<?php
$PASSWORD = '';
/* Please enter a password here ;) ***** Tools Script for OwnCloud 4 by Dennis Kuypers (snapr) -
* adapted for hosted css/js by (RandolphCarter)
* please report problems or experiences at http://forum.owncloud.org/viewtopic.php?f=8&t=2921 */
define('version', 'rev.02');
if (isset($_GET['PING']))
die("pong");
if (!session_start())
die("Either your client does not allow/support cookies OR the server can not start a session");
if (isset($_POST['tpw']))
{
$_SESSION['tpw'] = $_POST['tpw'];
}
$do = (isset($_GET["do"]) ? $_GET["do"] : 'home');
if (isset($_SESSION['tpw']) && $_SESSION['tpw'] == $PASSWORD && isset($_GET['phpinfo']))
{
phpinfo();
exit;
}
?><!DOCTYPE HTML><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>OwnCloud Tools</title><link href="//netdna.bootstrapcdn.com/twitter-bootstrap/2.2.0/css/bootstrap.min.css" rel="stylesheet"></head><body><div class="container"><div class="row" style="margin-top: 20px"><div class="span2"><ul class="well nav nav-list"><?php
if (isset($_SESSION['tpw']) && $_SESSION['tpw'] == $PASSWORD)
{
?><li class="<?php
echo ($do == 'home' ? 'active' : '');
?>"><a href="?do=home"><i class="icon-home"></i> Overview</a></li><li class="<?php
echo ($do == 'serverinfo' ? 'active' : '');
?>"><a href="?do=serverinfo"><i class="icon-info-sign"></i> Serverinfo</a></li><li class="<?php
echo ($do == 'test' ? 'active' : '');
?>"><a href="?do=test"><i class="icon-question-sign"></i> Run Tests</a></li><li class="<?php
echo (substr($do, 0, 4) == 'tool' ? 'active' : '');
?>"><a href="?do=tool"><i class="icon-wrench"></i> Tools</a></li><li><a href="?phpinfo=show"><i class="icon-th-list"></i> PHPinfo</a></li><li class="<?php
echo ($do == 'fs' ? 'active' : '');
?>"><a href="?do=perm"><i class="icon-file"></i> File Perm.</a></li><!--<li class="nav-header">OC4</li><li class="<?php
echo (substr($do, 0, 7) == 'install' ? 'active' : '');
?>"><a href="#" onclick="alert('Sorry, not working right now');"><i class="icon-download-alt"></i> Install</a></li><li class="<?php
echo (substr($do, 0, 7) == 'browser' ? 'active' : '');
?>"><a href="?do=browser"><i class="icon-share"></i> Browse Data</a></li><li class="<?php
echo (substr($do, 0, 5) == 'login' ? 'active' : '');
?>"><a href="?do=login-pre"><i class="icon-user"></i> Fake Login</a></li>--><li class="nav-header">Menu</li><li><a href="./index.php"><i class="icon-globe"></i> visit this OC</a></li><li><a href="?do=logout"><i class="icon-remove"></i> Logout</a></li><?php
}
?><li class="nav-header">External</li><li><a href="http://owncloud.org/"><i class="icon-share"></i> OC.org</a></li><li><a href="http://owncloud.com/"><i class="icon-share"></i> OC.com</a></li><li><a href="http://forum.owncloud.org/"><i class="icon-share"></i> Forum</a></li><li><a href="http://bugs.owncloud.org/"><i class="icon-share"></i> Bugtracker</a></li></ul><?php
echo "</div>";
if ($PASSWORD == "")
{
?><div class="modal" id="noModal"><div class="modal-header"><h3>Before we can start</h3></div><div class="modal-body"><p>Please edit line 1 in <?php
echo basename(__FILE__);
?></p></div><div class="modal-footer"><a href="?do=home" class="btn btn-info">Continue</a></div></div><?php
}
elseif (!isset($_SESSION['tpw']) || $_SESSION['tpw'] != $PASSWORD)
{
?><div class="span5"><h3>Login</h3><form action="" method="post"><input name="tpw" type="password" placeholder="Password"><br><button type="submit" class="btn btn-danger">Use at own risk</button></form></div><?php
}
else
{
function success($txt)
{
return '<span class="label label-success">' . $txt . '</span>';
}
function warning($txt)
{
return '<span class="label label-warning">' . $txt . '</span>';
}
function important($txt)
{
return '<span class="label label-important">' . $txt . '</span>';
}
switch ($do)
{
case 'test':
