24 require
'../../main.inc.php';
25 require_once DOL_DOCUMENT_ROOT.
'/core/lib/memory.lib.php';
26 require_once DOL_DOCUMENT_ROOT.
'/core/lib/date.lib.php';
27 require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
28 require_once DOL_DOCUMENT_ROOT.
'/core/lib/geturl.lib.php';
29 require_once DOL_DOCUMENT_ROOT.
'/core/lib/functions2.lib.php';
30 require_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
31 require_once DOL_DOCUMENT_ROOT.
'/core/class/events.class.php';
34 $langs->loadLangs(array(
"install",
"other",
"admin",
"errors"));
40 if (
GETPOST(
'action',
'aZ09') ==
'donothing') {
57 print
'<span class="opacitymedium">'.$langs->trans(
"YouMayFindSecurityAdviceHere",
'hhttps://wiki.dolibarr.org/index.php/Security_information').
'</span>';
58 print
' ';
59 print
'<a href="'.$_SERVER[
"PHP_SELF"].
'">';
60 print
img_picto($langs->trans(
"Reload"),
'refresh').
' ';
61 print $langs->trans(
"Reload");
70 print
"<strong>PHP</strong>: ".$langs->trans(
"Version").
": ".$phpversion;
71 if (function_exists(
'php_ini_loaded_file')) {
72 $inipath = php_ini_loaded_file();
73 print
" - <strong>INI</strong>: ".$inipath;
78 print
"<br><strong>Web server - ".$langs->trans(
"Version").
"</strong>: ".$_SERVER[
"SERVER_SOFTWARE"].
"<br>\n";
79 print
'<strong>'.$langs->trans(
"DataRootServer").
"</strong>: ".DOL_DATA_ROOT.
"<br>\n";
83 if ($labeluser && $labelgroup) {
84 print
'<strong>'.$langs->trans(
"WebUserGroup").
" (env vars)</strong> : ".$labeluser.
':'.$labelgroup;
85 if (function_exists(
'posix_geteuid') && function_exists(
'posix_getpwuid')) {
86 $arrayofinfoofuser = posix_getpwuid(posix_geteuid());
87 print
' <span class="opacitymedium">(POSIX '.$arrayofinfoofuser[
'name'].
':'.$arrayofinfoofuser[
'gecos'].
':'.$arrayofinfoofuser[
'dir'].
':'.$arrayofinfoofuser[
'shell'].
')</span><br>'.
"\n";
91 if (function_exists(
'exec')) {
92 $arrayout = array(); $varout = 0;
93 exec(
'id', $arrayout, $varout);
95 print
'<strong>'.$langs->trans(
"WebUserGroup").
" (real, 'id' command)</strong> : ".join(
',', $arrayout).
"<br>\n";
100 print
"<strong>PHP session.use_strict_mode</strong> = ".(ini_get(
'session.use_strict_mode') ?
'' :
img_warning().
' ').(ini_get(
'session.use_strict_mode') ? ini_get(
'session.use_strict_mode') :
yn(0)).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs",
'1').
")</span><br>\n";
101 print
"<strong>PHP session.use_only_cookies</strong> = ".(ini_get(
'session.use_only_cookies') ?
'' :
img_warning().
' ').(ini_get(
'session.use_only_cookies') ? ini_get(
'session.use_only_cookies') :
yn(0)).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs",
'1').
")</span><br>\n";
102 print
"<strong>PHP session.cookie_httponly</strong> = ".(ini_get(
'session.cookie_httponly') ?
'' :
img_warning().
' ').(ini_get(
'session.cookie_httponly') ? ini_get(
'session.cookie_httponly') :
'').
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs",
'1').
")</span><br>\n";
103 print
"<strong>PHP session.cookie_samesite</strong> = ".(ini_get(
'session.cookie_samesite') ? ini_get(
'session.cookie_samesite') :
'None');
104 if (!ini_get(
'session.cookie_samesite') || ini_get(
'session.cookie_samesite') ==
'Lax') {
105 print
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs",
'Lax').
")</span>";
106 } elseif (ini_get(
'session.cookie_samesite') ==
'Strict') {
107 print
' '.img_warning().
' <span class="opacitymedium">'.$langs->trans(
"WarningPaypalPaymentNotCompatibleWithStrict").
