Merge pull request digininja#42 from g0tmi1k/setup

Add system check during install

config/config.inc.php

@@ -2,32 +2,32 @@
 
 # If you are having problems connecting to the MySQL database and all of the variables below are correct
 # try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets.
-# Thanks to digininja for the fix.
+#   Thanks to digininja for the fix.
 
 # Database management system to use
 $DBMS = 'MySQL';
-#$DBMS = 'PGSQL';
+#$DBMS = 'PGSQL'; // Currently disabled
 
 # Database variables
-# WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
-# Please use a database dedicated to DVWA.
+#   WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
+#   Please use a database dedicated to DVWA.
 $_DVWA = array();
-$_DVWA['db_server']   = '127.0.0.1';
-$_DVWA['db_database'] = 'dvwa';
-$_DVWA['db_user']     = 'root';
-$_DVWA['db_password'] = 'p@ssw0rd';
+$_DVWA[ 'db_server ']   = '127.0.0.1';
+$_DVWA[ 'db_database '] = 'dvwa';
+$_DVWA[ 'db_user ']     = 'root';
+$_DVWA[ 'db_password '] = 'p@ssw0rd';
 
-# Only needed for PGSQL
-$_DVWA['db_port'] = '5432';
+# Only used for PostgreSQL/PGSQL
+$_DVWA[ 'db_port '] = '5432';
 
 # ReCAPTCHA Settings
-# Get your keys at https://www.google.com/recaptcha/admin/create
-$_DVWA['recaptcha_public_key']  = '';
-$_DVWA['recaptcha_private_key'] = '';
+#   Get your keys at https://www.google.com/recaptcha/admin/create
+$_DVWA[ 'recaptcha_public_key ']  = '';
+$_DVWA[ 'recaptcha_private_key '] = '';
 
 # Default Security Level
-# The default is high, you may wish to set this to either low or medium.
-# If you specify an invalid level, DVWA will default to high.
-$_DVWA['default_security_level'] = 'high';
+#   The default is high, you may wish to set this to either low or medium.
+#   If you specify an invalid level, DVWA will default to high.
+$_DVWA[ 'default_security_level '] = 'high';
 
 ?>

dvwa/includes/dvwaPage.inc.php

@@ -470,8 +470,10 @@ function dvwaDatabaseConnect() {
 		$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 	}
 	elseif ( $DBMS == 'PGSQL' ) {
-		$dbconn = pg_connect("host=".$_DVWA[ 'db_server' ]." dbname=".$_DVWA[ 'db_database' ]." user=".$_DVWA[ 'db_user' ]." password=".$_DVWA[ 'db_password' ])
-		or die( $DBMS_connError );
+		//$dbconn = pg_connect("host=".$_DVWA[ 'db_server' ]." dbname=".$_DVWA[ 'db_database' ]." user=".$_DVWA[ 'db_user' ]." password=".$_DVWA[ 'db_password' ])
+		//or die( $DBMS_connError );
+		dvwaMessagePush( 'PostgreSQL is not yet fully supported.' );
+		dvwaPageReload();
 	}
 	else {
 		die ( 'Unknown $DBMS selected' );
@@ -510,4 +512,14 @@ function dvwaGuestbook() {
 }
 // -- END (XSS Stored guestbook)
 
+
+$phpSafeMode      = 'PHP safe mode: <em>' . ( ini_get( 'safe_mode' )  ? 'Enabled' : 'Disabled' ) . '</em>';
+$phpDisplayErrors = 'PHP display errors: <em>'.( ini_get( 'display_errors' )  ? 'Enabled</em> <i>(Easy Mode!)</i>' : 'Disabled</em>' );
+$phpURLInclude    = 'PHP allow URL Include: <em>'.( ini_get( 'allow_url_include' )  ? 'Enabled' : 'Disabled' ) . '</em>';
+$phpURLFopen      = 'PHP allow URL fopen: <em>'.( ini_get( 'allow_url_fopen' )  ? 'Enabled' : 'Disabled' ) . '</em>';
+$DVWARecaptcha    = 'reCAPTCHA key: <em>' . ( isset ( $_DVWA[ 'recaptcha_public_key' ] ) ? $_DVWA[ 'recaptcha_public_key' ] : 'Missing(*)' ) . '</em>';
+$DVWAUploadsWrite = 'Writable "/hackable/uploads/": <em>' . ( is_writable( realpath( dirname( dirname( getcwd() ) ) )."/hackable/uploads/" ) ? 'Yes' : 'No(*)' ) . '</em>';
+$DVWAPHPWrite     = 'Writable "/external/phpids/0.6/lib/IDS/tmp": <em>' . ( is_writable( realpath( dirname( dirname( getcwd() ) ) )."external/phpids/0.6/lib/IDS/tmp" ) ? 'Yes' : 'No(*)' ) . '</em>';
+$DVWAOS           = 'Operating system: <em>' . ( strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? 'Windows' : '*nix' ) . '</em>';
+
 ?>

setup.php

@@ -14,24 +14,46 @@
 		include_once DVWA_WEB_PAGE_TO_ROOT.'dvwa/includes/DBMS/MySQL.php';
 	}
 	elseif($DBMS == 'PGSQL') {
-		include_once DVWA_WEB_PAGE_TO_ROOT.'dvwa/includes/DBMS/PGSQL.php';
+		// include_once DVWA_WEB_PAGE_TO_ROOT.'dvwa/includes/DBMS/PGSQL.php';
+		dvwaMessagePush( 'PostgreSQL is not yet fully supported.' );
+		dvwaPageReload();
 	}
 	else {
 		dvwaMessagePush( 'ERROR: Invalid database selected. Please review the config file syntax.' );
 		dvwaPageReload();
 	}
 }
 
+
 $page[ 'body' ] .= "
 <div class=\"body_padded\">
 	<h1>Database Setup <img src=\"".DVWA_WEB_PAGE_TO_ROOT."dvwa/images/spanner.png\" /></h1>
 
 	<p>Click on the 'Create / Reset Database' button below to create or reset your database.</br>
 	If you get an error make sure you have the correct user credentials in: <em>" . realpath(  getcwd()  ) . "/config/config.inc.php</em></p>
-	<p>If the database already exists, it will be cleared and the data will be reset.</p>
+
+	<p>If the database already exists, <em>it will be cleared and the data will be reset</em>.<br />
+	You can also use this to reset the administrator credentials (\"<em>admin</em> // <em>password</em>\") at any stage.</p>
+	<hr />
 	<br />
 
-	Backend Database: <em>".$DBMS."</em>
+	<h2>Setup Check</h2>
+
+	{$DVWAOS}<br />
+	Backend Database: <em>".$DBMS."</em><br />
+	<br />
+	PHP Version: v<em>".phpversion()."</em><br />
+	{$phpSafeMode}<br/ >
+	{$phpDisplayErrors}<br />
+	{$phpURLInclude}<br/ >
+	{$phpURLFopen}<br />
+	<br />
+	{$DVWARecaptcha}<br />
+	<br />
+	{$DVWAUploadsWrite}<br />
+	{$DVWAPHPWrite}<br />
+	<br />
+	<i>Status with \"(*)\" indicate there could be possible issue(s) with a certain modules.</i><br />
 	<br /><br /><br />
 
 	<!-- Create db button -->