From f7858598146815d82ac17d7fd48a2c5f339761a2 Mon Sep 17 00:00:00 2001 From: Gavin Stewart Date: Wed, 16 Mar 2016 21:24:49 +1100 Subject: [PATCH 1/5] Diagnostic report alt ports - WIP --- lib/RESTfm/Diagnostics.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/RESTfm/Diagnostics.php b/lib/RESTfm/Diagnostics.php index 9d804ce..7f3f497 100644 --- a/lib/RESTfm/Diagnostics.php +++ b/lib/RESTfm/Diagnostics.php @@ -266,7 +266,9 @@ public function test_webserverRedirect($reportItem) { $URL = $this->_calculatedRESTfmURL() . '/?RFMversion'; if (RESTfmConfig::getVar('settings', 'SSLOnly') && ! $this->_isHTTPS()) { - $URL = preg_replace('/^http:/', 'https:', $URL); + $reportItem->status = ReportItem::WARN; + $reportItem->details .= 'Not tested, SSLOnly is TRUE in ' . RESTfmConfig::CONFIG_INI . ' configuration file.' . "\n"; + return; } $reportItem->details .= '' . $URL . '' . "\n"; @@ -698,11 +700,21 @@ private function _isDarwinFileMaker13() { * Returns the proper RESTfm URL as determined by the calculated base URI. */ private function _calculatedRESTfmURL() { - $URL = 'http://'; + $scheme = ''; + $port = ''; + if ($this->_isHTTPS()) { - $URL = 'https://'; + $scheme = 'https'; + if ($_SERVER['SERVER_PORT'] !== '443') { + $port = ':' . $_SERVER['SERVER_PORT']; + } + } else { + $scheme = 'http'; + if ($_SERVER['SERVER_PORT'] !== '80') { + $port = ':' . $_SERVER['SERVER_PORT']; + } } - $URL .= $_SERVER['SERVER_NAME'] . $this->_calculatedBaseURI(); + $URL = $scheme . '://' . $_SERVER['SERVER_NAME'] . $port . $this->_calculatedBaseURI(); return($URL); } From 893d5b9eebafa8825c56945d344604f42ef10fb2 Mon Sep 17 00:00:00 2001 From: Gavin Stewart Date: Mon, 21 Mar 2016 13:03:27 +1100 Subject: [PATCH 2/5] Diagnostic report - separate ssl/non-ssl reporting. --- lib/RESTfm/Diagnostics.php | 157 +++++++++---------------------------- 1 file changed, 36 insertions(+), 121 deletions(-) diff --git a/lib/RESTfm/Diagnostics.php b/lib/RESTfm/Diagnostics.php index 7f3f497..494a2e9 100644 --- a/lib/RESTfm/Diagnostics.php +++ b/lib/RESTfm/Diagnostics.php @@ -38,14 +38,11 @@ class Diagnostics { 'hostServerVersion', 'hostSystemDate', 'documentRoot', - //'licence', 'baseURI', 'webserverRedirect', 'filemakerAPI', 'filemakerConnect', 'sslEnforced', - 'sslServer', - 'sslWebserverRedirect', 'xslExtension', ); @@ -264,13 +261,13 @@ public function test_baseURI($reportItem) { public function test_webserverRedirect($reportItem) { $reportItem->name = 'Web server redirect to RESTfm.php'; - $URL = $this->_calculatedRESTfmURL() . '/?RFMversion'; - if (RESTfmConfig::getVar('settings', 'SSLOnly') && ! $this->_isHTTPS()) { + if ($this->_isSSLOnlyAndNotHTTPS()) { $reportItem->status = ReportItem::WARN; - $reportItem->details .= 'Not tested, SSLOnly is TRUE in ' . RESTfmConfig::CONFIG_INI . ' configuration file.' . "\n"; + $reportItem->details .= 'Unable to test, SSLOnly is TRUE. Try visiting this page with https instead.' . "\n"; return; } + $URL = $this->_calculatedRESTfmURL() . '/?RFMversion'; $reportItem->details .= '' . $URL . '' . "\n"; $ch = curl_init($URL); @@ -301,8 +298,14 @@ public function test_webserverRedirect($reportItem) { $reportItem->details .= htmlspecialchars($this->_darwinAllowOverrideInstructions()); } else { $reportItem->details .