?><div class="span10"><h3>Tests</h3><p>Some tests are apache2 specific. Please note that various features might work on other servers, although this script states the opposite.<br><span class="label">value not available</span><span class="label label-success">good result</span><span class="label label-warning">possible problems/restrictions</span><span class="label label-important">serious issue, OC will most likely not work</span></p><table class="table table-bordered table-striped"><thead><tr id="test"><th>Test</th><th>Result</th><th>Description</th></tr></thead><tbody><tr><td>PHP Version</td><td><?php
if (version_compare("5.3", phpversion()) == -1)
echo '<span class="label label-success">You are running ' . phpversion() . '</span>';
else
echo '<span class="label label-important">Your PHP is outdated! You are running ' . phpversion() . '</span>';
?></td><td>Minimum version required for OwnCloud: 5.3.x</td></tr><tr><td>HTACCESS</td><td><?php
echo (getenv('htaccessWorking') !== false) ? '<span class="label label-success">htaccess environment variable detected</span>' : '<span class="label label-warning">htaccess might not be working</span>';
?></td><td>Checks if the server parses htaccess files</td></tr><tr><td>PHP Safe Mode</td><td><?php
echo (ini_get("safe_mode")) ? '<span class="label label-warning">Safe Mode On</span>' : '<span class="label label-success">Safe Mode is Off</span>';
?></td><td>Checks for the php safe_mode. It should be disabled.</td></tr><tr><td>Apache Modules</td><td><?php
echo (function_exists("apache_get_modules") ? '<span class="label label-success">Module List Available</span>' : '<span class="label">apache_get_modules not available</span>');
?></td><td>Use apache_get_modules() to show more information</td></tr><tr><td>Apache Mod Rewrite</td><td><?php
if (function_exists("apache_get_modules"))
{
echo (in_array('mod_rewrite', apache_get_modules()) ? '<span class="label label-success">Server Running Mod Rewrite</span>' : '<span class="label label-warning">mod_rewrite could not be detected</span>');
}
else
echo '<span class="label">apache_get_modules not available</span>';
?></td><td>mod_rewrite is used for nice urls like 'server.com/apps/calendar' instead of 'server.com/index.php?app=calendar'</td></tr><tr><td>File Permissions</td><td><?php
echo ((getmyuid() == fileowner("./config")) ? '<span class="label label-success">I own the /config directory</span>' : '<span class="label label-warning">I do not own the /config directory</span>');
echo '<br>';
echo ((getmyuid() == fileowner("./data")) ? '<span class="label label-success">I own the /data directory</span>' : '<span class="label label-warning">I do not own the /data directory</span>');
?></td><td>Check some file permissions as stated on <a href="http://owncloud.org/install/">OwnCloud Support Centre - Install</a></td></tr><tr><td>OwnCloud Config.php</td><td><?php
if ((file_exists("./config/config.php")))
{
echo ('<span class="label label-success">Found config.php</span><br>' . ((is_writable("./config/config.php") ? '<span class="label label-success">Writeable</span>' : '<span class="label label-warning">Not Writeable</span>')));
}
else
{
echo '<span class="label label-info">I can not find the config.php</span>';
}
?></td><td>Check if config.php is present. Also check if it is writable</td></tr><tr><td></td><td><?php
echo '';
?></td><td></td></tr></tbody></table></div><?php
break;
case 'serverinfo':
?><div class="span10"><h3>Serverinfo</h3><p><span class="label label-info">informational</span><span class="label">value not available</span></p><table class="table table-bordered table-striped"><thead><tr id="info"><th>Information</th><th>Value</th><th>Description</th></tr></thead><tbody><tr><td>Path</td><td><?php
echo '<span class="label label-info">' . dirname(__FILE__) . '</span>';
?></td><td>The full path to the tools script/your OwnCloud installation</td></tr><tr><td>OS</td><td><?php
echo '<span class="label label-info">' . php_uname('s') . '</span><br><span class="label label-info">' . php_uname('v') . '</span>';
?></td><td>The operating system of your server</td></tr><tr><td>Machine Type</td><td><?php
echo '<span class="label label-info">' . php_uname('m') . '</span>';
?></td><td>The machine type</td></tr><tr><td>Server Software</td><td><?php
