1: <?php
2:
3: $path_extra = dirname(dirname(__FILE__));
4: $path = ini_get('include_path');
5: $path = $path_extra . PATH_SEPARATOR . $path;
6: ini_set('include_path', $path);
7:
8: define('IS_WINDOWS', strtoupper(substr(PHP_OS, 0, 3)) === 'WIN');
9:
10: class PlainText {
11:
12: function start($title) {
13: return '';
14: }
15:
16: function tt($text) {
17: return $text;
18: }
19:
20: function link($href, $text = null) {
21: if ($text) {
22: return $text . ' <' . $href . '>';
23: } else {
24: return $href;
25: }
26: }
27:
28: function b($text) {
29: return '*' . $text . '*';
30: }
31:
32: function contentType() {
33: return 'text/plain';
34: }
35:
36: function p($text) {
37: return wordwrap($text) . "\n\n";
38: }
39:
40: function pre($text) {
41: $out = '';
42: $lines = array_map('trim', explode("\n", $text));
43: foreach ($lines as $line) {
44: $out .= ' ' . $line . "\n";
45: }
46: $out .= "\n";
47: return $out;
48: }
49:
50: function ol($items) {
51: $out = '';
52: $c = 1;
53: foreach ($items as $item) {
54: $item = wordwrap($item, 72);
55: $lines = array_map('trim', explode("\n", $item));
56: $out .= $c . '. ' . $lines[0] . "\n";
57: unset($lines[0]);
58: foreach ($lines as $line) {
59: $out .= ' ' . $line . "\n";
60: }
61: $out .= "\n";
62: $c += 1;
63: }
64: return $out;
65: }
66:
67: function h2($text) {
68: return $this->h($text, 2);
69: }
70:
71: function h1($text) {
72: return $this->h($text, 1);
73: }
74:
75: function h($text, $n) {
76: $chars = '#=+-.';
77: $c = $chars[$n - 1];
78: return "\n" . $text . "\n" . str_repeat($c, strlen($text)) . "\n\n";
79: }
80:
81: function end() {
82: return '';
83: }
84:
85: }
86:
87: class HTML {
88:
89: function start($title) {
90: return '<html><head><title>' . $title . '</title>' .
91: $this->stylesheet() .
92: '</head><body>' . "\n";
93: }
94:
95: function stylesheet() {
96: return "<style type='text/css'>\n" .
97: "p {\n" .
98: " width: 50em;\n" .
99: "}\n" .
100: '</style>';
101: }
102:
103: function tt($text) {
104: return '<code>' . $text . '</code>';
105: }
106:
107: function contentType() {
108: return 'text/html';
109: }
110:
111: function b($text) {
112: return '<strong>' . $text . '</strong>';
113: }
114:
115: function p($text) {
116: return '<p>' . wordwrap($text) . "</p>\n";
117: }
118:
119: function pre($text) {
120: return '<pre>' . $text . "</pre>\n";
121: }
122:
123: function ol($items) {
124: $out = '<ol>';
125: foreach ($items as $item) {
126: $out .= '<li>' . wordwrap($item) . "</li>\n";
127: }
128: $out .= "</ol>\n";
129: return $out;
130: }
131:
132: function h($text, $n) {
133: return "<h$n>$text</h$n>\n";
134: }
135:
136: function h2($text) {
137: return $this->h($text, 2);
138: }
139:
140: function h1($text) {
141: return $this->h($text, 1);
142: }
143:
144: function link($href, $text = null) {
145: return '<a href="' . $href . '">' . ($text ? $text : $href) . '</a>';
146: }
147:
148: function end() {
149: return "</body>\n</html>\n";
150: }
151:
152: }
153:
154: if (isset($_SERVER['REQUEST_METHOD'])) {
155: $r = new HTML();
156: } else {
157: $r = new PlainText();
158: }
159:
160: function detect_math($r, &$out) {
161: $out .= $r->h2('Math support');
162: $ext = Auth_OpenID_detectMathLibrary(Auth_OpenID_math_extensions());
163: if (!isset($ext['extension']) || !isset($ext['class'])) {
164: $out .= $r->p(
165: 'Your PHP installation does not include big integer math ' .
166: 'support. This support is required if you wish to run a ' .
