WebSVN – oidplus – Diff – /trunk/plugins/viathinksoft/adminPages/902_systemfile_check/OIDplusPageAdminSystemFileCheck.class.php


<?php
 
/*
 * OIDplus 2.0
 * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
if (!defined('INSIDE_OIDPLUS')) die();
 
class OIDplusPageAdminSystemFileCheck extends OIDplusPagePluginAdmin {
 
        public function init($html=true) {
        }
 
        public function action($actionID, $params) {
        }
 
        public function gui($id, &$out, &$handled) {
                $parts = explode('.',$id,2);
                if (!isset($parts[1])) $parts[1] = '';
                if ($parts[0] == 'oidplus:system_file_check') {
                        @set_time_limit(0);
 
                        $handled = true;
                        $out['title'] = _L('System file check');
                        $out['icon']  = OIDplus::webpath(__DIR__).'icon_big.png';
 
                        if (!OIDplus::authUtils()->isAdminLoggedIn()) {
                                $out['icon'] = 'img/error_big.png';
                                $out['text'] = '<p>'._L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')).'</p>';
                                return;
                        }
 
                        $out['text'] = '<p>'._L('This tool compares the checksums of the files of your OIDplus installation with the checksums of the OIDplus original SVN version.').'<br>';
                        $out['text'] .= _L('Differences could have various reasons, for example, a hotfix you have applied.').'<br>';
                        $out['text'] .= _L('The folders "userdata" and "userdata_pub" as well as third-party-plugins (folder "plugins" excluding "viathinksoft") are not listed.').'</p>';
                        $out['text'] .= '<p>'._L('Please note: If you believe that you were hacked, you should not trust the output of this tool, because it might be compromised, too.').'</p>';
 
                        $ver = OIDplus::getVersion();
                        if (substr($ver,0,4) !== 'svn-') {
                                $out['text'] = '<p><font color="red">'.strtoupper(_L('Error')).': '._L('Cannot determine version of the system').'</font></p>';
                                return;
                        }
                        $ver = substr($ver,strlen('svn-'));
 
 
                        $out['text'] .= '<h2>'._L('Result (comparison with SVN revision %1)', $ver).'</h2>';
 
                        $out['text'] .= '<pre>';
 
                        try {
                                $mine = self::getDirContents(OIDplus::localpath());
                                $theirs = self::checksumFileToArray(sprintf(OIDplus::getEditionInfo()['checksum_file'],$ver));
                                if ($theirs === false) {
                                        throw new OIDplusException(_L("Cannot download checksum file. Please try again later."));
                                }
 
                                $num = 0;
 
                                foreach ($mine as $filename_old => $hash_old) {
                                        $filename_old = str_replace('\\', '/', $filename_old);
                                        if (!isset($theirs[$filename_old])) {
                                                if (
                                                  (substr($filename_old, 0, strlen('userdata/')) !== 'userdata/') &&
                                                  (substr($filename_old, 0, strlen('userdata_pub/')) !== 'userdata_pub/') &&
 
                                                  // Don't list third-party plugins
                                                  ((
                                                    (substr($filename_old, 0, strlen('plugins/')) === 'plugins/') &&
                                                    (
                                                      (explode('/',$filename_old)[1] === 'viathinksoft') ||
                                                      (explode('/',$filename_old)[1] === 'index.html') ||
                                                      (substr(explode('/',$filename_old)[1],-4) === '.xsd')
                                                    )
                                                  ) || (substr($filename_old, 0, strlen('plugins/')) !== 'plugins/')) &&
 
                                                  ($filename_old !== 'oidplus_version.txt') &&
                                                  ($filename_old !== '.version.php') &&
                                                  ($filename_old !== 'composer.lock')
                                                ){
                                                        $num++;
                                                        if (is_dir(OIDplus::localpath().$filename_old)) {
                                                                $out['text'] .= "<b>"._L('Additional directory').":</b> $filename_old\n";
                                                        } else {
                                                                $out['text'] .= "<b>"._L('Additional file').":</b> $filename_old\n";
                                                        }
                                                }
                                        }
                                }
 
                                foreach ($theirs as $filename_new => $hash_new) {
                                        if (!isset($mine[$filename_new])) {
                                                $num++;
                                                $out['text'] .= "<b>"._L('Missing file').":</b> $filename_new\n";
                                        }
                                }
 