= 'Check the Apache httpd configuration has \'AllowOverride All\' for the RESTfm directory.' . "\n"; + if ($this->_isHTTPS()) { + $reportItem->details .= 'May also be needed in the VirtualHost section for SSL port (443).' . "\n"; + } } } + } elseif ($this->_isHTTPS && curl_getinfo($ch, CURLINFO_HTTP_CODE) == 404 && $this->_isDarwinFileMaker13()) { + $reportItem->status = ReportItem::ERROR; + $reportItem->details .= htmlspecialchars($this->_darwinFMS13InstallerInstructions()); } elseif ( $result != Version::getVersion() ) { $reportItem->status = ReportItem::ERROR; $reportItem->details .= 'RESTfm failed to respond correctly: ' . $result . "\n"; @@ -316,11 +319,13 @@ public function test_webserverRedirect($reportItem) { public function test_filemakerAPI($reportItem) { $reportItem->name = 'FileMaker PHP API'; - $URL = $this->_calculatedRESTfmURL() . '/RESTfm.php?RFMcheckFMAPI'; - if (RESTfmConfig::getVar('settings', 'SSLOnly') && ! $this->_isHTTPS()) { - $URL = preg_replace('/^http:/', 'https:', $URL); + if ($this->_isSSLOnlyAndNotHTTPS()) { + $reportItem->status = ReportItem::WARN; + $reportItem->details .= 'Unable to test, SSLOnly is TRUE. Try visiting this page with https instead.' . "\n"; + return; } + $URL = $this->_calculatedRESTfmURL() . '/RESTfm.php?RFMcheckFMAPI'; $reportItem->details .= '' . $URL . '' . "\n"; $ch = curl_init($URL); @@ -352,6 +357,12 @@ public function test_filemakerAPI($reportItem) { public function test_filemakerConnect($reportItem) { $reportItem->name = 'FileMaker Server connection test'; + if ($this->_isSSLOnlyAndNotHTTPS()) { + $reportItem->status = ReportItem::WARN; + $reportItem->details .= 'Unable to test, SSLOnly is TRUE. Try visiting this page with https instead.' . "\n"; + return; + } + if ($this->_report->filemakerAPI->status != ReportItem::OK) { $reportItem->status = ReportItem::ERROR; $reportItem->details = 'Cannot test, FileMaker PHP API not found.' . "\n"; @@ -443,120 +454,13 @@ public function test_filemakerConnect($reportItem) { public function test_sslEnforced($reportItem) { $reportItem->name = 'SSL enforced (' . RESTfmConfig::CONFIG_INI . ')'; - if (RESTfmConfig::getVar('settings', 'SSLOnly') != TRUE) { - $reportItem->status = ReportItem::WARN; - $reportItem->details .= "SSLOnly not TRUE in " . RESTfmConfig::CONFIG_INI . ' configuration file.' . "\n"; - $reportItem->details .= 'SSL is highly recommended to protect data, usernames and passwords from eavesdropping.' . "\n"; - } else { - $reportItem->details .= 'OK' . "\n"; - } - } - - public function test_sslServer($reportItem) { - $reportItem->name = 'SSL enabled on web server'; - - // Increase error level if user has enforced SSL in config. - $SSLfailureCode = ReportItem::WARN; - if ($this->_report->sslEnforced->status == ReportItem::OK) { - $SSLfailureCode = ReportItem::ERROR; - } - - if ($this->_isHTTPS() && $this->_report->webserverRedirect->status == ReportItem::OK) { - // Already working. - $reportItem->details = "OK"; - $reportItem->status = ReportItem::NA; - return; - } - - $URL = 'https://' . $_SERVER['SERVER_NAME']; - $reportItem->details .