/** * delSubscriber - remove the subscriber from the NREN and Confusa. * * This will remove the subscriber *permanently* along with all it's * affiliated subscriber admins (this is handled by the database-schema * with the 'ON DELETE CASCADE'. * * @param id String|integer the ID of the institution/subscriber in the database. * */ private function delSubscriber($id) { if (!isset($id) || $id === "") { Framework::error_output("Cannot delete subscriber with unknown id!"); } $nren = $this->person->getNREN(); /* * Make sure that we are deleting a subscriber from the current NREN. */ try { $query = "SELECT nren_id, subscriber FROM nren_subscriber_view "; $query .= "WHERE nren=? AND subscriber_id=?"; $res = MDB2Wrapper::execute($query, array('text', 'text'), array($this->person->getNREN(), $id)); } catch (DBQueryException $dbqe) { $errorTag = PW::create(); $msg = "Could not delete subscriber with ID {$id} from DB."; Logger::logEvent(LOG_NOTICE, "NRENAdmin", "delSubscriber()", $msg, __LINE__, $errorTag); Framework::message_output($msg . "<br />[{$errorTag}] Server said: " . htmlentities($dbqe->getMessage())); return false; } catch (DBStatementException $dbse) { $errorTag = PW::create(); $msg = "Could not delete subsriber with ID {$id} from DB, due to problems with the " . "statement. Probably this is a configuration error. Server said: " . $dbse->getMessage(); Logger::logEvent(LOG_NOTICE, "NRENAdmin", "delSubscriber()", $msg, __LINE__, $errorTag); Framework::message_output("[{$errorTag}]" . htmlentities($msg)); return false; } if (count($res) != 1) { Framework::error_output("Could not find a unique NREN/subscriber pair for subscriber with id " . htmlentities($id)); return false; } $nren_id = $res[0]['nren_id']; $subscriberName = $res[0]['subscriber']; if (!isset($nren_id) || $nren_id == "") { Framework::error_output("Could not get the NREN-ID for subscriber " . htmlentities($id) . "Will not delete subscriber (" . htmlentites($id) . ")."); return false; } /* * Revoke all certificates for subscriber */ $ca = CAHandler::getCA($this->person); $list = $ca->getCertListForPersons("", $subscriberName); $count = 0; foreach ($list as $key => $value) { try { if (isset($value['auth_key'])) { echo "<pre>\n"; print_r($value); echo "</pre>\n"; if ($ca->revokeCert($value['auth_key'], "privilegeWithdrawn")) { $count = $count + 1; } } } catch (CGE_KeyRevokeException $kre) { echo $kre->getMessage() . "<br />\n"; } Logger::logEvent(LOG_INFO, "NRENAdmin", "delSubscriber()", "Deleting subscriber, revoked {$count} issued certificates " . "for subscriber {$subscriberName}."); } MDB2Wrapper::update("DELETE FROM subscribers WHERE subscriber_id = ? AND nren_id = ?", array('text', 'text'), array($id, $nren_id)); Logger::logEvent(LOG_INFO, "NRENAdmin", "delSubscriber()", "Deleted subscriber with ID {$id}.\n"); $msg = $this->translateTag('l10n_suc_deletesubs1', 'nrenadmin') . htmlentities($subscriberName) . $this->translateTag('l10n_suc_deletesubs2', 'nrenadmin') . " " . htmlentities($id) . ". " . $this->translateTag('l10n_suc_deletesubs3', 'nrenadmin') . " " . $count . " " . $this->translateTag('l10n_suc_deletesubs4', 'nrenadmin'); Framework::success_output($msg); }
/** * insertNewCertificate() insert the new certificate into the robot hold * * Take a string holding the certificate and insert it into the keyhold * given that the string is actually holding a valid certificate. * * @param String base64 encoded PEM formatted X.509 certificate * @return boolean indicating the success of the opreation (true means inserted OK) */ private function insertCertificate($certificate, $comment) { /* validate certificate */ try { $cert = new Certificate($certificate); } catch (KeyNotFoundException $knfe) { Framework::error_output(htmlentities($knfe->getMessage())); return false; } catch (CertificateException $ce) { Framework::error_output(htmlentities($ce->getMessage())); return false; } /* Find valid_until for cert */ try { $query = "SELECT subscriber_id, uploaded_by, uploaded_date, valid_until, fingerprint "; $query .