Your IP : 172.28.240.42
<?php
/*
+--------------------------------------------------------------------------
| Invision Power Board
| =============================================
| by Matthew Mecham
| (c) 2001 - 2006 Invision Power Services, Inc.
| Nullified by Terabyte
| =============================================
|
|
+---------------------------------------------------------------------------
| > $Date: 2006-06-08 17:11:50 +0100 (Thu, 08 Jun 2006) $
| > $Revision: 289 $
| > $Author: bfarber $
+---------------------------------------------------------------------------
|
| > Admin Logs Stuff
| > Module written by Matt Mecham
| > Date started: 11nd September 2002
|
| > Module Version Number: 1.0.0
| > DBA Checked: Mon 24th May 2004
+--------------------------------------------------------------------------
*/
if ( ! defined( 'IN_ACP' ) )
{
print "<h1>Incorrect access</h1>You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.";
exit();
}
class ad_security
{
var $base_url;
/**
* Section title name
*
* @var string
*/
var $perm_main = "admin";
/**
* Section title name
*
* @var string
*/
var $perm_child = "security";
function auto_run()
{
$this->ipsclass->admin->nav[] = array( $this->ipsclass->form_code, 'IPB Security Center' );
//-----------------------------------------
// LOAD HTML
//-----------------------------------------
$this->html = $this->ipsclass->acp_load_template('cp_skin_security');
switch($this->ipsclass->input['code'])
{
default:
$this->ipsclass->admin->cp_permission_check( $this->perm_main.'|'.$this->perm_child.':' );
$this->security_overview();
break;
case 'stronghold':
$this->do_stronghold();
break;
case 'dynamic_images':
$this->do_dynamic_images();
break;
case 'acplink':
$this->do_acplink();
break;
case 'virus_check':
$this->anti_virus_check();
break;
case 'deep_scan':
$this->deep_scan();
break;
case 'list_admins':
$this->list_admins();
break;
case 'htaccess':
$this->do_htaccess();
break;
case 'confglobal':
$this->do_confglobal();
break;
case 'acprename':
$this->do_acprename();
break;
case 'acphtaccess':
$this->acphtaccess_form();
break;
case 'acphtaccess_do':
$this->acphtaccess_do();
break;
}
}
/*-------------------------------------------------------------------------*/
// ACP HTACCESS: Step two
/*-------------------------------------------------------------------------*/
function acphtaccess_do()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$name = trim( $_POST['name'] );
$pass = trim( $_POST['pass'] );
$htaccess_pw = "";
$htaccess_auth = "";
//-----------------------------------------
// Check...
//-----------------------------------------
if ( ! $name or ! $pass )
{
$this->ipsclass->main_msg = "You must complete the form";
$this->acphtaccess_form();
return;
}
//-----------------------------------------
// Format files...
//-----------------------------------------
$htaccess_auth = "AuthType Basic\n"
. "AuthName \"IPB ACP\"\n"
. "AuthUserFile " . ROOT_PATH . IPB_ACP_DIRECTORY . "/.htpasswd\n"
. "Require valid-user\n";
$htaccess_pw = $name . ":" . crypt( $pass, base64_encode( $pass ) );
if ( $FH = @fopen( ROOT_PATH . IPB_ACP_DIRECTORY . '/' . '.htpasswd', 'w' ) )
{
fwrite( $FH, $htaccess_pw );
fclose( $FH );
$FF = @fopen( ROOT_PATH . IPB_ACP_DIRECTORY . '/' . '.htaccess', 'w' );
fwrite( $FF, $htaccess_auth );
fclose( $FF );
$this->ipsclass->main_msg = "Authentication files written";
$this->security_overview();
}
else
{
$this->ipsclass->html .= $this->html->htaccess_data( $htaccess_pw, $htaccess_auth );
$this->ipsclass->admin->nav[] = array( '', 'ACP .htaccess' );
$this->ipsclass->admin->output();
}
}
/*-------------------------------------------------------------------------*/
// ACP HTACCESS: Step One
/*-------------------------------------------------------------------------*/
function acphtaccess_form()
{
//-----------------------------------------
// Show it
//-----------------------------------------
$this->ipsclass->html .= $this->html->htaccess_form();
$this->ipsclass->admin->nav[] = array( '', 'ACP .htaccess' );
$this->ipsclass->admin->output();
}
/*-------------------------------------------------------------------------*/
// Rename ACP directory
/*-------------------------------------------------------------------------*/
function do_acprename()
{
//-----------------------------------------
// Show it
//-----------------------------------------
$this->ipsclass->html .= $this->html->rename_admin_dir();
$this->ipsclass->admin->nav[] = array( '', 'Rename the admin directory' );
$this->ipsclass->admin->output();
}
/*-------------------------------------------------------------------------*/
// Change conf global
/*-------------------------------------------------------------------------*/
function do_confglobal()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$done = 0;
//-----------------------------------------
// Try...
