Merge branch 'molting/open-source' of github.com:EllisLab/ExpressionE…

…ngine-User-Guide into molting/open-source

source/troubleshooting/error_messages/expressionengine_has_detected_the_modification_of_a_core_file.rst

@@ -0,0 +1,13 @@
+ExpressionEngine has detected the modification of a core file
+=============================================================
+
+ExpressionEngine displays the error: **One or more core files have been altered**
+
+Troubleshooting
+---------------
+
+This means that one of the files that runs ExpressionEngine like the front-end index.php file or your control panel admin.php file has changed on disk. You will see this message after intentionally modifying those files, to change the system path for instance, or when updating a major version that instructs you to replace those files.
+
+However, ExpressionEngine is careful to alert you since these files are executed by the server every time that ExpressionEngine runs. If your server is compromised, these types of files are common targets for hackers, since they know they will be requested frequently.
+
+If you made these changes yourself, you can click Accept and the modifications will be accepted by the system. If you did not alter the files yourself, it may indicate a hacking attempt. Check the files listed for any suspicious contents (JavaScript or iFrames). If you **do** find that your server was compromised or are unsure of how to check or what to do about it, please contact your host and a web professional.

source/troubleshooting/error_messages/missing_encryption_keys.rst

@@ -0,0 +1,29 @@
+Missing Encryption Keys
+=======================
+
+ExpressionEngine displays the error: **You do not have value set for [encryption_key/session_crypt_key] in your config.php. This may leave your install open to security vulnerabilities. Restore the keys or see this troubleshooting article in the user guide for help.**
+
+Troubleshooting
+---------------
+
+This means you are missing the corresponding item from your ``system/user/config/config.php`` file. This shouldn't occur, and generally means that someone modified your file or removed those values by accident. They will look like this::
+
+  $config['encryption_key'] = '26791dcd5c7cc9e569cc05b16b96235985cc9f03';
+  $config['session_crypt_key'] = 'd9e776dc9a5de0cd83e7c76a76756daa64ff4b8b';
+
+Since some content in your database or generated by third-party add-ons may already be encrypted using these keys, it would be best to restore them from a backup. If you do not have a backup available, or it is also missing these keys, you should generate new keys. Do **NOT** use the random samples above, use the tools below to create a new random string.
+
+Generating new encryption keys
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Using ``openssl``::
+
+  openssl rand 128 | openssl dgst -sha1
+
+Using ``php`` from the command line::
+
+  php -r 'echo sha1(uniqid(random_int(-PHP_INT_MAX, PHP_INT_MAX), TRUE));echo "\n";'
+
+For Windows systems, if you have not modified your environment, you will need to supply the path to php.exe::
+
+  C:\PHP7\php.exe -r 'echo sha1(uniqid(random_int(-PHP_INT_MAX, PHP_INT_MAX), TRUE));echo "\r";'

source/troubleshooting/index.rst

@@ -81,7 +81,8 @@ Error Messages
 - :doc:`Supplied argument is not a valid MySQL-Link resource <error_messages/supplied_argument_is_not_a_valid_mysql-link_resource>`
 - :doc:`Call to undefined function: imagettftext() <error_messages/call_to_undefined_function_imagettftext>`
 - :doc:`You are not authorized to perform this action <error_messages/you_are_not_authorized_to_perform_this_action>`
-
+- :doc:`ExpressionEngine has detected the modification of a core file <error_messages/expressionengine_has_detected_the_modification_of_a_core_file>`
+- :doc:`You do not have value set for [encryption_key/session_crypt_key] in your config.php <error_messages/missing_encryption_keys>`
 
 .. toctree::
 	:glob: