Elgg  Version master
information.php
Go to the documentation of this file.
1 <?php
7 use Elgg\Project\Paths;
8 
9 $params = $vars;
10 $params['selected'] = 'information';
11 echo elgg_view('admin/security/tabs', $params);
12 
13 echo elgg_view('output/longtext', [
14  'value' => elgg_echo('admin:security:information:description'),
15 ]);
16 
17 $icon_ok = elgg_view_icon('check');
18 $icon_warning = elgg_view_icon('exclamation-triangle');
19 $icon_error = elgg_view_icon('times');
20 
21 $view_module = function($icon, $title, $value = '', $subtext = '') {
22  $body = elgg_format_element('strong', [], $title);
23  if (!elgg_is_empty($value)) {
24  $body .= elgg_format_element('span', ['class' => 'mlm'], $value);
25  }
26 
27  if (!elgg_is_empty($subtext)) {
28  $body .= elgg_format_element('div', ['class' => 'elgg-subtext'], $subtext);
29  }
30 
31  return elgg_view_image_block($icon, $body, ['class' => 'elgg-admin-information-row']);
32 };
33 
34 // https
35 $icon = $icon_ok;
36 $title = elgg_echo('admin:security:information:https');
37 $value = elgg_echo('option:yes');
38 $subtext = '';
39 
40 if (parse_url(elgg_get_site_url(), PHP_URL_SCHEME) !== 'https') {
41  $icon = $icon_warning;
42  $value = elgg_echo('option:no');
43  $subtext = elgg_echo('admin:security:information:https:warning');
44 }
45 
46 echo $view_module($icon, $title, $value, $subtext);
47 
48 // wwwroot writeable
49 $icon = $icon_ok;
50 $title = elgg_echo('admin:security:information:wwwroot');
51 $value = elgg_echo('option:no');
52 $subtext = '';
53 
54 if (is_writable(Paths::project())) {
55  $icon = $icon_error;
56  $value = elgg_echo('option:yes');
57  $subtext = elgg_echo('admin:security:information:wwwroot:error');
58 }
59 
60 echo $view_module($icon, $title, $value, $subtext);
61 
62 // hooks on 'sanitize', 'input' (eg htmlawed)
63 $icon = $icon_ok;
64 $title = elgg_echo('admin:security:information:validate_input');
65 $value = elgg_echo('status:enabled');
66 $subtext = '';
67 
68 if (!(bool) elgg()->events->getOrderedHandlers('sanitize', 'input')) {
69  $icon = $icon_error;
70  $value = elgg_echo('status:disabled');
71  $subtext = elgg_echo('admin:security:information:validate_input:error');
72 }
73 
74 echo $view_module($icon, $title, $value, $subtext);
75 
76 // password length
77 $icon = $icon_ok;
78 $title = elgg_echo('admin:security:information:password_length');
79 $value = elgg_get_config('min_password_length');
80 $subtext = '';
81 
82 if ($value < 6) {
83  $icon = $icon_warning;
84  $subtext = elgg_echo('admin:security:information:password_length:warning');
85 }
86 
87 echo $view_module($icon, $title, $value, $subtext);
88 
89 // username length
90 $icon = $icon_ok;
91 $title = elgg_echo('admin:security:information:username_length');
92 $value = elgg_get_config('minusername');
93 $subtext = '';
94 
95 if ($value < 4) {
96  $icon = $icon_warning;
97  $subtext = elgg_echo('admin:security:information:username_length:warning');
98 }
99 
100 echo $view_module($icon, $title, $value, $subtext);
101 
102 // site secret
103 $icon = $icon_ok;
104 $title = elgg_view('output/url', [
105  'text' => elgg_echo('admin:security:settings:label:site_secret'),
106  'href' => elgg_generate_url('admin', [
107  'segments' => 'security',
108  ]) . '#admin-security-site-secret',
109  'is_trusted' => true,
110 ]);
111 $subtext = '';
112 
113 $strength = _elgg_services()->siteSecret->getStrength();
114 $value = elgg_echo("site_secret:strength:$strength");
115 
116 if ($strength !== 'strong') {
117  $icon = $icon_error;
118 
119  $subtext = elgg_echo("site_secret:strength_msg:$strength");
120 }
121 
122 echo $view_module($icon, $title, $value, $subtext);
123 
124 // php session garbage collection
125 $icon = $icon_error;
126 $title = elgg_echo('admin:security:information:php:session_gc');
127 $value = elgg_echo('status:disabled');
128 $subtext = elgg_echo('admin:security:information:php:session_gc:error');
129 
130 $probability = ini_get('session.gc_probability');
131 $divisor = ini_get('session.gc_divisor');
132 $maxlifetime = ini_get('session.gc_maxlifetime');
133 
134 if ($probability > 0 && $divisor > 0) {
135  $icon = $icon_ok;
136  $value = elgg_echo('status:enabled');
137 
138  // https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability
139  $chance = ($probability / $divisor) * 100;
140  $subtext = elgg_echo('admin:security:information:php:session_gc:chance', [$chance]);
141  $subtext .= ' ' . elgg_echo('admin:security:information:php:session_gc:lifetime', [$maxlifetime]);
142 }
143 
144 echo $view_module($icon, $title, $value, $subtext);
145 
146 // Check for .htaccess hardening
147 $icon = $icon_warning;
148 $title = elgg_echo('admin:security:information:htaccess:hardening');
149 $value = elgg_echo('status:disabled');
150 $subtext = elgg_echo('admin:security:information:htaccess:hardening:help');
151 
152 $curl = curl_init(elgg_normalize_site_url('vendor/autoload.php'));
153 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
154 curl_exec($curl);
155 
156 if (curl_getinfo($curl, CURLINFO_HTTP_CODE) === 403) {
157  // hardening enabled
158  $icon = $icon_ok;
159  $value = elgg_echo('status:enabled');
160 }
161 
162 echo $view_module($icon, $title, $value, $subtext);
$vars
$vars
Definition: theme.php:5
$body
$body
Definition: useradd.php:55
Elgg\Project\Paths
Find Elgg and project paths.
Definition: Paths.php:8
elgg_get_site_url
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
Definition: configuration.php:26
elgg_get_config
elgg_get_config(string $name, $default=null)
Get an Elgg configuration value.
Definition: configuration.php:136
elgg
elgg()
Bootstrapping and helper procedural code available for use in Elgg core and plugins.
Definition: elgglib.php:12
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
elgg_is_empty
elgg_is_empty($value)
Check if a value isn't empty, but allow 0 and '0'.
Definition: input.php:176
$value
$value
Definition: information.php:37
$subtext
$subtext
Definition: information.php:38
$icon_ok
$icon_ok
Definition: information.php:17
$curl
$curl
Definition: information.php:152
$probability
$probability
Definition: information.php:130
$icon_error
$icon_error
Definition: information.php:19
$view_module
$view_module
Definition: information.php:21
$divisor
$divisor
Definition: information.php:131
$icon
$icon
Definition: information.php:35
$strength
$strength
Definition: information.php:113
$maxlifetime
$maxlifetime
Definition: information.php:132
$title
$title
Definition: information.php:36
$icon_warning
$icon_warning
Definition: information.php:18
$params
$params
Definition: information.php:9
elgg_echo
elgg_echo(string $message_key, array $args=[], string $language='')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17
elgg_view_icon
elgg_view_icon(string $name, array $vars=[])
View an icon glyph.
Definition: views.php:1261
elgg_view_image_block
elgg_view_image_block(string $image, string $body, array $vars=[])
Wrapper function for the image block display pattern.
Definition: views.php:898
elgg_view
elgg_view(string $view, array $vars=[], string $viewtype='')
Return a parsed view.
Definition: views.php:156
conf.project
string project
Definition: conf.py:52
elgg_normalize_site_url
elgg_normalize_site_url(string $unsafe_url)
From untrusted input, get a site URL safe for forwarding.
Definition: output.php:175
elgg_format_element
elgg_format_element(string $tag_name, array $attributes=[], string $text='', array $options=[])
Format an HTML element.
Definition: output.php:145
elgg_generate_url
elgg_generate_url(string $name, array $parameters=[])
Generate a URL for named route.
Definition: pagehandler.php:133
Generated on Fri Aug 29 2025 00:01:59 for Elgg by doxygen 1.9.1