[ Index ]

PHP Cross Reference of Eventum

title

Body

[close]

/setup/ -> check_permissions.php (source)

   1  <?php
   2  require_once(dirname(__FILE__) . "/../init.php");
   3  
   4  clearstatcache();
   5  
   6  echo "<html>
   7  <head>
   8  <link rel=\"stylesheet\" href=\"../css/style.css\" type=\"text/css\">
   9  </head>
  10  <body>";
  11  
  12  echo "<p class=\"default\">This script checks your eventum directory for permission problems. Since different hosts will have
  13  permissions setup differently this script cannot automatically fix permission problems.</p>
  14  <p class=\"default\">As a general rule, your webserver should be running as 'nobody' (a user with few permissions)
  15  and your files should not be writable from the web. Only your logs (" . APP_LOG_PATH . ") and setup (" . 
  16  APP_SETUP_FILE . ") files need to be writable by the web server.</p>";
  17  
  18  echo "<table cellpadding=\"3\">
  19          <tr class=\"default\">
  20            <th style=\"border: 1px solid black;\">Title</th>
  21            <th style=\"border: 1px solid black;\">Path</th>
  22            <th style=\"border: 1px solid black;\">Is Readable?</th>
  23            <th style=\"border: 1px solid black;\">Is Writeable?</th>
  24            <th style=\"border: 1px solid black;\">Comments</th>
  25          </tr>";
  26  
  27  // check if base directory is writeable
  28  check_file("Base Directory", APP_PATH, "Base directory should be read only by your web server.", "r");
  29  
  30  check_file("Log Directory", APP_LOG_PATH, "Log directory should be writable by your webserver. However, your web
  31      server should <b>NOT</b> be able to read this directory to prevent outsiders from viewing your logs.", "w");
  32  
  33  check_file("Setup File", APP_SETUP_FILE, "The setup file should be both readable and writable from your web server.
  34      The setup file is used to store general settings.<br /><b>Note:</b> Once you have eventum configured, you can 
  35      mark this file as 'read only' if you want.", "rw");
  36  
  37  echo "</table>
  38  <p class=\"default\">Once you are done setting permissions, you should remove or restrict access to this setup directory (" . APP_PATH . "setup/).</p>
  39  </body>
  40  </html>";
  41  
  42  function check_file($title, $path, $comment, $desired_permission)
  43  {
  44      $readable = is_readable($path);
  45      $writeable = is_writable($path);
  46      
  47      $needs_attention = false;
  48      if (($desired_permission == "r") && (($writeable == true) || ($readable == false))) {
  49          $needs_attention = true;
  50      } elseif (($desired_permission == "w") && (($writeable == false) || ($readable == true))) {
  51          $needs_attention = true;
  52      } elseif (($desired_permission == "rw") && (($writeable == false) || ($readable == false))) {
  53          $needs_attention = true;
  54      }
  55      
  56          
  57      if ($needs_attention) {
  58          $color = "red";
  59      } else {
  60          $color = "green";
  61      }
  62      
  63      echo "<tr class=\"default\">
  64              <td style=\"border: 1px solid black;\">$title</td>
  65              <td style=\"border: 1px solid black;\">$path</td>
  66              <td align=\"center\" style=\"border: 1px solid black;\">" . ($readable == true ? "yes" : "no") . "</td>
  67              <td align=\"center\" style=\"border: 1px solid black;\">" . ($writeable == true ? "yes" : "no") . "</td>
  68              <td style=\"border: 1px solid black;\"><span style=\"color: $color\">$comment</span></td>
  69            </tr>";
  70  }


Generated: Wed Dec 19 21:21:33 2007 Cross-referenced by PHPXref 0.7