admin/health.php

   1 <?php  // $Id$
   2
   3     ob_start(); //for whitespace test
   4     require_once('../config.php');
   5
   6     // extra whitespace test - intentionally breaks cookieless mode
   7     $extraws = '';
   8     while (true) {
   9         $extraws .= ob_get_contents();
  10         if (!@ob_end_clean()) {
  11             break;
  12         }
  13     }
  14
  15     require_once($CFG->libdir.'/adminlib.php');
  16
  17     admin_externalpage_setup('healthcenter');
  18
  19     define('SEVERITY_NOTICE',      'notice');
  20     define('SEVERITY_ANNOYANCE',   'annoyance');
  21     define('SEVERITY_SIGNIFICANT', 'significant');
  22     define('SEVERITY_CRITICAL',    'critical');
  23
  24     $solution = optional_param('solution', 0, PARAM_SAFEDIR); //in fact it is class name alhanumeric and _
  25
  26     require_login();
  27     require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID));
  28
  29     $site = get_site();
  30
  31     admin_externalpage_print_header();
  32
  33 echo <<<STYLES
  34 <style type="text/css">
  35 div#healthnoproblemsfound {
  36     width: 60%;
  37     margin: auto;
  38     padding: 1em;
  39     border: 1px black solid;
  40     -moz-border-radius: 6px;
  41 }
  42 dl.healthissues {
  43     width: 60%;
  44     margin: auto;
  45 }
  46 dl.critical dt, dl.critical dd {
  47     background-color: #a71501;
  48 }
  49 dl.significant dt, dl.significant dd {
  50     background-color: #d36707;
  51 }
  52 dl.annoyance dt, dl.annoyance dd {
  53     background-color: #dba707;
  54 }
  55 dl.notice dt, dl.notice dd {
  56     background-color: #e5db36;
  57 }
  58 dt.solution, dd.solution, div#healthnoproblemsfound {
  59     background-color: #5BB83E !important;
  60 }
  61 dl.healthissues dt, dl.healthissues dd {
  62     margin: 0px;
  63     padding: 1em;
  64     border: 1px black solid;
  65 }
  66 dl.healthissues dt {
  67     font-weight: bold;
  68     border-bottom: none;
  69     padding-bottom: 0.5em;
  70 }
  71 dl.healthissues dd {
  72     border-top: none;
  73     padding-top: 0.5em;
  74     margin-bottom: 10px;
  75 }
  76 dl.healthissues dd form {
  77     margin-top: 0.5em;
  78     text-align: right;
  79 }
  80 form#healthformreturn {
  81     text-align: center;
  82     margin: 2em;
  83 }
  84 dd.solution p {
  85     padding: 0px;
  86     margin: 1em 0px;
  87 }
  88 dd.solution li {
  89     margin-top: 1em;
  90 }
  91
  92 </style>
  93 STYLES;
  94
  95     if(strpos($solution, 'problem_') === 0 && class_exists($solution)) {
  96         health_print_solution($solution);
  97     }
  98     else {
  99         health_find_problems();
 100     }
 101
 102
 103     admin_externalpage_print_footer();
 104
 105
 106 function health_find_problems() {
 107
 108     print_heading(get_string('healthcenter'));
 109
 110     $issues   = array(
 111         SEVERITY_CRITICAL    => array(),
 112         SEVERITY_SIGNIFICANT => array(),
 113         SEVERITY_ANNOYANCE   => array(),
 114         SEVERITY_NOTICE      => array(),
 115     );
 116     $problems = 0;
 117
 118     for($i = 1; $i < 1000000; ++$i) {
 119         $classname = sprintf('problem_%06d', $i);
 120         if(!class_exists($classname)) {
 121             break;
 122         }
 123         $problem = new $classname;
 124         if($problem->exists()) {
 125             $severity = $problem->severity();
 126             $issues[$severity][$classname] = array(
 127                 'severity'    => $severity,
 128                 'description' => $problem->description(),
 129                 'title'       => $problem->title()
 130             );
 131             ++$problems;
 132         }
 133         unset($problem);
 134     }
 135
 136     if($problems == 0) {
 137         echo '<div id="healthnoproblemsfound">';
 138         echo get_string('healthnoproblemsfound');
 139         echo '</div>';
 140     }
 141     else {
 142         print_heading(get_string('healthproblemsdetected'));
 143         $severities = array(SEVERITY_CRITICAL, SEVERITY_SIGNIFICANT, SEVERITY_ANNOYANCE, SEVERITY_NOTICE);
 144         foreach($severities as $severity) {
 145             if(!empty($issues[$severity])) {