                                foreach ($mine as $filename_old => $hash_old) {
                                        if (isset($theirs[$filename_old])) {
                                                $hash_new = $theirs[$filename_old];
                                                if ($hash_old != $hash_new) {
                                                        $num++;
                                                        $out['text'] .= "<b>"._L('Checksum mismatch').":</b> $filename_old (<a target=\"_blank\" href=\"https://svn.viathinksoft.com/cgi-bin/viewvc.cgi/oidplus/trunk/$filename_old?revision=$ver&view=co\">"._L('Expected file contents')."</a>)\n";
                                                }
                                        }
                                }
 
                                if ($num == 0) {
                                        $out['text'] .= _L('Everything OK!');
                                }
                        } catch (Exception $e) {
                                $out['text'] .= strtoupper(_L('Error')).': '.htmlentities($e->getMessage());
                        }
 
                        $out['text'] .= '</pre>';
                } else {
                        $handled = false;
                }
        }
 
        public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
                if (!OIDplus::authUtils()->isAdminLoggedIn()) return false;
 
                if (file_exists(__DIR__.'/treeicon.png')) {
                        $tree_icon = OIDplus::webpath(__DIR__).'treeicon.png';
                } else {
                        $tree_icon = null; // default icon (folder)
                }
 
                $json[] = array(
                        'id' => 'oidplus:system_file_check',
                        'icon' => $tree_icon,
                        'text' => _L('System file check')
                );
 
                return true;
        }
 
        public function tree_search($request) {
                return false;
        }
 
        private static function getDirContents($dir, $basepath = null, &$results = array()) {
                if (is_null($basepath)) $basepath = $dir;
                $basepath = realpath($basepath) . DIRECTORY_SEPARATOR;
                $dir = realpath($dir) . DIRECTORY_SEPARATOR;
                $files = scandir($dir);
                foreach ($files as $file) {
                        $path = realpath($dir . DIRECTORY_SEPARATOR . $file);
                        if (!is_dir($path)) {
                                $xpath = substr($path, strlen($basepath));
                                $xpath = str_replace('\\', '/', $xpath);
                                $results[$xpath] = hash_file('sha256', $path);
                        } else if ($file != "." && $file != ".." && $file != ".svn" && $file != ".git") {
                                self::getDirContents($path, $basepath, $results);
                                $xpath = substr($path, strlen($basepath));
                                $xpath = str_replace('\\', '/', $xpath);
                                $results[$xpath] = hash('sha256', '');
                        }
                }
                return $results;
        }
 
        private static function checksumFileToArray($checksumfile) {
                $out = array();
 
                $cont = url_get_contents($checksumfile);
                if ($cont === false) return false;
                $lines = explode("\n", $cont);
 
                foreach ($lines as $line) {
                        $line = trim($line);
                        if ($line == '') continue;
                        list($hash, $filename) = explode("\t",$line);
                        if (substr($filename,0,strlen('trunk/')) == 'trunk/') {
                                $out[substr($filename,strlen('trunk/'))] = $hash;
                        }
                }
                return $out;
        }
 
}
 

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/adminPages/902_systemfile_check/OIDplusPageAdminSystemFileCheck.class.php – Rev 661 → 699

