dolibarr  16.0.5
security.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2013-2019 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <https://www.gnu.org/licenses/>.
16  */
17 
23 require '../../main.inc.php';
24 require_once DOL_DOCUMENT_ROOT.'/core/lib/memory.lib.php';
25 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
26 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
27 require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';
28 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
29 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
30 require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';
31 
32 // Load translation files required by the page
33 $langs->loadLangs(array("install", "other", "admin", "errors"));
34 
35 if (!$user->admin) {
37 }
38 
39 if (GETPOST('action', 'aZ09') == 'donothing') {
40  exit;
41 }
42 
43 $execmethod = empty($conf->global->MAIN_EXEC_USE_POPEN) ? 1 : $conf->global->MAIN_EXEC_USE_POPEN;
44 
45 
46 /*
47  * View
48  */
49 
50 llxHeader();
51 
52 print load_fiche_titre($langs->trans("Security"), '', 'title_setup');
53 
54 print '<span class="opacitymedium">'.$langs->trans("YouMayFindSecurityAdviceHere", 'hhttps://wiki.dolibarr.org/index.php/Security_information').'</span> (<a href="'.$_SERVER["PHP_SELF"].'">'.$langs->trans("Reload").'</a>)<br>';
55 print '<br>';
56 
57 print load_fiche_titre($langs->trans("PHPSetup"), '', 'folder');
58 
59 // Get version of PHP
60 $phpversion = version_php();
61 print "<strong>PHP</strong>: ".$langs->trans("Version").": ".$phpversion;
62 if (function_exists('php_ini_loaded_file')) {
63  $inipath = php_ini_loaded_file();
64  print " - <strong>INI</strong>: ".$inipath;
65 }
66 print "<br>\n";
67 
68 // Get version of web server
69 print "<br><strong>Web server - ".$langs->trans("Version")."</strong>: ".$_SERVER["SERVER_SOFTWARE"]."<br>\n";
70 print '<strong>'.$langs->trans("DataRootServer")."</strong>: ".DOL_DATA_ROOT."<br>\n";
71 // Web user group by default
72 $labeluser = dol_getwebuser('user');
73 $labelgroup = dol_getwebuser('group');
74 if ($labeluser && $labelgroup) {
75  print '<strong>'.$langs->trans("WebUserGroup")." (env vars)</strong> : ".$labeluser.':'.$labelgroup;
76  if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) {
77  $arrayofinfoofuser = posix_getpwuid(posix_geteuid());
78  print ' <span class="opacitymedium">(POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')</span><br>'."\n";
79  }
80 }
81 // Web user group real (detected by 'id' external command)
82 if (function_exists('exec')) {
83  $arrayout = array(); $varout = 0;
84  exec('id', $arrayout, $varout);
85  if (empty($varout)) { // Test command is ok. Work only on Linux OS.
86  print '<strong>'.$langs->trans("WebUserGroup")." (real, 'id' command)</strong> : ".join(',', $arrayout)."<br>\n";
87  }
88 }
89 print '<br>';
90 
91 print "<strong>PHP session.use_strict_mode</strong> = ".(ini_get('session.use_strict_mode') ? '' : img_warning().' ').(ini_get('session.use_strict_mode') ? ini_get('session.use_strict_mode') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
92 print "<strong>PHP session.use_only_cookies</strong> = ".(ini_get('session.use_only_cookies') ? '' : img_warning().' ').(ini_get('session.use_only_cookies') ? ini_get('session.use_only_cookies') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
93 print "<strong>PHP session.cookie_httponly</strong> = ".(ini_get('session.cookie_httponly') ? '' : img_warning().' ').(ini_get('session.cookie_httponly') ? ini_get('session.cookie_httponly') : '').' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", '1').")</span><br>\n";
94 print "<strong>PHP session.cookie_samesite</strong> = ".(ini_get('session.cookie_samesite') ? ini_get('session.cookie_samesite') : 'None');
95 if (!ini_get('session.cookie_samesite') || ini_get('session.cookie_samesite') == 'Lax') {
96  print ' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'Lax').")</span>";
97 } elseif (ini_get('session.cookie_samesite') == 'Strict') {
98  print ' &nbsp; '.img_warning().' <span class="opacitymedium">'.$langs->trans("WarningPaypalPaymentNotCompatibleWithStrict")."</span>";
99 }
100 print "<br>\n";
101 print "<strong>PHP open_basedir</strong> = ".(ini_get('open_basedir') ? ini_get('open_basedir') : yn(0).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("ARestrictedPath").', '.$langs->transnoentitiesnoconv("Example").': '.$_SERVER["DOCUMENT_ROOT"].','.DOL_DATA_ROOT).')</span>')."<br>\n";