 146                 echo '<dl class="healthissues '.$severity.'">';
 147                 foreach($issues[$severity] as $classname => $data) {
 148                     echo '<dt id="'.$classname.'">'.$data['title'].'</dt>';
 149                     echo '<dd>'.$data['description'];
 150                     echo '<form action="health.php#solution" method="get">';
 151                     echo '<input type="hidden" name="solution" value="'.$classname.'" /><input type="submit" value="'.get_string('viewsolution').'" />';
 152                     echo '</form></dd>';
 153                 }
 154                 echo '</dl>';
 155             }
 156         }
 157     }
 158 }
 159
 160 function health_print_solution($classname) {
 161     $problem = new $classname;
 162     $data = array(
 163         'title'       => $problem->title(),
 164         'severity'    => $problem->severity(),
 165         'description' => $problem->description(),
 166         'solution'    => $problem->solution()
 167     );
 168
 169     print_heading(get_string('healthcenter'));
 170     print_heading(get_string('healthproblemsolution'));
 171     echo '<dl class="healthissues '.$data['severity'].'">';
 172     echo '<dt>'.$data['title'].'</dt>';
 173     echo '<dd>'.$data['description'].'</dd>';
 174     echo '<dt id="solution" class="solution">'.get_string('healthsolution').'</dt>';
 175     echo '<dd class="solution">'.$data['solution'].'</dd></dl>';
 176     echo '<form id="healthformreturn" action="health.php#'.$classname.'" method="get">';
 177     echo '<input type="submit" value="'.get_string('healthreturntomain').'" />';
 178     echo '</form>';
 179 }
 180
 181 class problem_base {
 182     function exists() {
 183         return false;
 184     }
 185     function title() {
 186         return '???';
 187     }
 188     function severity() {
 189         return SEVERITY_NOTICE;
 190     }
 191     function description() {
 192         return '';
 193     }
 194     function solution() {
 195         return '';
 196     }
 197 }
 198
 199 class problem_000001 extends problem_base {
 200     function title() {
 201         return 'Invalid value for $CFG->dirroot';
 202     }
 203     function exists() {
 204         global $CFG;
 205         $dirroot = dirname(realpath('../index.php'));
 206         if (!empty($dirroot) && $dirroot != $CFG->dirroot) {
 207             return true;
 208         }
 209         return false;
 210     }
 211     function severity() {
 212         return SEVERITY_CRITICAL;
 213     }
 214     function description() {
 215         global $CFG;
 216         return 'Your <strong>config.php</strong> file contains the setting <strong>$CFG-&gt;dirroot = "'.$CFG->dirroot.'"</strong>, which is incorrect. Unless you correct this problem, Moodle will not function correctly, if at all.';
 217     }
 218     function solution() {
 219         global $CFG;
 220         $dirroot = dirname(realpath('../index.php'));
 221         return 'You need to edit your <strong>config.php</strong> file. Find the line which reads <pre>$CFG->dirroot = \''.$CFG->dirroot.'\';</pre> and change it to read <pre>$CFG->dirroot = \''.$dirroot.'\'</pre>';
 222     }
 223 }
 224
 225 class problem_000002 extends problem_base {
 226     function title() {
 227         return 'Extra characters at the end of config.php or other library function';
 228     }
 229     function exists() {
 230         global $extraws;
 231
 232         if($extraws === '') {
 233             return false;
 234         }
 235         return true;
 236     }
 237     function severity() {
 238         return SEVERITY_SIGNIFICANT;
 239     }
 240     function description() {
 241         return 'Your Moodle configuration file config.php or another library file, contains some characters after the closing PHP tag (?>). This causes Moodle to exhibit several kinds of problems (such as broken downloaded files) and must be fixed.';
 242     }
 243     function solution() {
 244         global $CFG;
 245         return 'You need to edit <strong>'.$CFG->dirroot.'/config.php</strong> and remove all characters (including spaces and returns) after the ending ?> tag. These two characters should be the very last in that file. The extra trailing whitespace may be also present in other PHP files that are included from lib/setup.php.';
