function __construct($person)
{
parent::__construct($person);
$this->attributes = array();
$this->idp = "";
$personIndex = 0;
try {
$personIndex = (int) Config::get_config('bypass_id');
} catch (KeyNotFoundException $knfe) {
Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . " bypass_id not set in config. Using default ID.");
}
switch ($personIndex) {
case 0:
$this->attributes = array('cn2' => array('John Doe'), 'eduPersonPrincipalName' => array('*****@*****.**'), 'mail2' => array('*****@*****.**'), 'country' => array('NN'), 'organization' => array('o=Hogwarts, dc=hsww, dc=wiz'), 'nren' => array('testnren'), 'eduPersonEntitlement2' => array('urn:mace:feide.no:sigma.uninett.no:confusa'));
$this->idp = "idp.example.org";
break;
case 1:
$this->attributes = array('cn2' => array('Jane Doe'), 'eduPersonPrincipalName' => array('*****@*****.**'), 'mail2' => array('*****@*****.**', '*****@*****.**', '*****@*****.**'), 'country' => array('NN'), 'organization' => array('o=Barad, dc=Dur'), 'nren' => array('testnren'), 'eduPersonEntitlement2' => array('urn:mace:feide.no:sigma.uninett.no:confusaAdmin', 'urn:mace:feide.no:sigma.uninett.no:confusa'));
$this->idp = "idp.example.org";
break;
case 2:
default:
$this->attributes = array('cn2' => array('Ola Nordmann'), 'eduPersonPrincipalName' => array('*****@*****.**', '*****@*****.**', '*****@*****.**'), 'mail2' => array('*****@*****.**'), 'country' => array('NO'), 'organization' => array('o=Hogwarts, dc=hsww, dc=wiz'), 'nren' => array('testnren'), 'eduPersonEntitlement2' => array('urn:mace:feide.no:sigma.uninett.no:confusa'));
$this->idp = "idp.example.org";
break;
}
}
/**
* Get the version of the currently running Confusa instance.
*
* @return Version in the format major.minor.extra
* @throws ConfusaGenException if the version of Confusa can not be determined
*/
public static function getConfusaVersion()
{
$version_file = file_get_contents(Config::get_config('install_path') . '/VERSION');
$major_v_line_start = strpos($version_file, "MAJOR_VERSION=");
$major_v_line_end = strpos($version_file, "\n", $major_v_line_start);
if ($major_v_line_start === false || $major_v_line_end === false) {
throw new ConfusaGenException("Could not determine the major version of Confusa!" . " Please contact an administrator about that!");
}
$major_v_line_start += 14;
$major_version = substr($version_file, $major_v_line_start, $major_v_line_end - $major_v_line_start);
$minor_v_line_start = strpos($version_file, "MINOR_VERSION=");
$minor_v_line_end = strpos($version_file, "\n", $minor_v_line_start);
if ($minor_v_line_start === false || $minor_v_line_end === false) {
throw new ConfusaGenException("Could not determine the minor version of Confusa!" . " Please contact an administrator about that!");
}
$minor_v_line_start += 14;
$minor_version = substr($version_file, $minor_v_line_start, $minor_v_line_end - $minor_v_line_start);
$extra_v_line_start = strpos($version_file, "EXTRA_VERSION=");
$extra_v_line_end = strpos($version_file, "\n", $extra_v_line_start);
if ($extra_v_line_start === false || $extra_v_line_end === false) {
throw new ConfusaGenException("Could not determine the extra version of Confusa!" . " Please contact an administrator about that!");
}
$extra_v_line_start += 14;
$extra_version = substr($version_file, $extra_v_line_start, $extra_v_line_end - $extra_v_line_start);
$confusaVersion = $major_version . "." . $minor_version . "." . $extra_version;
return $confusaVersion;
}
/**
* sanitize a subscriber org-name (the /O= name in the subject DN).
* This function does not perform any validation whatsoever, it just removes
* characters that are not meant to be in subject-DN org-name.
*
* Update: it was discovered that the CA backend did not eat ',' in the
* orgname too well and needs to be stripped out.
*
* @param $input string an input which is supposed to be a subscriber
* org-name
* @return string the sanitized input string
*/
static function sanitizeOrgName($input)
{
$output = preg_replace('/[^a-z0-9@_\\-\\.\\s]/i', '', $input);
if (Config::get_config('cert_product') == PRD_ESCIENCE) {
/* cannot use ',' and length > 64 */
return substr($output, 0, 64);
}
return $output;
}
public function __construct()
{
$this->tpl = new Smarty();
$this->tpl->template_dir = Config::get_config('install_path') . 'templates';
$this->tpl->compile_dir = ConfusaConstants::$SMARTY_TEMPLATES_C;
$this->tpl->config_dir = Config::get_config('install_path') . 'lib/smarty/configs';
$this->tpl->cache_dir = ConfusaConstants::$SMARTY_CACHE;
$this->logErrors = array();
}
/**
* dumpSession() dump the content of the session to stdout.