"</span>";
110 print
"<strong>PHP open_basedir</strong> = ".(ini_get(
'open_basedir') ? ini_get(
'open_basedir') :
yn(0).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs", $langs->transnoentitiesnoconv(
"ARestrictedPath").
', '.$langs->transnoentitiesnoconv(
"Example").
': '.$_SERVER[
"DOCUMENT_ROOT"].
','.DOL_DATA_ROOT).
')</span>').
"<br>\n";
111 print
"<strong>PHP short_open_tag</strong> = ".((empty(ini_get(
'short_open_tag')) || ini_get(
'short_open_tag') ==
'Off') ?
yn(0) :
img_warning().
' '.
yn(0)).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs", $langs->transnoentitiesnoconv(
"No")).
')</span>'.
"<br>\n";
112 print
"<strong>PHP allow_url_fopen</strong> = ".(ini_get(
'allow_url_fopen') ?
img_picto($langs->trans(
"YouShouldSetThisToOff"),
'warning').
' '.ini_get(
'allow_url_fopen') :
yn(0)).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs", $langs->transnoentitiesnoconv(
"No")).
")</span><br>\n";
113 print
"<strong>PHP allow_url_include</strong> = ".(ini_get(
'allow_url_include') ?
img_picto($langs->trans(
"YouShouldSetThisToOff"),
'warning').
' '.ini_get(
'allow_url_include') :
yn(0)).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs", $langs->transnoentitiesnoconv(
"No")).
")</span><br>\n";
115 print
"<strong>PHP disable_functions</strong> = ";
116 $arrayoffunctionsdisabled = explode(
',', ini_get(
'disable_functions'));
117 $arrayoffunctionstodisable = explode(
',',
'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals');
120 if ($execmethod == 1) {
121 $arrayoffunctionstodisable2 = explode(
',',
'passthru,shell_exec,system,proc_open,popen');
122 $functiontokeep =
'exec';
124 $arrayoffunctionstodisable2 = explode(
',',
'exec,passthru,shell_exec,system,proc_open');
125 $functiontokeep =
'popen';
128 foreach ($arrayoffunctionsdisabled as $functionkey) {
132 print
'<span class="opacitymedium">'.$functionkey.
'</span>';
138 foreach ($arrayoffunctionstodisable as $functiontodisable) {
139 if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
141 $todisabletext .=
', ';
143 $todisabletext .=
img_picto($langs->trans(
"YouShouldSetThisToOff"),
'warning').
' <span class="opacitymedium">'.$functiontodisable.
'</span>';
147 if ($todisabletext) {
148 print $langs->trans(
"YouShouldDisablePHPFunctions").
': '.$todisabletext;
153 foreach ($arrayoffunctionstodisable2 as $functiontodisable) {
154 if (! in_array($functiontodisable, $arrayoffunctionsdisabled)) {
156 $todisabletext .=
', ';
158 $todisabletext .=
img_picto($langs->trans(
"YouShouldSetThisToOff"),
'warning').
' <span class="opacitymedium">'.$functiontodisable.
'</span>';
162 if ($todisabletext) {
163 print $langs->trans(
"IfCLINotRequiredYouShouldDisablePHPFunctions").
': '.$todisabletext;
167 print $langs->trans(
"PHPFunctionsRequiredForCLI").
': ';
168 if (in_array($functiontokeep, $arrayoffunctionsdisabled)) {
169 print
img_picto($langs->trans(
"PHPFunctionsRequiredForCLI"),
'warning');
171 print
'<span class="opacitymedium">'.$functiontokeep.
'</span>';
174 $arrayofstreams = stream_get_wrappers();
175 if (!empty($arrayofstreams)) {
176 sort($arrayofstreams);
177 print
"<strong>PHP streams</strong> = ".(join(
',', $arrayofstreams)).
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs",
'file,http,https,php').
')</span>'.
"<br>\n";
183 print
'<strong>'.$langs->trans(
"XDebug").
'</strong>: ';
184 $test = !function_exists(
'xdebug_is_enabled') && !extension_loaded(
'xdebug');
186 print
img_picto(
'',
'tick').
' '.$langs->trans(
"NotInstalled").
' - '.$langs->trans(
"NotRiskOfLeakWithThis");
188 print
img_picto(
'',
'warning').
' '.$langs->trans(
"ModuleActivatedMayExposeInformation", $langs->transnoentities(
"XDebug"));
189 print
' - '.$langs->trans(
"MoreInformation").