 246     }
 247 }
 248
 249 class problem_000003 extends problem_base {
 250     function title() {
 251         return '$CFG->dataroot does not exist or does not have write permissions';
 252     }
 253     function exists() {
 254         global $CFG;
 255         if(!is_dir($CFG->dataroot) || !is_writable($CFG->dataroot)) {
 256             return true;
 257         }
 258         return false;
 259     }
 260     function severity() {
 261         return SEVERITY_SIGNIFICANT;
 262     }
 263     function description() {
 264         global $CFG;
 265         return 'Your <strong>config.php</strong> says that your "data root" directory is <strong>'.$CFG->dataroot.'</strong>. However, this directory either does not exist or cannot be written to by Moodle. This means that a variety of problems will be present, such as users not being able to log in and not being able to upload any files. It is imperative that you address this problem for Moodle to work correctly.';
 266     }
 267     function solution() {
 268         global $CFG;
 269         return 'First of all, make sure that the directory <strong>'.$CFG->dataroot.'</strong> exists. If the directory does exist, then you must make sure that Moodle is able to write to it. Contact your web server administrator and request that he gives write permissions for that directory to the user that the web server process is running as.';
 270     }
 271 }
 272
 273 class problem_000004 extends problem_base {
 274     function title() {
 275         return 'cron.php is not set up to run automatically';
 276     }
 277     function exists() {
 278         global $CFG;
 279         $lastcron = get_field_sql('SELECT max(lastcron) FROM '.$CFG->prefix.'modules');
 280         return (time() - $lastcron > 3600 * 24);
 281     }
 282     function severity() {
 283         return SEVERITY_SIGNIFICANT;
 284     }
 285     function description() {
 286         return 'The cron.php mainenance script has not been run in the past 24 hours. This probably means that your server is not configured to automatically run this script in regular time intervals. If this is the case, then Moodle will mostly work as it should but some operations (notably sending email to users) will not be carried out at all.';
 287     }
 288     function solution() {
 289         global $CFG;
 290         return 'For detailed instructions on how to enable cron, see <a href="'.$CFG->wwwroot.'/doc/?file=install.html#cron">this section</a> of the installation manual.';
 291     }
 292 }
 293
 294 class problem_000005 extends problem_base {
 295     function title() {
 296         return 'PHP: session.auto_start is enabled';
 297     }
 298     function exists() {
 299         return ini_get_bool('session.auto_start');
 300     }
 301     function severity() {
 302         return SEVERITY_CRITICAL;
 303     }
 304     function description() {
 305         return 'Your PHP configuration includes an enabled setting, session.auto_start, that <strong>must be disabled</strong> in order for Moodle to work correctly. Notable symptoms arising from this misconfiguration include fatal errors and/or blank pages when trying to log in.';
 306     }
 307     function solution() {
 308         global $CFG;
 309         return '<p>There are two ways you can solve this problem:</p><ol><li>If you have access to your main <strong>php.ini</strong> file, then find the line that looks like this: <pre>session.auto_start = 1</pre> and change it to <pre>session.auto_start = 0</pre> and then restart your web server. Be warned that this, as any other PHP setting change, might affect other web applications running on the server.</li><li>Finally, you may be able to change this setting just for your site by creating or editing the file <strong>'.$CFG->dirroot.'/.htaccess</strong> to contain this line: <pre>php_value session.auto_start "0"</pre></li></ol>';
 310     }
 311 }
 312
 313 class problem_000006 extends problem_base {
 314     function title() {
 315         return 'PHP: magic_quotes_runtime is enabled';
 316     }
 317     function exists() {
