Author: Hyp3rInj3cT10n
Hits: 920
date: 2010-02-05
Comments:<?php // ====================================== // PHP Configuration Checker v1.3.1 // Last modified: 2:44 PM 11/11/2009 // -------------------------------------- // Programmed by Hyp3rInj3cT10n // HTTP://Hyp3rInj3cT10n.GooglePages.Com // ====================================== $version = '1.3.1'; $list = <<<END expect_expectl, expect_popen, escapeshellarg, escapeshellcmd, exec, passthru, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, system, pcntl_alarm, pcntl_exec, pcntl_fork, pcntl_getpriority, pcntl_setpriority, pcntl_signal_dispatch, pcntl_signal, pcntl_sigprocmask, pcntl_sigtimedwait, pcntl_sigwaitinfo, pcntl_wait, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, posix_access, posix_ctermid, posix_get_last_error, posix_getcwd, posix_getegid,posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam,posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_initgroups, posix_isatty, posix_kill, posix_mkfifo, posix_mknod, posix_setegid,posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_strerror, posix_times, posix_ttyname, posix_uname, ftok msg_get_queue, msg_queue_exists, msg_receive, msg_remove_queue, msg_send, msg_set_queue, msg_stat_queue, sem_acquire, sem_get, sem_release, sem_remove, shm_attach, shm_detach, shm_get_var, shm_put_var, shm_remove_var, shm_remove, shmop_close, shmop_delete, shmop_open, shmop_read, shmop_size, shmop_write, chgrp, chmod, chown, copy, disk_free_space, disk_total_space, diskfreespace, fstat, glob, is_executable, lchgrp, lchown, lstat, parse_ini_file, parse_ini_string, popen, readfile, rename, rmdir, stat, tempnam, umask, unlink, dl, extension_loaded, get_extension_funcs, get_loaded_extensions, getmypid, ini_alter, ini_get_all, ini_restore, ini_set, php_ini_loaded_file, php_ini_scanned_files, php_uname, phpinfo, putenv, sys_get_temp_dir, error_log, define_syslog_variables, openlog, apache_child_terminate, apache_get_modules, apache_reset_timeout, apache_setenv, apache_note, virtual END; $list = explode(",",str_replace(array("\n","\r"," "),"",$list)); $funcs = array(); foreach ( $list as $func ) { if ( function_exists($func) ) { $funcs[$func] = ''; } } $funcs = array_keys($funcs); $settings = array( array('allow_call_time_pass_reference','0'), array('allow_url_include','0'), array('asp_tags','0'), array('auto_globals_jit','1'), array('cgi.fix_pathinfo','1'), array('default_socket_timeout','61',5=>'<'), array('display_errors','0'), array('display_startup_errors','0'), array('error_reporting','22527'), array('enable_dl','0'), array('expose_php','0'), array('html_errors','0'), array('ignore_repeated_errors','0'), array('ignore_repeated_source','0'), array('ignore_user_abort','0'), array('implicit_flush','0'), array('log_errors','1'), array('max_input_nesting_level','128',5=>'<'), array('max_input_time','61',5=>'<'), array('max_execution_time','30'), array('odbc.default_db','<i>no value</i>'), array('odbc.default_user','<i>no value</i>'), array('odbc.default_pw','<i>no value</i>'), array('odbc.check_persistent','1'), array('odbc.max_persistent','1001',5=>'<'), array('odbc.max_links','1001',5=>'<'), array('open_basedir','<i>no value</i>',5=>'!='), array('output_buffering','4096'), array('pcre.backtrack_limit','100001',5=>'<'), array('pcre.recursion_limit','100001',5=>'<'), array('phar.readonly','1'), array('post_max_size','9',5=>'<'), array('register_argc_argv','0'), array('report_memleaks','1'), array('report_zend_debug','1'), array('request_order','GP'), array('session.auto_start','0'), array('session.bug_compat_42','0'), array('session.bug_compat_warn','0'), array('session.cookie_httponly','1'), array('session.gc_probability','1'), array('session.gc_divisor','1000'), array('session.hash_bits_per_character','5'), array('session.hash_function','1'), array('session.name','PHPSESSID',5=>'!