webinterface.git

modules/freewvs/freewvs.php  1) <?php

modules/webapps/freewvs.php  2) /*
modules/webapps/freewvs.php  3) This file belongs to the Webinterface of schokokeks.org Hosting
modules/webapps/freewvs.php  4) 

modules/webapps/freewvs.php  5) Written 2008-2018 by schokokeks.org Hosting, namely

modules/webapps/freewvs.php  6)   Bernd Wurst <bernd@schokokeks.org>
modules/webapps/freewvs.php  7)   Hanno Böck <hanno@schokokeks.org>
modules/webapps/freewvs.php  8) 
modules/webapps/freewvs.php  9) To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
modules/webapps/freewvs.php 10) 

modules/webapps/freewvs.php 11) You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see

modules/webapps/freewvs.php 12) http://creativecommons.org/publicdomain/zero/1.0/
modules/webapps/freewvs.php 13) 
modules/webapps/freewvs.php 14) Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
modules/webapps/freewvs.php 15) */

modules/freewvs/freewvs.php 16) 
modules/freewvs/freewvs.php 17) require_once('session/start.php');

modules/freewvs/freewvs.php 18) 
modules/freewvs/freewvs.php 19) require_once('freewvs.php');

modules/webapps/freewvs.php 20) require_once('webapp-installer.php');

modules/freewvs/freewvs.php 21) 

modules/webapps/freewvs.php 22) require_role([ROLE_SYSTEMUSER]);

modules/freewvs/freewvs.php 23) 

modules/webapps/freewvs.php 24) title("Prüfung Ihrer Web-Anwendungen");
modules/webapps/freewvs.php 25) 

modules/freewvs/freewvs.php 26) $uid = (int) $_SESSION['userinfo']['uid'];
modules/freewvs/freewvs.php 27) 

modules/webapps/freewvs.php 28) if (isset($_POST['freq']) && in_array($_POST['freq'], ["day","week","month"])) {

modules/webapps/freewvs.php 29)     check_form_token('freewvs_freq');

modules/webapps/freewvs.php 30)     $args = [":uid" => $uid, ":freq" => $_POST['freq']];

modules/webapps/freewvs.php 31)     db_query("REPLACE INTO qatools.freewvs (user,freq) VALUES (:uid,:freq)", $args);
modules/webapps/freewvs.php 32)     header("Location: freewvs");
modules/webapps/freewvs.php 33)     die();

modules/freewvs/freewvs.php 34) }
modules/freewvs/freewvs.php 35) 

modules/webapps/freewvs.php 36) $result = db_query("SELECT freq FROM qatools.v_freewvs WHERE uid=?", [$uid]);

modules/webapps/freewvs.php 37) $result=$result->fetch();

modules/freewvs/freewvs.php 38) $freq=$result['freq'];
modules/freewvs/freewvs.php 39) 

modules/webapps/freewvs.php 40) headline('Überprüfung Ihrer Web-Anwendungen auf Sicherheitslücken');

modules/freewvs/freewvs.php 41) 

modules/webapps/freewvs.php 42) output('<p>Bei '.config('company_name').' werden die von Ihnen installierten Web-Anwendungen (z.B. Blog-Software, Content-Management-Systeme, ...) regelmäßig automatisch auf bekannte Sicherheitsprobleme untersucht. Sie erhalten jeweils umgehend eine Nachricht, wenn wir gefährdete Anwendungen finden. Zudem werden wir Sie regelmäßig an bestehende Sicherheitslücken erinnern.</p>
modules/webapps/freewvs.php 43) <p><strong>Wie häufig möchten Sie an bestehende Sicherheitsprobleme erinnert werden?</strong></p>

modules/webapps/freewvs.php 44) '.html_form('freewvs_freq', 'freewvs', '', '<p>'.html_select('freq', ['day' => 'täglich', 'week' => 'einmal pro Woche', 'month' => 'einmal pro Monat'], $freq).' &#160; <input type="submit" value="speichern" /></p>'));

modules/freewvs/freewvs.php 45) 
modules/freewvs/freewvs.php 46) $results = load_results();
modules/freewvs/freewvs.php 47) 
modules/freewvs/freewvs.php 48) output('<h3>Aktuell installierte Web-Anwendungen</h3>
modules/freewvs/freewvs.php 49) <p>Die folgenden Web-Anwendungen wurden beim letzten Programmdurchlauf gefunden. Diese Liste wird i.d.R. täglich aktualisiert.</p>');

