#######################################################################
# File:		readme.txt for logview.php
# Author:	M Shaw
# Purpose:	Additional information for script: logview.php
#
# Versions:
# 1.00 10/Feb/2021 First version, ported from C++
# 1.01 25/Feb/2021 Updated re: problems setting access on /var/log
#######################################################################
					    W A R N I N G
** DO NOT RUN ON A SERVER UNLESS SECURITY SETTINGS ARE ENABLED **

#######################################################################
# Installation
#######################################################################
Copy the script to a suitable web location under 'htdocs' (or webroot)
You may want to put the script in it's own folder and set Webserver
folder access restrictions on that folder.

Next, configure the following variables to suit your folder structure:

//// Windows Example ///////////////
//*										// ** Uncomment to enable for Windows (MicroApachce)
// Must be writeable
$ini_file="C:\\wwwroot\\logview.ini";							// Default internal configuration file (path not URL)
// Must be writeable
$log_dir="C:\\Apps\\MicroApache-2.0.64-PHP-5.2.17\\logs\\";		// A path not a URL
// Must be readable
$error_log="C:\\Apps\\MicroApache-2.0.64-PHP-5.2.17\\logs\\";	// Error log. A PATH (we will append filename later) */

//// OpenWRT Example ///////////////
//*										// ** Uncomment to enable for OpenWRT
// Must be writeable (pick a suitable folder...)
// Must be writeable (pick a suitable folder...)
$ini_file="/usr/share/apache2/htdocs/logview.ini";  // Any suitable, secure+writeable folder
// Must be writeable
$log_dir="/tmp/log/apache2/";			// A path not a URL (OpenWRT example)
// Must be readable
$error_log="/tmp/log/apache2/";			// A Path not a URL (OpenWRT example) */

$css_file='/css/logview.css';					// A URL, not a path

// You will need to set IP access restrictions (See IP filtering rules below)
$ip_mask="127.0.0.1 192.168.* 169.254.*";		// Default permitted IP address 

Linux users may want to change some of the font names in the function 
set_theme() as the default ones are common Windows fonts.

#######################################################################
# Configuration (INI) file:
#######################################################################
Several options can be configured in the script
Other options may be configured in the logview.ini configuration file
The ini file should be located in a secure location where the access
filter cannot be changed. For the most part, no setting will need to be
changed in the ini file other than the ip_mask. You may prefer to 
configure this in the script itself where it cannot be altered.
The ini configuration is overwritten, apart from the IP mask value
each time a new file is launched.

#######################################################################
# File: logview.ini (example)
#######################################################################
[config]
theme = "modern"
lines = 25
refresh = 60
keywords = "foo bar moo pa"
ip_mask = "127.0.0.1 192.168.* 169.254.*"
#######################################################################

#######################################################################
# LogView security: (IP filtering rules)
# Logview can restrict access to any one of a number of selected IP 
# addresses set within either the script itself or in logview.ini
#######################################################################
* It is strongly recommended that access is restricted to LAN only
* Use either the built-in filter entry or INI file entry, not both

Filters using global var $ip_mask which is also stored in INI config file
Avoid the use of partial addresses and excess * wildcards where possible
other than on local LAN addresses (e.g. '192.168.*')
Global var: $ip_mask may have 1 or more whitespace separated IP masks
An IP mask may comprise of a literal IPV4 address or be comprised of
1 to 4 octet-parameters of either NNN, * or mixed ? N placeholders 
< 4 octet parameters can be used for a partial (prefix) match (e.g. '192.*')
* and ? placeholders may be mixed within an IP address mask but not in an octet
? matches an exact number of characters. "??" will match NN but not N or NNN

Example:
$ip_mask="127.0.0.1 192.* 169.254.* 243.144.3.1?? 1.2.3.??"
Result: Match 127.0.0.1 exactly; any address with 192 prefix; any 3 digit 
243.144.3.* address with 3 digits and '1' prefix; any 2 digit IP on subnet 1.2.3.*

Note: Windows APIPA range is: 169.254.0.1 to 169.254.254.255
https://www.lifewire.com/automatic-private-internet-protocol-addressing-816437
Note: Private Class "A" subnet is 10.*
Note: Private Class "B" subnet is 172.16.0.0 – 172.31.255.255
Note: Private Class "C" subnet is 192.168.*
https://en.wikipedia.org/wiki/Private_network
Note: CIDR has superseded much of the above
https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing


#######################################################################
# WEBSERVER SECURITY:
# Apache configuration for httpd.conf or apache2.conf
# Changing the name of the script to something random is recommended
# Also, *never* ever link this script from any part of your website
# Linux environments will have 'htpasswd' file in an alternate location
#######################################################################
<filesmatch (logview\.php)>
	Order Allow,Deny
	Allow from All
	AllowOverride None
	AuthType Basic
	AuthName "Password Required"
	AuthUserFile c:/password/htpasswd.txt	// Note: Windows example
	Require user admin
	# Require valid-user   # Alternate
</filesmatch>

<filesmatch (logview\.php)>
	Order Allow,Deny
	Allow from All
	AllowOverride None
	AuthType Basic
	AuthName "Password Required"
	AuthUserFile /etc/apache2/.htpasswd 	// Note: Linux example
	Require user admin
	# Require valid-user   # Alternate
</filesmatch>

Links:
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04


#######################################################################
# File permissions
#######################################################################
On Linux particularly, you must ensure that sufficient read access
permissions are granted to the log folders, e.g. in say
/tmp/log/Apache2/ (OpenWRT). The Apache user will usually have sufficient
permission to read.

Attributes in /var/log (or /tmp/log) 
------------------------------------
It may be mpossible to set sufficient attributes to enable PHP script
read access. These attributes, if set are lost after each reboot
Suggest where USB mount is used that Apache is configured to use an alternative
log folder which places logs on the USB drive. 
Reconfigure /etc/apache2/apache2.conf accordingly

#######################################################################
# CSS File
#######################################################################
 The CSS file will be sourced from possibly two locations depending on the
 server configuration. If it isn't being read from "<website>/" (root)
 then it may be being looked for in the CGI-BIN folder. You may need to 
 adjust the script to suit your server configuration.
 
#######################################################################
# Error logging
#######################################################################
Errors in the script operation or page access denied messages are 
recorded in the file 

# EOF #