//-----------------------------------------
if ( @chmod( ROOT_PATH . 'conf_global.php', 0444) )
{
$done = 1;
}
//-----------------------------------------
// Wow, that was really hard. I deserve a
// payraise after this function...
//-----------------------------------------
if ( $done )
{
$this->ipsclass->main_msg = "CHMOD change completed.";
}
else
{
$this->ipsclass->main_msg = "<strong>Could not complete the process.</strong><br />Please use your FTP client to change the CHMOD value of 'conf_global.php' to 0444.";
}
$this->security_overview();
}
/*-------------------------------------------------------------------------*/
// Add htaccess to non IPB dirs
/*-------------------------------------------------------------------------*/
function do_htaccess()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$name = '.htaccess';
$msg = array();
$dirs = array( ROOT_PATH . 'cache',
ROOT_PATH . 'skin_acp',
ROOT_PATH . 'style_avatars',
ROOT_PATH . 'style_emoticons',
ROOT_PATH . 'style_images',
ROOT_PATH . 'style_captcha',
ROOT_PATH . 'uploads' );
$towrite = <<<EOF
#<ipb-protection>
<Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)">
Order allow,deny
Deny from all
</Files>
#</ipb-protection>
EOF;
//-----------------------------------------
// Do it!
//-----------------------------------------
foreach( $dirs as $directory )
{
if ( $FH = @fopen( $directory . '/'. $name, 'w' ) )
{
fwrite( $FH, $towrite );
fclose( $FH );
$msg[] = "Written .htaccess to $directory...";
}
else
{
$msg[] = "Skipped $directory, could not write into it...";
}
}
//-----------------------------------------
// Done...
//-----------------------------------------
$this->ipsclass->main_msg = implode( "<br />", $msg );
$this->security_overview();
}
/*-------------------------------------------------------------------------*/
// List admins
/*-------------------------------------------------------------------------*/
function list_admins()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$content = "";
$groups = array();
$query = "";
$members = array();
//-----------------------------------------
// Get all admin groups...
//-----------------------------------------
$this->ipsclass->DB->build_query( array( 'select' => '*',
'from' => 'groups',
'where' => 'g_access_cp > 0 AND g_access_cp IS NOT NULL' ) );
$o = $this->ipsclass->DB->exec_query();
while( $row = $this->ipsclass->DB->fetch_row( $o ) )
{
$_gid = intval( $row['g_id'] );