167: 'secure OpenID server without using SSL.');
168: $out .= $r->p('To use this library, you have a few options:');
169:
170: $gmp_lnk = $r->link('http://www.php.net/manual/en/ref.gmp.php', 'GMP');
171: $bc_lnk = $r->link('http://www.php.net/manual/en/ref.bc.php', 'bcmath');
172: $out .= $r->ol(array(
173: 'Install the ' . $gmp_lnk . ' PHP extension',
174: 'Install the ' . $bc_lnk . ' PHP extension',
175: 'If your site is low-security, call ' .
176: 'Auth_OpenID_setNoMathSupport(), defined in Auth/OpenID/BigMath.php. ',
177: 'The library will function, but ' .
178: 'the security of your OpenID server will depend on the ' .
179: 'security of the network links involved. If you are only ' .
180: 'using consumer support, you should still be able to operate ' .
181: 'securely when the users are communicating with a ' .
182: 'well-implemented server.'));
183: return false;
184: } else {
185: switch ($ext['extension']) {
186: case 'bcmath':
187: $out .= $r->p('Your PHP installation has bcmath support. This is ' .
188: 'adequate for small-scale use, but can be CPU-intensive. ' .
189: 'You may want to look into installing the GMP extension.');
190: $lnk = $r->link('http://www.php.net/manual/en/ref.gmp.php');
191: $out .= $r->p('See ' . $lnk . ' for more information ' .
192: 'about the GMP extension.');
193: break;
194: case 'gmp':
195: $out .= $r->p('Your PHP installation has gmp support. Good.');
196: break;
197: default:
198: $class = $ext['class'];
199: $lib = new $class();
200: $one = $lib->init(1);
201: $two = $lib->add($one, $one);
202: $t = $lib->toString($two);
203: $out .= $r->p('Uh-oh. I do not know about the ' .
204: $ext['extension'] . ' extension!');
205: if ($t != '2') {
206: $out .= $r->p('It looks like it is broken. 1 + 1 = ' .
207: var_export($t, false));
208: return false;
209: } else {
210: $out .= $r->p('But it seems to be able to add one and one.');
211: }
212: }
213: return true;
214: }
215: }
216:
217: function detect_random($r, &$out) {
218: $out .= $r->h2('Cryptographic-quality randomness source');
219: if (Auth_OpenID_RAND_SOURCE === null) {
220: $out .= $r->p('Using (insecure) pseudorandom number source, because ' .
221: 'Auth_OpenID_RAND_SOURCE has been defined as null.');
222: return false;
223: }
224:
225: $msg = 'The library will try to access ' . Auth_OpenID_RAND_SOURCE
226: . ' as a source of random data. ';
227:
228: $numbytes = 6;
229:
230: $f = @fopen(Auth_OpenID_RAND_SOURCE, 'r');
231: if ($f !== false) {
232: $data = fread($f, $numbytes);
233: $stat = fstat($f);
234: $size = $stat['size'];
235: fclose($f);
236: } else {
237: $data = null;
238: $size = true;
239: }
240:
241: if ($f !== false) {
242: $dataok = (Auth_OpenID::bytes($data) == $numbytes);
243: $ok = $dataok && !$size;
244: $msg .= 'It seems to exist ';
245: if ($dataok) {
246: $msg .= 'and be readable. Here is some hex data: ' .
247: bin2hex($data) . '.';
248: } else {
249: $msg .= 'but reading data failed.';
250: }
251: if ($size) {
252: $msg .= ' This is a ' . $size . ' byte file. Unless you know ' .
253: 'what you are doing, it is likely that you are making a ' .
254: 'mistake by using a regular file as a randomness source.';
255: }
256: } else {
257: $msg .= Auth_OpenID_RAND_SOURCE .
258: ' could not be opened. This could be because of restrictions on' .
259: ' your PHP environment or that randomness source may not exist' .
260: ' on this platform.';
261: if (IS_WINDOWS) {
262: $msg .= ' You seem to be running Windows. This library does not' .
263: ' have access to a good source of randomness on Windows.';
264: }
265: $ok = false;
266: }
267:
268: $out .= $r->p($msg);
269:
270: if (!$ok) {
271: $out .= $r->p(
272: 'To set a source of randomness, define Auth_OpenID_RAND_SOURCE ' .
273: 'to the path to the randomness source. If your platform does ' .
274: 'not provide a secure randomness source, the library can' .
275: 'operate in pseudorandom mode, but it is then vulnerable to ' .
276: 'theoretical attacks. If you wish to operate in pseudorandom ' .
277: 'mode, define Auth_OpenID_RAND_SOURCE to null.');
278: $out .= $r->p('You are running on:');
279: $out .= $r->pre(php_uname());
280: $out .= $r->p('There does not seem to be an available source ' .