 318         return (ini_get_bool('magic_quotes_runtime'));
 319     }
 320     function severity() {
 321         return SEVERITY_SIGNIFICANT;
 322     }
 323     function description() {
 324         return 'Your PHP configuration includes an enabled setting, magic_quotes_runtime, that <strong>must be disabled</strong> in order for Moodle to work correctly. Notable symptoms arising from this misconfiguration include strange display errors whenever a text field that includes single or double quotes is processed.';
 325     }
 326     function solution() {
 327         global $CFG;
 328         return '<p>There are two ways you can solve this problem:</p><ol><li>If you have access to your main <strong>php.ini</strong> file, then find the line that looks like this: <pre>magic_quotes_runtime = On</pre> and change it to <pre>magic_quotes_runtime = Off</pre> and then restart your web server. Be warned that this, as any other PHP setting change, might affect other web applications running on the server.</li><li>Finally, you may be able to change this setting just for your site by creating or editing the file <strong>'.$CFG->dirroot.'/.htaccess</strong> to contain this line: <pre>php_value magic_quotes_runtime "Off"</pre></li></ol>';
 329     }
 330 }
 331
 332 class problem_000007 extends problem_base {
 333     function title() {
 334         return 'PHP: file_uploads is disabled';
 335     }
 336     function exists() {
 337         return !ini_get_bool('file_uploads');
 338     }
 339     function severity() {
 340         return SEVERITY_SIGNIFICANT;
 341     }
 342     function description() {
 343         return 'Your PHP configuration includes a disabled setting, file_uploads, that <strong>must be enabled</strong> to let Moodle offer its full functionality. Until this setting is enabled, it will not be possible to upload any files into Moodle. This includes, for example, course content and user pictures.';
 344     }
 345     function solution() {
 346         global $CFG;
 347         return '<p>There are two ways you can solve this problem:</p><ol><li>If you have access to your main <strong>php.ini</strong> file, then find the line that looks like this: <pre>file_uploads = Off</pre> and change it to <pre>file_uploads = On</pre> and then restart your web server. Be warned that this, as any other PHP setting change, might affect other web applications running on the server.</li><li>Finally, you may be able to change this setting just for your site by creating or editing the file <strong>'.$CFG->dirroot.'/.htaccess</strong> to contain this line: <pre>php_value file_uploads "On"</pre></li></ol>';
 348     }
 349 }
 350
 351 class problem_000008 extends problem_base {
 352     function title() {
 353         return 'PHP: memory_limit cannot be controlled by Moodle';
 354     }
 355     function exists() {
 356         $oldmemlimit = @ini_get('memory_limit');
 357         if(empty($oldmemlimit)) {
 358             // PHP not compiled with memory limits, this means that it's
 359             // probably limited to 8M or in case of Windows not at all.
 360             // We can ignore it for now - there is not much to test anyway
 361             // TODO: add manual test that fills memory??
 362             return false;
 363         }
 364         $oldmemlimit = get_real_size($oldmemlimit);
 365         //now lets change the memory limit to something unique below 128M==134217728
 366         @ini_set('memory_limit', 134217720);
 367         $testmemlimit = get_real_size(@ini_get('memory_limit'));
 368         //verify the change had any effect at all
 369         if ($oldmemlimit == $testmemlimit) {
 370             //memory limit can not be changed - is it big enough then?
 371             if ($oldmemlimit < get_real_size('128M')) {
 372                 return true;
 373             } else {
 374                 return false;
 375             }
 376         }
 377         @ini_set('memory_limit', $oldmemlimit);
 378         return false;
 379     }
 380     function severity() {
 381         return SEVERITY_NOTICE;
 382     }
 383     function description() {
 384         return 'The settings for PHP on your server do not allow a script to request more memory during its execution. '.