' <a href="'.DOL_URL_ROOT.
'/admin/system/xdebug.php">XDebug admin page</a>';
199 print
load_fiche_titre($langs->trans(
"OSSetup").
' - '.$langs->trans(
"PermissionsOnFiles"),
'',
'folder');
201 print
'<strong>'.$langs->trans(
"PermissionsOnFilesInWebRoot").
'</strong>: ';
202 $arrayoffilesinroot =
dol_dir_list(DOL_DOCUMENT_ROOT,
'all', 1,
'', array(
'\/custom'),
'name', SORT_ASC, 4, 1,
'', 1);
203 $fileswithwritepermission = array();
204 foreach ($arrayoffilesinroot as $fileinroot) {
206 if (isset($fileinroot[
'perm']) && ($fileinroot[
'perm'] & 0222)) {
207 $fileswithwritepermission[] = $fileinroot[
'relativename'];
210 if (empty($fileswithwritepermission)) {
211 print
img_picto(
'',
'tick').
' '.$langs->trans(
"NoWritableFilesFoundIntoRootDir");
213 print
img_warning().
' '.$langs->trans(
"SomeFilesOrDirInRootAreWritable");
214 print
'<br>'.$langs->trans(
"Example").
': ';
216 foreach ($fileswithwritepermission as $filewithwritepermission) {
220 print
'<span class="opacitymedium">'.$filewithwritepermission.
'</span>';
231 print
'<strong>'.$langs->trans(
"PermissionsOnFile", $conffile).
'</strong>: ';
232 $perms = fileperms($dolibarr_main_document_root.
'/'.$conffile);
234 if (($perms & 0x0004) || ($perms & 0x0002)) {
235 print
img_warning().
' '.$langs->trans(
"ConfFileIsReadableOrWritableByAnyUsers");
239 print
' '.$langs->trans(
"User").
': '.$labeluser.
':'.$labelgroup;
240 if (function_exists(
'posix_geteuid') && function_exists(
'posix_getpwuid')) {
241 $arrayofinfoofuser = posix_getpwuid(posix_geteuid());
242 print
' <span class="opacitymedium">(POSIX '.$arrayofinfoofuser[
'name'].
':'.$arrayofinfoofuser[
'gecos'].
':'.$arrayofinfoofuser[
'dir'].
':'.$arrayofinfoofuser[
'shell'].
')</span>';
248 print
img_warning().
' '.$langs->trans(
"FailedToReadFile", $conffile);
253 $installlock = DOL_DATA_ROOT.
'/install.lock';
254 $upgradeunlock = DOL_DATA_ROOT.
'/upgrade.unlock';
255 $installmoduleslock = DOL_DATA_ROOT.
'/installmodules.lock';
258 print
'<strong>'.$langs->trans(
"DolibarrSetup").
'</strong>: ';
259 if (file_exists($installlock)) {
260 if (file_exists($upgradeunlock)) {
261 print
img_picto(
'',
'tick').
' '.$langs->trans(
"InstallLockedBy", $installlock);
263 print
img_picto(
'',
'tick').
' '.$langs->trans(
"InstallAndUpgradeLockedBy", $installlock);
266 print
img_warning().
' '.$langs->trans(
"WarningLockFileDoesNotExists", DOL_DATA_ROOT);
271 if (file_exists($installlock)) {
272 if (file_exists($upgradeunlock)) {
273 print
'<strong>'.$langs->trans(
"DolibarrUpgrade").
'</strong>: ';
274 print
img_warning().
' '.$langs->trans(
"UpgradeHasBeenUnlocked", $upgradeunlock);
280 print
'<strong>'.$langs->trans(
"DolibarrAddonInstall").
'</strong>: ';
281 if (file_exists($installmoduleslock)) {
282 print
img_picto(
'',
'tick').
' '.$langs->trans(
"InstallAndUpgradeLockedBy", $installmoduleslock);
284 print $langs->trans(
"InstallOfAddonIsNotBlocked", DOL_DATA_ROOT);
295 print
load_fiche_titre($langs->trans(
"ConfigurationFile").
' ('.$conffile.
')',
'',
'folder');
297 print
'<strong>$dolibarr_main_prod</strong>: '.($dolibarr_main_prod ? $dolibarr_main_prod :
'0');
298 if (empty($dolibarr_main_prod)) {
299 print
' '.img_picto(
'',
'warning').
