60 lines
1.8 KiB
PHP
60 lines
1.8 KiB
PHP
<?php
|
|
// Test der HTTPS-Sicherheit
|
|
echo "🔒 HTTPS-Sicherheit Test\n";
|
|
echo "======================\n\n";
|
|
|
|
// 1. Prüfe .env Einstellungen
|
|
echo "1. .env Einstellungen:\n";
|
|
$envVars = ['APP_URL', 'FORCE_HTTPS', 'SECURE_COOKIES', 'SESSION_SECURE_COOKIE'];
|
|
foreach ($envVars as $var) {
|
|
$value = getenv($var) ?: 'nicht gesetzt';
|
|
echo " - $var: $value\n";
|
|
}
|
|
|
|
// 2. Prüfe Session-Konfiguration
|
|
echo "\n2. Session-Konfiguration:\n";
|
|
if (file_exists('config/session.php')) {
|
|
$content = file_get_contents('config/session.php');
|
|
if (strpos($content, "'secure' => true") !== false) {
|
|
echo " ✅ Session secure: true\n";
|
|
} else {
|
|
echo " ❌ Session secure: false\n";
|
|
}
|
|
if (strpos($content, "'http_only' => true") !== false) {
|
|
echo " ✅ Session http_only: true\n";
|
|
} else {
|
|
echo " ❌ Session http_only: false\n";
|
|
}
|
|
}
|
|
|
|
// 3. Prüfe CSRF-Konfiguration
|
|
echo "\n3. CSRF-Konfiguration:\n";
|
|
if (file_exists('config/csrf.php')) {
|
|
$content = file_get_contents('config/csrf.php');
|
|
if (strpos($content, "'secure' => true") !== false) {
|
|
echo " ✅ CSRF secure: true\n";
|
|
} else {
|
|
echo " ❌ CSRF secure: false\n";
|
|
}
|
|
}
|
|
|
|
// 4. Prüfe .htaccess
|
|
echo "\n4. .htaccess HTTPS-Headers:\n";
|
|
if (file_exists('public/.htaccess')) {
|
|
$content = file_get_contents('public/.htaccess');
|
|
if (strpos($content, 'Strict-Transport-Security') !== false) {
|
|
echo " ✅ HSTS Header vorhanden\n";
|
|
} else {
|
|
echo " ❌ HSTS Header fehlt\n";
|
|
}
|
|
if (strpos($content, 'upgrade-insecure-requests') !== false) {
|
|
echo " ✅ CSP upgrade-insecure-requests vorhanden\n";
|
|
} else {
|
|
echo " ❌ CSP upgrade-insecure-requests fehlt\n";
|
|
}
|
|
}
|
|
|
|
echo "\n✅ HTTPS-Sicherheit Test abgeschlossen!\n";
|
|
echo "🔗 Testen Sie jetzt: https://neonail.vogt.de.com/admin/users\n";
|
|
?>
|