echo '<span class="label label-info">' . $_SERVER['SERVER_SOFTWARE'] . '</span>';
?></td><td>HTTP server software used to serve these pages</td></tr><tr><td>PHP.ini</td><td><?php
echo (($tmp = php_ini_loaded_file()) !== false) ? '<span class="label label-info">' . realpath($tmp) . '</span>' : '<span class="label">No php.ini loaded</span>';
?></td><td>The location of the php.ini file</td></tr><tr><td>Session Directory</td><td><?php
echo (($tmp = session_save_path()) !== false) ? '<span class="label label-info">' . realpath($tmp) . '</span>' : '<span class="label">Unable to read the session dir</span>';
?></td><td>The location where sessions are saved to</td></tr></tbody></table></div><?php
break;
case 'perm':
?><div class="span5"><h3>File/Directory Permissions</h3><p>On the right side you can see the most important file permission checks.</p><p>Below you can see the complete list of all files and directories. Everything should be readable; write permissions are only required for the config/config.php and the data directory.</p></div><div class="span5"><h4>Permission Tests</h4><p>The config.php is <?php
echo (is_writeable('./config/config.php') ? '<span class="label label-success">writeable</span>' : '<span class="label label-warning">not writeable</span>');
?>.<br>The data directory is <?php
echo (is_writeable('./data/') ? '<span class="label label-success">writeable</span>' : '<span class="label label-warning">not writeable</span>');
?></p></div><div class="span10"><table class="table table-bordered table-striped"><thead><tr><th>File/Dir</th><th>READ</th><th>WRITE</th></tr></thead><tbody><?php
function printDirTable($d)
{
$handle = dir($d);
while (($f = $handle->read()) !== false)
{
if (in_array($f, array(
'.',
'..',
'README',
'COPYING-AGPL',
'COPYING-README',
'AUTHORS'
)))
continue;
if (is_dir($d . '/' . $f))
{
echo '<tr><th>' . $d . '/' . $f . '</th><td>' . (is_readable($d . '/' . $f) ? success('read') : warning('read')) . '</td><td>' . (is_writable($d . '/' . $f) ? success('write') : warning('write')) . '</td></tr>';
printDirTable($d . '/' . $f);
}
else
{
echo '<tr><td>' . $d . '/' . $f . '</td><td>' . (is_readable($d . '/' . $f) ? success('read') : warning('read')) . '</td><td>' . (is_writable($d . '/' . $f) ? success('write') : warning('write')) . '</td></tr>';
}
/* if */
}
/* while */
}
/* function */
printDirTable('.');
echo '</tbody></table></div>';
break;
case 'tool':
if (true || PHP_OS == "Linux")
{
?><div class="span5"><h3>chmod-Tool</h3><p>This tool allows you to change the permissions on your data folder. Please note that this may open the way for everybody to steal your files off the data directory!</p><a class="btn btn-danger" href="?do=toolchmod&mask=0777">Set to 777</a><a class="btn btn-primary" href="?do=toolchmod&mask=0770">Set to 770</a></div><?php
}
/* IF LINUX */
?><div class="span5"><h3>Ping Tool</3><p>With the ping tool you can check wether your OwnCloud instance is reachable from the internet. For that, OC Tools will contact an external server at <span class="label label-inverse">kycdn.net</span>.</p><a class="btn btn-inverse" href="?do=toolping">ask kycdn.net</a></div><?php
break;
case 'toolping':
function myErrorHandler($fehlercode, $fehlertext, $fehlerdatei, $fehlerzeile)
{
echo "kycdn could not be contacted.";
}
set_error_handler('myErrorHandler');
$fh = fopen("http://oc.kycdn.net/tools/ping.php?host=" . $_SERVER['HTTP_HOST'] . "&url=" . $_SERVER['REQUEST_URI'], "r");
restore_error_handler();
echo ("<span class='span5'><h3>Ping Tool</h3><p>Server response:</p><span class='label label-inverse'>" . htmlspecialchars(fread($fh, 1024)) . "</span></div>");
fclose($fh);
break;
case 'toolchmod':
function chmod_R($path, $filemode, $dirmode)
{
if (is_dir($path))
{
if (!chmod($path, $dirmode))
{
$dirmode_str = decoct($dirmode);
echo "Failed applying filemode '$dirmode_str' on directory '$path'\n";
return;
}
$dh = opendir($path);
while (($file = readdir($dh)) !== false)
{
if ($file != '.' && $file != '..')
