function displayPerm($perms) { if (findServerOS() == 'LINUX') { if (count($perms) == 0) { echo "<div class='safe'><h3>" . lt('Security Check') . "</h3>"; echo '<p>' . lt('Security - safe') . '</p>'; echo '<p>' . lt('All files are currently safe') . '</p>'; echo "<p><a href='?action=version&permissions=set'>" . lt('Make razorCMS files safe') . "</a></p>"; if ($_SESSION['adminType'] != 'user' && $_SESSION['adminType'] != 'admin') { echo "<p><a href='?action=version&permissions=unset' onclick='return confirm(\"" . lt('Are you sure you want to make all razorCMS files unsafe, THIS IS A SECURITY RISK') . "?\");'>" . lt('Make razorCMS files unsafe') . "</a></p>"; } echo "</div>"; } else { echo "<div class='unsafe'><h3>" . lt('Security Check') . "</h3>"; echo '<p>' . lt('Security - WARNING NOT SAFE') . '</p>'; echo '<p>' . lt('A directory or file is currently unsafe, please make all razorCMS files safe.') . '</p>'; echo '<p>' . lt('PLEASE NOTE This tool is unable to set your install root safe, this must be done manually using a 3rd party application. razorCMS has no permission or control to alter your install root.') . '</p>'; echo "<p><a href='?action=version&permissions=set'>" . lt('Make razorCMS files safe') . "</a></p>"; if ($_SESSION['adminType'] != 'user' && $_SESSION['adminType'] != 'admin') { echo "<p><a href='?action=version&permissions=unset' onclick='return confirm(\"" . lt('Are you sure you want to make all razorCMS files unsafe, THIS IS A SECURITY RISK') . "?\");'>" . lt('Make razorCMS files unsafe') . "</a></p>"; } echo '<p>' . lt('The following directories and files are unsafe') . '<ul>'; ksort($perms); foreach ($perms as $path => $perm) { echo '<li>' . substr($path, 3) . ' - ' . $perm . '</li>'; } echo '</ul></p></div>'; } } else { echo "<div class='normal'><h3>" . lt('Security Check') . "</h3>"; echo '<p>' . lt('Security - UNKNOWN') . '</p>'; echo '<p>' . lt('You are using a non linux server') . '</p>'; echo '<p>' . lt('razorCMS cannot determine file permissions, please manage file permissions manually') . '</p></div>'; } }
/** * Copy File * Copy a single file * * @param string $copyFrom Full path to file to copy * @param string $copyTo Full path to new location of file to be copied * @return bool True on pass, false on fail */ public static function copy_file($copyFrom, $copyTo) { $fileFrom = $copyFrom; $fileTo = $copyTo; if (copy($fileFrom, $fileTo)) { if (findServerOS() == 'LINUX') { $perms = file_perms($fileTo); if ($perms != '0644') { @chmod($fileTo, 0644); } } return true; } else { return false; } }
function loginLog() { $contents = ''; $logPath = getSystemRoot(RAZOR_ADMIN_FILENAME) . RAZOR_LOGS_DIR . RAZOR_FAILED_LOGIN_LOG; if (!file_exists(getSystemRoot(RAZOR_ADMIN_FILENAME) . RAZOR_LOGS_DIR)) { return false; } // find IP of user and ensure no funny IP injection scripts // $userIP = preg_replace('/[^0-9.]/', '', $_SERVER['REMOTE_ADDR']); if ($userIP == '' || $userIP == NULL) { $userIP = 'Could Not Log IP'; } // read in any old data // if (file_exists($logPath)) { // read file into array // $loginLogArray = array_reverse(file($logPath)); // shorten array list by certain amount // if (count($loginLogArray) > 300) { $loginLogArray = array_slice($loginLogArray, 0, 300); } $shortArray = array_reverse($loginLogArray); $contents = implode('', $shortArray); } // create data to write // $contents .= '##' . $userIP . ':' . time() . '##' . "\r\n"; // write IP to log // $f = @fopen($logPath, "w"); if (!$f) { return false; } else { @fwrite($f, $contents); fclose($f); if (findServerOS() == 'LINUX') { $perms = file_perms($logPath); if ($perms != '0644') { chmod($logPath, 0644); } } return true; } }