# I hate looped queries, but this should be OK.
$this->ipsclass->DB->build_query( array( 'select' => '*',
'from' => 'members',
'where' => "mgroup=" . $_gid ." OR mgroup_others LIKE '%,". $_gid .",%' OR mgroup_others='".$_gid."' OR mgroup_others LIKE '".$_gid.",%' OR mgroup_others LIKE '%,".$_gid."'",
'order' => 'joined DESC' ) );
$b = $this->ipsclass->DB->exec_query();
while( $member = $this->ipsclass->DB->fetch_row( $b ) )
{
if ( ! $member['mgroup'] AND ! $member['mgroup_others'] )
{
continue;
}
$members[ $member['id'] ] = $member;
}
$groups[ $row['g_id'] ] = $row;
}
//-----------------------------------------
// Generate list
//-----------------------------------------
foreach( $members as $id => $member )
{
$member['members_display_name'] = $member['members_display_name'] ? $member['members_display_name'] : $member['name'];
$member['_mgroup'] = $this->ipsclass->cache['group_cache'][ $member['mgroup'] ]['g_title'];
$_tmp = array();
$member['_joined'] = $this->ipsclass->get_date( $member['joined'], 'JOINED' );
foreach( explode( ",", $member['mgroup_others'] ) as $gid )
{
if ( $gid )
{
$_tmp[] = $this->ipsclass->cache['group_cache'][ $gid ]['g_title'];
}
}
$member['_mgroup_others'] = implode( ", ", $_tmp );
$content .= $this->html->list_admin_row( $member );
}
$this->ipsclass->html .= $this->ipsclass->skin_acp_global->information_box( "Members with ACP Access", "Below is a list of all members with access to your ACP.<br />If you do not recognize any, please remove their ACP access immediately." ) ."<br />";
$this->ipsclass->html .= $this->html->list_admin_overview( $content );
$this->ipsclass->admin->nav[] = array( '', 'List Administrators' );
$this->ipsclass->admin->output();
}
/*-------------------------------------------------------------------------*/
// Deep scan
/*-------------------------------------------------------------------------*/
function deep_scan()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$filter = trim( $this->ipsclass->input['filter'] );
$file_count = 0;
$bad_count = 0;
$content = "";
$checked_content = "";
$colors = array( 0 => '#84ff00',
1 => '#84ff00',
2 => '#b5ff00',
3 => '#b5ff00',
4 => '#ffff00',
5 => '#ffff00',
6 => '#ffde00',
7 => '#ffde00',
8 => '#ff8400',
9 => '#ff8400',
10 => '#ff0000' );
//-----------------------------------------
// Get class
//-----------------------------------------
require_once( ROOT_PATH . 'sources/classes/class_virus_checker.php' );
$class_virus_checker = new class_virus_checker();
$class_virus_checker->ipsclass =& $this->ipsclass;
//-----------------------------------------
// Run it...
//-----------------------------------------
$class_virus_checker->anti_virus_deep_scan( ROOT_PATH, '(php|cgi|pl|perl|php3|php4|php5|php6)' );
//-----------------------------------------
// Update...
//-----------------------------------------
$cache = $this->ipsclass->DB->simple_exec_query( array( 'select' => '*', 'from' => 'cache_store', 'where' => "cs_key='systemvars'" ) );
$cache_array = unserialize(stripslashes($cache['cs_value']));
$cache_array['last_deepscan_check'] = time();
$this->ipsclass->update_cache( array( 'name' => 'systemvars',
'value' => $cache_array,
'array' => 1,
'donow' => 1 ) );
//-----------------------------------------
// Got any bad files?
//-----------------------------------------
if ( is_array( $class_virus_checker->bad_files ) and count( $class_virus_checker->bad_files ) )
{
foreach( $class_virus_checker->bad_files as $idx => $data )
{
$file_count++;
$_data = array();
$_info = stat( $data['file_path'] );
$_data['size'] = filesize( $data['file_path'] );
$_data['human'] = ceil( $_data['size'] / 1024 );
$_data['mtime'] = $this->ipsclass->get_date( $_info['mtime'], 'SHORT' );
$_data['score'] = $data['score'];
$_data['left_width'] = $data['score'] * 5;
$_data['right_width'] = 50 - $_data['left_width'];
$_data['color'] = $colors[ $data['score'] ];
if ( $data['score'] >= 7 )
{
$bad_score++;
}
if ( strstr( $filter, 'score' ) )
{
$_filter = intval( str_replace( 'score-', '', $filter ) );
if ( $data['score'] < $_filter )
{
continue;
}
}
else if ( $filter == 'large' )
{
if ( $_data['human'] < 55 )
{
continue;
}
}
else if ( $filter == 'recent' )
{
if ( $_info['mtime'] < time() - 86400 * 30 )
{
continue;
}
}
else if ( $filter == 'all' )
{
}
else
{
$filter = "";
}
if ( strtoupper( substr(PHP_OS, 0, 3) ) == 'WIN' )
{
$file_path = str_replace( ROOT_PATH, "", $data['file_path'] );
$file_path = str_replace( "\\", "/", $file_path );
$data['file_path'] = str_replace( "/\\", "\\", $data['file_path'] );
}
else
{
$file_path = str_replace( ROOT_PATH.'/', '', $data['file_path'] );
$data['file_path'] = str_replace( ROOT_PATH.'/', '', $data['file_path'] );
}
$content .= $this->html->deep_scan_bad_files_row( $file_path, $data['file_path'], $_data );
}
if ( $bad_score )
{
$this->ipsclass->html .= $this->ipsclass->skin_acp_global->warning_box( 'All Executables', 'The deep scanner has found the following files.<br /><strong>'.$bad_score.'</strong> of '.$file_count.' files are rating 7/10 or more.<br />If you\'re unsure of their origin, please investigate them immediately.' ) . "<br />";
}
else
{
$this->ipsclass->html .= $this->ipsclass->skin_acp_global->information_box( 'All Executables', 'The deep scanner has found '.$file_count.' files.<br />If you\'re unsure of their origin, please investigate them immediately.' ) . "<br />";
}
$this->ipsclass->html .= $this->html->deep_scan_bad_files_wrapper( $content );
}
//-----------------------------------------
// Fix filter...