102 print "<strong>PHP short_open_tag</strong> = ".((empty(ini_get('short_open_tag')) || ini_get('short_open_tag') == 'Off') ? yn(0) : img_warning().' '.yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).')</span>'."<br>\n";
103 print "<strong>PHP allow_url_fopen</strong> = ".(ini_get('allow_url_fopen') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_fopen') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
104 print "<strong>PHP allow_url_include</strong> = ".(ini_get('allow_url_include') ? img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' '.ini_get('allow_url_include') : yn(0)).' &nbsp; <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("No")).")</span><br>\n";
105 //print "<strong>PHP safe_mode</strong> = ".(ini_get('safe_mode') ? ini_get('safe_mode') : yn(0)).' &nbsp; <span class="opacitymedium">'.$langs->trans("Deprecated")." (removed in PHP 5.4)</span><br>\n";
106 print "<strong>PHP disable_functions</strong> = ";
107 $arrayoffunctionsdisabled = explode(',', ini_get('disable_functions'));
108 $arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals');
109 if ($execmethod == 1) {
110  $arrayoffunctionstodisable2 = explode(',', 'passthru,shell_exec,system,proc_open,popen');
111  $functiontokeep = 'exec';
112 } else {
113  $arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open');
114  $functiontokeep = 'popen';
115 }
116 $i = 0;
117 foreach ($arrayoffunctionsdisabled as $functionkey) {
118  if ($i > 0) {
119  print ', ';
120  }
121  print '<span class="opacitymedium">'.$functionkey.'</span>';
122  $i++;
123 }
124 print "<br>\n";
125 $todisabletext = '';
126 $i = 0;
127 foreach ($arrayoffunctionstodisable as $functiontodisable) {
128  if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
129  if ($i > 0) {
130  $todisabletext .= ', ';
131  }
132  $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' <span class="opacitymedium">'.$functiontodisable.'</span>';
133  $i++;
134  }
135 }
136 if ($todisabletext) {
137  print $langs->trans("YouShouldDisablePHPFunctions").': '.$todisabletext;
138  print '<br>';
139 }
140 $todisabletext = '';
141 $i = 0;
142 foreach ($arrayoffunctionstodisable2 as $functiontodisable) {
143  if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
144  if ($i > 0) {
145  $todisabletext .= ', ';
146  }
147  $todisabletext .= img_picto($langs->trans("YouShouldSetThisToOff"), 'warning').' <span class="opacitymedium">'.$functiontodisable.'</span>';
148  $i++;
149  }
150 }
151 if ($todisabletext) {
152  print $langs->trans("IfCLINotRequiredYouShouldDisablePHPFunctions").': '.$todisabletext;
153  print '<br>';
154 }
155 
156 print $langs->trans("PHPFunctionsRequiredForCLI").': ';
157 if (in_array($functiontokeep, $arrayoffunctionsdisabled)) {
158  print img_picto($langs->trans("PHPFunctionsRequiredForCLI"), 'warning');
159 }
160 print '<span class="opacitymedium">'.$functiontokeep.'</span>';
161 print '<br>';
162 
163 print '<br>';
164 
165 // XDebug
166 print '<strong>'.$langs->trans("XDebug").'</strong>: ';
167 $test = !function_exists('xdebug_is_enabled') && !extension_loaded('xdebug');
168 if ($test) {
169  print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
170 } else {
171  print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("XDebug"));
172  print ' - '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php">XDebug admin page</a>';
173 }
174 print '<br>';
175 
176 
177 // OS Permissions
178 
179 print '<br>';
180 print '<br>';
181 print '<br>';
182 print load_fiche_titre($langs->trans("OSSetup").' - '.$langs->trans("PermissionsOnFiles"), '', 'folder');
183 
184 print '<strong>'.$langs->trans("PermissionsOnFilesInWebRoot").'</strong>: ';
185 $arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1);
186 $fileswithwritepermission = array();
187 foreach ($arrayoffilesinroot as $fileinroot) {
188  // Test if there is at least one write permission file. If yes, add the entry into array $fileswithwritepermission
189  if (isset($fileinroot['perm']) && ($fileinroot['perm'] & 0222)) {
190  $fileswithwritepermission[] = $fileinroot['relativename'];
191  }
192 }
193 if (empty($fileswithwritepermission)) {
194  print img_picto('', 'tick').' '.$langs->trans("NoWritableFilesFoundIntoRootDir");
195 } else {
196  print img_warning().' '.$langs->trans("SomeFilesOrDirInRootAreWritable");
