo ', but permissions to read and/or write are missing';
- }
- }
-}
-echo '<br />';
- */
-?>
-</body>
-</html>
diff --git a/check.php-dist b/check.php-dist
new file mode 100644
index 0000000..d1f3e29
--- /dev/null
+++ b/check.php-dist
@@ -0,0 +1,297 @@
+<?php
+/**
+ * Copyright (c) 2008, Till Klampaeckel
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, this
+ * list of conditions and the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * PHP Version 5
+ *
+ * @category Config
+ * @package RoundCube
+ * @author Till Klampaeckel <till@php.net>
+ * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
+ * @version CVS: $Id$
+ * @link https://svn.roundcube.net/trunk
+ * @todo Check IMAP settings.
+ * @todo Check SMTP settings.
+ * @todo HTML/CSS to make it pretty.
+ * @todo In devel-next, use bootstrap.
+ * @todo Refactor to use RoundCube classes.
+ */
+
+$rctest_config = array();
+$rctest_config['from'] = '_yourfrom_';
+
+/*
+ ********************************************
+ ********************************************
+ ** Don't edit anything else in this file. **
+ ** Unless (of course) you know what you **
+ ** are doing. **
+ ********************************************
+ ********************************************
+ */
+
+$include_path = dirname(__FILE__) . '/program/lib/';
+$include_path .= PATH_SEPARATOR;
+$include_path .= dirname(__FILE__) . '/program/';
+$include_path .= PATH_SEPARATOR;
+$include_path .= get_include_path();
+
+set_include_path($include_path);
+
+$writable_dirs = array('logs/', 'temp/');
+$create_files = array('config/db.inc.php', 'config/main.inc.php');
+
+$path = dirname(__FILE__) . '/';
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2002/REC-xhtml1-20020801/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+ <link rel="shortcut icon" href="skins/default/images/favicon.ico"/>
+ <link rel="stylesheet" type="text/css" href="skins/default/common.css" />
+ <style type="text/css">
+ /* <![CDATA[ */
+ label { display:block; }
+ .success { color:#006400;font-weight:bold !important; }
+ .fail { color:#ff0000 !important;font-weight:bold !important; }
+ /* ]]> */
+ </style>
+ <title>RoundCube :: check</title>
+</head>
+<body>
+<img src="skins/default/images/roundcube_logo.png" width="165" height="55" border="0" alt="RoundCube Webmail" hspace="12" vspace="2"/>
+
+<h3>Check <?php echo basename(__FILE__); ?> Configuration</h3>
+From correctly set:
+<?php
+if ($rctest_config['from'] == '_yourfrom_') {
+ echo '<span class="fail">NOT OK</span></span>';
+} else {
+ echo $rctest_config['from'] . '<br /><br />';
+ echo '<i>We do not check if this is a <b>valid</b> email address. Since this serves as from & to, make sure it is correct!</i>';
+}
+?>
+<br />
+<?php
+echo '<h3>Check if directories are writable</h3>';
+echo '<p>RoundCube may need to write/save files into these directories.</p>';
+
+foreach ($writable_dirs AS $dir) {
+ echo "Directory $dir: ";
+ if (!is_writable($path . $dir)) {
+ echo '<span class="fail">NOT OK</span></span>';
+ } else {
+ echo '<span class="success">OK</span>';
+ }
+ echo "<br />";
+}
+
+echo '<h3>Check if you setup config files</h3>';
+echo '<p>Checks if the files exist and if they are readable.</p>';
+
+foreach ($create_files AS $file) {
+ echo "File $file: ";
+ if (file_exists($path . $file) && is_readable($path . $file)) {
+ echo '<span class="success">OK</span>';
+ } else {
+ echo '<span class="fail">NOT OK</span></span>';
+ }
+ echo '<br />';
+}
+
+echo '<h3>Check supplied DB settings</h3>';
+@include $path . 'config/db.inc.php';
+
+$db_working = false;
+if (isset($rcmail_config)) {
+ echo 'DB settings: ';
+ include_once 'MDB2.php';
+ $db = MDB2::connect($rcmail_config['db_dsnw']);
+ if (!MDB2::IsError($db)) {
+ echo '<span class="success">OK</span>';
+ $db->disconnect();
+ $db_working = true;
+ } else {
+ echo '<span class="fail">NOT OK</span></span>';
+ }
+ echo '<br />';
+} else {
+ echo 'Could not open db.inc.php config file, or file is empty.<br />';
+}
+
+echo '<h3>TimeZone</h3>';
+echo 'Checks if web- and databaseserver are in the same timezone.<br /><br />';
+echo 'Status: ';
+if ($db_working === true) {
+ require_once 'include/rcube_mdb2.inc';