//-----------------------------------------
if ( $filter )
{
$this->ipsclass->html = preg_replace( "#(value=[\"']".preg_quote( $filter, '#' )."['\"])#i", "\\1 selected='selected'", $this->ipsclass->html );
}
$this->ipsclass->admin->nav[] = array( '', 'Deep Scan' );
$this->ipsclass->admin->output();
}
/*-------------------------------------------------------------------------*/
// Anti virus checker
/*-------------------------------------------------------------------------*/
function anti_virus_check()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$content = "";
$checked_content = "";
$colors = array( 0 => '#84ff00',
1 => '#84ff00',
2 => '#b5ff00',
3 => '#b5ff00',
4 => '#ffff00',
5 => '#ffff00',
6 => '#ffde00',
7 => '#ffde00',
8 => '#ff8400',
9 => '#ff8400',
10 => '#ff0000' );
//-----------------------------------------
// Get class
//-----------------------------------------
require_once( ROOT_PATH . 'sources/classes/class_virus_checker.php' );
$class_virus_checker = new class_virus_checker();
$class_virus_checker->ipsclass =& $this->ipsclass;
//-----------------------------------------
// Run it...
//-----------------------------------------
$class_virus_checker->run_scan();
//-----------------------------------------
// Update...
//-----------------------------------------
$cache = $this->ipsclass->DB->simple_exec_query( array( 'select' => '*', 'from' => 'cache_store', 'where' => "cs_key='systemvars'" ) );
$cache_array = unserialize(stripslashes($cache['cs_value']));
$cache_array['last_virus_check'] = time();
$this->ipsclass->update_cache( array( 'name' => 'systemvars',
'value' => $cache_array,
'array' => 1,
'donow' => 1 ) );
//-----------------------------------------
// Got any bad files?
//-----------------------------------------
if ( is_array( $class_virus_checker->bad_files ) and count( $class_virus_checker->bad_files ) )
{
foreach( $class_virus_checker->bad_files as $idx => $data )
{
$_data = array();
$_info = stat( $data['file_path'] );
$_data['size'] = filesize( $data['file_path'] );
$_data['human'] = ceil( $_data['size'] / 1024 );
$_data['mtime'] = $this->ipsclass->get_date( $_info['mtime'], 'SHORT' );
$_data['score'] = $data['score'];
$_data['left_width'] = $data['score'] * 5;
$_data['right_width'] = 50 - $_data['left_width'];
$_data['color'] = $colors[ $data['score'] ];
if ( strtoupper( substr(PHP_OS, 0, 3) ) == 'WIN' )
{
$root_path = str_replace( "/", "\\", ROOT_PATH );
$file_path = str_replace( $root_path, "", $data['file_path'] );
$file_path = str_replace( "\\", "/", $file_path );
}
else
{
$file_path = str_replace( ROOT_PATH, '', $data['file_path'] );
}
$content .= $this->html->anti_virus_bad_files_row( $file_path, $data['file_path'], $_data );
}
$this->ipsclass->html .= $this->ipsclass->skin_acp_global->warning_box( 'Suspicious Files Detected', 'The unauthorized file scan located the following suspicious files.<br />If you\'re unsure of their origin, please remove them immediately.' ) . "<br />";
$this->ipsclass->html .= $this->html->anti_virus_bad_files_wrapper( $content );
}
else
{
$this->ipsclass->html .= $this->ipsclass->skin_acp_global->information_box( 'No Suspicious Files Detected', 'The unauthorized file scan did not identify any suspicious files.<br />Please scan regularly to ensure that your system is secure' ) . "<br />";
}
//-----------------------------------------
// Show checked folders...
