Add function that check ampache and php version from each website.

5 files changed, 276 insertions, 5 deletions

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 84fb1d56..16ea501e 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.6-Alpha1
+	- Add function that check ampache and php version from each website.
 	- Updated each ampache header comment based on phpdocumentor.
 	- Fixed only admin can browse phpinfo() for security reasons on /info.php
 	- Added a few translation words.
diff --git a/info.php b/info.php
index d140d1b1..f6ca9bca 100644
--- a/info.php
+++ b/info.php
@@ -37,5 +37,9 @@ if (!Access::check('interface','100')) {
     exit();
 }
 
-phpinfo();
+require_once Config::get('prefix') . '/lib/debug.lib.php';
+require_once Config::get('prefix') . '/lib/security.lib.php';
+
+require_once Config::get('prefix') . '/templates/show_info.inc.php';
+
 ?>
diff --git a/lib/security.lib.php b/lib/security.lib.php
new file mode 100644
index 00000000..4673bb58
--- /dev/null
+++ b/lib/security.lib.php
@@ -0,0 +1,170 @@
+<?php
+/* vim:set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab: */
+/**
+ * Debug Library
+ *
+ * This library is loaded when somehow our mojo has
+ * been lost, it contains functions for checking sql
+ * connections, web paths etc..
+ *
+ * PHP version 5
+ *
+ * LICENSE: GNU General Public License, version 2 (GPLv2)
+ * Copyright (c) 2001 - 2011 Ampache.org All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License v2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ * @category	Security
+ * @package	Library
+ * @author	Karl Vollmer <vollmer@ampache.org>
+ * @author	momo-i <webmaster@momo-i.org>
+ * @copyright	2001 - 2011 Ampache.org
+ * @license	http://opensource.org/licenses/gpl-2.0 GPLv2
+ * @version	PHP 5.2
+ * @link	http://www.ampache.org/
+ * @since	File available since Release 3.6
+ */
+
+/**
+ * check_ampache
+ *
+ * This function checks latest ampache stable from Ampache web site.
+ * If new version found, return error message.
+ *
+ * @return	string
+ */
+function check_ampache() {
+
+	$my_ampache = Config::get('version');
+	if(preg_match('#-#', $my_ampache)) {
+		$my_ampache = explode('-', $my_ampache);
+		$my_ampache = $my_ampache[0];
+	}
+
+	$latest_ampache = get_latest('ampache');
+	$latest_ampache = $latest_ampache['ampache'];
+
+	if(version_compare($my_ampache, $latest_ampache, '>=')) {
+		$results = debug_result(_('Your Ampache is newest!!!'),1);
+	} else {
+		$results = debug_result(sprintf(_('You are running old ampache: %s'), $my_ampache),0);
+	}
+
+	return $results;
+
+} // check_ampache
+
+/**
+ * check_php_security
+ *
+ * This function checks latest PHP stable from php web site.
+ * If new version found, return error message.
+ * Also, if version is older than 5.2.x, return error message.
+ *
+ * @return	string
+ */
+function check_php_security() {
+
+	$my_php = PHP_VERSION;
+
+	$latest_php = get_latest('php');
+	if (preg_match('#^5\.3#', $my_php)) {
+		$latest_php = $latest_php['php5.3'];
+	}
+	elseif (preg_match('#^5\.2#', $my_php)) {
+		$latest_php = $latest_php['php5.2'];
+	} else {
+		$results = debug_result(sprintf(_('Your PHP version may be too old: %s'), $my_php),0);
+		return $results;
+	}
+	if(version_compare($my_php, $latest_php, '>=')) {
+		$results = debug_result(_('No probrem found.'),1);
+	} else {
+		$results = debug_result(sprintf(_('You are running old php: %s'), $my_php),0);
+	}
+
+	return $results;
+
+} // check_php_security
+
+/**
+ * get_latest
+ *
+ * This function gets from each sites.
+ * Pattern may change in a future...
+ *
+ * @param	string	$type	Type you want to get.
+ * @return	array	return version number.
+ */
+function get_latest($type = null) {
+
+	if (!$type) { return false; }
+	$version = array();
+
+	switch ($type) {
+		case 'php':
+			$url = "http://www.php.net/downloads.php";
+			$pattern = '#<h1 id="v(.*)">PHP (.*)</h1>#';
+		break;
+		case 'ampache':
+			$url = "http://ampache.org/download/";
+			$pattern = '#<a onclick=.*>(.*) Stable</a>#';
+		break;
+		default:
+			$url = "";
+		break;
+	}
+	if (!$url) { return false; }
+
+	if (!extension_loaded('curl')) {
+		return false;
+	}
+	$ch = curl_init($url);
+	$phost = Config::get('proxy_host');
+	$pport = Config::get('proxy_port');
+	$header = array(
+		"User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)",
+		"Accept: */*",
+		"Accept-Encoding: none",
+		"Cache-Control: no-cache",
+		"Pragma: no-cache",
+		"Connection: keep-alive");
+	if (isset($phost) && isset($pport)) {
+		curl_setopt($ch, CURLOPT_PROXY, $phost);
+		curl_setopt($ch, CURLOPT_PROXYPORT, $pport);
+	}
+	curl_setopt($ch, CURLOPT_HEADER, 0);
+	curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
+
+	ob_start();
+
+	curl_exec($ch);
+	curl_close($ch);
+
+	$body = ob_get_contents();
+	ob_end_clean();
+
+	preg_match_all($pattern, $body, $versions);
+	if (strcmp($type, "ampache") == 0) {
+		$version['ampache'] = $versions[1][0];
+	}
+	elseif (strcmp($type, "php") == 0) {
+		$version['php5.3'] = $versions[1][0];
+		$version['php5.2'] = $versions[1][1];
+	}
+
+	return $version;
+
+}
+?>
diff --git a/lib/ui.lib.php b/lib/ui.lib.php
index d82c20f8..6e60a36f 100644
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@@ -36,11 +36,14 @@
 