197  print '<br>'.$langs->trans("Example").': ';
198  $i = 0;
199  foreach ($fileswithwritepermission as $filewithwritepermission) {
200  if ($i > 0) {
201  print ', ';
202  }
203  print '<span class="opacitymedium">'.$filewithwritepermission.'</span>';
204  if ($i > 20) {
205  print ' ...';
206  break;
207  }
208  $i++;
209  }
210 }
211 print '<br>';
212 print '<br>';
213 
214 print '<strong>'.$langs->trans("PermissionsOnFile", $conffile).'</strong>: '; // $conffile is defined into filefunc.inc.php
215 $perms = fileperms($dolibarr_main_document_root.'/'.$conffile);
216 if ($perms) {
217  if (($perms & 0x0004) || ($perms & 0x0002)) {
218  print img_warning().' '.$langs->trans("ConfFileIsReadableOrWritableByAnyUsers");
219  // Web user group by default
220  $labeluser = dol_getwebuser('user');
221  $labelgroup = dol_getwebuser('group');
222  print ' '.$langs->trans("User").': '.$labeluser.':'.$labelgroup;
223  if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) {
224  $arrayofinfoofuser = posix_getpwuid(posix_geteuid());
225  print ' <span class="opacitymedium">(POSIX '.$arrayofinfoofuser['name'].':'.$arrayofinfoofuser['gecos'].':'.$arrayofinfoofuser['dir'].':'.$arrayofinfoofuser['shell'].')</span>';
226  }
227  } else {
228  print img_picto('', 'tick');
229  }
230 } else {
231  print img_warning().' '.$langs->trans("FailedToReadFile", $conffile);
232 }
233 print '<br>';
234 print '<br>';
235 
236 $installlock = DOL_DATA_ROOT.'/install.lock';
237 print '<strong>'.$langs->trans("DolibarrSetup").'</strong>: ';
238 if (file_exists($installlock)) {
239  print img_picto('', 'tick').' '.$langs->trans("InstallAndUpgradeLockedBy", $installlock);
240 } else {
241  print img_warning().' '.$langs->trans("WarningLockFileDoesNotExists", DOL_DATA_ROOT);
242 }
243 print '<br>';
244 
245 
246 // File conf.php
247 
248 print '<br>';
249 print '<br>';
250 print '<br>';
251 print load_fiche_titre($langs->trans("ConfigurationFile").' ('.$conffile.')', '', 'folder');
252 
253 print '<strong>$dolibarr_main_prod</strong>: '.($dolibarr_main_prod ? $dolibarr_main_prod : '0');
254 if (empty($dolibarr_main_prod)) {
255  print ' &nbsp; '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1);
256 }
257 print '<br>';
258 
259 print '<strong>$dolibarr_nocsrfcheck</strong>: '.(empty($dolibarr_nocsrfcheck) ? '0' : $dolibarr_nocsrfcheck);
260 if (!empty($dolibarr_nocsrfcheck)) {
261  print ' &nbsp; '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
262 } else {
263  print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0)</span>';
264 }
265 print '<br>';
266 
267 print '<strong>$dolibarr_main_restrict_ip</strong>: ';
268 if (empty($dolibarr_main_restrict_ip)) {
269  print $langs->trans("None");
270  //print ' <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')</span>';
271 } else {
272  print $dolibarr_main_restrict_ip;
273 }
274 print '<br>';
275 
276 print '<strong>$dolibarr_main_restrict_os_commands</strong>: ';
277 if (empty($dolibarr_main_restrict_os_commands)) {
278  print $langs->trans("None");
279 } else {
280  print $dolibarr_main_restrict_os_commands;
281 }
282 print ' <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", 'mysqldump, mysql, pg_dump, pgrestore').')</span>';
283 print '<br>';
284 
285 if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) {
286  print '<strong>$dolibarr_main_db_pass</strong>: ';
287  if (!empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
288  print img_picto('', 'warning').' '.$langs->trans("DatabasePasswordNotObfuscated").' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("SetOptionTo", $langs->transnoentitiesnoconv("MainDbPasswordFileConfEncrypted"), yn(1)).')</span>';
289  //print ' <span class="opacitymedium">('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')</span>';
290  } else {
291  print img_picto('', 'tick').' '.$langs->trans("DatabasePasswordObfuscated");
292  }
293 
294  print '<br>';
295 }
296 
297 
298 
299 // Menu security
300 
301 print '<br>';
302 print '<br>';
303 print '<br>';
304 
305 print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
306 
307 
308 print '<strong>'.$langs->trans("UseCaptchaCode").'</strong>: ';
309 print empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? '' : img_picto('', 'tick').' ';
310 print yn(empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? 0 : 1);
311 print '<br>';
312 print '<br>';
313 
314 
