Debug mode only for admin user

[macbishop]

I think that is necessary change the function dump_gui_debug() in /var/www/ispcp/gui/include/debug.php in order that only the admin can use the debug mode into the panel.

Remember that...

Code:

$cfg['DUMP_GUI_DEBUG']==true;

... in /var/www/ispcp/gui/include/ispcp-lib.php to use this function

Code:

function dump_gui_debug()
{
    if (isset($_SESSION['user_logged']) && $_SESSION['user_logged']=='admin' || isset($_SESSION['logged_from']) && $_SESSION['logged_from'] == 'admin'){
        echo '<font color="#0000FF"><u>Content of <b>$_SESSION</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($_SESSION, true));
        echo '</pre>';
        echo '<font color="#0000FF"><u>Content of <b>$_POST</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($_POST,    true));
        echo '</pre>';
        echo '<font color="#0000FF"><u>Content of <b>$_GET</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($_GET,     true));
        echo '</pre>';
        echo '<font color="#0000FF"><u>Content of <b>$_COOKIE</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($_COOKIE,  true));
        echo '</pre>';
        echo '<font color="#0000FF"><u>Content of <b>$_FILES</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($_FILES,   true));
        echo '</pre>';
        echo '<font color="#0000FF"><u>Content of <b>$GLOBALS</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($GLOBALS,  true));
        echo '</pre>';
        echo '<font color="#0000FF"><u>Content of <b>$_SERVER</b>:</u><br /></font>';
        echo '<pre>';
        echo htmlentities(print_r($_SERVER,  true));
        echo '</pre>';
    }else{
        exit;
    }
}

[raphael]

What would the use of that be? that var should only be enabled by developers or by testers (who obviously won't test something on a production server with real users).

And in case it is added I'd recommend to add an other option to disable the "only for admins" check. Why? some day there might be a bug which can't be spotted by admins but only by *real* users (admin level: user)

[macbishop]

raphael Wrote:What would the use of that be?

In production case, if in some moment I want to see the variables for testing something, I don't want that the users or resellers can see.

raphael Wrote:And in case it is added I'd recommend to add an other option to disable the "only for admins" check.

On asume that the tester have knowledge and privileges to change 'admin' for 'user' or 'reseller' in the function. Also ist'n difficult to create a $cfg variable in /etc/ispcp/ispcp.conf and deploy in the function.

[joximu]

So, it should be visible only for a certain session - or a certain remote IP???

[macbishop]

joximu Wrote:So, it should be visible only for a certain session

For me only for admin logged or logged from.
Is my opinion

joximu Wrote:or a certain remote IP

It's another viewpoint. and very valid if the tester have a static IP
Isn't difficult to resolve it with $_SERVER['REMOTE_ADDR']

If you want I can fix the code for that.