= "FROM robot_certs WHERE fingerprint = ? OR serial=?"; $res = MDB2Wrapper::execute($query, array('text', 'text'), array($cert->getFingerprint(), $cert->getSerial())); if (count($res) > 0) { Framework::error_output($this->translateTag('l10n_err_certalrthere', 'robot')); return false; } } catch (Exception $e) { /* FIXME, add better exception mask & handling */ Framework::error_output(__FILE__ . ":" . __LINE__ . " FIXME: " . htmlentities($e->getMessage())); return false; } /* Get subscriber, nren and admin_id */ try { $query = "SELECT * FROM admins WHERE admin=? AND subscriber=? AND nren=? "; $params = array('text', 'text', 'text'); $data = array($this->person->getEPPN(), $this->person->getSubscriber()->getDBID(), $this->person->getNREN()->getID()); $res = MDB2Wrapper::execute($query, $params, $data); switch (count($res)) { case 0: /* * Strange error. User is admin, yet not admin. * * Fixme: better error-reporting here, even * though we cannot do much about it. */ $error_code = strtoupper(PW::create(8)); $error_msg = "[error_code: {$error_code}]<br /><br />\n"; $log_msg = "[{$error_code}] "; $query = "SELECT * FROM admins WHERE admin=? AND admin_level=? AND subscriber IS NULL"; $params = array('text', 'text'); $data = array($this->person->getEPPN(), SUBSCRIBER_ADMIN); $admin_query_res = MDB2Wrapper::execute($query, $params, $data); if (count($admin_query_res) != 0) { $error_msg .= "The subscriber-admin (" . htmlentites($this->person->getEPPN()) . ") is not properly connected "; $error_msg .= "to any database. This is due to a database inconsistency "; $error_msg .= "and is a direct result of someone manually adding the admin to the database "; $error_msg .= "without connecting the admin to a subscriber."; $log_msg .= "Subscriber-admin " . $this->person->getEPPN(); $log_msg .= " has not set any affilitated subscriber in the database."; $log_msg .= " It should be " . $this->person->getSubscriber()->getOrgName(); $log_msg .= ", but is NULL. Please update the database."; } else { $error_msg .= "For some reason, the subscriber (" . $this->person->getSubscriber()->getOrgName() . ") "; $error_msg .= "is not properly configured in the database. "; $error_msg .= "The exact reason is unknown. Please contact operational support."; $log_msg .= "Subscriber " . $this->person->getSubscriber()->getOrgName(); $log_msg .= " is not properly configured in the database."; } $error_msg .= "<br /><br />\nThis event has been logged, please contact operational support (provide the error-code) "; $error_msg .= "to resolve this issue."; Framework::error_output($error_msg); Logger::log_event(LOG_ALERT, $log_msg); return false; case 1: $admin_id = $res[0]['admin_id']; $nren_id = $res[0]['nren']; $subscriber_id = $res[0]['subscriber']; break; default: /* FIXME: DB-inconsistency */ $error_code = strtoupper(PW::create(8)); $error_msg = "[error_code: {$error_code}] multiple instances of admin ("; $error_msg .= $this->person->getEPPN() . ") found in the database."; $log_msg = "[{$error_code}] multiple hits (" . count($res) . ")on "; $log_msg .= $this->person->getEPPN() . " in admins-table."; Framework::error_output($error_msg); Logger::log_event(LOG_ALERT, $log_msg); return false; } } catch (Exception $e) { Framework::error_output(hmtlentities($e->getMessage())); /* FIXME, add proper exception handling */ return false; } try { if (!isset($comment) || $comment == "") { $comment = " "; } $update = "INSERT INTO robot_certs (subscriber_id, uploaded_by, uploaded_date, valid_until, cert, fingerprint, serial, comment)"; $update .= " VALUES(?, ?, current_timestamp(), ?, ?, ?, ?, ?)"; $params = array('text', 'text', 'text', 'text', 'text', 'text', 'text'); $data = array($subscriber_id, $admin_id, $cert->getEndDate(), $cert->getPEMContent(), $cert->getFingerprint(), $cert->getSerial(), $comment); MDB2Wrapper::update($update, $params, $data); Logger::log_event(LOG_INFO, "[RI] Added new certificate (" . $cert->getSerial() . ") for subscriber " . $this->person->getSubscriber()->getOrgName() . " associated with admin " . $this->person->getEPPN()); } catch (Exception $e) { /* FIXME */ Framework::error_output("Couldn't update robot_certs, server said:<br />\n" . htmlentities($e->getMessage())); return false; } Framework::success_output($this->translateTag('l10n_suc_insertcert1', 'robot') . " " . $cert->getSerial() . $this->translateTag('l10n_suc_insertcert2', 'robot')); return true; }
/** * Sign the CSR with the passed authToken. If signing succeeds, the class * member authKey is set to the orderNumber/certHash. If not, an error is * displayer * @param $authToken pubkey hash of the CSR that is to be signed */ private function signCSR($authToken) { $csr = CSR::getFromDB($this->person->getX509ValidCN(), $authToken); if (!isset($csr) || !$csr) { $errorTag = PW::create(); Framework::error_output("[{$errorTag}] Did not find CSR with auth_token " . htmlentities($auth_token)); $msg = "User " . $this->person->getEPPN() . " "; $msg .