315 print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
316 print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? '' : img_picto('', 'tick').' ';
317 print yn(empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? 0 : 1);
318 if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) {
319  print ' &nbsp; - '.$conf->global->MAIN_ANTIVIRUS_COMMAND;
320  if (defined('MAIN_ANTIVIRUS_COMMAND') && !defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
321  print ' - <span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
322  }
323 }
324 print '<br>';
325 print '<br>';
326 
327 $securityevent = new Events($db);
328 $eventstolog = $securityevent->eventstolog;
329 
330 print '<strong>'.$langs->trans("AuditedSecurityEvents").'</strong>: ';
331 $out = '';
332 if (!empty($eventstolog) && is_array($eventstolog)) {
333  // Loop on each event type
334  $i = 0;
335  foreach ($eventstolog as $key => $arr) {
336  if ($arr['id']) {
337  $key = 'MAIN_LOGEVENTS_'.$arr['id'];
338  $value = empty($conf->global->$key) ? '' : $conf->global->$key;
339  if ($value) {
340  if ($i > 0) {
341  $out .= ', ';
342  }
343  $out .= '<span class="opacitymedium">'.$key.'</span>';
344  $i++;
345  }
346  }
347  }
348  print $out;
349 }
350 
351 if (empty($out)) {
352  print img_warning().' '.$langs->trans("NoSecurityEventsAreAduited", $langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Security").' - '.$langs->transnoentities("Audit")).'<br>';
353 }
354 
355 print '<br>';
356 
357 
358 // Modules/Applications
359 
360 print '<br>';
361 print '<br>';
362 print '<br>';
363 print load_fiche_titre($langs->trans("Modules"), '', 'folder');
364 
365 // Module log
366 print '<strong>'.$langs->trans("Syslog").'</strong>: ';
367 $test = empty($conf->syslog->enabled);
368 if ($test) {
369  print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
370 } else {
371  if ($conf->global->SYSLOG_LEVEL > LOG_NOTICE) {
372  print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedWithTooHighLogLevel", $langs->transnoentities("Syslog"));
373  } else {
374  print img_picto('', 'tick.png').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), $conf->global->SYSLOG_LEVEL);
375  }
376  //print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
377 }
378 print '<br>';
379 
380 // Module debugbar
381 print '<strong>'.$langs->trans("DebugBar").'</strong>: ';
382 $test = empty($conf->debugbar->enabled);
383 if ($test) {
384  print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis");
385 } else {
386  print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar"));
387  //print ' '.$langs->trans("MoreInformation").' <a href="'.DOL_URL_ROOT.'/admin/system/xdebug.php'.'">XDebug admin page</a>';
388 }
389 print '<br>';
390 
391 
392 // APIs
393 
394 print '<br>';
395 print '<br>';
396 print '<br>';
397 print load_fiche_titre($langs->trans("API"), '', 'folder');
398 
399 if (empty($conf->api->enabled) && empty($conf->webservices->enabled)) {
400  print $langs->trans("APIsAreNotEnabled");
401 } else {
402  if (!empty($conf->webservices->enabled)) {
403  print $langs->trans('YouEnableDeprecatedWSAPIsUseRESTAPIsInstead')."<br>\n";
404  print '<br>';
405  }
406  if (!empty($conf->api->enabled)) {
407  print '<strong>API_ENDPOINT_RULES</strong> = '.(empty($conf->global->API_ENDPOINT_RULES) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Example").': login:0,users:0,setup:1,status:1,tickets:1,...)</span>' : $conf->global->API_ENDPOINT_RULES)."<br>\n";
408  print '<br>';
409  }
410 }
411 
412 
413 print '<br><br>';
414 
415 
416 print '<br>';
417 
418 
419 print load_fiche_titre($langs->trans("OtherSetup"), '', 'folder');
420 
421 
422 //print '<strong>'.$langs->trans("PasswordEncryption").'</strong>: ';
423 print '<strong>MAIN_SECURITY_HASH_ALGO</strong> = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_HASH_ALGO)." &nbsp; ";
424 if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) {
425  print '<span class="opacitymedium"> &nbsp; &nbsp; If unset: \'md5\'</span>';
426 }
427 if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
428  print '<br><strong>MAIN_SECURITY_SALT</strong> = '.(empty($conf->global->MAIN_SECURITY_SALT) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_SALT).'<br>';
429 } else {
430  print '<span class="opacitymedium">('.$langs->trans("Recommended").': password_hash)</span>';
431  print '<br>';
432 }
433 if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