*
* This is only available when debug is enabled.
*/
public static function dumpSession()
{
if (Config::get_config('debug')) {
self::testSession();
echo "<pre>\n";
echo "Session name. " . session_name() . "\n";
print_r($_SESSION);
echo "</pre>\n";
}
}
/**
* test_content - test a CSR for deficiencies
*
* This function is to be used when testing uploaded CSRs for flaws and errors.
* It will test for:
* - common text-patterns
* - that the key meets the required key-length
* - that it is a normal CSR (previous point will fail if it is a 'bogus' CSR
* - that the auth_url is derived from the supplied CSR
*/
function test_content($content, $auth_url)
{
$testres = true;
/* check for start */
$start = substr($content, 0, strlen("-----BEGIN CERTIFICATE REQUEST-----"));
$end = substr($content, -(strlen("-----END CERTIFICATE REQUEST-----") + 1), -1);
/* test start and ending of certificate */
if (strcmp("-----BEGIN CERTIFICATE REQUEST-----", $start) !== 0 && strcmp("-----END CERTIFICATE REQUEST-----", $end) !== 0) {
Framework::error_output("malformed CSR. Please upload a proper CSR to the system.");
return false;
}
/* test type. IGTF will soon change the charter to *not* issue DSA
* certificates */
if (get_algorithm($content) !== "rsa") {
Framework::error_output("Will only accept RSA keys!");
return false;
}
/*
* test length of pubkey
*/
$length = Config::get_config('min_key_length');
if (csr_pubkey_length($content) < $length) {
Framework::error_output("Uploaded key is not long enough. Please download a proper keyscript and try again.");
return false;
}
/*
* test CSR to blacklist. It is safe to call exec as we have tested the
* content of the CSR.
*/
$cmd = "echo \"{$content}\" | openssl-vulnkey -";
exec($cmd, $output, $return_val);
switch ($return_val) {
case 0:
/* key is not blacklisted */
break;
case 1:
Framework::error_output("Uploaded CSR is blacklisted!");
return false;
case 127:
Logger::log_event(LOG_ERR, __FILE__ . ":" . __LINE__ . " openssl-vulnkey not installed");
break;
default:
Logger::log_event(LOG_DEBUG, __FILE__ . ":" . __LINE__ . " Unknown return ({$return_val}) value from shell");
break;
}
/*
* test authenticity of auth_url
*/
$hash = pubkey_hash($content, true);
if (substr($hash, 0, ConfusaConstants::$AUTH_KEY_LENGTH) != $auth_url) {
Framework::error_output("Uploaded key ({$hash}) and auth_url ({$auth_url}) does not match");
return false;
}
return true;
}
function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('email_status', $this->person->getNREN()->getEnableEmail());
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('content', $this->tpl->fetch('select_email.tpl'));
}
public function process()
{
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->tpl->assign('cps', ConfusaConstants::$LINK_PERSONAL_CPS);
} else {
$this->tpl->assign('cps', ConfusaConstants::$LINK_ESCIENCE_CPS);
}
Logger::log_event(LOG_INFO, "User acknowledged session: " . CS::getSessionKey('hasAcceptedAUP'));
$this->tpl->assign('aup_session_state', CS::getSessionKey('hasAcceptedAUP'));
$this->tpl->assign('privacy_notice_text', $this->person->getNREN()->getPrivacyNotice($this->person));
$this->tpl->assign('content', $this->tpl->fetch('confirm_aup.tpl'));
}
function show_headers()
{
global $title;
global $extra_header;
echo "<HTML>\n";
echo "<HEAD>\n";
echo "{$extra_header}\n";
echo "<TITLE>" . Config::get_config('system_name') . "{$title}</TITLE>\n";
echo "<LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"confusa.css\">\n";
echo "<LINK REL=\"shortcut icon\" HREF=\"graphics/icon.gif\" TYPE=\"image/gif\"/>\n";
echo "</HEAD>\n";
}
public function pre_process($person)
{
parent::pre_process($person);
$authvar = "";
$csr = null;
if (isset($_POST['signCSR'])) {
$this->signCSR(Input::sanitizeCertKey($_POST['signCSR']));
return;
}
/* Testing for uploaded files */
if (isset($_FILES['user_csr']['name'])) {
try {
$csr = CSRUpload::receiveUploadedCSR('user_csr', true);
} catch (FileException $fileEx) {
$msg = $this->translateTag('l10n_err_csrproc', 'processcsr');
Framework::error_output($msg . $fileEx->getMessage());
$this->csr = null;
return;
}
} else {
if (isset($_POST['user_csr'])) {
try {
$csr = CSRUPload::receivePastedCSR('user_csr');
} catch (ConfusaGenException $cge) {
$msg = $this->translateTag('l10n_err_no_csr', 'processcsr');
Framework::error_output($msg . $cg - e > getMessage());
$this->csr = null;
return;
}
} else {
/* No CSR present, neither paste nor file, kindly bump user */
Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr'));
return;
}
}
if (!$csr->isValid()) {
$msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr');
$msg .= Config::get_config('min_key_length');
$msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr');
Framework::error_output($msg);
$this->csr = null;
return;
}
if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) {
$csr->setUploadedDate(date("Y-m-d H:i:s"));
$csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']);
$csr->storeDB($this->person);
$this->csr = $csr;
}
}
/**
* Get the auth manager based on the request
*
* @param $person The person for which the auth_manager should be created
* @return an instance of Confusa_Auth
*/
public static function getAuthManager($person)
{
if (!isset(AuthHandler::$auth)) {
if (Config::get_config('auth_bypass') === TRUE) {
require_once 'Confusa_Auth_Bypass.php';
AuthHandler::$auth = new Confusa_Auth_Bypass($person);
} else {
/* Start the IdP and create the handler */
require_once 'Confusa_Auth_IdP.php';
AuthHandler::$auth = new Confusa_Auth_IdP($person);
}
}
return AuthHandler::$auth;
}
/**
* Decorate the about::confusa template with the information from the
* VERSION file
*/
private function assignVersionVariables()
{
try {
$confusaVersion = MetaInfo::getConfusaVersion();
} catch (ConfusaGenException $cge) {
Framework::error_output("Could not determine the version of Confusa! " . "Please contact an administrator about that!");
}
$version_path = Config::get_config('install_path') . "VERSION";
$version_file = file_get_contents($version_path);
$this->tpl->assign('cVersion', $confusaVersion);
$cdn_line_start = strpos($version_file, "NAME=");
$cdn_line_end = strpos($version_file, "\n", $cdn_line_start);
if ($cdn_line_start === false || $cdn_line_end === false) {
Framework::error_output("Could not determine the version codename of " . "Confusa! Please contact an administrator about " . "that!");
}
$cdn_line_start += 5;
$versionCodename = substr($version_file, $cdn_line_start, $cdn_line_end - $cdn_line_start);
$this->tpl->assign('cCodename', $versionCodename);
}
public function process()
{
$nren = $this->person->getNREN();
if (isset($nren) && $this->person->isAuth()) {
$helpText = $nren->getHelpText($this->person);
if (isset($helpText)) {
$this->tpl->assign('nren_help_text', $helpText);
} else {
$this->tpl->assign('nren_contact_email', $nren->getContactEmail(true));
}
if (Config::get_config('cert_product') == PRD_ESCIENCE) {
$this->tpl->assign('portal_escience', true);
}
$this->tpl->assign('nren', $nren->getName());
$this->tpl->assign('content', $this->tpl->fetch('help.tpl'));
} else {
$this->tpl->assign('content', $this->tpl->fetch('help.tpl'));
return;
}
}
/**
* Constructor
*
* Note that the person is tied to a OAuth datastore here
*/
function __construct($person = NULL)
{
parent::__construct($person);
/* Find the path to simpelsamlphp and run the autoloader */
try {
$sspdir = Config::get_config('simplesaml_path');
} catch (KeyNotFoundException $knfe) {
echo "Cannot find path to simplesaml. This install is not valid. Aborting.<br />\n";
Logger::log_event(LOG_ALERT, "Trying to instantiate simpleSAMLphp without a configured path.");
exit(0);
}
require_once $sspdir . '/lib/_autoload.php';
SimpleSAML_Configuration::setConfigDir($sspdir . '/config');
$this->oauthStore = new OAuthDataStore_Confusa();
$this->oauthServer = new sspmod_oauth_OAuthServer($this->oauthStore);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$this->oauthServer->add_signature_method($hmac_method);
$req = OAuthRequest::from_request();
list($consumer, $this->accessToken) = $this->oauthServer->verify_request($req);
$this->isAuthenticated = isset($this->accessToken);
}
public function __construct($name)
{
$oConfig = Config::get_config('DB');
$aDatabases = $oConfig->get('databases');
if (!$aDatabases[$name]) {
throw new Exception('Invalid Database');
}
$aParams = $aDatabases[$name];
$sHost = $aParams[0];
if ($aParams[1]) {
$sHost .= ':' . $aParams[1];
}
$this->db = mysql_pconnect($sHost, $aParams[2], $aParams[3]);
$retry = 0;
while (!$this->db && ++$retry < 3) {
_WARN('Could not connect to DB, attempt ' . $retry);
$this->db = mysql_pconnect($sHost, $aParams[2], $aParams[3]);
usleep(500);
}
if (!$this->db) {
throw new Exception('Database connection failed');
}
mysql_select_db($aParams[4]);
}
public function process()
{
if (!$this->person->isNRENAdmin()) {
$errorTag = PW::create();
Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . " tried to access the accountant.", __LINE__, $errorTag);
$this->tpl->assign('reason', "[{$errorTag}] You are not an NREN-admin");
$this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
return;
} else {
if (Config::get_config('ca_mode') != CA_COMODO) {
$errorTag = PW::create();
Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . "tried to access the accountant, " . "even though Confusa is not using the Comodo CA.", __LINE__, $errorTag);
$this->tpl->assign('reason', "[{$errorTag}] Confusa is not using Comodo CA");
$this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
return;
}
}
/* set fields in template */
if (!$this->account->getLoginName()) {
$this->tpl->assign('login_name', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
} else {
$this->tpl->assign('login_name', $this->account->getLoginName());
}
if (!$this->account->getPassword()) {
$this->tpl->assign('password', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
} else {
$this->tpl->assign('password', $this->translateTag('l10n_label_passwhidden', 'accountant'));
}
if (!$this->account->getAPName()) {
$this->tpl->assign('ap_name', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
} else {
$this->tpl->assign('ap_name', $this->account->getAPName());
}
$this->tpl->assign('verify_ca', 'yes');
$this->tpl->assign('content', $this->tpl->fetch('accountant.tpl'));
}
} catch (Exception $e) {
echo $e->getMessage();
exit(0);
}
$name = $parsedXML->getName();
if ($name != "ConfusaRobot") {
echo "Wrong type of XML. Aborting.\n";
exit(0);
}
foreach ($parsedXML as $key => $value) {
switch ($key) {
case 'revocationList':
$res = Robot::parseRevList($value, $admin);
break;
default:
if (Config::get_config('debug')) {
echo "Unknown type ({$key}). Are you sure you are following the DTD?\n";
/* only exit in debug-mode to minimize
* number of log-entries etc.
*
* In prod. we want to parse the entire file.
*/
exit(0);
}
break;
}
}
}
if (!is_null($res)) {
printXMLRes($res, 'revokeList');
}
/**
* Send the mail to the recipient
*
* @return boolean true, if succesful, false otherwise
*/
public function sendMail()
{
if (!Config::get_config('auth_bypass')) {
return $this->mailer->Send();
}
return false;
}
require_once 'confusa_include.php';
require_once 'Config.php';
require_once 'Input.php';
require_once 'confusa_constants.php';
/*
* Get the custom NREN logo from the filesystem and return it as an image
*/
if (isset($_GET['nren'])) {
$nren = Input::sanitize($_GET['nren']);
$position = Input::sanitize($_GET['pos']);
$suffix = Input::sanitize($_GET['suffix']);
$logo_path = Config::get_config('custom_logo') . $nren . '/custom_' . $position . '.';
$logo_path .= $suffix;
} else {
if (isset($_GET['op'])) {
$logo_path = Config::get_config('operator_logo');
$suffix = substr($logo_path, strlen($logo_path) - 3, strlen($logo_path) - 1);
} else {
exit(1);
}
}
/*
* Search if there is one custom.png, custom.jpg or custom.any_other_
* allowed_suffix file in the custom-logo folder.
*
* If there isn't return null
*/
if (file_exists($logo_path)) {
$fp = fopen($logo_path, "r");
$image = fread($fp, filesize($logo_path));
fclose($fp);
private function mailCert($authKey)
{
try {
$cert = $this->ca->getCert($authKey);
if (isset($cert)) {
$mm = new MailManager($this->person, Config::get_config('sys_from_address'), Config::get_config('system_name'), Config::get_config('sys_header_from_address'));
$mm->setSubject($this->translateTag('l10n_mail_subject', 'download'));
$mm->setBody($this->translateTag('l10n_mail_body', 'download'));
$mm->addAttachment($cert, 'usercert.pem');
if (!$mm->sendMail()) {
Framework::error_output($this->translateMessageTag('downl_err_sendmail'));
return false;
}
} else {
return false;
}
} catch (ConfusaGenException $e) {
Framework::error_output($this->translateMessageTag('downl_err_sendmail2') . " " . htmlentities($e->getMessage()));
return false;
}
Framework::success_output($this->translateMessageTag('downl_suc_mail'));
}
/**
* Render the page for a NREN-admin
*/
private function processNRENAdmin()
{
$admins = $this->getNRENAdmins($this->person->getNREN());
try {
/* Get a list of subscribers (as
* Subscriber-objects) */
$subscribers = $this->person->getNREN()->getSubscriberList('name');
} catch (DBQueryException $dbqe) {
Framework::error_output("Cannot retrieve subscriber from database!<br /> " . "Probably wrong syntax for query, ask an admin to investigate." . "Server said: " . htmlentities($dbse->getMessage()));
} catch (DBStatementException $dbse) {
Framework::error_output("Query failed. This probably means that the values passed to the " . "database are wrong. Server said: " . htmlentities($dbqe->getMessage()));
}
$current_subscriber = null;
/* Are we looking at a particular subscriber? */
if (isset($_POST['subscriberID'])) {
$current_subscriber_id = Input::sanitizeID($_POST['subscriberID']);
foreach ($subscribers as $nren_subscriber) {
if ($nren_subscriber->getDBID() == $current_subscriber_id) {
$current_subscriber = $nren_subscriber;
break;
}
}
} else {
if (!is_null($subscribers)) {