Rev 661		Rev 699
1	<?php	1	<?php
2		2
3	/*	3	/*
4	* OIDplus 2.0	4	* OIDplus 2.0
5	* Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft	5	* Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
6	*	6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");	7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.	8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at	9	* You may obtain a copy of the License at
10	*	10	*
11	* http://www.apache.org/licenses/LICENSE-2.0	11	* http://www.apache.org/licenses/LICENSE-2.0
12	*	12	*
13	* Unless required by applicable law or agreed to in writing, software	13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,	14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and	16	* See the License for the specific language governing permissions and
17	* limitations under the License.	17	* limitations under the License.
18	*/	18	*/
19		19
20	if (!defined('INSIDE_OIDPLUS')) die();	20	if (!defined('INSIDE_OIDPLUS')) die();
21		21
22	class OIDplusPageAdminSystemFileCheck extends OIDplusPagePluginAdmin {	22	class OIDplusPageAdminSystemFileCheck extends OIDplusPagePluginAdmin {
23		23
24	public function init($html=true) {	24	public function init($html=true) {
25	}	25	}
26		26
27	public function action($actionID, $params) {	27	public function action($actionID, $params) {
28	}	28	}
29		29
30	public function gui($id, &$out, &$handled) {	30	public function gui($id, &$out, &$handled) {
31	$parts = explode('.',$id,2);	31	$parts = explode('.',$id,2);
32	if (!isset($parts[1])) $parts[1] = '';	32	if (!isset($parts[1])) $parts[1] = '';
33	if ($parts[0] == 'oidplus:system_file_check') {	33	if ($parts[0] == 'oidplus:system_file_check') {
34	@set_time_limit(0);	34	@set_time_limit(0);
35		35
36	$handled = true;	36	$handled = true;
37	$out['title'] = _L('System file check');	37	$out['title'] = _L('System file check');
38	$out['icon'] = OIDplus::webpath(__DIR__).'icon_big.png';	38	$out['icon'] = OIDplus::webpath(__DIR__).'icon_big.png';
39		39
40	if (!OIDplus::authUtils()->isAdminLoggedIn()) {	40	if (!OIDplus::authUtils()->isAdminLoggedIn()) {
41	$out['icon'] = 'img/error_big.png';	41	$out['icon'] = 'img/error_big.png';
42	$out['text'] = '<p>'._L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')).'</p>';	42	$out['text'] = '<p>'._L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')).'</p>';
43	return;	43	return;
44	}	44	}
45		45
46	$out['text'] = '<p>'._L('This tool compares the checksums of the files of your OIDplus installation with the checksums of the OIDplus original SVN version.').'<br>';	46	$out['text'] = '<p>'._L('This tool compares the checksums of the files of your OIDplus installation with the checksums of the OIDplus original SVN version.').'<br>';
47	$out['text'] .= _L('Differences could have various reasons, for example, a hotfix you have applied.').'<br>';	47	$out['text'] .= _L('Differences could have various reasons, for example, a hotfix you have applied.').'<br>';
48	$out['text'] .= _L('The folders "userdata" and "userdata_pub" as well as third-party-plugins (folder "plugins" excluding "viathinksoft") are not listed.').'</p>';	48	$out['text'] .= _L('The folders "userdata" and "userdata_pub" as well as third-party-plugins (folder "plugins" excluding "viathinksoft") are not listed.').'</p>';
49	$out['text'] .= '<p>'._L('Please note: If you believe that you were hacked, you should not trust the output of this tool, because it might be compromised, too.').'</p>';	49	$out['text'] .= '<p>'._L('Please note: If you believe that you were hacked, you should not trust the output of this tool, because it might be compromised, too.').'</p>';
50		50
51	$ver = OIDplus::getVersion();	51	$ver = OIDplus::getVersion();
52	if (substr($ver,0,4) !== 'svn-') {	52	if (substr($ver,0,4) !== 'svn-') {
53	$out['text'] = '<p><font color="red">'.strtoupper(_L('Error')).': '._L('Cannot determine version of the system').'</font></p>';	53	$out['text'] = '<p><font color="red">'.strtoupper(_L('Error')).': '._L('Cannot determine version of the system').'</font></p>';
54	return;	54	return;
55	}	55	}
56	$ver = substr($ver,strlen('svn-'));	56	$ver = substr($ver,strlen('svn-'));
57		57
58		58
59	$out['text'] .= '<h2>'._L('Result (comparison with SVN revision %1)', $ver).'</h2>';	59	$out['text'] .= '<h2>'._L('Result (comparison with SVN revision %1)', $ver).'</h2>';