' '.$langs->trans(
"IfYouAreOnAProductionSetThis", 1);
303 print
'<strong>$dolibarr_nocsrfcheck</strong>: '.(empty($dolibarr_nocsrfcheck) ?
'0' : $dolibarr_nocsrfcheck);
304 if (!empty($dolibarr_nocsrfcheck)) {
305 print
' '.img_picto(
'',
'warning').
' '.$langs->trans(
"IfYouAreOnAProductionSetThis", 0);
307 print
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': 0)</span>';
311 print
'<strong>$dolibarr_main_restrict_ip</strong>: ';
312 if (empty($dolibarr_main_restrict_ip)) {
313 print $langs->trans(
"None");
316 print $dolibarr_main_restrict_ip;
320 print
'<strong>$dolibarr_main_restrict_os_commands</strong>: ';
321 if (empty($dolibarr_main_restrict_os_commands)) {
322 print $langs->trans(
"None");
324 print $dolibarr_main_restrict_os_commands;
326 print
' <span class="opacitymedium">('.$langs->trans(
"RecommendedValueIs",
'mysqldump, mysql, pg_dump, pgrestore, clamdscan').
')</span>';
329 if (empty($conf->global->SECURITY_DISABLE_TEST_ON_OBFUSCATED_CONF)) {
330 print
'<strong>$dolibarr_main_db_pass</strong>: ';
331 if (!empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) {
332 print
img_picto(
'',
'warning').
' '.$langs->trans(
"DatabasePasswordNotObfuscated").
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': '.$langs->trans(
"SetOptionTo", $langs->transnoentitiesnoconv(
"MainDbPasswordFileConfEncrypted"),
yn(1)).
')</span>';
335 print
img_picto(
'',
'tick').
' '.$langs->trans(
"DatabasePasswordObfuscated");
349 print
load_fiche_titre($langs->trans(
"Menu").
' '.$langs->trans(
"SecuritySetup"),
'',
'folder');
352 print
'<strong>'.$langs->trans(
"UseCaptchaCode").
'</strong>: ';
353 print empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ?
'' :
img_picto(
'',
'tick').
' ';
354 print
yn(empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) ? 0 : 1);
359 $sessiontimeout = ini_get(
"session.gc_maxlifetime");
360 if (empty($conf->global->MAIN_SESSION_TIMEOUT)) {
361 $conf->global->MAIN_SESSION_TIMEOUT = $sessiontimeout;
363 print
'<strong>'.$langs->trans(
"SessionTimeOut").
'</strong>';
364 if (!ini_get(
"session.gc_probability")) {
365 print
$form->textwithpicto(
'', $langs->trans(
"SessionsPurgedByExternalSystem", ini_get(
"session.gc_maxlifetime")));
367 print
$form->textwithpicto(
'', $langs->trans(
"SessionExplanation", ini_get(
"session.gc_probability"), ini_get(
"session.gc_divisor"), ini_get(
"session.gc_maxlifetime")));
369 print
': '.getDolGlobalInt(
'MAIN_SESSION_TIMEOUT').
' '.strtolower($langs->trans(
"Seconds"));
372 print
'<strong>'.$langs->trans(
"MaxNumberOfImagesInGetPost").
'</strong>: ';
373 print
getDolGlobalInt(
'MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT').
' '.strtolower($langs->trans(
"Images"));
376 print
'<strong>'.$langs->trans(
"MaxNumberOfPostOnPublicPagesByIP").
'</strong>: ';
377 print
getDolGlobalInt(
'MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS', 200).
' '.strtolower($langs->trans(
"Posts"));
380 print
'<strong>'.$langs->trans(
"MaxNumberOfAttachementOnForms").
'</strong>: ';
381 print
getDolGlobalInt(
"MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10).
' '.strtolower($langs->trans(
"Files"));
384 print
'<strong>'.$langs->trans(
"DoNotStoreClearPassword").
'</strong>: ';
385 print empty($conf->global->DATABASE_PWD_ENCRYPTED) ?
'' :
img_picto(
'',
'tick').
' ';
386 print
yn(empty($conf->global->DATABASE_PWD_ENCRYPTED) ? 0 : 1);
387 if (empty($conf->global->DATABASE_PWD_ENCRYPTED)) {
388 print
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
' '.
yn(1).
