Okay, it seems that the beta is missing some info in the lib-custom.php file for "Are you secure?" Here is the info that was left out of that file below. Also make a new block, call it Are you secure? under block name put "security_check Under type put PHP Block Then under PHP Block Options input "phpblock_getBent" Access Rights Select Root Then Copy the code below into lib-custom.php and save it off. Then check your new block.
Text Formatted Code
/***
*
* Get Bent()
*
* Php function to tell you how if your site is grossly insecure
*
**/
function phpblock_getBent()
{
global $_CONF, $_TABLES;
$secure = true;
$retval = '';
$secure_msg = 'Could not find any gross insecurities in your site. Do not take this ';
$secure_msg .= 'as meaning your site is 100% secure, as no site ever is. I can only ';
$secure_msg .= 'check things that should be blatantly obvious.';
$insecure_msg = '';
// we don't have the path to the admin directory, so try to figure it out
// from $_CONF['site_admin_url']
$adminurl = $_CONF['site_admin_url'];
if (strrpos ($adminurl, '/') == strlen ($adminurl)) {
$adminurl = substr ($adminurl, 0, -1);
}
$pos = strrpos ($adminurl, '/');
if ($pos === false) {
// only guessing ...
$installdir = $_CONF['path_html'] . 'admin/install';
} else {
$installdir = $_CONF['path_html'] . substr ($adminurl, $pos + 1)
. '/install';
}
if (is_dir ($installdir)) {
$insecure_msg .= '<p>You should really remove the install directory <b>' . $installdir .'</b> once you have your site up and running without any errors.';
$insecure_msg .= ' Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.';
$secure = false;
}
// check to see if any account still has 'password' as its password.
$count = DB_query("select count(*) as count from {$_TABLES['users']} where passwd='" . md5('password') . "'");
$A = DB_fetchArray($count);
if ( $A['count'] > 0 ) {
$secure = false;
$insecure_msg .= '<p>You still have not changed the default password from "password" on ' . $A['count'] . ' account(s). ';
$insecure_msg .= 'This will allow people to do serious harm to your site!';
}
if ($secure) {
$retval = $secure_msg;
} else {
$retval = $insecure_msg;
}
$retval = wordwrap($retval,20,' ',1);
return $retval;
}