60		60
61	$out['text'] .= '<pre>';	61	$out['text'] .= '<pre>';
62		62
63	try {	63	try {
64	$mine = self::getDirContents(OIDplus::localpath());	64	$mine = self::getDirContents(OIDplus::localpath());
65	$theirs = self::checksumFileToArray(sprintf(parse_ini_file(__DIR__.'/consts.ini')['checksum_file'],$ver));	65	$theirs = self::checksumFileToArray(sprintf(OIDplus::getEditionInfo()['checksum_file'],$ver));
66	if ($theirs === false) {	66	if ($theirs === false) {
67	throw new OIDplusException(_L("Cannot download checksum file. Please try again later."));	67	throw new OIDplusException(_L("Cannot download checksum file. Please try again later."));
68	}	68	}
69		69
70	$num = 0;	70	$num = 0;
71		71
72	foreach ($mine as $filename_old => $hash_old) {	72	foreach ($mine as $filename_old => $hash_old) {
73	$filename_old = str_replace('\\', '/', $filename_old);	73	$filename_old = str_replace('\\', '/', $filename_old);
74	if (!isset($theirs[$filename_old])) {	74	if (!isset($theirs[$filename_old])) {
75	if (	75	if (
76	(substr($filename_old, 0, strlen('userdata/')) !== 'userdata/') &&	76	(substr($filename_old, 0, strlen('userdata/')) !== 'userdata/') &&
77	(substr($filename_old, 0, strlen('userdata_pub/')) !== 'userdata_pub/') &&	77	(substr($filename_old, 0, strlen('userdata_pub/')) !== 'userdata_pub/') &&
78		78
79	// Don't list third-party plugins	79	// Don't list third-party plugins
80	((	80	((
81	(substr($filename_old, 0, strlen('plugins/')) === 'plugins/') &&	81	(substr($filename_old, 0, strlen('plugins/')) === 'plugins/') &&
82	(	82	(
83	(explode('/',$filename_old)[1] === 'viathinksoft') \|\|	83	(explode('/',$filename_old)[1] === 'viathinksoft') \|\|
84	(explode('/',$filename_old)[1] === 'index.html') \|\|	84	(explode('/',$filename_old)[1] === 'index.html') \|\|
85	(substr(explode('/',$filename_old)[1],-4) === '.xsd')	85	(substr(explode('/',$filename_old)[1],-4) === '.xsd')
86	)	86	)
87	) \|\| (substr($filename_old, 0, strlen('plugins/')) !== 'plugins/')) &&	87	) \|\| (substr($filename_old, 0, strlen('plugins/')) !== 'plugins/')) &&
88		88
89	($filename_old !== 'oidplus_version.txt') &&	89	($filename_old !== 'oidplus_version.txt') &&
90	($filename_old !== '.version.php') &&	90	($filename_old !== '.version.php') &&
91	($filename_old !== 'composer.lock')	91	($filename_old !== 'composer.lock')
92	){	92	){
93	$num++;	93	$num++;
94	if (is_dir(OIDplus::localpath().$filename_old)) {	94	if (is_dir(OIDplus::localpath().$filename_old)) {
95	$out['text'] .= "<b>"._L('Additional directory').":</b> $filename_old\n";	95	$out['text'] .= "<b>"._L('Additional directory').":</b> $filename_old\n";
96	} else {	96	} else {
97	$out['text'] .= "<b>"._L('Additional file').":</b> $filename_old\n";	97	$out['text'] .= "<b>"._L('Additional file').":</b> $filename_old\n";
98	}	98	}
99	}	99	}
100	}	100	}
101	}	101	}
102		102
103	foreach ($theirs as $filename_new => $hash_new) {	103	foreach ($theirs as $filename_new => $hash_new) {
104	if (!isset($mine[$filename_new])) {	104	if (!isset($mine[$filename_new])) {
105	$num++;	105	$num++;
106	$out['text'] .= "<b>"._L('Missing file').":</b> $filename_new\n";	106	$out['text'] .= "<b>"._L('Missing file').":</b> $filename_new\n";
107	}	107	}
108	}	108	}
109		109
110	foreach ($mine as $filename_old => $hash_old) {	110	foreach ($mine as $filename_old => $hash_old) {
111	if (isset($theirs[$filename_old])) {	111	if (isset($theirs[$filename_old])) {
112	$hash_new = $theirs[$filename_old];	112	$hash_new = $theirs[$filename_old];
113	if ($hash_old != $hash_new) {	113	if ($hash_old != $hash_new) {
114	$num++;	114	$num++;
115	$out['text'] .= "<b>"._L('Checksum mismatch').":</b> $filename_old (<a target=\"_blank\" href=\"https://svn.viathinksoft.com/cgi-bin/viewvc.cgi/oidplus/trunk/$filename_old?revision=$ver&view=co\">"._L('Expected file contents')."</a>)\n";	115	$out['text'] .= "<b>"._L('Checksum mismatch').":</b> $filename_old (<a target=\"_blank\" href=\"https://svn.viathinksoft.com/cgi-bin/viewvc.cgi/oidplus/trunk/$filename_old?revision=$ver&view=co\">"._L('Expected file contents')."</a>)\n";
116	}	116	}
117	}	117	}
118	}	118	}
119		119
120	if ($num == 0) {	120	if ($num == 0) {
121	$out['text'] .= _L('Everything OK!');	121	$out['text'] .= _L('Everything OK!');