='), array('session.use_cookies','1'), array('session.use_trans_sid','0'), array('session.use_only_cookies','1'), array('short_open_tag','0'), array('sql.safe_mode','0'), array('track_errors','0'), array('upload_max_filesize','5',5=>'<'), array('variables_order','GPCS'), ); if ( function_exists('mysql_connect') ) { $settings[] = array('mysql.allow_local_infile','0'); $settings[] = array('mysql.max_persistent','1001',5=>'<'); $settings[] = array('mysql.max_links','1001',5=>'<'); $settings[] = array('mysql.default_user','<i>no value</i>'); $settings[] = array('mysql.default_password','<i>no value</i>'); $settings[] = array('mysql.connect_timeout','61',5=>'<'); $settings[] = array('mysql.trace_mode','0'); } if ( function_exists('mssql_connect') ) { $settings[] = array('mssql.max_persistent','1001',5=>'<'); $settings[] = array('mssql.max_links','1001',5=>'<'); $settings[] = array('mssql.timeout','61',5=>'<'); $settings[] = array('mssql.connect_timeout','6',5=>'<'); } if ( function_exists('mysqli_connect') ) { $settings[] = array('mysqli.max_persistent','1001',5=>'<'); $settings[] = array('mysqli.max_links','1001',5=>'<'); $settings[] = array('mysqli.default_user','<i>no value</i>'); $settings[] = array('mysqli.default_pw','<i>no value</i>'); } if ( function_exists('oci_connect') ) { $settings[] = array('oci8.max_persistent','1001',5=>'<'); $settings[] = array('oci8.persistent_timeout','61',5=>'<'); $settings[] = array('oci8.ping_interval','61',5=>'<'); } if ( function_exists('ibase_connect') ) { $settings[] = array('ibase.max_persistent','1001',5=>'<'); $settings[] = array('ibase.max_links','1001',5=>'<'); $settings[] = array('ibase.default_db','<i>no value</i>'); $settings[] = array('ibase.default_user','<i>no value</i>'); $settings[] = array('ibase.default_password','<i>no value</i>'); } if ( function_exists('pg_connect') ) { $settings[] = array('pgsql.max_persistent','1001','-1',5=>'<'); $settings[] = array('pgsql.max_links','1001',5=>'<'); } if ( function_exists('ldap_connect') ) { $settings[] = array('ldap.max_links','1001',5=>'<'); } if ( function_exists('sybase_connect') ) { $settings[] = array('sybct.max_persistent','1001',5=>'<'); $settings[] = array('sybct.max_links','1001',5=>'<'); } if ( version_compare(PHP_VERSION,'6.0.0','<') ) { $settings[] = array('define_syslog_variables','0'); $settings[] = array('magic_quotes_gpc','0'); $settings[] = array('magic_quotes_runtime','0'); $settings[] = array('magic_quotes_sybase','0'); $settings[] = array('register_globals','0'); $settings[] = array('register_long_arrays','0'); $settings[] = array('safe_mode','1'); $settings[] = array('safe_mode_allowed_env_vars','PHP_'); $settings[] = array('safe_mode_exec_dir','<i>no value</i>'); $settings[] = array('safe_mode_gid','0'); $settings[] = array('safe_mode_protected_env_vars','LD_LIBRARY_PATH'); } else { $removed = array('define_syslog_variables','dl'); foreach ( $removed as $func ) { if ( isset($funcs[$func]) ) { unset($funcs[$func]); } } } $settings[] = array('disable_functions','',5=>'d'); $checkValue = create_function('$id', ' // function checkValue($id) // { global $settings,$errid2errname, $funcs; if ( isset($settings[$id][5]) ) { if ( $settings[$id][5] == "<" ) { if ( $settings[$id][3] == "-1" ) { $settings[$id][3] = "99999999999999"; } if ( $settings[$id][3] < $settings[$id][1] && $settings[$id][3] > 0 ) { $settings[$id][4] = "green"; } else { $settings[$id][4] = "red"; } if ( $settings[$id][3] == "99999999999999" ) { $settings[$id][3] = "<i>unlimited</i>"; } $settings[$id][1] = "Less than ".$settings[$id][1]." (and not unlimited)"; } else if ( $settings[$id][5] == "!=" ) { if ( $settings[$id][0] == "open_basedir" && !$settings[$id][3] ) { $settings[$id][3] = "<i>no value</i>"; } if ( $settings[$id][3] == $settings[$id][1] ) { $settings[$id][4] = "red"; } else { $settings[$id][4] = "green"; } $settings[$id][1] = "Not ".$settings[$id][1]; } else if ( $settings[$id][5] == "d" ) { if ( empty($settings[$id][3]) ) { $settings[$id][3] = ""; } $current = explode(",",str_replace(" ","",$settings[$id][3])); foreach ( $funcs as $fid=>$func ) { if ( function_exists($func) ) { if ( in_array($func,$current) ) { unset($funcs[$fid]); } } else { unset($funcs[$fid]); } } if ( count($funcs) ) { $settings[$id][1] = "Add the following functions: <br />".implode(", ",$funcs); $settings[$id][4] = "red"; } else { $settings[$id][4] = "green"; } if ( empty($settings[$id][3]) ) { $settings[$id][3] = "<i>no value</i>"; } else { $settings[$id][3] = str_replace(", ",",",$settings[$id][3]); $settings[$id][3] = str_replace(",",", ",$settings[$id][3]); } } } else { if ( $settings[$id][3] == $settings[$id][1] ) { $settings[$id][4] = "green"; } else { $settings[$id][4] = "red"; } if ( $settings[$id][0] == "error_reporting" ) { $settings[$id][1] .