web/testsetup.php

<?php date_default_timezone_set('America/New_York'); /* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ $header = "<html><head><title>VCL Setup Test Script</title>\n"; $header .= "<style type=\"text/css\">\n"; $header .= "ul {margin-top: 0;}\n"; $header .= "li {list-style-type: none;}\n"; $header .= ".pass {color: green;}\n"; $header .= ".fail {color: red;}\n"; $header .= ".title {font-weight: bold; font-style: italic;}\n"; $header .= "</style>\n"; $header .= "</head>\n"; if(isset($_GET['cookietest'])) { print $header; print "<body style=\"margin: 0; padding: 0;\">\n"; if(isset($_COOKIE['cookietest'])) print "Successfully set a test cookie\n"; else print "Failed to set a test cookie\n"; print "</body></html>\n"; exit; } if(isset($_GET['includeconftest'])) { if(! is_readable('.ht-inc/conf.php')) { print "unreadable"; exit; } if(include('.ht-inc/conf.php')) print 'worked'; exit; } if(isset($_GET['includesecretstest'])) { if(! is_readable('.ht-inc/secrets.php')) { print "unreadable"; exit; } if(include('.ht-inc/secrets.php')) print 'worked'; exit; } $header .= "<body>\n"; function exHandler($errno, $errmsg) { print "Error: $errmsg "; } set_error_handler('exHandler'); function pass($msg) { print "<li>$msg</li>\n"; } function fail($msg) { print "<li>$msg</li>\n"; } function title($msg) { print "$msg ... \n"; } $myurl = "http://"; if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") $myurl = "https://"; $myurl .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $includesecrets = 1; $includeconf = 1; $host = $_SERVER['HTTP_HOST']; if (strpos($host, ':')) { $host = substr($host, 0, strpos($host, ':')); } if(! ip2long(getHostbyname($host))) { print $header; # php version print "PHP version: " . phpversion() . " \n"; title("Trying to resolve my hostname ($host)"); print "<ul>\n"; fail("unable to resolve my hostname; ensure $host is in DNS or create an entry for it in /etc/hosts"); print "</ul>\n"; $includesecrets = 0; $includeconf = 0; } # test including secrets.php $allowurlopen = ini_get('allow_url_fopen'); if($includesecrets) { $data = ''; if($fp = fopen("$myurl?includesecretstest=1", 'r')) { $data = fread($fp, 1000); fclose($fp); } if(preg_match('/parse error/i', $data)) $data = ''; if($allowurlopen && (empty($data) || $data == 'unreadable')) { print $header; # php version print "PHP version: " . phpversion() . " \n"; title("Including .ht-inc/secrets.php"); print "<ul>\n"; if($data == 'unreadable') fail("unable to read .ht-inc/secrets.php - check the permissions of the file"); else fail("unable to include .ht-inc/secrets.php - this is probably due to a syntax error in .ht-inc/secrets.php"); fail("skipping tests for contents of .ht-inc/secrets.php"); print "</ul>\n"; $includesecrets = 0; $includeconf = 0; } } else { title("Including .ht-inc/secrets.php"); print "<ul>\n"; fail("cannot include .ht-inc/secrets.php when hostname resolution fails"); print "</ul>\n"; } # conf.php test if($includeconf) { $data = ''; if($fp = fopen("$myurl?includeconftest=1", 'r')) { $data = fread($fp, 1000); fclose($fp); } if(preg_match('/parse error/i', $data)) { $data = ''; } $allowurlopen = ini_get('allow_url_fopen'); if($allowurlopen && (empty($data) || $data == 'unreadable')) { print $header; # php version print "PHP version: " . phpversion() . " \n"; title("Including .ht-inc/conf.php"); print "<ul>\n"; if($data == 'unreadable') fail("unable to read .ht-inc/conf.php - check the permissions of the file"); else fail("unable to include .ht-inc/conf.php - this is probably due to a syntax error in .ht-inc/conf.php (or a file it includes)"); fail("skipping tests for contents of .ht-inc/conf.php"); print "</ul>\n"; $includeconf = 0; } } else { title("Including .ht-inc/conf.php"); print "<ul>\n"; fail("cannot include .ht-inc/conf.php when including of .ht-inc/secrets.php fails"); print "</ul>\n"; } # conf.php tests $createcryptkey = 0; if($includeconf && include('.ht-inc/conf.php')) { if(! defined('COOKIEDOMAIN')) { print $header; # php version print "PHP version: " . phpversion() . " \n"; title("Including .ht-inc/conf.php"); print "<ul>\n"; pass("successfully included .ht-inc/conf.php"); print "</ul>\n"; title("Checking COOKIEDOMAIN setting in .ht-inc/conf.php"); print "<ul>\n"; fail("COOKIEDOMAIN is not defined in .ht-inc/conf.php"); print "</ul>\n"; } else { $len = strlen(COOKIEDOMAIN); if($len && substr_compare($host, COOKIEDOMAIN, 0 - $len, $len, true) != 0) { print $header; # php version print "PHP version: " . phpversion() . " \n"; title("Including .ht-inc/conf.php"); print "<ul>\n"; pass("successfully included .ht-inc/conf.php"); print "</ul>\n"; title("Checking COOKIEDOMAIN setting in .ht-inc/conf.php"); print "<ul>\n"; fail("COOKIEDOMAIN (" . COOKIEDOMAIN . ") does not match all of or ending of the hostname of this server ($host). This will prevent cookies from being set."); print "</ul>\n"; } else { $expire = time() + 10; setcookie("cookietest", 1, $expire, '/', COOKIEDOMAIN); print $header; # php version print "PHP version: " . phpversion() . " \n"; title("Including .ht-inc/conf.php"); print "<ul>\n"; pass("successfully included .ht-inc/conf.php"); print "</ul>\n"; title("Checking COOKIEDOMAIN setting in .ht-inc/conf.php"); print "<ul>\n"; $test = COOKIEDOMAIN; if(empty($test)) pass("COOKIEDOMAIN is set to empty string (this is valid and will result in the domain of cookies being set to $host)"); else pass("COOKIEDOMAIN (" . COOKIEDOMAIN . ") appears to be set correctly"); print "<iframe src=\"$myurl?cookietest=1\" width=200px height=20px scrolling=0 style=\"border: 0; padding: 0px\"></iframe> \n"; print "</ul>\n"; } } # check for BASEURL starting with https title("Checking that BASEURL in conf.php is set to use https"); print "<ul>\n"; if(! defined('BASEURL')) fail("BASEURL is not defined in .ht-inc/conf.php"); else { if(substr_compare(BASEURL, 'https:', 0, 6, true) == 0) pass("BASEURL correctly set to use https"); elseif(SSLOFFLOAD == 1 && substr_compare(BASEURL, 'http:', 0, 5, true) == 0) pass("BASEURL set to use http as SSL is offloaded to load balancer"); else fail("BASEURL is not set to use https and SSL offloading is not enabled. https is required."); } print "</ul>\n"; # check for SCRIPT being set title("Checking that SCRIPT is set appropriately"); print "<ul>\n"; if(! defined('SCRIPT')) fail("SCRIPT is not defined in .ht-inc/conf.php"); else { if(substr_compare(SCRIPT, '/', 0, 1, true) == 0 && substr_compare(SCRIPT, '.php', -4, 4, true) == 0) pass("SCRIPT appears to be set correctly"); else fail("SCRIPT does not appear to be set correctly"); } print "</ul>\n"; # check various other constants title("Checking that other required constants are defined"); print "<ul>\n"; $consts = array('ONLINEDEBUG', 'HELPURL', 'HELPEMAIL', 'ERROREMAIL', 'ENVELOPESENDER', 'DEFAULTLOCALE', 'BASEURL', 'SCRIPT', 'HOMEURL', 'COOKIEDOMAIN', 'DEFAULTGROUP', 'DEFAULT_AFFILID', 'DAYSAHEAD', 'DEFAULT_PRIVNODE', 'SCHEDULER_ALLOCATE_RANDOM_COMPUTER', 'PRIV_CACHE_TIMEOUT', 'MIN_BLOCK_MACHINES', 'MAX_BLOCK_MACHINES', 'DOCUMENTATIONURL', 'USEFILTERINGSELECT', 'FILTERINGSELECTTHRESHOLD', 'SEMTIMEOUT', 'DEFAULTTHEME', 'HELPFAQURL', 'ALLOWADDSHIBUSERS', 'MAXINITIALIMAGINGTIME', 'MAXSUBIMAGES', 'NOAUTH_HOMENAV', 'QUERYLOGGING', 'XMLRPCLOGGING'); $fails = array(); foreach($consts as $const) { if(! defined("$const")) $fails[] = $const; } if(empty($fails)) pass("All required constants are defined in .ht-inc/conf.php"); else fail("The following constants need to be defined in .ht-inc/conf.php. Check conf-default.php for more information about each one. " . implode(" \n", $fails)); print "</ul>\n"; # check for existance of maintenance directory title("Checking that .ht-inc/maintenance directory exists"); print "<ul>\n"; $file = preg_replace('|/testsetup.php|', '', $_SERVER['SCRIPT_FILENAME']); $file .