Location: PHPKode > projects > DynPage > dynpage/dynpage.security_check.inc.php
<?php
/*
DynPage V1.01 - A simple Content Management System
Copyright (C) 2009-2010 Matthias Wiede <hide@address.com>

This program is free software; you can redistribute it and/or modify 
it under the terms of the GNU General Public License as published by 
the Free Software Foundation; either version 3 of the License, or 
(at your option) any later version.

This program is distributed in the hope that it will be useful, but 
WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY 
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
for more details.

You should have received a copy of the GNU General Public License 
along with this program; if not, see http://www.gnu.org/licenses.
*/

error_reporting(0);

$fSecurityProblems = false;

function printSecurityText ($text) {
	global $fSecurityProblems;
	if (!$fSecurityProblems) {
		$fSecurityProblems = true;
		print ("<h2 style=\"text-align:center;\">=== W A R N I N G ===</h2>");
	}
	print ("<p class=\"error\" style=\"padding:5px;background-color:white;border:1px dashed #000000;\"><b>".htmlspecialchars ($text)."</b></p>");
}

function checkPath ($path) {
	if (!is_dir ($path)) {
		printSecurityText ("Directory does not exist: ".$path."");		
		return false;
	}
	else {
		if (!is_writable ($path)) {
			$tmpFilename = time ().".tmp";			
			$chmodList = array (0755, 0775, 0777);
			foreach ($chmodList as $chmod) {
				if (chmod($path, $chmod)) {
					if ($fh = fopen ($path."/".$tmpFilename, "w+")) {
						unlink ($path."/".$tmpFilename);
						return true;
					}	
				}			
			}			
			printSecurityText ("Directory is not writable: ".$path."");		
			return false;
		}
	}	
	return true;
}

function checkFile ($filename, $fExists=false) {
	if ($fExists && !file_exists ($filename)) {
		printSecurityText ("File does not exist: ".$filename."");		
		return false;
	}
	else 
	if (!is_writable ($filename)) {
		printSecurityText ("File is not writable: ".$filename."");		
		return false;
	}
	return true;
}

// Check config path
$propertyPath = getConf ("conf_path");
$propertyFilename = getConf ("conf_path")."/".getConf ("property_file");

if (checkPath ($propertyPath)) {	
	if (file_exists ($propertyFilename)) {
		checkFile ($propertyFilename, true);
	}
}

// Check content path
$contentPath = getConf ("content_path");
$cssFilename = getConf ("content_path")."/ckeditor.css";

if (checkPath ($contentPath)) {
	if (file_exists ($cssFilename)) {
		checkFile ($cssFilename, true);
	}
	else {
		if ($fh = fopen ($cssFilename, "w+")) {		
			fwrite ($fh, "@import \"ckeditor_default.css\";\n");
			fclose ($fh);			
			chmod($cssFilename, 0666);
		}
	}
}

// Check upload path
$uploadPath = "../dynpage_upload";
if (is_dir ($uploadPath))
	checkPath ($uploadPath);


// Check password
if (isLogin () && $page!="config_changepwd") {
	if (getConf ("login_hash", getConf ("default_login_hash"))==getConf ("default_login_hash")) {
		if (!$fSecurityProblems) {
			printSecurityText ("Please change your password under Config -> Change password");
			$fSecurityProblems = false;
		}
	}
}
?>
Return current item: DynPage