//-----------------------------------------
if ( is_array( $class_virus_checker->checked_folders ) and count( $class_virus_checker->checked_folders ) )
{
foreach( $class_virus_checker->checked_folders as $name )
{
$checked_content .= $this->html->anti_virus_checked_row( str_replace( ROOT_PATH, '', $name ) );
}
$this->ipsclass->html .= $this->html->anti_virus_checked_wrapper( $checked_content );
}
$this->ipsclass->admin->nav[] = array( '', 'Unauthorized File Check' );
$this->ipsclass->admin->output();
}
/*-------------------------------------------------------------------------*/
// ACP LINK
/*-------------------------------------------------------------------------*/
function do_acplink()
{
//-----------------------------------------
// Update the setting...
//-----------------------------------------
$this->update_setting( 'security_remove_acp_link', $this->ipsclass->vars['security_remove_acp_link'] ? 0 : 1 );
//-----------------------------------------
// Done..
//-----------------------------------------
$lang = $this->ipsclass->vars['security_remove_acp_link'] == 0 ? 'restored' : 'removed';
$this->ipsclass->main_msg = "ACP link display {$lang}";
$this->security_overview();
}
/*-------------------------------------------------------------------------*/
// DYNAMIC IMAGES
/*-------------------------------------------------------------------------*/
function do_dynamic_images()
{
//-----------------------------------------
// Update the setting...
//-----------------------------------------
$this->update_setting( 'allow_dynamic_img', $this->ipsclass->vars['allow_dynamic_img'] ? 0 : 1 );
//-----------------------------------------
// Done..
//-----------------------------------------
$lang = $this->ipsclass->vars['allow_dynamic_img'] == 0 ? 'disabled' : 'enabled';
$this->ipsclass->main_msg = "Dynamic images {$lang}";
$this->security_overview();
}
/*-------------------------------------------------------------------------*/
// STRONG HOLD COOKIE
/*-------------------------------------------------------------------------*/
function do_stronghold()
{
//-----------------------------------------
// Update the setting...
//-----------------------------------------
$this->update_setting( 'cookie_stronghold', $this->ipsclass->vars['cookie_stronghold'] ? 0 : 1 );
//-----------------------------------------
// Done..
//-----------------------------------------
$lang = $this->ipsclass->vars['cookie_stronghold'] == 0 ? 'disabled' : 'enabled';
$this->ipsclass->main_msg = "Cookie stronghold {$lang}";
$this->security_overview();
}
/*-------------------------------------------------------------------------*/
// Update setting
/*-------------------------------------------------------------------------*/
function update_setting( $key, $value )
{
//-----------------------------------------
// Check
//-----------------------------------------
if ( ! $key )
{
return FALSE;
}
//-----------------------------------------
// Update DB
//-----------------------------------------
$this->ipsclass->DB->do_update( 'conf_settings', array( 'conf_value' => $value ), "conf_key='".$key."'" );
//-----------------------------------------
// Rebuild settings cache
//-----------------------------------------
require_once( ROOT_PATH . 'sources/action_admin/settings.php' );
$settings = new ad_settings();
$settings->ipsclass =& $this->ipsclass;
$settings->setting_rebuildcache();
//-----------------------------------------
// Done...