 /**
  * show_confirmation
+ *
  * shows a confirmation of an action
- * $next_url	Where to go next
- * $title	The Title of the message
- * $text	The details of the message
- * $cancel	T/F show a cancel button that uses return_referrer()
+ *
+ * @param	string	$title	The Title of the message
+ * @param	string	$text	The details of the message
+ * @param	string	$next_url	Where to go next
+ * @param	integer	$cancel	T/F show a cancel button that uses return_referrer()
+ * @return	void
  */
 function show_confirmation($title,$text,$next_url,$cancel=0,$form_name='confirmation') {
 
@@ -57,8 +60,12 @@ function show_confirmation($title,$text,$next_url,$cancel=0,$form_name='confirma
 
 /**
  * flip_class
+ *
  * First called with an array of 2 class names.  Subsequent calls reverse the
  * array then return the first element.
+ *
+ * @param	array	$array
+ * @return	mixed	void or classname
  */
 function flip_class($array=0) {
 
diff --git a/templates/show_info.inc.php b/templates/show_info.inc.php
new file mode 100644
index 00000000..64646979
--- /dev/null
+++ b/templates/show_info.inc.php
@@ -0,0 +1,89 @@
+<?php
+/* vim:set tabstop=8 softtabstop=8 shiftwidth=8 noexpandtab: */
+/**
+ * Show Information
+ *
+ * PHP version 5
+ *
+ * LICENSE: GNU General Public License, version 2 (GPLv2)
+ * Copyright (c) 2001 - 2011 Ampache.org All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License v2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ * @category	Template
+ * @package	Template
+ * @author	Karl Vollmer <vollmer@ampache.org>
+ * @copyright	2001 - 2011 Ampache.org
+ * @license	http://opensource.org/licenses/gpl-2.0 GPLv2
+ * @version	PHP 5.2
+ * @link	http://www.ampache.org/
+ * @since	File available since Release 1.0
+ */
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+<html lang="en-US">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Ampache -- Debug Page</title>
+<link rel="stylesheet" href="templates/install.css" type="text/css" media="screen" />
+</head>
+<body bgcolor="#f0f0f0">
+<div id="header">
+<h1><?php echo _('Ampache Security Information'); ?></h1>
+<p><?php echo _('This page shows security information and ampache update information.'); ?></p>
+</div>
+<div>
+<table align="center" cellpadding="3" cellspacing="0">
+<tr>
+	<td><font size="+1"><?php echo _('CHECK'); ?></font></td>
+	<td>
+		<font size="+1"><?php echo _('STATUS'); ?></font>
+	</td>
+	<td><font size="+1"><?php echo _('DESCRIPTION'); ?></font></td>
+</tr>
+<tr>
+	<td valign="top"><?php echo _('Ampache Version'); ?></td>
+	<td valign="top">[<?php echo check_ampache(); ?>]</td>
+	<td>
+	<?php echo _('Compare that you are running a version of Ampache and currently a version of Ampache.'); ?>
+	</td>
+</tr>
+<tr>
+	<td valign="top"><?php echo _('PHP Version'); ?></td>
+	<td valign="top">[<?php echo check_php_security(); ?>]</td>
+	<td>
+	<?php echo _('This test checks for vulnerable PHP whether to use version.'); ?>
+	</td>
+</tr>
+<tr>
+	<td valign="top"><?php echo _('PHP Info'); ?></td>
+	<td valign="top">-</td>
+	<td>
+	<?php echo _('This is the phpinfo() to display information.'); ?>
+	</td>
+</tr>
+<tr>
+	<td colspan="3" valign="top">
+		<?php phpinfo(INFO_GENERAL|INFO_CONFIGURATION|INFO_MODULES); ?>
+	</td>
+</tr>
+</table>
+</div>
+<div id="bottom">
+<p><strong>Ampache Security Center.</strong><br />
+Pour l'Amour de la Musique.</p>
+</div>
+</body>
+</html>