 385                'This means that there is a hard limit of '.@ini_get('memory_limit').' for each script. '.
 386                'It is possible that certain operations within Moodle will require more than this amount in order '.
 387                'to complete successfully, especially if there are lots of data to be processed.';
 388     }
 389     function solution() {
 390         return 'It is recommended that you contact your web server administrator to address this issue.';
 391     }
 392 }
 393
 394 class problem_000009 extends problem_base {
 395     function title() {
 396         return 'SQL: using account without password';
 397     }
 398     function exists() {
 399         global $CFG;
 400         return empty($CFG->dbpass);
 401     }
 402     function severity() {
 403         return SEVERITY_CRITICAL;
 404     }
 405     function description() {
 406         global $CFG;
 407         return 'The user account your are connecting to the database server with is set up without a password. This is a very big security risk and is only somewhat lessened if your database is configured to not accept connections from any hosts other than the server Moodle is running on. Unless you use a strong password to connect to the database, you risk unauthorized access to and manipulation of your data.'.($CFG->dbuser != 'root'?'':' <strong>This is especially alarming because such access to the database would be as the superuser (root)!</strong>');
 408     }
 409     function solution() {
 410         global $CFG;
 411         return 'You should change the password of the user <strong>'.$CFG->dbuser.'</strong> both in your database and in your Moodle <strong>config.php</strong> immediately!'.($CFG->dbuser != 'root'?'':' It would also be a good idea to change the user account from root to something else, because this would lessen the impact in the event that your database is compromised anyway.');
 412     }
 413 }
 414
 415 class problem_000010 extends problem_base {
 416     function title() {
 417         return 'Uploaded files: slasharguments disabled or not working';
 418     }
 419     function exists() {
 420         if (!$this->is_enabled()) {
 421             return true;
 422         }
 423         if ($this->status() < 1) {
 424             return true;
 425         }
 426         return false;
 427     }
 428     function severity() {
 429         if ($this->is_enabled() and $this->status() == 0) {
 430             return SEVERITY_SIGNIFICANT;
 431         } else {
 432             return SEVERITY_ANNOYANCE;
 433         }
 434     }
 435     function description() {
 436         global $CFG;
 437         $desc = 'Slasharguments are needed for relative linking in uploaded resources:<ul>';
 438         if (!$this->is_enabled()) {
 439             $desc .= '<li>slasharguments are <strong>disabled</strong> in Moodle configuration</li>';
 440         } else {
 441             $desc .= '<li>slasharguments are enabled in Moodle configuration</li>';
 442         }
 443         if ($this->status() == -1) {
 444             $desc .= '<li>can not run automatic test, you can verify it <a href="'.$CFG->wwwroot.'/file.php/testslasharguments" target="_blank">here</a> manually</li>';
 445         } else if ($this->status() == 0) {
 446             $desc .= '<li>slashargument test <strong>failed</strong>, please check server configuration</li>';
 447         } else {
 448             $desc .= '<li>slashargument test passed</li>';
 449         }
 450         $desc .= '</ul>';
 451         return $desc;
 452     }
 453     function solution() {
 454         global $CFG;
 455         $enabled = $this->is_enabled();
 456         $status = $this->status();
 457         $solution = '';
 458         if ($enabled and ($status == 0)) {
 459             $solution .= 'Slasharguments are enabled, but the test failed. Please disable slasharguments in Moodle configuration or fix the server configuration.<hr />';
 460         } else if ((!$enabled) and ($status == 0)) {
 461             $solution .= 'Slasharguments are disabled and the test failed. You may try to fix the server configuration.<hr />';
 462         } else if ($enabled and ($status == -1)) {