= "tried to delete CSR with auth_token " . $authToken . " but was unsuccessful"; Logger::logEvent(LOG_NOTICE, "Process_CSR", "approveCSR({$authToken})", $msg, __LINE__, $errorTag); return false; } try { if (!isset($this->ca)) { Framework::error_output($this->translateTag('l10n_err_noca', 'processcsr')); return false; } $permission = $this->person->mayRequestCertificate(); if ($permission->isPermissionGranted() === false) { Framework::error_output($this->translateTag('l10n_err_noperm1', 'processcsr') . "<br /><br />" . $permission->getFormattedReasons() . "<br />" . $this->translateTag('l10n_err_noperm2', 'processcsr')); return; } $this->authKey = $this->ca->signKey($csr); } catch (CGE_ComodoAPIException $capie) { Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentities($capie)); return false; } catch (ConfusaGenException $e) { $msg = $this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br /><i>" . htmlentities($e->getMessage()) . "</i><br />"; Framework::error_output($msg); return false; } catch (KeySigningException $kse) { Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentites($kse->getMessage())); return false; } CSR::deleteFromDB($this->person, $authToken); }
function lakohely_stat() { // adatbázis kapcsolódás require_once '../php/connection.php'; // Rendelések lekérdezése $stid = oci_parse($connect, "SELECT varos, COUNT(varos) FROM lakcim\r\n\t\t\t\t\t\t\t\tGROUP BY varos\r\n\t\t\t\t\t\t\t\tORDER BY COUNT(varos) desc"); if (!$stid) { $e = oci_error($connect); trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR); } // Lekérdezés $r = oci_execute($stid); if (!$r) { $e = oci_error($stid); trigger_error(htmlentites($e['message'], ENT_QUOTES), E_USER_ERROR); } print "<table id='tablazat'>\n"; print "<tr>\n"; print "<th>Lakóhely</th>\n"; print "<th>Felhasználók száma</th>\n"; print "</tr>\n"; while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) { print "<tr>\n"; foreach ($row as $item) { print " <td>" . ($item !== null ? htmlentities(iconv("ISO-8859-1", "UTF-8", $item), ENT_QUOTES) : " ") . "</td>\n"; } print "</tr>\n"; } print "</table>\n"; oci_free_statement($stid); oci_close($connect); }
<?php // adatbázis kapcsolódás require_once '/php/connection.php'; // Rendelések lekérdezése $email = $_SESSION['email']; $stid = oci_parse($connect, "select termek_nev, ar from termek where termek_id = (select termek_id from rendeles_reszletei where rendeles_id = (Select rendeles_id from rendeles\r\n\twhere EMAIL = '" . addslashes($email) . "'))"); if (!$stid) { $e = oci_error($connect); trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR); } // Lekérdezés $r = oci_execute($stid); if (!$r) { $e = oci_error($stid); trigger_error(htmlentites($e['message'], ENT_QUOTES), E_USER_ERROR); } print "<table id='tablazat'>\n"; print "<tr>\n"; print "<th>Termék neve</th>\n"; print "<th>Ára</th>\n"; print "</tr>\n"; while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) { print "<tr>\n"; foreach ($row as $item) { print " <td>" . ($item !== null ? htmlentities(iconv("ISO-8859-1", "UTF-8", $item), ENT_QUOTES) : " ") . "</td>\n"; } print "</tr>\n"; } print "</table>\n"; oci_free_statement($stid);
function search($term) { global $connect; // termékek lekérdezése !!!NEM TRIVIÁLIS LEKÉRDEZÉS!!! $stid = oci_parse($connect, "SELECT termek_id, termek_nev, termek_kep, rovid_leiras, ar, kategoria.kategoria_id, kategoria.kategoria_nev\r\n\t\t\t\t\t\t\t\t\tFROM termek \r\n\t\t\t\t\t\t\t\t\tINNER JOIN kategoria ON termek.kategoria_id=kategoria.kategoria_id \r\n\t\t\t\t\t\t\t\t\tWHERE termek_nev LIKE '%{$term}%' \r\n\t\t\t\t\t\t\t\t\tORDER BY termek.termek_nev"); if (!$stid) { $e = oci_error($connect); trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR); } // Lekérdezés $r = oci_execute($stid); if (!$r) { $e = oci_error($stid); trigger_error(htmlentites($e['message'], ENT_QUOTES), E_USER_ERROR); } while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) { ?> <div class="search-box"> <div class="search-title"> <a href="/netshop/product-profil.php?pid=<?php echo $row['TERMEK_ID']; ?> "><img src="/netshop/<?php echo $row['TERMEK_KEP']; ?> " class="pp-img" alt="<?php echo iconv('ISO-8859-1', 'UTF-8', $row['TERMEK_NEV']); ?> " /></a><br /> <a href="/netshop/product-profil.php?pid=<?php echo $row['TERMEK_ID']; ?> "><?php echo iconv("ISO-8859-1", "UTF-8", $row['TERMEK_NEV']); ?> </a> </div> <div class="search-info"> <div class="search-category"> <a href="/netshop/category_view.php?id=<?php echo $row['KATEGORIA_ID']; ?> "><?php echo $row['KATEGORIA_NEV']; ?> </a> </div> <div class="search-short"> <p><?php echo iconv("ISO-8859-1", "UTF-8", $row['ROVID_LEIRAS']); ?> </p> </div> <div class="search-price"> <?php echo $row['AR']; ?> Ft <a href="php/cart.php?add_id=<?php echo $row['TERMEK_ID']; ?> "><img src="/netshop/img/cart.png" alt="Kosárba tesz!" /></a> </div> </div> <br class="clearfix" /> </div> <?php } oci_free_statement($stid); oci_close($connect); }