Elgg  Version master
information.php
Go to the documentation of this file.
1 <?php
8 
10 $params['selected'] = 'information';
11 echo elgg_view('admin/security/tabs', $params);
12 
13 echo elgg_view('output/longtext', [
14  'value' => elgg_echo('admin:security:information:description'),
15 ]);
16 
18 $icon_warning = elgg_view_icon('exclamation-triangle');
20 
21 $view_module = function($icon, $title, $value = '', $subtext = '') {
22  $body = elgg_format_element('strong', [], $title);
23  if (!elgg_is_empty($value)) {
24  $body .= elgg_format_element('span', ['class' => 'mlm'], $value);
25  }
26 
27  if (!elgg_is_empty($subtext)) {
28  $body .= elgg_format_element('div', ['class' => 'elgg-subtext'], $subtext);
29  }
30 
31  return elgg_view_image_block($icon, $body, ['class' => 'elgg-admin-information-row']);
32 };
33 
34 // https
36 $title = elgg_echo('admin:security:information:https');
37 $value = elgg_echo('option:yes');
38 $subtext = '';
39 
40 if (parse_url(elgg_get_site_url(), PHP_URL_SCHEME) !== 'https') {
42  $value = elgg_echo('option:no');
43  $subtext = elgg_echo('admin:security:information:https:warning');
44 }
45 
46 echo $view_module($icon, $title, $value, $subtext);
47 
48 // wwwroot writeable
49 $icon = $icon_ok;
50 $title = elgg_echo('admin:security:information:wwwroot');
51 $value = elgg_echo('option:no');
52 $subtext = '';
53 
54 if (is_writable(Paths::project())) {
56  $value = elgg_echo('option:yes');
57  $subtext = elgg_echo('admin:security:information:wwwroot:error');
58 }
59 
60 echo $view_module($icon, $title, $value, $subtext);
61 
62 // hooks on 'sanitize', 'input' (eg htmlawed)
63 $icon = $icon_ok;
64 $title = elgg_echo('admin:security:information:validate_input');
65 $value = elgg_echo('status:enabled');
66 $subtext = '';
67 
68 if (!(bool) elgg()->events->getOrderedHandlers('sanitize', 'input')) {
70  $value = elgg_echo('status:disabled');
71  $subtext = elgg_echo('admin:security:information:validate_input:error');
72 }
73 
74 echo $view_module($icon, $title, $value, $subtext);
75 
76 // password length
77 $icon = $icon_ok;
78 $title = elgg_echo('admin:security:information:password_length');
79 $value = elgg_get_config('min_password_length');
80 $subtext = '';
81 
82 if ($value < 6) {
84  $subtext = elgg_echo('admin:security:information:password_length:warning');
85 }
86 
87 echo $view_module($icon, $title, $value, $subtext);
88 
89 // username length
90 $icon = $icon_ok;
91 $title = elgg_echo('admin:security:information:username_length');
92 $value = elgg_get_config('minusername');
93 $subtext = '';
94 
95 if ($value < 4) {
97  $subtext = elgg_echo('admin:security:information:username_length:warning');
98 }
99 
100 echo $view_module($icon, $title, $value, $subtext);
101 
102 // site secret
103 $icon = $icon_ok;
104 $title = elgg_view('output/url', [
105  'text' => elgg_echo('admin:security:settings:label:site_secret'),
106  'href' => elgg_generate_url('admin', [
107  'segments' => 'security',
108  ]) . '#admin-security-site-secret',
109  'is_trusted' => true,
110 ]);
111 $subtext = '';
112 
113 $strength = _elgg_services()->siteSecret->getStrength();
114 $value = elgg_echo("site_secret:strength:$strength");
115 
116 if ($strength !== 'strong') {
117  $icon = $icon_error;
118 
119  $subtext = elgg_echo("site_secret:strength_msg:$strength");
120 }
121 
122 echo $view_module($icon, $title, $value, $subtext);
123 
124 // php session garbage collection
126 $title = elgg_echo('admin:security:information:php:session_gc');
127 $value = elgg_echo('status:disabled');
128 $subtext = elgg_echo('admin:security:information:php:session_gc:error');
129 
130 $probability = ini_get('session.gc_probability');
131 $divisor = ini_get('session.gc_divisor');
132 $maxlifetime = ini_get('session.gc_maxlifetime');
133 
134 if ($probability > 0 && $divisor > 0) {
135  $icon = $icon_ok;
136  $value = elgg_echo('status:enabled');
137 
138  // https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability
139  $chance = ($probability / $divisor) * 100;
140  $subtext = elgg_echo('admin:security:information:php:session_gc:chance', [$chance]);
141  $subtext .= ' ' . elgg_echo('admin:security:information:php:session_gc:lifetime', [$maxlifetime]);
142 }
143 
144 echo $view_module($icon, $title, $value, $subtext);
145 
146 // Check for .htaccess hardening
148 $title = elgg_echo('admin:security:information:htaccess:hardening');
149 $value = elgg_echo('status:disabled');
150 $subtext = elgg_echo('admin:security:information:htaccess:hardening:help');
151 
152 $curl = curl_init(elgg_normalize_site_url('vendor/autoload.php'));
153 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
154 curl_exec($curl);
155 
156 if (curl_getinfo($curl, CURLINFO_HTTP_CODE) === 403) {
157  // hardening enabled
158  $icon = $icon_ok;
159  $value = elgg_echo('status:enabled');
160 }
161 
162 echo $view_module($icon, $title, $value, $subtext);
elgg
Definition: install.js:27
elgg_normalize_site_url(string $unsafe_url)
From untrusted input, get a site URL safe for forwarding.
Definition: output.php:175
elgg_get_config(string $name, $default=null)
Get an Elgg configuration value.
$view_module
Definition: information.php:21
$value
Definition: information.php:37
elgg_view_image_block(string $image, string $body, array $vars=[])
Wrapper function for the image block display pattern.
Definition: views.php:898
$icon
Definition: information.php:35
elgg_echo(string $message_key, array $args=[], string $language= '')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17
$maxlifetime
$probability
$strength
elgg_is_empty($value)
Check if a value isn&#39;t empty, but allow 0 and &#39;0&#39;.
Definition: input.php:176
string project
Definition: conf.py:49
$icon_ok
Definition: information.php:17
elgg_view(string $view, array $vars=[], string $viewtype= '')
Return a parsed view.
Definition: views.php:156
$subtext
Definition: information.php:38
$icon_error
Definition: information.php:19
elgg_get_site_url()
Get the URL for the current (or specified) site, ending with "/".
$body
Definition: useradd.php:55
elgg_view_icon(string $name, array $vars=[])
View an icon glyph.
Definition: views.php:1261
$divisor
$title
Definition: information.php:36
$vars
Definition: theme.php:5
$params
Definition: information.php:9
elgg_generate_url(string $name, array $parameters=[])
Generate a URL for named route.
_elgg_services()
Get the global service provider.
Definition: elgglib.php:351
elgg_format_element(string $tag_name, array $attributes=[], string $text= '', array $options=[])
Format an HTML element.
Definition: output.php:145
$curl
$icon_warning
Definition: information.php:18