 463             $solution .= 'Slasharguments are enabled, <a href="'.$CFG->wwwroot.'/file.php/testslasharguments">automatic testing</a> not possible.<hr />';
 464         } else if ((!$enabled) and ($status == -1)) {
 465             $solution .= 'Slasharguments are disabled, <a href="'.$CFG->wwwroot.'/file.php/testslasharguments">automatic testing</a> not possible.<hr />';
 466         } else if ((!$enabled) and ($status > 0)) {
 467             $solution .= 'Slasharguments are disabled though the iternal test is OK. You should enable slasharguments in Moodle configuration.';
 468         } else if ($enabled and ($status > 0)) {
 469             $solution .= 'Congratulations - everything seems OK now :-D';
 470         }
 471         if ($status < 1) {
 472             $solution .= '<p>IIS:<ul><li>try to add <code>cgi.fix_pathinfo=1</code> to php.ini</li><li>do NOT enable AllowPathInfoForScriptMappings !!!</li><li>slasharguments may not work when using ISAPI and PHP 4.3.10 and older</li></ul></p>';
 473             $solution .= '<p>Apache 1:<ul><li>try to add <code>cgi.fix_pathinfo=1</code> to php.ini</li></ul></p>';
 474             $solution .= '<p>Apache 2:<ul><li>you must add <code>AcceptPathInfo on</code> to php.ini or .htaccess</li><li>try to add <code>cgi.fix_pathinfo=1</code> to php.ini</li></ul></p>';
 475         }
 476         return $solution;
 477     }
 478     function is_enabled() {
 479         global $CFG;
 480         return !empty($CFG->slasharguments);
 481     }
 482     function status() {
 483         global $CFG;
 484         $handle = @fopen($CFG->wwwroot.'/file.php?file=/testslasharguments', "r");
 485         $contents = @trim(fread($handle, 10));
 486         @fclose($handle);
 487         if ($contents != 'test -1') {
 488             return -1;
 489         }
 490         $handle = @fopen($CFG->wwwroot.'/file.php/testslasharguments', "r");
 491         $contents = trim(@fread($handle, 10));
 492         @fclose($handle);
 493         switch ($contents) {
 494             case 'test 1': return 1;
 495             case 'test 2': return 2;
 496             default:  return 0;
 497         }
 498     }
 499 }
 500
 501 class problem_000011 extends problem_base {
 502     function title() {
 503         return 'Session errors detected';
 504     }
 505     function exists() {
 506         global $CFG;
 507         return isset($CFG->session_error_counter);
 508     }
 509     function severity() {
 510         return SEVERITY_ANNOYANCE;
 511     }
 512     function description() {
 513         global $CFG;
 514         if (isset($CFG->session_error_counter)) {
 515             return 'Session problems were detected. Total count: '.$CFG->session_error_counter;
 516         } else {
 517             return 'No session errors detected.';
 518         }
 519     }
 520     function solution() {
 521         global $CFG;
 522         if (optional_param('resetsesserrorcounter', 0, PARAM_BOOL)) {
 523             if (get_field('config', 'name', 'name', 'session_error_counter')) {
 524                 delete_records('config', 'name', 'session_error_counter');
 525             }
 526             return 'Error counter was cleared.';
 527         } else {
 528             return '<p>Session errors can be caused by:<ul><li>unresolved problem in server software (aka random switching of users),</li><li>blocked or modified cookies,</li><li>deleting of active session files.</li></ul></p><p><a href="'.me().'&resetsesserrorcounter=1">Reset counter.</a></p>';
 529         }
 530     }
 531 }
 532
 533
 534 class problem_00000x extends problem_base {
 535     function title() {
 536         return '';
 537     }
 538     function exists() {
 539         return false;
 540     }
 541     function severity() {
 542         return SEVERITY_SIGNIFICANT;
 543     }
 544     function description() {
 545         return '';
 546     }
 547     function solution() {
 548         global $CFG;
 549         return '';
 550     }
 551 }
 552
 553 /*
 554
 555 TODO:
 556
 557     session.save_path -- it doesn't really matter because we are already IN a session, right?
 558     detect unsupported characters in $CFG->wwwroot - see bug Bug #6091 - relative vs absolute path during backup/restore process
 559
 560 */
 561
 562 ?>