modules/webapps/freewvs.php 50) foreach ($results as $app) {
modules/webapps/freewvs.php 51)     $url = get_url_for_dir($app['directory']);
modules/webapps/freewvs.php 52)     output("<div class='freewvs freewvs-{$app['state']}'>\n");
modules/webapps/freewvs.php 53)     if ($app['state'] == 'ok') {
modules/webapps/freewvs.php 54)         output("<img src='{$prefix}images/ok.png' />\n");
modules/webapps/freewvs.php 55)         output("<p><strong>{$app['appname']} {$app['version']}</strong></p>\n");

modules/webapps/freewvs.php 56)         output("<p>Gefunden in ".filter_output_html($app['directory'])." (<a href=\"{$url}\">{$url}</a>)</p>\n");

modules/webapps/freewvs.php 57)         output("<p>Diese Anwendung hat keine allgemein bekannten Sicherheitsprobleme.</p>\n");

modules/freewvs/freewvs.php 58)     } else {

modules/webapps/freewvs.php 59)         $vulnlink = $app['vulninfo'];
modules/webapps/freewvs.php 60)         $doclink = get_upgradeinstructions($app['appname']);
modules/webapps/freewvs.php 61)         if (substr($vulnlink, 0, 3) == 'CVE') {
modules/webapps/freewvs.php 62)             $vulnlink = 'https://cve.mitre.org/cgi-bin/cvename.cgi?name='.$vulnlink;
modules/webapps/freewvs.php 63)         }
modules/webapps/freewvs.php 64)         output("<img src='{$prefix}images/error.png' />\n");
modules/webapps/freewvs.php 65)         output("<p><strong>{$app['appname']} {$app['version']}</strong></p>\n");

modules/webapps/freewvs.php 66)         output("<p>Gefunden in ".filter_output_html($app['directory'])." (<a href=\"{$url}\">{$url}</a>)</p>\n");

modules/webapps/freewvs.php 67)         if ($app['safeversion'] != '') {
modules/webapps/freewvs.php 68)             output("<p>Diese Anwendung ist von Sicherheits-Problemen betroffen. Ein <strong>Update auf Version {$app['safeversion']}</strong> wird dringend empfohlen. Prüfen Sie anhand der unten genannten Referenz welche Gefahren von dieser Anwendung momentan ausgehen.</p>\n");
modules/webapps/freewvs.php 69)         } else {
modules/webapps/freewvs.php 70)             output("<p>Diese Anwendung ist von Sicherheits-Problemen betroffen. Leider gibt es <strong>momentan keine aktualisierte Version</strong>. Prüfen Sie bitte anhand der unten genannten Beschreibung des Problem die möglichen Gefahren eines weiteren Betriebs dieser Anwendung.</p>\n");
modules/webapps/freewvs.php 71)         }
modules/webapps/freewvs.php 72)         output("<p><strong>Referenz zu diesem Sicherheitsproblem: <a href='{$vulnlink}'>{$app['vulninfo']}</a></strong></p>");
modules/webapps/freewvs.php 73)         if ($doclink != null) {
modules/webapps/freewvs.php 74)             output('<p><strong>Hinweis:</strong> Um Ihnen das Upgrade leichter zu machen, möchten wir Sie auf eine <a href="'.$doclink.'">deutschsprachige Upgrade-Anleitung</a> aufmerksam machen.</p>'."\n");
modules/webapps/freewvs.php 75)         }
modules/webapps/freewvs.php 76)         $up = upgradeable($app['appname'], $app['version']);
modules/webapps/freewvs.php 77)         if ($up) {
modules/webapps/freewvs.php 78)             if (directory_in_use($app['directory'])) {
modules/webapps/freewvs.php 79)                 output('<p><em>Automatische Update-Aktion heute nicht mehr möglich</em></p>');
modules/webapps/freewvs.php 80)             } else {
modules/webapps/freewvs.php 81)                 output('<p>'.internal_link('requestupdate', 'Update automatisch durchführen', "dir={$app['directory']}&app={$up}")."</p>\n");
modules/webapps/freewvs.php 82)             }
modules/webapps/freewvs.php 83)         }

modules/webapps/freewvs.php 84)     }

modules/webapps/freewvs.php 85)     output("</div>\n");
modules/webapps/freewvs.php 86)     #output("<tr><td>{$app['appname']} ({$app['version']})</td><td>{$app['state']}</td></tr>");