434  print '<div class="info">The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.<br>';
435  print 'If you really want to switch, you must:<br>';
436  print '- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'<br>';
437  print '- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password<br>';
438  print '- You can now logout and login with this new password. You must now reset password of all other users.<br>';
439  print '</div><br>';
440 }
441 print '<br>';
442 
443 print '<strong>MAIN_SECURITY_ANTI_SSRF_SERVER_IP</strong> = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span> &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': List of static IPs of server separated with coma - '.$langs->trans("Note").': common loopback ip like 127.*.*.*, [::1] are already added)</span>' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."<br>";
444 print '<br>';
445 
446 print '<strong>MAIN_ALLOW_SVG_FILES_AS_IMAGES</strong> = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 0)</span><br>';
447 print '<br>';
448 
449 print '<strong>MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE</strong> = '.(empty($conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 1)</span><br>';
450 print '<br>';
451 
452 print '<strong>MAIN_SECURITY_CSRF_WITH_TOKEN</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': 2)</span>'."<br>";
453 print '<br>';
454 
455 print '<br>';
456 print '<br>';
457 
458 
459 print load_fiche_titre($langs->trans("OtherSetup").' ('.$langs->trans("Experimental").')', '', 'folder');
460 
461 print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(empty($conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1)</span>' : $conf->global->MAIN_RESTRICTHTML_ONLY_VALID_HTML)."<br>";
462 print '<br>';
463 
464 print '<strong>MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES</strong> = '.(empty($conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 1)</span>' : $conf->global->MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES)."<br>";
465 print '<br>';
466 
467 print '<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.(empty($conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL) ? '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 0)</span>' : $conf->global->MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL)."<br>";
468 print '<br>';
469 
470 print '<strong>MAIN_EXEC_USE_POPEN</strong> = ';
471 if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
472  print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>';
473 } else {
474  print $conf->global->MAIN_EXEC_USE_POPEN;
475 }
476 if ($execmethod == 1) {
477  print '<span class="opacitymedium">, "exec" PHP method will be used for shell commands';
478  print ' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)';
479  print '</span>';
480 }
481 if ($execmethod == 2) {
482  print '<span class="opacitymedium">, "popen" PHP method will be used for shell commands';
483  print ' &nbsp; ('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' 1)';
484  print '</span>';
485 }
486 print "<br>";
487 print '<br>';
488 
489 
490 // End of page
491 llxFooter();
492 $db->close();
yn
yn($yesno, $case=1, $color=0)
Return yes or no in current language.
Definition: functions.lib.php:6491
llxFooter
llxFooter()
Empty footer.
Definition: wrapper.php:73
load_fiche_titre
load_fiche_titre($titre, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='')
Load a title with picto.
Definition: functions.lib.php:5204
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:484
img_warning
img_warning($titlealt='default', $moreatt='', $morecss='pictowarning')
Show warning logo.
Definition: functions.lib.php:4521
Events
Events class.
Definition: events.class.php:29
dol_dir_list
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0)
Scan a directory and return a list of files/directories.
Definition: files.lib.php:60
img_picto
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
Definition: functions.lib.php:3880
version_php
version_php()
Return PHP version.
Definition: functions2.lib.php:1885
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Definition: security.lib.php:933
dol_getwebuser
dol_getwebuser($mode)
Return user/group account of web server.
Definition: security2.lib.php:35
llxHeader
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOCSRFCHECK')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Definition: wrapper.php:59