')</span>';
425 print
'<strong>'.$langs->trans(
"AntivirusEnabledOnUpload").
'</strong>: ';
426 print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ?
img_warning().
' ' :
img_picto(
'',
'tick').
' ';
427 print
yn(empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? 0 : 1);
428 if (empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) {
429 print
' - <span class="opacitymedium">'.$langs->trans(
"Recommended").
': '.$langs->trans(
"DefinedAPathForAntivirusCommandIntoSetup", $langs->transnoentitiesnoconv(
"Home").
" - ".$langs->transnoentitiesnoconv(
"Setup").
" - ".$langs->transnoentitiesnoconv(
"Security")).
'</span>';
431 print
' - '.$conf->global->MAIN_ANTIVIRUS_COMMAND;
432 if (defined(
'MAIN_ANTIVIRUS_COMMAND') && !defined(
'MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
433 print
' - <span class="opacitymedium">'.$langs->trans(
"ValueIsForcedBySystem").
'</span>';
441 print
'<strong>'.$langs->trans(
"UMask").
'</strong>: ';
442 if (! in_array($umask, array(
'600',
'660',
'0600',
'0660'))) {
446 if (! in_array($umask, array(
'600',
'660',
'0600',
'0660'))) {
447 print
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': 0600 | 0660)</span>';
453 $securityevent =
new Events($db);
454 $eventstolog = $securityevent->eventstolog;
456 print
'<strong>'.$langs->trans(
"AuditedSecurityEvents").
'</strong>: ';
458 if (!empty($eventstolog) && is_array($eventstolog)) {
461 foreach ($eventstolog as $key => $arr) {
463 $key =
'MAIN_LOGEVENTS_'.$arr[
'id'];
469 $out .=
'<span class="opacitymedium">'.$key.
'</span>';
478 print
img_warning().
' '.$langs->trans(
"NoSecurityEventsAreAduited", $langs->transnoentities(
"Home").
' - '.$langs->transnoentities(
"Setup").
' - '.$langs->transnoentities(
"Security").
' - '.$langs->transnoentities(
"Audit")).
'<br>';
492 print
'<strong>'.$langs->trans(
"Syslog").
'</strong>: ';
495 print
img_picto(
'',
'tick').
' '.$langs->trans(
"NotInstalled").
' - '.$langs->trans(
"NotRiskOfLeakWithThis");
498 print
img_picto(
'',
'warning').
' '.$langs->trans(
"ModuleActivatedWithTooHighLogLevel", $langs->transnoentities(
"Syslog"));
500 print
img_picto(
'',
'tick').
' '.$langs->trans(
"ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities(
"Syslog"),
getDolGlobalInt(
'SYSLOG_LEVEL'));
509 print
'<strong>'.$langs->trans(
"DebugBar").
'</strong>: ';
512 print
img_picto(
'',
'tick').
' '.$langs->trans(
"NotInstalled").
' - '.$langs->trans(
"NotRiskOfLeakWithThis");
514 print
img_picto(
'',
'error').
' '.$langs->trans(
"ModuleActivatedDoNotUseInProduction", $langs->transnoentities(
"DebugBar"));
524 print
'<strong>'.$langs->trans(
"Stripe").
'</strong>: ';
526 print
img_picto(
'',
'error').
' '.$langs->trans(
"OptionXShouldBeEnabledInModuleY", $langs->transnoentities(
"SecurityTokenIsUnique"), $langs->transnoentities(
"Stripe"));
528 print
img_picto(
'',
'tick').
' '.$langs->trans(
"OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities(
"SecurityTokenIsUnique"), $langs->transnoentities(
"Stripe"));
534 print
'<strong>'.$langs->trans(
"Paypal").
'</strong>: ';
536 print
img_picto(
'',
'error').
' '.$langs->trans(
"OptionXShouldBeEnabledInModuleY", $langs->transnoentities(
"SecurityTokenIsUnique"), $langs->transnoentities(
"Paypal"));
538 print
img_picto(
'',
'tick').
' '.$langs->trans(
"OptionXIsCorrectlyEnabledInModuleY", $langs->transnoentities(
"SecurityTokenIsUnique"), $langs->transnoentities(
"Paypal"));
553 print $langs->trans(
"APIsAreNotEnabled");
556 print $langs->trans(
'YouEnableDeprecatedWSAPIsUseRESTAPIsInstead').