+ $DB = new rcube_mdb2($rcmail_config['db_dsnw'], '', false);
+ $DB->db_connect('w');
+
+ $tz_db = "SELECT " . $DB->unixtimestamp($DB->now()) . " AS tz_db";
+ $tz_db = $DB->query($tz_db);
+ $tz_db = $DB->fetch_assoc($tz_db);
+ $tz_db = (int) $tz_db['tz_db'];
+ $tz_local = (int) time();
+ $tz_diff = $tz_local - $tz_db;
+
+ if ($tz_db != $tz_local) {
+ echo '<span class="fail">NOT OK</span></span>';
+ } else {
+ echo '<span class="success">OK</span>';
+ }
+} else {
+ echo 'Could not test (fix DB first).';
+}
+echo '<br />';
+
+echo '<h3>Checking .ini settings</h3>';
+
+$auto_start = ini_get('session.auto_start');
+$file_uploads = ini_get('file_uploads');
+
+echo '<h4>session.auto_start = 0</h4>';
+echo 'status: ';
+if ($auto_start == 1) {
+ echo '<span class="fail">NOT OK</span></span>';
+} else {
+ echo '<span class="success">OK</span>';
+}
+echo '<br />';
+
+echo '<h4>file_uploads = On</h4>';
+echo 'status: ';
+if ($file_uploads == 1) {
+ echo '<span class="success">OK</span>';
+} else {
+ echo '<span class="fail">NOT OK</span></span>';
+}
+
+/*
+ * Probably not needed because we have a custom handler
+echo '<h4>session.save_path <i>is set</i></h4>';
+echo 'status: ';
+$save_path = ini_get('session.save_path');
+if (empty($save_path)) {
+ echo '<span class="fail">NOT OK</span></span>';
+} else {
+ echo "<span class="success">OK</span>: $save_path";
+ if (!file_exists($save_path)) {
+ echo ', but it does not exist';
+ } else {
+ if (!is_readable($save_path) || !is_writable($save_path)) {
+ echo ', but permissions to read and/or write are missing';
+ }
+ }
+}
+echo '<br />';
+ */
+
+@include_once $path . '/config/main.inc.php';
+?>
+<h3>Check email settings</h3>
+<h4>SMTP Settings</h4>
+<?php
+echo 'Fetch config from config/main.inc.php: ';
+if (is_array($rcmail_config) && count($rcmail_config)) {
+ echo '<span class="success">OK</span><br />';
+ echo 'server: ' . $rcmail_config['smtp_server'] . '<br />';
+ echo 'port: ' . $rcmail_config['smtp_port'] . '<br />';
+ echo 'user: ' . (($rcmail_config['smtp_user'] == '%u')?'<i>use current session</i>':$rcmail_config['smtp_user']) . '<br />';
+ echo 'pass: ' . (($rcmail_config['smtp_pass'] == '%p')?'<i>use current session</i>':$rcmail_config['smtp_pass']) . '<br />';
+ //var_dump($rcmail_config);
+?>
+<h3>Test SMTP settings - send an email</h3>
+<p>Don't abuse this!</p>
+<form action="check.php" method="post">
+<?php
+if ($rcmail_config['smtp_server'] != ''):
+ if ($rcmail_config['smtp_user'] == '%u'):
+?>
+<label>Username:</label><input type="text" name="smtp_test[user]" />
+<label>Passwort:</label><input type="text" name="smtp_test[pass]" /><br />
+<?php
+ endif;
+endif;
+?>
+Recipient:<br />
+<?php echo $rctest_config['from']; ?><br /><br />
+<input type="submit" value="send an email" />
+</form>
+<?php
+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+ echo 'Trying to send email: ';
+ if ($rctest_config['from'] == '_yourfrom_') {
+ echo '<span class="fail">NOT OK</span></span><br />';
+ echo '<i>Please edit $rctest_config in ' . basename(__FILE__) . '</i><br />';
+ } else {
+
+ $data = $_POST['smtp_test'];
+
+ require_once 'Mail.php';
+
+ $recipients = $rctest_config['from'];
+
+ $headers['From'] = $rctest_config['from'];
+ $headers['To'] = $recipients;
+ $headers['Subject'] = 'Test message from RoundCube';
+
+ $body = 'This is a test to confirm that RoundCube can send email.';
+
+ $params = array();
+ $mail_driver = '';
+
+ if ($rcmail_config['smtp_server'] != '') {
+ $mail_driver = 'smtp';
+
+ if (isset($data['user'])) {
+ $params['username'] = $data['user'];
+ $params['password'] = $data['pass'];
+ $params['auth'] = true;
+ }
+
+ $params['host'] = $rcmail_config['smtp_server'];
+ $params['port'] = $rcmail_config['smtp_port'];
+
+ } else {
+ $mail_driver = 'mail';
+ }
+
+ $mail_object =& Mail::factory($mail_driver, $params);
+ $status = $mail_object->send($recipients, $headers, $body);
+ if (!PEAR::isError($status)) {
+ echo '<span class="success">OK</span><br />';
+ } else {
+ echo '<span class="fail">NOT OK</span></span>';
+ echo '<br />' . $status->getMessage();
+ }
+ }
+ }
+} else {
+ echo '<span class="fail">NOT OK</span></span>';
+}
+?>
+</body>
+</html>
\ No newline at end of file
--
Gitblit v1.9.1