PageRenderTime 320ms CodeModel.GetById 108ms app.highlight 119ms RepoModel.GetById 73ms app.codeStats 0ms

/htdocs/admin/security_other.php

https://bitbucket.org/speedealing/speedealing
PHP | 338 lines | 254 code | 46 blank | 38 comment | 49 complexity | 3bcb6f1661c778c2e0b8ad9122a2608b MD5 | raw file
  1<?php
  2/* Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
  3 * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  4 *
  5 * This program is free software; you can redistribute it and/or modify
  6 * it under the terms of the GNU General Public License as published by
  7 * the Free Software Foundation; either version 3 of the License, or
  8 * (at your option) any later version.
  9 *
 10 * This program is distributed in the hope that it will be useful,
 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 * GNU General Public License for more details.
 14 *
 15 * You should have received a copy of the GNU General Public License
 16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 17 */
 18
 19/**
 20 *	    \file       htdocs/admin/security_other.php
 21 *      \ingroup    core
 22 *      \brief      Security options setup
 23 */
 24
 25require '../main.inc.php';
 26require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
 27require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 28require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
 29
 30$langs->load("users");
 31$langs->load("admin");
 32$langs->load("other");
 33
 34if (! $user->admin)
 35	accessforbidden();
 36
 37$action=GETPOST('action','alpha');
 38
 39$upload_dir=$conf->admin->dir_temp;
 40
 41
 42/*
 43 * Actions
 44 */
 45
 46if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
 47{
 48    require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 49
 50    dol_add_file_process($upload_dir, 0, 0, 'userfile');
 51}
 52
 53if (preg_match('/set_(.*)/',$action,$reg))
 54{
 55	$code=$reg[1];
 56	$value=(GETPOST($code) ? GETPOST($code) : 1);
 57	if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
 58	{
 59		Header("Location: ".$_SERVER["PHP_SELF"]);
 60		exit;
 61	}
 62	else
 63	{
 64		dol_print_error($db);
 65	}
 66}
 67
 68else if (preg_match('/del_(.*)/',$action,$reg))
 69{
 70	$code=$reg[1];
 71	if (dolibarr_del_const($db, $code, $conf->entity) > 0)
 72	{
 73		Header("Location: ".$_SERVER["PHP_SELF"]);
 74		exit;
 75	}
 76	else
 77	{
 78		dol_print_error($db);
 79	}
 80}
 81
 82else if ($action == 'MAIN_SESSION_TIMEOUT')
 83{
 84    if (! dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"],'chaine',0,'',$conf->entity)) dol_print_error($db);
 85    else $mesg=$langs->trans("RecordModifiedSuccessfully");
 86}
 87else if ($action == 'MAIN_UPLOAD_DOC')
 88{
 89    if (! dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity)) dol_print_error($db);
 90    else $mesg=$langs->trans("RecordModifiedSuccessfully");
 91}
 92else if ($action == 'MAIN_UMASK')
 93{
 94    if (! dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity)) dol_print_error($db);
 95    else $mesg=$langs->trans("RecordModifiedSuccessfully");
 96}
 97else if ($action == 'MAIN_ANTIVIRUS_COMMAND')
 98{
 99    if (! dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity)) dol_print_error($db);
100    else $mesg=$langs->trans("RecordModifiedSuccessfully");
101}
102else if ($action == 'MAIN_ANTIVIRUS_PARAM')
103{
104    if (! dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity)) dol_print_error($db);
105    else $mesg=$langs->trans("RecordModifiedSuccessfully");
106}
107
108// Delete file
109else if ($action == 'delete')
110{
111	$langs->load("other");
112	$file = $conf->admin->dir_temp . '/' . GETPOST('urlfile');	// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
113	$ret=dol_delete_file($file);
114	if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile')));
115	else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors');
116	Header('Location: '.$_SERVER["PHP_SELF"]);
117	exit;
118}
119
120/*
121 * View
122 */
123
124$form = new Form($db);
125
126llxHeader('',$langs->trans("Miscellanous"));
127
128print_fiche_titre($langs->trans("SecuritySetup"),'','setup');
129
130print $langs->trans("MiscellanousDesc")."<br>\n";
131print "<br>\n";
132
133$head=security_prepare_head();
134
135dol_fiche_head($head, 'misc', $langs->trans("Security"));
136
137
138// Timeout
139$var=true;
140
141print '<table width="100%" class="noborder">';
142print '<tr class="liste_titre">';
143print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
144print '<td>'.$langs->trans("Value").'</td>';
145print '<td width="100">&nbsp;</td>';
146print "</tr>\n";
147
148$var=!$var;
149if (empty($conf->global->MAIN_SESSION_TIMEOUT)) $conf->global->MAIN_SESSION_TIMEOUT=ini_get("session.gc_maxlifetime");
150print '<form action="'.$_SERVER["PHP_SELF"].'?action=MAIN_SESSION_TIMEOUT" method="POST">';
151print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
152print '<tr '.$bc[$var].'>';
153print '<td>'.$langs->trans("SessionTimeOut").'</td><td align="right">';
154print $form->textwithpicto('',$langs->trans("SessionExplanation",ini_get("session.gc_probability"),ini_get("session.gc_divisor")));
155print '</td>';
156print '<td nowrap="nowrap">';
157print '<input class="flat" name="MAIN_SESSION_TIMEOUT" type="text" size="6" value="'.htmlentities($conf->global->MAIN_SESSION_TIMEOUT).'"> '.strtolower($langs->trans("Seconds"));
158print '</td>';
159print '<td align="right">';
160print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
161print '</td>';
162print '</tr></form>';
163
164print '</table>';
165
166print '<br>';
167
168
169// Other Options
170$var=true;
171
172print '<table class="noborder" width="100%">';