$current_subscriber = $subscribers[0];
}
}
if (isset($current_subscriber)) {
$subscriber_admins = $this->getSubscriberAdmins($current_subscriber->getDBID(), SUBSCRIBER_ADMIN);
$this->tpl->assign('subscriber', $current_subscriber);
$this->tpl->assign('subscriber_admins', $subscriber_admins);
}
/* does the NREN-admin have the admin-entitlement (for downgrading)? */
if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin'))) {
$this->tpl->assign('has_adm_entl', true);
} else {
$this->tpl->assign('has_adm_entl', false);
}
$nren = $this->person->getNREN();
$idpList = $nren->getIdPList();
/* append an empty entry to the beginning */
$idpList = array_merge((array) '-', $idpList);
$this->tpl->assign('idps', $idpList);
$this->tpl->assign('nren_admins', $admins);
$this->tpl->assign('nren', $nren);
$this->tpl->assign('subscribers', $subscribers);
}
/**
* Display CSR generation choices. Fail if user has not accepted AUP
* or number of registered e-mail addresses does not match the number
* mandated by the NREN.
* @see Content_Page::process()
*/
function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
$numberRequiredEmails = $this->person->getNREN()->getEnableEmail();
switch ($numberRequiredEmails) {
case 'n':
case '0':
break;
case '1':
case 'm':
$numberEmails = count($this->person->getRegCertEmails());
if ($numberEmails < 1) {
Framework::error_output($this->translateTag('l10n_err_emailmissing', 'processcsr'));
$this->tpl->assign('disable_next_button', true);
}
break;
default:
break;
}
if (isset($_GET['show'])) {
switch ($_GET['show']) {
case 'upload_csr':
/* FIXME: constants */
$this->tpl->assign('nextScript', 'upload_csr.php');
$this->tpl->assign('upload_csr', true);
break;
case 'paste_csr':
$this->tpl->assign('nextScript', 'upload_csr.php');
$this->tpl->assign('paste_csr', true);
break;
default:
$this->tpl->assign('nextScript', 'browser_csr.php');
$this->tpl->assign('browser_csr', true);
break;
}
} else {
$this->tpl->assign('nextScript', 'browser_csr.php');
$this->tpl->assign('browser_csr', true);
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('content', $this->tpl->fetch('receive_csr.tpl'));
}
/**
* Return if this person may request a new certificate. This is dependant
* on a few conditions:
* - person is fully decorated
* - 'confusa' entitlement is set
* - subscriber of the person is in state 'subscribed'
*
* @return permission object containing
* permissionGranted true/false based on whether the permission was granted
* reasons array with reasons for granting/rejecting the permissions
*/
public function mayRequestCertificate()
{
$permission = new Permission();
$permission->setPermission(true);
$translator = new Translator();
$translator->guessBestLanguage($this);
if (empty($this->eppn)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_malfeppn', 'reasons'));
}
if (empty($this->given_name)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_nogivenname', 'reasons'));
}
if (empty($this->email)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_noemailaddr', 'reasons'));
}
if (is_null($this->getNREN()->getCountry()) || $this->getNREN()->getCountry() == "") {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_nocountryname', 'reasons'));
}
$subscriberOrgName = $this->subscriber->getOrgName();
if (empty($subscriberOrgName)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons'));
}
if (Config::get_config('capi_test') && Config::get_config('ca_mode') === CA_COMODO && $subscriberOrgName == ConfusaConstants::$CAPI_TEST_O_PREFIX) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons'));
}
if (empty($this->entitlement) || !$this->testEntitlementAttribute(Config::get_config('entitlement_user'))) {
$permission->setPermission(false);
$permission->addReason(Config::get_config('entitlement_user') . " " . $translator->getTextForTag('l10n_reas_noentitlement', 'reasons'));
}
$query = "SELECT org_state FROM subscribers WHERE name=?";
/* Bubble up exceptions */
$res = MDB2Wrapper::execute($query, array('text'), array($this->subscriber->getIdPName()));
if (count($res) == 0) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_instunkn1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instunkn2', 'reasons'));
return $permission;
} else {
if (count($res) > 1) {
throw new CGE_AuthException("More than one DB-entry with same subscriberOrgName " . $this->subscriber->getOrgName());
}
}
if ($res[0]['org_state'] !== 'subscribed') {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_instnsubscr1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instnsubscr2', 'reasons'));
}
return $permission;
}
/**
* updateFromDB() update the current subscriber-object with fresh data
* from the database.
