/**
* Set the messages for CGI tests
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', "You don't seem to be using the CGI SAPI");
}
/**
* This is the main output method. The look and feel mimics phpinfo()
*
*/
function renderOutput()
{
/**
* We need to use PhpSecInfo_Test::getBooleanIniValue() below
* @see PhpSecInfo_Test::getBooleanIniValue()
*/
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'Test' . DIRECTORY_SEPARATOR . 'Test.php';
?>
<div class="center">
<table border="0" cellpadding="3" width="600">
<tr class="h"><td>
<h1 class="p">
<?php
if (PhpSecInfo_Test::getBooleanIniValue('expose_php')) {
?>
<a href="http://www.php.net/"><img border="0" src="<?php
echo '?=' . php_logo_guid();
?>
" alt="PHP Logo" /></a>
<?php
}
?>
PHP Environment Security Info
</h1>
<h2 class="p">Version <?php
echo PHPSECINFO_VERSION;
?>
; build <?php
echo PHPSECINFO_BUILD;
?>
</h2>
</td></tr>
</table>
<br />
<?php
foreach ($this->test_results as $group_name => $group_results) {
$this->_outputRenderTable($group_name, $group_results);
}
$this->_outputRenderNotRunTable();
$this->_outputRenderStatsTable();
?>
</div>
<?php
}
/**
* Returns an array of data returned from the UNIX 'id' command
*
* includes uid, username, gid, groupname, and groups (if "exec"
* is enabled). Groups is an array of all the groups the user
* belongs to. Keys are the group ids, values are the group names.
*
* returns FALSE if no suitable function is available to retrieve
* the data
*
* @return array|boolean
*/
function getUnixId()
{
if ($this->osIsWindows()) {
return false;
} elseif (function_exists("exec") && !PhpSecInfo_Test::getBooleanIniValue('safe_mode')) {
$id_raw = exec('id');
// uid=1000(coj) gid=1000(coj) groups=1000(coj),1001(admin)
preg_match("|uid=(\\d+)\\((\\S+)\\)\\s+gid=(\\d+)\\((\\S+)\\)\\s+groups=(.+)|i", $id_raw, $matches);
$id_data = array('uid' => $matches[1], 'username' => $matches[2], 'gid' => $matches[3], 'group' => $matches[4]);
if ($matches[5]) {
$gs = $matches[5];
$gs = explode(',', $gs);
foreach ($gs as $groupstr) {
preg_match("/(\\d+)\\(([^\\)]+)\\)/", $groupstr, $subs);
$groups[$subs[1]] = $subs[2];
}
ksort($groups);
$id_data['groups'] = $groups;
}
return $id_data;
} elseif (function_exists("posix_getpwuid") && function_exists("posix_geteuid") && function_exists('posix_getgrgid') && function_exists('posix_getgroups')) {
$data = posix_getpwuid(posix_getuid());
$id_data['uid'] = $data['uid'];
$id_data['username'] = $data['name'];
$id_data['gid'] = $data['gid'];
//$group_data = posix_getgrgid( posix_getegid() );
//$id_data['group'] = $group_data['name'];
$groups = posix_getgroups();
foreach ($groups as $gid) {
//$group_data = posix_getgrgid(posix_getgid());
$id_data['groups'][$gid] = '<unknown>';
}
}
return false;
}
/**
* Set the messages for Curl tests
*
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTRUN, 'en', "CURL support is not enabled in your PHP install");
}
/**
* Returns an array of data returned from the UNIX 'id' command
*
* includes uid, username, gid, groupname, and groups (if "exec"
* is enabled). Groups is an array of all the groups the user
* belongs to. Keys are the group ids, values are the group names.
*
* returns FALSE if no suitable function is available to retrieve
* the data
*
* @return array|boolean
*/
function getUnixId() {
if ($this->osIsWindows()) {
return false;
}
$success = false;
if (function_exists("exec") && !PhpSecInfo_Test::getBooleanIniValue('safe_mode')) {
$id_raw = exec('id');
// uid=1000(coj) gid=1000(coj) groups=1000(coj),1001(admin)
preg_match( "|uid=(\d+)\((\S+)\)\s+gid=(\d+)\((\S+)\)\s+groups=(.+)|i",
$id_raw,
$matches);
if (!$matches) {
/**
* for some reason the output from 'id' wasn't as we expected.
* return false so the test doesn't run.
*/
$success = false;
} else {
$id_data = array( 'uid'=>$matches[1],
'username'=>$matches[2],
'gid'=>$matches[3],
'group'=>$matches[4] );
$groups = array();
if ($matches[5]) {
$gs = $matches[5];
$gs = explode(',', $gs);
foreach ($gs as $groupstr) {
if (preg_match("/(\d+)\(([^\)]+)\)/", $groupstr, $subs)) {
$groups[$subs[1]] = $subs[2];
} else {
$groups[$groupstr] = '';
}
}
ksort($groups);
}
$id_data['groups'] = $groups;
$success = true;
}
}
if (!$success && function_exists("posix_getpwuid") && function_exists("posix_geteuid")
&& function_exists('posix_getgrgid') && function_exists('posix_getgroups') ) {
$data = posix_getpwuid( posix_getuid() );
$id_data['uid'] = $data['uid'];
$id_data['username'] = $data['name'];
$id_data['gid'] = $data['gid'];
//$group_data = posix_getgrgid( posix_getegid() );
//$id_data['group'] = $group_data['name'];
$id_data['groups'] = array();
$groups = posix_getgroups();
foreach ( $groups as $gid ) {
//$group_data = posix_getgrgid(posix_getgid());
$id_data['groups'][$gid] = '<unknown>';
}
$success = true;
}
if ($success) {
return $id_data;
} else {
return false;
}
}