= '' . $URL . '' . "\n"; - - $ch = curl_init($URL); - curl_setopt($ch, CURLOPT_HEADER, 0); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); - if (RESTfmConfig::getVar('settings', 'strictSSLCertsReport') === FALSE) { - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); - } - curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); - curl_setopt($ch, CURLOPT_FORBID_REUSE, TRUE); - curl_setopt($ch, CURLOPT_USERAGENT, 'RESTfm Diagnostics'); - $result = curl_exec($ch); - - if (curl_errno($ch)) { - $reportItem->status = $SSLfailureCode; - $reportItem->details .= 'cURL failed with error: ' . curl_errno($ch) . ': ' . curl_error($ch) . "\n"; - if (curl_errno($ch) == 60) { // SSL certificate problem: self signed certificate - $reportItem->details .= 'On development (not production) systems it is possible to disable this check' ."\n"; - $reportItem->details .= 'by setting "strictSSLCertsReport" to FALSE in ' . RESTfmConfig::CONFIG_INI ."\n"; - } + if (RESTfmConfig::getVar('settings', 'SSLOnly') === TRUE) { + $reportItem->details .= 'SSLOnly is TRUE in ' . RESTfmConfig::CONFIG_INI . "\n"; } else { - $reportItem->details .= "OK" . "\n"; - } - curl_close($ch); - } - - public function test_sslWebserverRedirect($reportItem) { - $reportItem->name = 'SSL redirect to RESTfm'; - - // Increase error level if user has enforced SSL in config. - $SSLfailureCode = ReportItem::WARN; - if ($this->_report->sslEnforced->status == ReportItem::OK) { - $SSLfailureCode = ReportItem::ERROR; - } - - if ($this->_isHTTPS() && $this->_report->webserverRedirect->status == ReportItem::OK) { - // Already working. - $reportItem->details = "OK"; - $reportItem->status = ReportItem::NA; - return; - } elseif ($this->_report->sslServer->status != ReportItem::OK) { - // No chance. - $reportItem->details = "Not tested, SSL not enabled on web server."; - $reportItem->status = $SSLfailureCode; - return; - } - - $URL = $this->_calculatedRESTfmURL() . '/?RFMversion'; - $URL = preg_replace('/^http:/', 'https:', $URL); - - $reportItem->details .= '' . $URL . '' . "\n"; - - $ch = curl_init($URL); - curl_setopt($ch, CURLOPT_HEADER, 0); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); - if (RESTfmConfig::getVar('settings', 'strictSSLCertsReport') === FALSE) { - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); - } - curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); - curl_setopt($ch, CURLOPT_FORBID_REUSE, TRUE); - curl_setopt($ch, CURLOPT_USERAGENT, 'RESTfm Diagnostics'); - $result = curl_exec($ch); - - if (curl_errno($ch)) { $reportItem->status = ReportItem::WARN; - $reportItem->details .= 'cURL failed with error: ' . curl_errno($ch) . ': ' . curl_error($ch) . "\n"; - } elseif ( strpos($result, 'RESTfm is not configured') ) { - $reportItem->status = $SSLfailureCode; - $reportItem->details .= 'Redirection not working, index.html was returned instead.' . "\n"; - if ($this->_isApache()) { - $reportItem->details .= 'Check the Apache httpd configuration has \'AllowOverride All\' for the RESTfm Directory,' . "\n"; - $reportItem->details .= 'may also be needed in the VirtualHost section for port 443.' . "\n"; - } - } elseif (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 404 && $this->_isDarwinFileMaker13()) { - $reportItem->status = $SSLfailureCode; - $reportItem->details .= htmlspecialchars($this->_darwinFMS13SSLAllowOverrideInstructions()); - } elseif ( $result != Version::getVersion() ) { - $reportItem->status = $SSLfailureCode; - $reportItem->details .