*
* @param void
* @return Boolean true on sucess.
* @access private
*/
private function updateFromDB()
{
if ($this->pendingChanges) {
/* WARNING, we may get corrupted data
* Should never be here, but even so?
*
* FIXME: decide: error-handling, or ignore?
*/
if (Config::get_config('debug')) {
echo __CLASS__ . "::" . __FUNCTION__ . " Warning! updating values from DB while " . "there are uncommited messages in Subscriber";
}
}
$query = "SELECT * FROM subscribers WHERE name=:subscriber_name AND nren_id=:nren_id";
$data = array();
$data['subscriber_name'] = $this->idp_name;
$data['nren_id'] = $this->nren->getID();
try {
$res = MDB2Wrapper::execute($query, null, $data);
if (count($res) != 1) {
return false;
}
} catch (DBStatementException $dbse) {
$msg = "Cannot connect properly to database, some internal error. ";
$msg .= "Make sure the DB is configured correctly.";
throw new ConfusaGenException($msg);
} catch (DBQueryException $dbqe) {
$msg = "Cannot connect properly to database, ";
$msg .= "errors with supplied data.";
throw new ConfusaGenException($msg);
}
/* Update all subscriber-data */
$this->setDBID($res[0]['subscriber_id']);
$this->setEmail($res[0]['subscr_email'], false);
$this->setPhone($res[0]['subscr_phone'], false);
$this->setRespName($res[0]['subscr_resp_name'], false);
$this->setRespEmail($res[0]['subscr_resp_email'], false);
$this->setOrgName($res[0]['dn_name']);
$this->setState($res[0]['org_state'], false);
$this->setComment($res[0]['subscr_comment'], false);
$this->setLanguage($res[0]['lang'], false);
$this->setHelpURL($res[0]['subscr_help_url'], false);
$this->setHelpEmail($res[0]['subscr_help_email'], false);
return true;
}
public function pre_process($person)
{
parent::pre_process($person);
/* If user is not subscriber- or nren-admin, we stop here */
if (!$this->person->isNRENAdmin()) {
return false;
}
/* are we running in grid-mode? We must check this before we do
* any other processing */
if (Config::get_config('cert_product') == PRD_ESCIENCE) {
$this->tpl->assign('confusa_grid_restrictions', true);
} else {
$this->tpl->assign('confusa_grid_restrictions', false);
}
/* if the function exists due to failed field validation, it should
* display all affected fiels. Everything else is very annoying for
* the user.
*/
$this->validationErrors = false;
/* handle nren-flags */
if (isset($_POST['subscriber'])) {
if (isset($_POST['id'])) {
$id = Input::sanitizeID($_POST['id']);
}
if (isset($_POST['state'])) {
$state = Input::sanitizeOrgState($_POST['state']);
}
if (isset($_POST['db_name'])) {
$db_name_trim = trim($_POST['db_name']);
$this->form_data['db_name'] = htmlentities($db_name_trim);
if ($this->form_data['db_name'] != $db_name_trim) {
$this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm');
$this->form_data['db_name'] = "";
$this->form_data['db_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* db_name */
if (isset($_POST['dn_name'])) {
$dn_name_trim = trim($_POST['dn_name']);
/* personal certificates may have UTF-8 chars in the DN */
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim);
} else {
$this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim);
}
/* warn user if characters got sanitized away */
if ($this->form_data['dn_name'] != $dn_name_trim) {
$this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname');
$this->form_data['dn_name'] = "";
$this->form_data['dn_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* dn_name */
if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") {
$subscr_email_trim = trim($_POST['subscr_email']);
$this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim);
if ($this->form_data['subscr_email'] != $subscr_email_trim) {
$this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail');
$this->form_data['subscr_email'] = "";
$this->form_data['subscr_email_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_email */
if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") {
$subscr_phone_trim = trim($_POST['subscr_phone']);
$this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim);
if ($this->form_data['subscr_phone'] != $subscr_phone_trim) {
$this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone');
$this->form_data['subscr_phone'] = "";
$this->form_data['subscr_phone_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_phone */
if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") {
$subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']);
$this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim);
if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) {
$this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers');
$this->form_data['subscr_responsible_name'] = "";
$this->form_data['subscr_responsible_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_responsible_name */
if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") {
$subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']);
$this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim);
if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) {
$this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail');
$this->validationErrors = true;
}
}
/* subscr_responsible_email */
if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") {