= " (E_ALL & ~E_DEPRECATED)"; } } // } '); $stayEmpty = array('request_order','ibase.default_db','ibase.default_user','ibase.default_password','mysql.default_user','mysql.default_password','mysqli.default_user','mysqli.default_pw','odbc.default_db','odbc.default_user','odbc.default_pw','safe_mode_exec_dir'); if ( @get_cfg_var('error_reporting') ) { foreach ( $settings as $id => $setting ) { $settings[$id][3] = get_cfg_var($settings[$id][0]); if ( empty($settings[$id][3]) ) { if ( in_array($settings[$id][0],$stayEmpty) ) { $settings[$id][3] = '<i>no value</i>'; } else { $settings[$id][3] = '0'; } } $checkValue($id); } $msg = 'Reading php.ini via get_cfg_var()'; } else if ( @count(ini_get_all()) ) { $ini_get_all = ini_get_all(); foreach ( $settings as $id => $setting ) { if ( isset($ini_get_all[$settings[$id][0]]) ) { $settings[$id][3] = $ini_get_all[$settings[$id][0]]['local_value']; if ( empty($settings[$id][3]) ) { if ( in_array($settings[$id][0],$stayEmpty) ) { $settings[$id][3] = '<i>no value</i>'; } else { $settings[$id][3] = '0'; } } $checkValue($id); } else { unset($settings[$id]); } } $msg = 'get_cfg_var() is disabled, using ini_get_all() instead.<br />Note that it does not read directly from php configuration file.'; } else if ( @ctype_digit(ini_get('error_reporting')) ) { foreach ( $settings as $id => $setting ) { $settings[$id][3] = ini_get($settings[$id][0]); if ( empty($settings[$id][3]) ) { if ( in_array($settings[$id][0],$stayEmpty) ) { $settings[$id][3] = '<i>no value</i>'; } else { $settings[$id][3] = '0'; } } $checkValue($id); } $msg = 'get_cfg_var() and ini_get_all() are disabled, using ini_get() instead.<br />Note that it does not read directly from php configuration file.'; } else { die('get_cfg_var(), ini_get_all() and ini_get() are disabled, scan aborted.'); } echo <<<END <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> PHP Configuration Checker v{$version} by Hyp3rInj3cT10n </title> <style type="text/css"> * { font-family:Verdana; } a { color:green; } body { direction:ltr; text-align:left; font-size:10pt; color:#aa6009; background-color:#df9f53; } h1,h2,h3,h4,h5,h6 { text-align:center; margin:0 auto; padding:0; } #MainDiv { width:780px; margin:20px auto; padding:10px; } .contentLine { height:20px; border-bottom:1px dotted black; } </style> <script type="text/javascript"> var x; function changeDisplay(newdisplay) { for ( x=1; x<=green; x++ ) { document.getElementById('green' + x).style.display = newdisplay; } if ( newdisplay == 'none' ) { document.getElementById('hidegreen').style.display = 'none'; document.getElementById('showgreen').style.display = 'inline'; } else { document.getElementById('hidegreen').style.display = 'inline'; document.getElementById('showgreen').style.display = 'none'; } } </script> </head> <body> <div id="MainDiv"> <h3>PHP Configuration Checker v{$version}</h3> <h4>Build by Hyp3rInj3cT10n</h4> <br /> {$msg} <br /><br /> <a id="hidegreen" href="#" onclick="javascript:changeDisplay('none');">Hide good (green) results</a> <a id="showgreen" href="#" onclick="javascript:changeDisplay('block');" style="display:none;">Add the good (green) results</a> <br /><br /> <div class="contentLine" style="border:0;"> <div style="float:left;width:230px;"><b>Name</b></div> <div style="float:left;width:270px;"><b>Current Value</b></div> <div style="float:left;width:270px;"><b>Recommended</b></div> </div> END; $greenCounter = 0; foreach ( $settings as $setting ) { $id = ''; if ( $setting[4] == 'green' ) { $greenCounter++; $id = " id=\"green{$greenCounter}\""; } if ( $setting[0] == 'disable_functions' ) { $id .= " style=\"border:0;\""; } echo <<<END <div class="contentLine"{$id}> <div style="float:left;width:230px;">{$setting[0]}</div> <div style="float:left;width:270px;color:{$setting[4]};">{$setting[3]}</div> <div style="float:left;width:270px;">{$setting[1]}</div> </div> END; } echo <<<END <script type="text/javascript"> var green = {$greenCounter}; </script> </div> </body> </html> END; ?>
------------------------------