"<br>\n";
560 print
'<strong>API_ENDPOINT_RULES</strong> = '.getDolGlobalString(
'API_ENDPOINT_RULES',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Example").
': login:0,users:0,setup:1,status:1,tickets:1,...)</span>').
"<br>\n";
574 print
'<strong>MAIN_ALLOW_SVG_FILES_AS_IMAGES</strong> = '.getDolGlobalString(
'MAIN_ALLOW_SVG_FILES_AS_IMAGES',
'0').
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': 0)</span><br>';
577 print
'<strong>MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE</strong> = '.getDolGlobalString(
'MAIN_ALWAYS_CREATE_LOCK_AFTER_LAST_UPGRADE',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': 1)</span><br>';
581 print
'<strong>MAIN_SECURITY_HASH_ALGO</strong> = '.getDolGlobalString(
'MAIN_SECURITY_HASH_ALGO',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
" ";
582 if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) {
583 print
'<span class="opacitymedium"> If unset: \'md5\'</span>';
585 if ($conf->global->MAIN_SECURITY_HASH_ALGO !=
'password_hash') {
586 print
'<br><strong>MAIN_SECURITY_SALT</strong> = '.getDolGlobalString(
'MAIN_SECURITY_SALT',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
'<br>';
588 print
'<span class="opacitymedium">('.$langs->trans(
"Recommended").
': password_hash)</span>';
591 if ($conf->global->MAIN_SECURITY_HASH_ALGO !=
'password_hash') {
592 print
'<div class="info">The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.<br>';
593 print
'If you really want to switch, you must:<br>';
594 print
'- Go on home - setup - other and add constant MAIN_SECURITY_HASH_ALGO to value \'password_hash\'<br>';
595 print
'- In same session, WITHOUT LOGGING OUT, go into your admin user record and set a new password<br>';
596 print
'- You can now logout and login with this new password. You must now reset password of all other users.<br>';
601 print
'<strong>MAIN_SECURITY_ANTI_SSRF_SERVER_IP</strong> = '.getDolGlobalString(
'MAIN_SECURITY_ANTI_SSRF_SERVER_IP',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span> <span class="opacitymedium">('.$langs->trans(
"Recommended").
': List of static IPs of server separated with coma - '.$langs->trans(
"Note").
': common loopback ip like 127.*.*.*, [::1] are already added)</span>').
"<br>";
604 print
'<strong>MAIN_SECURITY_CSRF_WITH_TOKEN</strong> = '.getDolGlobalString(
'MAIN_SECURITY_CSRF_WITH_TOKEN',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 2)</span>'.
"<br>";
611 print
load_fiche_titre($langs->trans(
"OtherSetup").
' ('.$langs->trans(
"Experimental").
')',
'',
'folder');
613 print
'<strong>MAIN_EXEC_USE_POPEN</strong> = ';
614 if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
615 print
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>';
617 print $conf->global->MAIN_EXEC_USE_POPEN;
619 if ($execmethod == 1) {
620 print
'<span class="opacitymedium"> "exec" PHP method will be used for shell commands';
621 print
' ('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 1)';
624 if ($execmethod == 2) {
625 print
'<span class="opacitymedium"> "popen" PHP method will be used for shell commands';
626 print
' ('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 1)';
632 print
'<strong>MAIN_SECURITY_MAXFILESIZE_DOWNLOADED</strong> = '.getDolGlobalString(
'MAIN_SECURITY_MAXFILESIZE_DOWNLOADED',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': 100000000)</span>').
"<br>";
635 print
'<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.getDolGlobalString(
'MAIN_RESTRICTHTML_ONLY_VALID_HTML',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': 1)</span>').
"<br>";
638 print
'<strong>MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES</strong> = '.getDolGlobalString(
'MAIN_RESTRICTHTML_REMOVE_ALSO_BAD_ATTRIBUTES',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': 1)</span>').
"<br>";
641 print
'<strong>MAIN_DISALLOW_EXT_URL_INTO_DESCRIPTIONS</strong> = '.getDolGlobalString(
'MAIN_DISALLOW_EXT_URL_INTO_DESCRIPTIONS',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 0)</span>').
"<br>";
644 print
'<strong>MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS</strong> = '.getDolGlobalString(
'MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 0)</span>').