$this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment']));
}
if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") {
$subscr_help_url_trim = trim($_POST['subscr_help_url']);
$this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim);
if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) {
$this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl');
$this->form_data['subscr_help_url'] = "";
$this->form_data['subscr_help_url_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_help_url */
if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") {
$subscr_help_email_trim = trim($_POST['subscr_help_email']);
$this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim);
if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) {
$this->form_data['subscr_help_email'] = "";
$this->form_data['subscr_help_email_invalid'] = true;
$this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail');
$this->validationErrors = true;
}
}
/* subscr_help_email */
/* don't continue, if data was stripped due to the field
* sanitation */
if ($this->validationErrors) {
return;
}
switch (htmlentities($_POST['subscriber'])) {
case 'edit':
$subscriber = null;
if ($this->person->getSubscriber()->hasDBID($id)) {
$subscriber = $this->person->getSubscriber();
} else {
/* Other subscruber than user's
* subscriber, must create new object
* from DB */
$subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
}
if (!is_null($subscriber)) {
/* subscriber will clean input */
$update = $subscriber->setState($state);
$update |= $subscriber->setEmail($this->form_data['subscr_email']);
$update |= $subscriber->setPhone($this->form_data['subscr_phone']);
$update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
$update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
$update |= $subscriber->setComment($this->form_data['subscr_comment']);
$update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
$update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
if ($update) {
if (!$subscriber->save(true)) {
Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin'));
} else {
Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin'));
}
}
/* show info-list for subscriber */
$this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo());
$this->tpl->assign('subscriber_details', true);
$this->tpl->assign('subscriber_detail_id', $id);
}
break;
case 'editState':
$subscriber = null;
if ($this->person->getSubscriber()->hasDBID($id)) {
$subscriber = $this->person->getSubscriber();
} else {
$subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
}
if (!is_null($subscriber)) {
if ($subscriber->setState($state)) {
if (!$subscriber->save(true)) {
Framework::error_output("Could not update state of subscriber. Is the database-layer broken?");
Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin"));
}
}
}
break;
case 'info':
$this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo());
$this->tpl->assign('subscriber_details', true);
$this->tpl->assign('subscriber_detail_id', $id);
break;
case 'add':
if (!isset($this->form_data['db_name'])) {
break;
}
$inheritUIDAttr = isset($_POST['inherit_uid_attr']);
$subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN());
if ($subscriber->isValid()) {
Framework::error_output("Cannot create new, already existing.");
break;
}
$update = $subscriber->setState($state);
$update |= $subscriber->setOrgName($this->form_data['dn_name']);
$update |= $subscriber->setEmail($this->form_data['subscr_email']);
$update |= $subscriber->setPhone($this->form_data['subscr_phone']);
$update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
$update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
$update |= $subscriber->setComment($this->form_data['subscr_comment']);
$update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
$update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
if ($update && $subscriber->create()) {
Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin'));
}
if (!$inheritUIDAttr) {
$nren = $this->person->getNREN();
$nrenMap = $nren->getMap();
$uidAttr = Input::sanitizeAlpha($_POST['uid_attr']);
$subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']);
}
break;
case 'delete':
$this->delSubscriber($id);
break;
}
}
/* isset($_POST['subscriber'] */
}
/**
* downloadArchive() pack the RI-library in a zip-file and present it as
* a file to download.
*
* @param : void
* @return : Boolean True if no errors were encountered.
*/
private function downloadArchive()
{
require_once 'file_download.php';
$confusa_client = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/Confusa_Client.py");
$parser = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/Parser.py");
$https_client = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/HTTPSClient.py");
$timeout = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/Timeout.py");
$readme = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/README");
$license = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/LICENSE");
$gplv3 = file_get_contents(Config::get_config('install_path') . "/COPYING");
$init = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/__init__.py");
$zip = new ZipArchive();