= 'RESTfm failed to respond correctly: ' . $result . "\n"; - } else { - $reportItem->details .= 'OK'; + $reportItem->details .= "SSLOnly not TRUE in " . RESTfmConfig::CONFIG_INI . "\n"; + $reportItem->details .= 'SSL is highly recommended to protect data, usernames and passwords from eavesdropping.' . "\n"; } - - curl_close($ch); } public function test_xslExtension ($reportItem) { @@ -633,7 +537,7 @@ private function _isIIS() { } /** - * Returns TRUE if https was used to connect. + * Returns TRUE if HTTPS was used to connect. */ private function _isHTTPS() { if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || @@ -643,6 +547,17 @@ private function _isHTTPS() { return FALSE; } + /** + * Returns TRUE if SSLOnly is set in config AND HTTPS was NOT used to + * connect. (Some diagnostic tests would fail in this case.) + */ + private function _isSSLOnlyAndNotHTTPS() { + if (RESTfmConfig::getVar('settings', 'SSLOnly') && ! $this->_isHTTPS()) { + return TRUE; + } + return FALSE; + } + /** * Returns Release string if Darwin is the Operating System. Returns False * otherwise. From 8f2a4fa63cc94ae6c74181bdaf3a37ae314a3892 Mon Sep 17 00:00:00 2001 From: Gavin Stewart Date: Mon, 21 Mar 2016 14:45:45 +1100 Subject: [PATCH 3/5] Diagnostics.php - small code fix. --- lib/RESTfm/Diagnostics.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/RESTfm/Diagnostics.php b/lib/RESTfm/Diagnostics.php index 494a2e9..2cd089f 100644 --- a/lib/RESTfm/Diagnostics.php +++ b/lib/RESTfm/Diagnostics.php @@ -303,7 +303,7 @@ public function test_webserverRedirect($reportItem) { } } } - } elseif ($this->_isHTTPS && curl_getinfo($ch, CURLINFO_HTTP_CODE) == 404 && $this->_isDarwinFileMaker13()) { + } elseif ($this->_isHTTPS() && curl_getinfo($ch, CURLINFO_HTTP_CODE) == 404 && $this->_isDarwinFileMaker13()) { $reportItem->status = ReportItem::ERROR; $reportItem->details .= htmlspecialchars($this->_darwinFMS13InstallerInstructions()); } elseif ( $result != Version::getVersion() ) { From 5dd0389c2996f0aaa0f1970cebdb5ffd4dc602f6 Mon Sep 17 00:00:00 2001 From: Gavin Stewart Date: Mon, 21 Mar 2016 14:46:34 +1100 Subject: [PATCH 4/5] Add web.config to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 65ce92d..3c97b6b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .htaccess +web.config code Build FileMaker From e7dd2745678305435754aa50adb7613a5115b4b2 Mon Sep 17 00:00:00 2001 From: Gavin Stewart Date: Tue, 22 Mar 2016 10:40:11 +1100 Subject: [PATCH 5/5] Update changelog and version pending merge. --- CHANGELOG | 4 ++++ lib/RESTfm/Version.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 1d6b3b0..d9c8b1a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +### 4.0.1 (Released 2016-03-22) ### + - Handle alternate http/https ports and/or port-forwarding scenarios + in report page. + ### 4.0.0 (Released 2016-03-11) ### - Handle searching on repetitions where submitted search field contains an index. diff --git a/lib/RESTfm/Version.php b/lib/RESTfm/Version.php index ca094f5..3a30d5f 100644 --- a/lib/RESTfm/Version.php +++ b/lib/RESTfm/Version.php @@ -21,7 +21,7 @@ * Version static class to hold release version. */ class Version { - private static $_release = '4.0.0'; + private static $_release = '4.0.1'; private static $_revision = '%%REVISION%%'; private static $_protocol = '5'; // Bump this when REST API changes.