{
$fullpath = $path . '/' . $file;
chmod_R($fullpath, $filemode, $dirmode);
}
}
closedir($dh);
}
else
{
if (is_link($path))
{
echo "link '$path' is skipped\n";
return;
}
if (!chmod($path, $filemode))
{
$filemode_str = decoct($filemode);
print "Failed applying filemode '$filemode_str' on file '$path'\n";
return;
}
}
}
if ($_GET['mask'] == "0777")
chmod_R("./data", 0777, 0777);
else
chmod_R("./data", 0770, 0770);
echo '<div class="span5"><h3>chmod-Tool</h3><p>Permissions set to ' . $_GET['mask'] . '</p><a href="?do=tool">back to Tools</a></div>';
break;
case 'install-cancel':
if (file_exists('./owncloud.tar.gz'))
unlink('./owncloud.tar.gz');
if (file_exists('./owncloud.dev.tar.gz'))
unlink('./owncloud.dev.tar.gz');
echo ('<div class="span5"><h3>Operation canceled</h3></div>');
break;
case 'install-pre':
echo ('<div class="span5"><h3>Install</h3><p>This will install OwnCloud in the current directory. Please note that the page will load as long as the download is in progress...depending on the servers internet connection, this may take a while.</p>' . (is_writeable('.') ? '<a href="#" rel="tooltip" title="Currently not available" class="btn btn-inverse disabled">OwnCloud.org::Stable Release</a><a href="?do=install-dl-dev" rel="tooltip" title="Development releases may be unstable!" class="btn btn-inverse">OwnCloud.org::Development Release</a>' : important('The directory is not writeable')) . '<a href="?do=install-cancel" class="btn btn-danger">Cancel</a></div>');
break;
case 'install-dl':
echo ("nonono!");
break;
case 'install-dl-dev':
file_put_contents("owncloud.dev.tar", readgzfile("owncloud.dev.tar.gz"));
break;
case 'install-1':
break;
case 'user':
?><div class="span10"><h3>User Batch Tool</h3><p>Some little tools to manage users</p><div class="row"><div class="span5"><h4>Batch Import</h4><p>This feature allows you to add a lot of users at once. Possible formats are:</p><h5>CSV</h5><code>USER,PASSWORD_SHA1ed</code><hr><p><button class="btn btn-primary">Upload CSV</button></p></div><!-- span5 --><div class="span5"><h4>User Modification</h4><p>Add, Edit or Delete a user. Be careful :)</p><form id="usrform"><input name="username" type="text" placeholder="Username OR ID"><br><button class="btn btn-success" type="submit">Add</button> <button class="btn btn-info" type="submit">Edit</button><button class="btn btn-danger" type="button" onclick="$('#myModal').modal('show')">Delete</button></form><div class="modal hide" id="myModal"><div class="modal-header"><button class="close" data-dismiss="modal">×</button><h3>User Management Tool</h3></div><div class="modal-body"><p>You are about to delete a user record off the database.</p><p class="label label-info">You should not use this feature unless you are 100% sure about what you're doing ;)</p></div><div class="modal-footer"><a href="#" onclick="$('#usrform').submit()"class="btn">Delete User</a><a href="#" onclick="$('#myModal').modal('hide')" class="btn btn-primary">Close</a></div><!-- modal-footer--></div><!-- modal --></div><!-- span5 --></div><!-- row in span10 --></div><!-- span10 --><?php
break;
case 'logout':
session_destroy();
?><div class="span6"><h4>Logout complete</h4><a href=".">Contine to OC</a></div><?php
break;
case 'home':
echo ('<div class="span10"><h3>OwnCloud Tools [' . version . ']</h3><p>You are connecting from IP</p><code>' . $_SERVER['REMOTE_ADDR'] . '</code><p>Your client is</p><code>' . $_SERVER['HTTP_USER_AGENT'] . '</code></div><div class="span10" style="text-align: center"><hr>' . $_SERVER['SERVER_SIGNATURE'] . '</div>');
break;
}
/*switch*/
}
?></div><!-- row(1) --><div class="row"><div class="span6 offset3"><p style="text-align: center"><a onclick="$('#kyModal').modal('show')" href="#">About this script</a></p></div></div><!-- row(2) --></div><!-- content --><div class="modal hide" id="kyModal"><div class="modal-header"><button class="close" data-dismiss="modal">×</button><h3>Information</h3><span class="label label-info">OwnCloud Tools <?php
echo (version);
?></span></div><div class="modal-body"><p>This script is designed to help end users to find errors in their OwnCloud installation. Please do not use features you dont understand. Some functions directly interact with the database and can cause errors in the OwnCloud software.</p><p>Interface built with the help of <a class="label label-inverse" href="http://twitter.github.com/bootstrap/">bootstrap</a>. Javascript and Stylesheets required are hosted by <a class="label label-inverse" href="http://forum.owncloud.org/memberlist.php?mode=viewprofile&u=93">Dennis Kuypers (snapr)</a> at <a class="label label-inverse" href="http://kycdn.net">kycdn.net</a></p><hr><h5>Colorcodes:</h5><span class="label">not available</span><span class="label label-info">Information</span><span class="label label-inverse">external resource, requires internet connection</span><br><span class="label label-success">Success, Good</span><span class="label label-warning">warning, possible problem</span><span class="label label-important">error, failure, bad value</span></div><div class="modal-footer"><a href="#" onclick="$('#kyModal').modal('hide')" class="btn btn-inverse">Close</a></div></div><script src="//netdna.bootstrapcdn.com/twitter-bootstrap/2.2.0/js/bootstrap.min.js"></script></body></html>