$name = tempnam($ZIP_CACHE, "XML_Cli_");
$zip->open($name, ZipArchive::OVERWRITE);
$zip->addFromString("XML_Client/Confusa_Client.py", $confusa_client);
$zip->addFromString("XML_Client/Parser.py", $parser);
$zip->addFromString("XML_Client/HTTPSClient.py", $https_client);
$zip->addFromString("XML_Client/Timeout.py", $timeout);
$zip->addFromString("XML_Client/README", $readme);
$zip->addFromString("XML_Client/LICENSE", $license);
$zip->addFromString("XML_Client/COPYING", $gplv3);
$zip->addFromString("XML_Client/__init__.py", $init);
if ($zip->numFiles != 8) {
Logger::log_event(LOG_NOTICE, " Could not add all RI-library files to ZIP-archive.");
Framework::error_output("Error creating archive. Cannot send");
return False;
}
if ($zip->close()) {
$contents = file_get_contents($name);
download_zip($contents, "XML_Client.zip");
}
unlink($name);
Logger::log_event(LOG_NOTICE, "Sending XML_Client.zip to " . $this->person->getEPPN());
return True;
}
$pass = $_POST["pass"];
$situacao_tempo;
// recebe o tempo de atraso ou de adiantamento
$func = new Funcionario();
$funcAux = new Funcionario();
$atrasado = false;
// se esta ou não atrasado
$adiantado = false;
// se esta ou não adiantado
$tipo;
if ($func->verifica_func($cpf, $pass)) {
// verificando se senha e usuario correspondem
// echo "<script>alert('verificou');</script>";
$funcAux = $func->get_func_cpf($cpf);
$config = new Config();
$TEMP_LIMIT_ATRASO = $config->get_config("temp_limit_atraso", $funcAux->id_empresa);
// tempo limite de atraso ou adiantamento aceito
echo "<script>alert('{$TEMP_LIMIT_ATRASO}');</script>";
$id = $funcAux->id;
//verificar horarios
$turno = new Turno();
//instanciando um novo turno
$turno = $turno->getTurnoById($funcAux->id_turno);
$horarios = new Horarios();
date_default_timezone_set('America/Sao_Paulo');
$hora = date("H:i:s");
$data = date("Y-m-d");
/*
1 = iniciou o expediente
2 = saiu pro almoco
<?php
require_once 'confusa_include.php';
require_once 'Config.php';
require_once 'Input.php';
$nren = Input::sanitizeNRENName($_GET['nren']);
$css_path = Config::get_config('custom_css') . $nren . '/custom.css';
header("Content-type: text/css");
if (file_exists($css_path)) {
$fp = fopen($css_path, "r");
$css = fread($fp, filesize($css_path));
fclose($fp);
echo $css;
} else {
echo "";
}
/**
* Return a textual and user-understandable message for common remote-API
* errors.
*
* @param $errorCode int a usually 2-3 digits long error code returned by the Comodo API
* @return string a verbose message corresponding to the error code
*/
private function capiErrorMessage($errorCode, $errorMessage)
{
$msg = "";
switch ($errorCode) {
case "-3":
case "-4":
if (strpos($errorMessage, "loginPassword") !== FALSE || strpos($errorMessage, "loginName") !== FALSE || strpos($errorMessage, "ap") !== FALSE) {
$msg .= "<br /><br />Probably this error message means that something is wrong ";
$msg .= "with the credentials with which Confusa connects to the remote CA.";
$msg .= " The credentials are defined per NREN, ";
$msg .= "in your case for " . $this->person->getNREN() . ".";
$msg .= " Please ask an administrator to configure this properly.";
}
break;
case "-16":
$msg .= "<br /><br />Probably this error message means that something is wrong ";
$msg .= "with the credentials with which Confusa connects to the remote CA.";
$msg .= " The credentials are defined per NREN, ";
$msg .= "in your case for " . $this->person->getNREN() . ".";
$msg .= " Please ask an administrator to configure this properly.";
break;
case "-13":
$msg .= "<br /><br />You created a certificate with a non-standard keysize! Please ";
$msg .= "create your certificate requests with a keysize of " . Config::get_config('default_key_length');
$msg .= " bits!";
break;
case "-20":
$msg .= "<br /><br />Your certificate request has been rejected, either by mistake ";
$msg .= "or because you are not entitled to get certificates. Please contact an ";
$msg .= "administrator.";
break;
case "-21":
$msg .= "<br /><br />The certificate has been revoked, either by yourself or an ";
$msg .= "administrator. You can not use it anymore and you should not download it ";
$msg .= "anymore!";
break;
}
return $msg;
}
// $row = mysql_fetch_array($result, MYSQL_ASSOC);
// $text = $_POST['obs'];
// $id_hor = $row['id'];
// $query = "UPDATE horarios SET observacao_funcionario = '%s' WHERE id = '%s'";
// $g->tratar_query($query, $text, $id_hor);
// $sql->close_conn($conn);
echo "<script>habilita()</script>";
// habilita o botão enviar
echo '<script> enabledYes();</script>';
}
?>
<?php
$config = new Config();
$TEMP_LIMIT_ATRASO = $config->get_config("temp_limit_atraso");
// tempo limite de atraso ou adiantamento aceito
// $INTERVALO_MIN = 10;// tempo minimo entre um registro e outro
if (isset($_POST['cpf']) && isset($_POST['pass'])) {
// echo "<script>desabilita()</script>";// desabilita o botão enviar para não ser possivel clicar duas vezes
$cpf = $_POST["cpf"];
// $id = $_POST["cpf"];
$pass = $_POST["pass"];
$situacao_tempo;
// recebe o tempo de atraso ou de adiantamento
$func = new Funcionario();
$funcAux = new Funcionario();
$atrasado = false;
// se esta ou não atrasado
$adiantado = false;
// se esta ou não adiantado