//-----------------------------------------
return TRUE;
}
/*-------------------------------------------------------------------------*/
// View current log in logs
/*-------------------------------------------------------------------------*/
function security_overview()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$content = array( 'bad' => '', 'good' => '', 'ok' => '' );
$cache = $this->ipsclass->DB->simple_exec_query( array( 'select' => '*', 'from' => 'cache_store', 'where' => "cs_key='systemvars'" ) );
$cache_array = unserialize(stripslashes($cache['cs_value']));
//-----------------------------------------
// Virus checker link
//-----------------------------------------
if ( intval($cache_array['last_virus_check']) < time() - 7 * 86400 )
{
$content['bad'] .= $this->html->security_item_bad( 'IPB Unauthorized File Checker',
'The IPB unauthorized file checker will check your IPB installation for suspicious files.<br />The unauthorized file checker has not been run in over a week',
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=virus_check',
'vchecker' );
}
else
{
$last_run = $this->ipsclass->get_date( $cache_array['last_virus_check'], 'SHORT' );
$content['good'] .= $this->html->security_item_good( 'IPB Unauthorized File Checker',
'The IPB unauthorized file checker will check your IPB installation for suspicious files.<br />The unauthorized file checker was last run: '.$last_run,
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=virus_check',
'vchecker' );
}
//-----------------------------------------
// Deep scan link
//-----------------------------------------
if ( intval($cache_array['last_deepscan_check']) < time() - 30 * 86400 )
{
$content['bad'] .= $this->html->security_item_bad( 'IPB Executables Deep Scan',
'The IPB deep scanner will pick out and list every single executable file in your installation.<br />The scanner has not been run in over a month',
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=deep_scan',
'deepscan' );
}
else
{
$last_run = $this->ipsclass->get_date( $cache_array['last_deepscan_check'], 'SHORT' );
$content['good'] .= $this->html->security_item_good( 'IPB Executables Deep Scan',
'The IPB deep scanner will pick out and list every single executable file in your installation.<br />The scanner was last run: '.$last_run,
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=deep_scan',
'deepscan' );
}
//-----------------------------------------
// Get .htaccess settings
//-----------------------------------------
if ( strtoupper( substr(PHP_OS, 0, 3) ) !== 'WIN' )
{
$_extra = '';
if ( ! is_writeable( ROOT_PATH . IPB_ACP_DIRECTORY ) )
{
$_extra = "<div style='color:red;font-weight:bold'>IPB cannot write the .htaccess files into your '/admin/' directory. Please use your FTP client to CHMOD it to 0777.</div>";
}
if ( ! file_exists( ROOT_PATH . IPB_ACP_DIRECTORY . '/.htaccess' ) )
{
$content['ok'] .= $this->html->security_item_ok( 'IPB ACP .htaccess Protection',
'To make your ACP even more secure, you can add HTTP authentication in your "/admin/" directory.<br />IPB cannot locate an ACP .htaccess file.'. $_extra,
'Learn More',
$this->ipsclass->form_code_js.'&code=acphtaccess',
'acphtaccess' );
}
else
{
$content['good'] .= $this->html->security_item_good( 'IPB ACP .htaccess Protection',
'To make your ACP even more secure, you can take add HTTP authentication in your "/admin/" directory.<br />IPB has located an ACP .htaccess file.'.$_extra,
'Learn More',
$this->ipsclass->form_code_js.'&code=acphtaccess',
'acphtaccess' );
}
# Other htaccess protection
if ( ! file_exists( ROOT_PATH . 'style_emoticons/.htaccess' ) )
{
$content['ok'] .= $this->html->security_item_ok( 'IPB PHP/CGI .htaccess Protection',
'IPB can write .htaccess files to non-PHP directories to prevent PHP and CGI files from executing.<br />IPB cannot locate any .htaccess files.',
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=htaccess',
'htaccess' );
}
else
{
$content['good'] .= $this->html->security_item_good( 'IPB .htaccess Protection',
'IPB can write .htaccess files to non-PHP directories to prevent PHP and CGI files from executing.<br />IPB has located some .htaccess files.',
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=htaccess',
'htaccess' );
}
//-----------------------------------------