173print '<tr class="liste_titre">';
174print '<td colspan="3">'.$langs->trans("Parameters").'</td>';
175print '<td align="right" width="100">'.$langs->trans("Status").'</td>';
176print '</tr>';
177
178// Enable Captcha code
179$var=!$var;
180print "<tr ".$bc[$var].">";
181print '<td colspan="3">'.$langs->trans("UseCaptchaCode").'</td>';
182print '<td align="right">';
183if (function_exists("imagecreatefrompng"))
184{
185	if (! empty($conf->use_javascript_ajax))
186	{
187		print ajax_constantonoff('MAIN_SECURITY_ENABLECAPTCHA');
188	}
189	else
190	{
191		if (empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
192		{
193			print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_MAIN_SECURITY_ENABLECAPTCHA">'.img_picto($langs->trans("Disabled"),'off').'</a>';
194		}
195		else
196		{
197			print '<a href="'.$_SERVER['PHP_SELF'].'?action=del_MAIN_SECURITY_ENABLECAPTCHA">'.img_picto($langs->trans("Enabled"),'on').'</a>';
198		}
199	}
200}
201else
202{
203    $form = new Form($db);
204    $desc = $form->textwithpicto('',$langs->transnoentities("EnableGDLibraryDesc"),1,'warning');
205    print $desc;
206}
207print '</td></tr>';
208
209// Enable advanced perms
210$var=!$var;
211print "<tr ".$bc[$var].">";
212print '<td colspan="3">'.$langs->trans("UseAdvancedPerms").'</td>';
213print '<td align="right">';
214if (! empty($conf->use_javascript_ajax))
215{
216	print ajax_constantonoff('MAIN_USE_ADVANCED_PERMS');
217}
218else
219{
220	if (empty($conf->global->MAIN_USE_ADVANCED_PERMS))
221	{
222		print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_MAIN_USE_ADVANCED_PERMS">'.img_picto($langs->trans("Disabled"),'off').'</a>';
223	}
224	else
225	{
226		print '<a href="'.$_SERVER['PHP_SELF'].'?action=del_MAIN_USE_ADVANCED_PERMS">'.img_picto($langs->trans("Enabled"),'on').'</a>';
227	}
228}
229print "</td></tr>";
230
231print '</table>';
232
233print '<br>';
234
235// Upload options
236$var=false;
237
238print '<table class="noborder" width="100%">';
239print '<tr class="liste_titre">';
240print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
241print '<td>'.$langs->trans("Value").'</td>';
242print '<td width="100">&nbsp;</td>';
243print '</tr>';
244
245print '<form action="'.$_SERVER["PHP_SELF"].'?action=MAIN_UPLOAD_DOC" method="POST">';
246print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
247print '<tr '.$bc[$var].'>';
248print '<td colspan="2">'.$langs->trans("MaxSizeForUploadedFiles").'.';
249$max=@ini_get('upload_max_filesize');
250if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.';
251else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
252print '</td>';
253print '<td nowrap="nowrap">';
254print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
255print '</td>';
256print '<td align="right">';
257print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
258print '</td>';
259print '</tr></form>';
260
261$var=!$var;
262print '<form action="'.$_SERVER["PHP_SELF"].'?action=MAIN_UMASK" method="POST">';
263print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
264print '<tr '.$bc[$var].'>';
265print '<td>'.$langs->trans("UMask").'</td><td align="right">';
266print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
267print '</td>';
268print '<td nowrap="nowrap">';
269print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
270print '</td>';
271print '<td align="right">';
272print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
273print '</td>';
274print '</tr></form>';
275
276// Use anti virus
277$var=!$var;
278print '<form action="'.$_SERVER["PHP_SELF"].'?action=MAIN_ANTIVIRUS_COMMAND" method="POST">';
279print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
280print "<tr ".$bc[$var].">";
281print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
282print $langs->trans("AntiVirusCommandExample");
283// Check command in inside safe_mode
284print '</td>';
285print '<td>';
286if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND))
287{
288    $langs->load("errors");
289    $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
290    $listdir=explode(';',ini_get('safe_mode_exec_dir'));
291    if (! in_array($basedir,$listdir))
292    {
293        print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
294        dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
295    }
296}
297print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_COMMAND):'').'">';
298print "</td>";
299print '<td align="right">';
300print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
301print '</td>';
302print '</tr>';
303print '</form>';
304
305// Use anti virus
306$var=!$var;
307print '<form action="'.$_SERVER["PHP_SELF"].'?action=MAIN_ANTIVIRUS_PARAM" method="POST">';
308print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
309print "<tr ".$bc[$var].">";
310print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
311print $langs->trans("AntiVirusParamExample");
312print '</td>';
313print '<td>';
314print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_PARAM)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_PARAM):'').'">';
315print "</td>";
316print '<td align="right">';
317print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
318print '</td>';
319print '</tr>';
320print '</form>';
321
322print '</table>';
323
324dol_fiche_end();
325
326// Form to test upload
327print '<br>';
328$formfile=new FormFile($db);
329$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1);
330
331// List of document
332$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
333$formfile->list_of_documents($filearray, '', 'admin_temp', '');
334
335
336llxFooter();
337$db->close();
338?>