"<br>";
649 print
'<strong>MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL</strong> = '.getDolGlobalString(
'MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 0)</span>').
"<br>";
652 print
'<strong>MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED</strong> = '.getDolGlobalString(
'MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
' ('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
' 0)</span>').
"<br>";
655 $examplecsprule =
"frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
656 print
'<strong>MAIN_SECURITY_FORCECSPRO</strong> = '.getDolGlobalString(
'MAIN_SECURITY_FORCECSPRO',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Example").
': "'.$examplecsprule.
'")</span><br>';
659 $examplecsprule =
"frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;";
660 print
'<strong>MAIN_SECURITY_FORCECSP</strong> = '.getDolGlobalString(
'MAIN_SECURITY_FORCECSP',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Example").
': "'.$examplecsprule.
'")</span><br>';
663 print
'<strong>MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString(
'MAIN_SECURITY_FORCERP',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
" \"same-origin\" so browser doesn't send any referrer when going into another web site domain)</span><br>";
666 print
'<strong>WEBSITE_MAIN_SECURITY_FORCECSPRO</strong> = '.getDolGlobalString(
'WEBSITE_MAIN_SECURITY_FORCECSPRO',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>');
667 print
' <span class="opacitymedium">('.$langs->trans(
"Example").
": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com *.googleapis.com; script-src *.transifex.com *.google-analytics.com *.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src * data:;\")</span><br>";
670 print
'<strong>WEBSITE_MAIN_SECURITY_FORCECSP</strong> = '.getDolGlobalString(
'WEBSITE_MAIN_SECURITY_FORCECSP',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>');
671 print
' <span class="opacitymedium">('.$langs->trans(
"Example").
": \"frame-ancestors 'self'; default-src 'self' 'unsafe-inline'; style-src https://cdnjs.cloudflare.com *.googleapis.com; script-src *.transifex.com *.google-analytics.com *.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src * data:;\")</span><br>";
674 print
'<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString(
'WEBSITE_MAIN_SECURITY_FORCERP',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Recommended").
': '.$langs->trans(
"Undefined").
' '.$langs->trans(
"or").
" \"strict-origin-when-cross-origin\")</span><br>";
677 print
'<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.getDolGlobalString(
'>WEBSITE_MAIN_SECURITY_FORCESTS',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Example").
": \"max-age=31536000; includeSubDomains\")</span><br>";
680 print
'<strong>WEBSITE_MAIN_SECURITY_FORCEPP</strong> = '.getDolGlobalString(
'WEBSITE_MAIN_SECURITY_FORCEPP',
'<span class="opacitymedium">'.$langs->trans(
"Undefined").
'</span>').
' <span class="opacitymedium">('.$langs->trans(
"Example").
": \"camera: (); microphone: ();\")</span><br>";
688 print
'<span class="opacitymedium">';
689 print $langs->trans(
"RecommendMitigationOnURL").
'<br>';
693 $urlexamplebase =
'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/fail2ban/filter.d/';
694 print
'- Login or API authentication (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.
'web-dolibarr-rulesbruteforce.conf">fail2ban example on GitHub</a>)<br>';
695 print
'- '.DOL_URL_ROOT.
'/passwordforgotten.php (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.
'web-dolibarr-rulespassforgotten.conf">fail2ban example on GitHub</a>)<br>';
696 print
'- '.DOL_URL_ROOT.
'/public/* (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.
'web-dolibarr-limitpublic.conf">fail2ban example on GitHub</a>)<br>';
698 $urlexamplebase =
'https://github.com/Dolibarr/dolibarr/blob/develop/dev/setup/apache/';
699 print
'- You can also protect the application using a HTTP Basic authentication layer (see <a target="_blank" rel="noopener" href="'.$urlexamplebase.
'virtualhost">apache2 virtualhost example on GitHub</a>)<br>';
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
if($cancel &&! $id) if($action=='add' &&! $cancel) if($action=='delete') if($id) $form
Actions.
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
version_php()
Return PHP version.
load_fiche_titre($titre, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='')
Load a title with picto.
img_warning($titlealt='default', $moreatt='', $morecss='pictowarning')
Show warning logo.
yn($yesno, $case=1, $color=0)
Return yes or no in current language.
getDolGlobalInt($key, $default=0)
Return dolibarr global constant int value.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_getwebuser($mode)
Return user/group account of web server.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.