122	}	122	}
123	} catch (Exception $e) {	123	} catch (Exception $e) {
124	$out['text'] .= strtoupper(_L('Error')).': '.htmlentities($e->getMessage());	124	$out['text'] .= strtoupper(_L('Error')).': '.htmlentities($e->getMessage());
125	}	125	}
126		126
127	$out['text'] .= '</pre>';	127	$out['text'] .= '</pre>';
128	} else {	128	} else {
129	$handled = false;	129	$handled = false;
130	}	130	}
131	}	131	}
132		132
133	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {	133	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
134	if (!OIDplus::authUtils()->isAdminLoggedIn()) return false;	134	if (!OIDplus::authUtils()->isAdminLoggedIn()) return false;
135		135
136	if (file_exists(__DIR__.'/treeicon.png')) {	136	if (file_exists(__DIR__.'/treeicon.png')) {
137	$tree_icon = OIDplus::webpath(__DIR__).'treeicon.png';	137	$tree_icon = OIDplus::webpath(__DIR__).'treeicon.png';
138	} else {	138	} else {
139	$tree_icon = null; // default icon (folder)	139	$tree_icon = null; // default icon (folder)
140	}	140	}
141		141
142	$json[] = array(	142	$json[] = array(
143	'id' => 'oidplus:system_file_check',	143	'id' => 'oidplus:system_file_check',
144	'icon' => $tree_icon,	144	'icon' => $tree_icon,
145	'text' => _L('System file check')	145	'text' => _L('System file check')
146	);	146	);
147		147
148	return true;	148	return true;
149	}	149	}
150		150
151	public function tree_search($request) {	151	public function tree_search($request) {
152	return false;	152	return false;
153	}	153	}
154		154
155	private static function getDirContents($dir, $basepath = null, &$results = array()) {	155	private static function getDirContents($dir, $basepath = null, &$results = array()) {
156	if (is_null($basepath)) $basepath = $dir;	156	if (is_null($basepath)) $basepath = $dir;
157	$basepath = realpath($basepath) . DIRECTORY_SEPARATOR;	157	$basepath = realpath($basepath) . DIRECTORY_SEPARATOR;
158	$dir = realpath($dir) . DIRECTORY_SEPARATOR;	158	$dir = realpath($dir) . DIRECTORY_SEPARATOR;
159	$files = scandir($dir);	159	$files = scandir($dir);
160	foreach ($files as $file) {	160	foreach ($files as $file) {
161	$path = realpath($dir . DIRECTORY_SEPARATOR . $file);	161	$path = realpath($dir . DIRECTORY_SEPARATOR . $file);
162	if (!is_dir($path)) {	162	if (!is_dir($path)) {
163	$xpath = substr($path, strlen($basepath));	163	$xpath = substr($path, strlen($basepath));
164	$xpath = str_replace('\\', '/', $xpath);	164	$xpath = str_replace('\\', '/', $xpath);
165	$results[$xpath] = hash_file('sha256', $path);	165	$results[$xpath] = hash_file('sha256', $path);
166	} else if ($file != "." && $file != ".." && $file != ".svn" && $file != ".git") {	166	} else if ($file != "." && $file != ".." && $file != ".svn" && $file != ".git") {
167	self::getDirContents($path, $basepath, $results);	167	self::getDirContents($path, $basepath, $results);
168	$xpath = substr($path, strlen($basepath));	168	$xpath = substr($path, strlen($basepath));
169	$xpath = str_replace('\\', '/', $xpath);	169	$xpath = str_replace('\\', '/', $xpath);
170	$results[$xpath] = hash('sha256', '');	170	$results[$xpath] = hash('sha256', '');
171	}	171	}
172	}	172	}
173	return $results;	173	return $results;
174	}	174	}
175		175
176	private static function checksumFileToArray($checksumfile) {	176	private static function checksumFileToArray($checksumfile) {
177	$out = array();	177	$out = array();
178		178
179	$cont = url_get_contents($checksumfile);	179	$cont = url_get_contents($checksumfile);
180	if ($cont === false) return false;	180	if ($cont === false) return false;
181	$lines = explode("\n", $cont);	181	$lines = explode("\n", $cont);
182		182
183	foreach ($lines as $line) {	183	foreach ($lines as $line) {
184	$line = trim($line);	184	$line = trim($line);
185	if ($line == '') continue;	185	if ($line == '') continue;
186	list($hash, $filename) = explode("\t",$line);	186	list($hash, $filename) = explode("\t",$line);
187	if (substr($filename,0,strlen('trunk/')) == 'trunk/') {	187	if (substr($filename,0,strlen('trunk/')) == 'trunk/') {
188	$out[substr($filename,strlen('trunk/'))] = $hash;	188	$out[substr($filename,strlen('trunk/'))] = $hash;
189	}	189	}
190	}	190	}
191	return $out;	191	return $out;
192	}	192	}
193		193
194	}	194	}
195		195