= "/.ht-inc/maintenance"; if(! is_dir($file)) fail(".ht-inc/maintenance directory does not exist. Please create it."); else { pass(".ht-inc/maintenance directory exists"); print "</ul>\n"; # check that we can write files to maintenance directory title("Checking that .ht-inc/maintenance directory is writable"); print "<ul>\n"; if(! is_writable("$file")) fail("maintenance directory is not writable"); else { if(! $fh = @fopen("$file/testfile", 'w')) fail("Failed to open file in maintenance directory"); else { if(! fwrite($fh, 'test') || ! fclose($fh)) fail("Failed to write to file in maintenance directory"); else { # check that we can remove files from maintenance directory if(! unlink("$file/testfile")) fail("Failed to remove file from maintenance directory"); else pass("maintenance directory is writable"); } } } } print "</ul>\n"; # check for existance of cryptkey directory title("Checking that .ht-inc/cryptkey directory exists"); print "<ul>\n"; $file = preg_replace('|/testsetup.php|', '', $_SERVER['SCRIPT_FILENAME']); $file .= "/.ht-inc/cryptkey"; if(! is_dir($file)) fail(".ht-inc/cryptkey directory does not exist. Please create it."); else { pass(".ht-inc/cryptkey directory exists"); print "</ul>\n"; # check that we can write files to cryptkey directory title("Checking that .ht-inc/cryptkey directory is writable"); print "<ul>\n"; if(! is_writable("$file")) fail("cryptkey directory is not writable"); else { if(! $fh = @fopen("$file/testfile", 'w')) fail("Failed to open file in cryptkey directory"); else { if(! fwrite($fh, 'test') || ! fclose($fh)) fail("Failed to write to file in cryptkey directory"); else { # check that we can remove files from cryptkey directory if(! unlink("$file/testfile")) fail("Failed to remove file from cryptkey directory"); else { pass("cryptkey directory is writable"); $createcryptkey = 1; } } } } } print "</ul>\n"; } if($createcryptkey) { title("Checking asymmetric encryption key for this web server"); print "<ul>\n"; if(is_readable('.ht-inc/utils.php') && @(include '.ht-inc/utils.php') == TRUE) { global $aboarting; $aborting = 1; # set this so if abort function in utils.php is called, it just returns $file = preg_replace('|/testsetup.php|', '', $_SERVER['SCRIPT_FILENAME']); $filebase = $file . "/.ht-inc/cryptkey"; $file1 = "$filebase/cryptkeyid"; $file2 = "$filebase/private.pem"; $exist = 0; if(is_readable("$file1") && is_readable("$file2")) $exist = 1; else print "<li>encryption key does not already exist - attempting to create</li>\n"; $tmp = $_SERVER['SCRIPT_FILENAME']; $_SERVER['SCRIPT_FILENAME'] = str_replace('testsetup.php', 'index.php', $_SERVER['SCRIPT_FILENAME']); $actions = array('pages' => array()); unset($_COOKIE['VCLAUTH']); dbConnect(); initGlobals(); checkCryptkey(); dbDisconnect(); $_SERVER['SCRIPT_FILENAME'] = $tmp; if(is_readable("$file1") && is_readable("$file2")) { if($exist) pass("Asymmetric key validated"); else pass("Successfully created asymmetric encryption key"); } else fail("Failed to create asymmetric encryption key"); } else { fail("Failed to include .ht-inc/utils.php"); } print "</ul>\n"; } # required extentions title("Testing for required php extensions"); if(version_compare(phpversion(), "5.2", "<")) $requiredexts = array('mysql', 'openssl', 'xml', 'xmlrpc', 'session', 'pcre', 'sockets', 'ldap', 'gettext'); else $requiredexts = array('mysql', 'openssl', 'xml', 'xmlrpc', 'session', 'pcre', 'sockets', 'ldap', 'json', 'gettext'); $exts = get_loaded_extensions(); $diff = array_diff($requiredexts, $exts); print "<ul>\n"; if(count($diff)) { $missing = implode(', ', $diff); fail("Missing these extensions: $missing. Depending on the extension, some or all of VCL will not work."); } else pass("All