-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity-verification.php
More file actions
131 lines (110 loc) Β· 4.73 KB
/
Copy pathsecurity-verification.php
File metadata and controls
131 lines (110 loc) Β· 4.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
// Complete Security Verification Script
header('Content-Type: text/plain; charset=utf-8');
echo "π PHP FileServer Security Verification\n";
echo "==========================================\n\n";
// Check all .htaccess files exist
$security_dirs = [
'.' => 'Root directory (main security)',
'api' => 'API endpoints (controlled access)',
'assets' => 'Static assets (optimized delivery)',
'data' => 'JSON data (complete denial)',
'data/backups' => 'Backup files (critical protection)',
'data/locks' => 'Lock files (system protection)',
'includes' => 'PHP functions (complete denial)',
'logs' => 'Log files (protected access)',
'storage' => 'File storage (API-only access)',
'storage/compressed' => 'Compressed files (protected)',
'storage/quarantine' => 'Quarantine (maximum security)',
'storage/thumbnails' => 'Thumbnails (protected)',
'storage/uploads' => 'Uploads (download API only)',
'storage/versions' => 'File versions (protected)',
'templates' => 'HTML templates (complete denial)'
];
echo "π Security File Verification:\n";
echo "------------------------------\n";
$all_secured = true;
foreach ($security_dirs as $dir => $description) {
$htaccess_path = $dir . '/.htaccess';
$exists = file_exists($htaccess_path);
$status = $exists ? 'β
' : 'β';
if (!$exists) $all_secured = false;
echo sprintf("%-25s %s %s\n", $dir . '/', $status, $description);
}
echo "\nπ Directory Status:\n";
echo "-------------------\n";
$directories = [
'api' => 'API endpoints',
'assets/css' => 'Stylesheets',
'assets/js' => 'JavaScript files',
'data' => 'JSON data files',
'data/backups' => 'System backups',
'data/locks' => 'Operation locks',
'includes' => 'PHP functions',
'logs' => 'System logs',
'storage/compressed' => 'Compressed files',
'storage/quarantine' => 'Quarantined files',
'storage/thumbnails' => 'Image thumbnails',
'storage/uploads' => 'User uploads',
'storage/versions' => 'File versions',
'templates' => 'HTML templates'
];
foreach ($directories as $dir => $description) {
$exists = is_dir($dir);
$writable = $exists ? is_writable($dir) : false;
$file_count = 0;
if ($exists) {
$files = glob($dir . '/*');
$file_count = count(array_filter($files, 'is_file'));
}
$status = $exists ? ($writable ? 'β
' : 'β οΈ') : 'β';
$files_info = $file_count > 0 ? " ({$file_count} files)" : " (empty)";
echo sprintf("%-25s %s %s%s\n", $dir . '/', $status, $description, $files_info);
}
echo "\nπ‘οΈ Security Level Summary:\n";
echo "---------------------------\n";
echo "MAXIMUM SECURITY (Complete Denial):\n";
echo " β’ data/ - Sensitive JSON files\n";
echo " β’ includes/ - PHP function files\n";
echo " β’ templates/ - HTML template files\n";
echo " β’ logs/ - System log files\n";
echo " β’ storage/quarantine/ - Suspicious files (LOCKDOWN)\n";
echo " β’ data/backups/ - Critical backup files\n";
echo " β’ data/locks/ - System lock files\n\n";
echo "API-ONLY ACCESS (Controlled Access):\n";
echo " β’ storage/uploads/ - Download API only\n";
echo " β’ storage/compressed/ - Compression API only\n";
echo " β’ storage/thumbnails/ - Image API only\n";
echo " β’ storage/versions/ - Version API only\n\n";
echo "OPTIMIZED DELIVERY (Static Assets):\n";
echo " β’ assets/ - CSS, JS, images with caching\n\n";
echo "CONTROLLED API (Secured Endpoints):\n";
echo " β’ api/ - PHP endpoints with CORS headers\n\n";
// Check if server is ready
echo "π Server Readiness Check:\n";
echo "--------------------------\n";
$config_exists = file_exists('includes/config.php');
$init_complete = file_exists('data/users.json');
$logs_writable = is_writable('logs');
$storage_writable = is_writable('storage');
echo "Configuration: " . ($config_exists ? 'β
' : 'β') . "\n";
echo "Initialization: " . ($init_complete ? 'β
' : 'β') . "\n";
echo "Logs writable: " . ($logs_writable ? 'β
' : 'β') . "\n";
echo "Storage writable: " . ($storage_writable ? 'β
' : 'β') . "\n";
$ready = $all_secured && $config_exists && $init_complete && $logs_writable && $storage_writable;
echo "\n" . str_repeat("=", 50) . "\n";
if ($ready) {
echo "π SECURITY VERIFICATION COMPLETE!\n";
echo "π All directories are properly secured\n";
echo "π FileServer is ready for production use\n\n";
echo "To start the server:\n";
echo "1. Double-click: start-server.bat\n";
echo "2. Or run: php -S localhost:8080\n";
echo "3. Open browser: http://localhost:8080\n";
echo "4. Login: admin / admin123\n";
} else {
echo "β οΈ SECURITY ISSUES DETECTED!\n";
echo "Please review the above checks and fix any missing files.\n";
}
echo str_repeat("=", 50) . "\n";
?>