281: 'of randomness. On a Unix-like platform ' .
282: '(including MacOS X), try /dev/random and ' .
283: '/dev/urandom.');
284: }
285: return $ok;
286: }
287:
288: function detect_stores($r, &$out) {
289: $out .= $r->h2('Data storage');
290:
291: $found = array();
292: foreach (array('sqlite', 'mysql', 'pgsql') as $dbext) {
293: if (extension_loaded($dbext) || ini_get('enable_dl') && function_exists('dl') && dl($dbext . '.' . PHP_SHLIB_SUFFIX)) {
294: $found[] = $dbext;
295: }
296: }
297: if (count($found) == 0) {
298: $text = 'No SQL database support was found in this PHP ' .
299: 'installation. See the PHP manual if you need to ' .
300: 'use an SQL database.';
301: } else {
302: $text = 'Support was found for ';
303: if (count($found) == 1) {
304: $text .= $found[0] . '.';
305: } else {
306: $last = array_pop($found);
307: $text .= implode(', ', $found) . ' and ' . $last . '.';
308: }
309: $text = $r->b($text);
310: }
311: $text .= ' The library supports the MySQL, PostgreSQL, and SQLite ' .
312: 'database engines, as well as filesystem-based storage. In ' .
313: 'addition, PEAR DB is required to use databases.';
314: $out .= $r->p($text);
315:
316: if (function_exists('posix_getpwuid') &&
317: function_exists('posix_geteuid')) {
318: $processUser = posix_getpwuid(posix_geteuid());
319: $web_user = $r->b($r->tt($processUser['name']));
320: } else {
321: $web_user = 'the PHP process';
322: }
323:
324: if (in_array('sqlite', $found)) {
325: $out .= $r->p('If you are using SQLite, your database must be ' .
326: 'writable by ' . $web_user . ' and not available over' .
327: ' the web.');
328: }
329:
330: $basedir_str = ini_get('open_basedir');
331: if (gettype($basedir_str) == 'string') {
332: $url = 'http://www.php.net/manual/en/features.safe-mode.php' .
333: '#ini.open-basedir';
334: $lnk = $r->link($url, 'open_basedir');
335: $out .= $r->p('If you are using a filesystem-based store or SQLite, ' .
336: 'be aware that ' . $lnk . ' is in effect. This means ' .
337: 'that your data will have to be stored in one of the ' .
338: 'following locations:');
339: $out .= $r->pre(var_export($basedir_str, true));
340: } else {
341: $out .= $r->p('The ' . $r->b($r->tt('open_basedir')) . ' configuration restriction ' .
342: 'is not in effect.');
343: }
344:
345: $out .= $r->p('If you are using the filesystem store, your ' .
346: 'data directory must be readable and writable by ' .
347: $web_user . ' and not availabe over the Web.');
348: return true;
349: }
350:
351: function detect_xml($r, &$out) {
352: global $__Auth_Yadis_xml_extensions;
353:
354: $out .= $r->h2('XML Support');
355:
356:
357: $ext = Auth_Yadis_getXMLParser();
358:
359: if ($ext !== null) {
360: $out .= $r->p('XML parsing support is present using the ' .
361: $r->b(get_class($ext)) . ' interface.');
362: return true;
363: } else {
364: $out .= $r->p('XML parsing support is absent; please install one ' .
365: 'of the following PHP extensions:');
366: foreach ($__Auth_Yadis_xml_extensions as $name => $cls) {
367: $out .= "<li>" . $r->b($name) . "</li>";
368: }
369: return false;
370: }
371: }
372:
373: function detect_query_corruption($r, &$out) {
374: $out .= $r->h2('Query Corruption');
375: if ($_SERVER["QUERY_STRING"] != "test_query=a%26b") {
376: $out.=$r->p("Your web server seems to corrupt queries. Received " . $_SERVER["QUERY_STRING"] . ", expected a=%26b. Check for mod_encoding.");
377: return false;
378: } else {
379: $out.=$r->p("Your web server does not corrupt queries. Good.");
380: return true;
381: }
382: }
383:
384: function detect_fetcher($r, &$out) {
385: $out .= $r->h2('HTTP Fetching');
386:
387: $result = @include 'Auth/Yadis/Yadis.php';
388:
389: if (!$result) {
390: $out .= $r->p('Yadis code unavailable; could not test fetcher support.');
391: return false;
392: }
393:
394: if (Auth_Yadis_Yadis::curlPresent()) {
395: $out .= $r->p('This PHP installation has support for libcurl. Good.');
396: $lnk = '';
397: } else {
398: $out .= $r->p('This PHP installation does not have support for ' .