required modules are installed"); if(! in_array('ldap', $exts)) { print "<li>NOTE: The ldap extension is only required if using LDAP authentication</li>\n"; } print "</ul>\n"; # secrets.php file and mysql connection if($includesecrets && include('.ht-inc/secrets.php')) { title("Checking values in .ht-inc/secrets.php"); print "<ul>\n"; $trymysqlconnect = 1; $allok = 1; if(empty($vclhost)) { fail("\$vclhost in .ht-inc/secrets.php is not set"); $trymysqlconnect = 0; $allok = 0; } if(empty($vcldb)) { fail("\$vcldb in .ht-inc/secrets.php is not set"); $trymysqlconnect = 0; $allok = 0; } if(empty($vclusername)) { fail("\$vclusername in .ht-inc/secrets.php is not set"); $trymysqlconnect = 0; $allok = 0; } if(empty($vclpassword)) { fail("\$vclpassword in .ht-inc/secrets.php is not set"); $trymysqlconnect = 0; $allok = 0; } if(empty($cryptkey)) { fail("\$cryptkey in .ht-inc/secrets.php is not set"); $allok = 0; } elseif(function_exists('openssl_encrypt')) { $rc = base64_decode($cryptkey, 1); if($rc === FALSE) { fail("\$cryptkey in .ht-inc/secrets.php is not base64 encoded. Generate new value with openssl rand 32 | base64"); $allok = 0; } } if(empty($pemkey)) { fail("\$pemkey in .ht-inc/secrets.php is not set"); $allok = 0; } if($allok) pass("all required values in .ht-inc/secrets.php appear to be set"); print "</ul>\n"; if($trymysqlconnect && in_array('mysql', $exts) && in_array('sockets', $exts)) { title("Testing mysql connection"); print "<ul>\n"; if($fp = fsockopen($vclhost, 3306, $errno, $errstr, 5)) { $link = mysql_connect($vclhost, $vclusername, $vclpassword); if(! $link) fail("Could not connect to mysql on $vclhost"); else { pass("Successfully connected to mysql on $vclhost"); if(mysql_select_db($vcldb, $link)) pass("Successfully selected database ($vcldb) on $vclhost"); else fail("Could not select database ($vcldb) on $vclhost"); } } else fail("Could not connect to port 3306 on $vclhost"); print "</ul>\n"; } } # test symmetric encryption title("Testing symmetric encryption"); if(function_exists('openssl_encrypt')) { print "<ul>\n"; if($includesecrets && ! empty($cryptkey)) { $teststring = 'testing'; $iv = openssl_random_pseudo_bytes(16); $mode = "AES-256-CBC"; if($cryptdata = openssl_encrypt($teststring, $mode, $cryptkey, 1, $iv)) { pass("Successfully encrypted test string"); $decrypted = openssl_decrypt($cryptdata, $mode, $cryptkey, 1, $iv); if(trim($decrypted) == $teststring) pass("Successfully decrypted test string"); else fail("Failed to decrypt test string"); } else { fail("Failed to encrypt data"); } } else fail("Cannot test encryption without \$cryptkey from .ht-inc/secrets.php"); print "</ul>\n"; } else { require_once(".ht-inc/phpseclib/Crypt/AES.php"); print "<ul>\n"; if($includesecrets && ! empty($cryptkey)) { $teststring = 'testing'; $aes = new Crypt_AES(CRYPT_AES_MODE_CBC); $aes->setKeyLength(256); $iv = crypt_random_string(16); $aes->setIV($iv); $aes->setKey($cryptkey); if($cryptdata = $aes->encrypt($teststring)) { pass("Successfully encrypted test string"); $decrypted = $aes->decrypt($cryptdata); if(trim($decrypted) == $teststring) pass("Successfully decrypted test string"); else fail("Failed to decrypt test string"); } else { fail("Failed to encrypt data"); } } else fail("Cannot test encryption without \$cryptkey from .ht-inc/secrets.php"); print "</ul>\n"; } # encryption keys $privkeyok = 0; $pubkeyok = 0; if(in_array('openssl', $exts)) { title("Testing asymmetric encryption key files"); print "<ul>\n"; if($includesecrets && ! empty($pemkey)) { if(is_readable(".ht-inc/keys.pem")) { $fp = fopen(".ht-inc/keys.pem", "r"); $key = fread($fp, 8192); fclose($fp); $keys["private"] = openssl_pkey_get_private($key, $pemkey); if(! $keys['private']) fail("Could not create private key from private key file (.ht-inc/keys.pem). Try running .ht-inc/genkeys.sh again."); else { pass("successfully created private key from private key file"); $privkeyok = 1; } } else fail("Could not read private key file (.ht-inc/keys.pem). Check permissions on the file."); } else fail("Cannot test private key file without \$pemkey from .ht-inc/secrets.php"); if(is_readable(".ht-inc/pubkey.pem")) { $fp = fopen(".ht-inc/pubkey.pem", "r"); $key = fread($fp, 8192); fclose($fp); $keys["public"] = openssl_pkey_get_public($key); if(! $keys['public']) fail("Could not create public key from public key file (.ht-inc/pubkey.pem). Try running .ht-inc/genkeys.sh again."); else { pass("successfully created public key from public key file"); $pubkeyok = 1; } } else fail("Could not read public key file (.ht-inc/pubkey.pem). Check permissions on the file."); print "</ul>\n"; title("Testing asymmetric encryption"); print "<ul>\n"; if(! $privkeyok) fail("cannot test encryption without a valid private key"); else { if(openssl_private_encrypt('test string', $cryptdata, $keys["private"])) { pass("successfully encrypted test string"); if(! $pubkeyok) fail("cannot test decryption without a valid public key"); else { if(openssl_public_decrypt($cryptdata, $tmp, $keys['public'])) { if($tmp == 'test string') pass("successfully decrypted test string"); else fail("failed to decrypt test string"); } else fail("failed to decrypt test string"); } } else fail("failed to encrypt test data"); } print "</ul>\n"; } # check dojo directories title("Testing for existance of dojo directory"); print "<ul>\n"; if(is_dir('./dojo')) { pass("dojo directory exists"); if(is_readable('./dojo')) pass("dojo directory is readable"); else fail("dojo directory is not readable. Check permissions on this directory"); } else fail("dojo directory does not exist. Download and install Dojo Toolkit 1.6.5"); print "</ul>\n"; # check for spyc title("Testing for existance of spyc 0.5.1 and Spyc.php"); print "<ul>\n"; if(is_dir('./.ht-inc/spyc-0.5.1')) { pass("spyc directory exists"); if(is_readable('./.ht-inc/spyc-0.5.1')) { pass("spyc directory is readable"); if(is_file('./.ht-inc/spyc-0.5.1/Spyc.php')) { pass(".ht-inc/spyc-0.5.1/Spyc.php file exists"); if(is_readable('.ht-inc/spyc-0.5.1/Spyc.php')) pass(".ht-inc/spyc-0.5.1/Spyc.php is readable"); else fail(".ht-inc/spyc-0.5.1/Spyc.php is not readable. Check permissions on the file."); } else fail(".ht-inc/spyc-0.5.1/Spyc.php file does not exist. Reinstall Spyc 0.5.1"); } else fail("spyc-0.5.1 directory is not readable. Check permissions on this directory"); } else fail(".ht-inc/spyc-0.5.1 directory does not exist. Download and install Spyc 0.5.1"); print "</ul>\n"; # check themes directories for dojo content having been copied in title("Checking themes for dojo css"); print "<ul>\n"; $themes = scandir('themes'); foreach($themes as $theme) { if($theme == '.' || $theme == '..' || $theme == 'copydojocss.sh') continue; if(is_dir("themes/$theme/css/dojo") && is_file("themes/$theme/css/dojo/{$theme}.css")) pass("themes/$theme has had dojo css copied to it"); else fail("themes/$theme is missing dojo css. Run themes/copydojocss.sh from the themes directory to correct this if you want to use this theme."); } print "</ul>\n"; # php display errors title("Checking value of PHP display_errors"); $a = ini_get('display_errors'); print "<ul>\n"; if($a == 'Off' || $a == 'off' || $a == '') print "<li>display_errors: disabled</li>\n"; elseif($a == 'On' || $a == 'on' || $a == 1) print "<li>display_errors: enabled</li>\n"; else fail("failed to determine value of display_errors"); ?> <li>NOTE: Displaying errors in a production system is a security risk; however, while getting VCL up and running, having them displayed makes debugging a little easier. Edit your php.ini file to modify this setting.</li> </ul> <?php print "Done"; print "</body></html>\n"; ?>

web/testsetup.php (575 lines of code) (raw):