// Conf global
//-----------------------------------------
if ( is_writeable( ROOT_PATH . 'conf_global.php' ) )
{
$content['bad'] .= $this->html->security_item_bad( 'Make "conf_global" un-writeable',
'After installation, you should change the CHMOD on the "conf_global.php" file to prevent others from reading and writing to it.<br />"conf_global.php" is writeable.',
'Run Tool Now',
$this->ipsclass->form_code_js.'&code=confglobal',
'confglobal' );
}
else
{
$content['good'] .= $this->html->security_item_good( 'Make "conf_global" un-writeable',
'After installation, you should change the CHMOD on the "conf_global.php" file to prevent others from reading and writing to it.<br />"conf_global.php" is NOT writeable.',
'Learn More',
$this->ipsclass->form_code_js.'&code=confglobal',
'confglobal' );
}
}
//-----------------------------------------
// Dynamic images
//-----------------------------------------
if ( ! $this->ipsclass->vars['allow_dynamic_img'] )
{
$content['good'] .= $this->html->security_item_good( 'Disable Dynamic Images',
'IPB can stop dynamic images being posted on your forums. Dynamic images pose a security risk ask they allow javascript to run.<br />Dynamic images are already disabled.',
'Toggle Now',
$this->ipsclass->form_code_js.'&code=dynamic_images',
'dynamic_images' );
}
else
{
$content['bad'] .= $this->html->security_item_bad( 'Disable Dynamic Images',
'IPB can stop dynamic images being posted on your forums. Dynamic images pose a security risk ask they allow javascript to run.<br />Dynamic images are ENABLED.',
'Toggle Now',
$this->ipsclass->form_code_js.'&code=dynamic_images',
'dynamic_images' );
}
//-----------------------------------------
// Strong hold cookie
//-----------------------------------------
if ( ! $this->ipsclass->vars['cookie_stronghold'] )
{
$content['bad'] .= $this->html->security_item_bad( 'Enable the Stronghold Cookie',
'IPB can store a stronghold cookie in the user\'s browser which is used when automatically logging in to prevent successful cookie theft.<br />Stronghold cookies are disabled.',
'Toggle Now',
$this->ipsclass->form_code_js.'&code=stronghold',
'stronghold' );
}
else
{
$content['good'] .= $this->html->security_item_good( 'Enable the Stronghold Cookie',
'IPB can store a stronghold cookie in the user\'s browser which is used when automatically logging in to prevent successful cookie theft.<br />Stronghold cookies are ENABLED.',
'Toggle Now',
$this->ipsclass->form_code_js.'&code=stronghold',
'stronghold' );
}
//-----------------------------------------
// Remove ACP link
//-----------------------------------------
if ( ! $this->ipsclass->vars['security_remove_acp_link'] )
{
$content['ok'] .= $this->html->security_item_ok( 'Remove ACP Link',
'IPB can remove the "Admin CP" link from the board\'s header. This is useful when renaming the default \'admin\' directory.<br />The ACP link is visible when logged in as an admin.',
'Toggle Now',
$this->ipsclass->form_code_js.'&code=acplink',
'acplink' );
}
else
{
$content['good'] .= $this->html->security_item_good( 'Remove ACP Link',
'IPB can remove the "Admin CP" link from the board\'s header. This is useful when renaming the default \'admin\' directory.<br />The ACP link has been removed.',
'Toggle Now',
$this->ipsclass->form_code_js.'&code=acplink',
'acplink' );
}
//-----------------------------------------
// ACP directory renamed
//-----------------------------------------
if ( IPB_ACP_DIRECTORY == 'admin' )
{
$content['ok'] .= $this->html->security_item_ok( 'Rename the \'admin\' directory',
'The default \'admin\' directory can be renamed to make it hard to find.<br />The admin directory has not been renamed.',
'Learn More',
$this->ipsclass->form_code_js.'&code=acprename',
'acprename' );
}
else
{
$content['good'] .= $this->html->security_item_good( 'Rename the \'admin\' directory',
'The default \'admin\' directory can be renamed to make it hard to find.<br />The admin directory HAS been renamed.',
'Learn More',
$this->ipsclass->form_code_js.'&code=acprename',
'acprename' );
}
//-----------------------------------------
// Print...
//-----------------------------------------
$this->ipsclass->html .= $this->html->security_overview( $content );
$this->ipsclass->admin->output();
}
}
?>