399: 'libcurl. CURL is not required but is recommended. ' .
400: 'The OpenID library will use an fsockopen()-based fetcher.');
401: $lnk = $r->link('http://us3.php.net/manual/en/ref.curl.php');
402: $out .= $r->p('See ' . $lnk . ' about enabling the libcurl support ' .
403: 'for PHP.');
404: }
405:
406: $ok = true;
407: $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
408: $fetch_url = 'http://gist.github.com/raw/465630/c57eff55ebc0c54973903af5f72bac72762cf4f4/helloworld';
409: $expected_url = 'https://raw.github.com/gist/465630/c57eff55ebc0c54973903af5f72bac72762cf4f4/helloworld';
410: $result = $fetcher->get($fetch_url);
411:
412: if (isset($result)) {
413: $parts = array('An HTTP request was completed.');
414:
415: if ($result->status != '200' && $result->status != '206') {
416: $ok = false;
417: $parts[] = $r->b(
418: sprintf(
419: 'Got %s instead of the expected HTTP status ' .
420: 'code (200 or 206).', $result->status));
421: }
422:
423: $url = $result->final_url;
424: if ($url != $expected_url) {
425: $ok = false;
426: if ($url == $fetch_url) {
427: $msg = 'The redirected URL was not returned.';
428: } else {
429: $msg = 'An unexpected URL was returned: <' . $url . '>.';
430: }
431: $parts[] = $r->b($msg);
432: }
433:
434: $data = $result->body;
435: if ($data != 'Hello World!') {
436: $ok = false;
437: $parts[] = $r->b('Unexpected data was returned.');
438: }
439: $out .= $r->p(implode(' ', $parts));
440: } else {
441: $ok = false;
442: $out .= $r->p('Fetching URL ' . $lnk . ' failed!');
443: }
444:
445: if ($fetcher->supportsSSL()) {
446: $out .= $r->p('Your PHP installation appears to support SSL, so it ' .
447: 'will be able to process HTTPS identity URLs and server URLs.');
448: } else {
449: $out .= $r->p('Your PHP installation does not support SSL, so it ' .
450: 'will NOT be able to process HTTPS identity URLs and server URLs.');
451: }
452:
453: return $ok;
454: }
455:
456: header('Content-Type: ' . $r->contentType() . '; charset=us-ascii');
457: if (empty($_GET["test_query"])) {
458: header("Location: " . $_SERVER['PHP_SELF'] . "?test_query=a%26b");
459: }
460:
461: $title = 'OpenID Library Support Report';
462: $out = $r->start($title) .
463: $r->h1($title) .
464: $r->p('This script checks your PHP installation to determine if you ' .
465: 'are set up to use the JanRain PHP OpenID library.');
466:
467: $body = '';
468:
469: $_include = include 'OpenID.php';
470:
471: if (!$_include) {
472: $path = ini_get('include_path');
473: $body .= $r->p(
474: 'Cannot find the OpenID library. It must be in your PHP include ' .
475: 'path. Your PHP include path is currently:');
476: $body .= $r->pre($path);
477: } else {
478: $status = array();
479:
480: $status[] = detect_math($r, $body);
481: $status[] = detect_random($r, $body);
482: $status[] = detect_stores($r, $body);
483: $status[] = detect_fetcher($r, $body);
484: $status[] = detect_xml($r, $body);
485: $status[] = detect_query_corruption($r, $body);
486: $result = true;
487:
488: foreach ($status as $v) {
489: if (!$v) {
490: $result = false;
491: break;
492: }
493: }
494:
495: if ($result) {
496: $out .= $r->h2('Setup Complete!');
497: $out .= $r->p('Your system should be ready to run the OpenID library.');
498: } else {
499: $out .= $r->h2('Setup Incomplete');
500: $out .= $r->p('Your system needs a few changes before it will be ready to run the OpenID library.');
501: }
502: }
503: if (!defined('OFFSET_PATH'))
504: define('OFFSET_PATH', 5);
505: require_once(dirname(dirname(dirname(dirname(__FILE__)))) . '/admin-functions.php');
506: setOption('federated_logon_detect', 1);
507: $body .= '<a href="' . FULLWEBPATH . '/' . ZENFOLDER . '/admin-plugins.php">' . gettext('back to Zenphoto') . '</a>';
508: $out .= $body . $r->end();
509:
510: print $out;
511: ?>
512: