/**
* The function shows edit form and saves data on submit.
*
* @access private
* @param object $Page The Content Page object.
* @return string The HTML code.
*/
protected function initForm(Content_Page $Page)
{
if (isset($_POST['submit'])) {
$Page->setPost($_POST);
$fields = Error::test($Page);
if (count($fields)) {
$this->getView()->set('Error', 'Неверно заполены поля: ' . implode(', ', $fields));
} else {
if ($Page->save()) {
if ($Page->Module && $Page->Link) {
Router::attachPage($Page);
} else {
Router::detachPage($Page);
}
return $this->halt('', true);
} else {
$this->getView()->set('Error', 'Ошибка записи данных: ' . $Page->getError() . "\n" . Database::getInstance()->getLastQuery());
}
}
}
$Document = new Document();
$this->getView()->set('Documents', $Document->findList(array(), 'Position asc'));
$this->getView()->set('Page', $Page);
return $this->getView()->render();
}
public function __construct()
{
parent::__construct();
date_default_timezone_set('America/Los_Angeles');
$this->load->library('session');
$tables = $this->db->list_tables();
if (count($tables) != BLOGSITE_NUM_TABLES && $this->uri->uri_string() != 'home/install') {
redirect('home/install');
}
if ($this->uri->uri_string() != 'home/install') {
$this->load->model('Content_Page');
$header_title = new Content_Page();
$header_title->load_where(array('name' => 'header_title'));
$header_name = new Content_Page();
$header_name->load_where(array('name' => 'header_name'));
if (strpos($this->uri->uri_string(), 'admin') === false) {
$social_links = $this->Content_Page->get_like(array('name' => '_link'));
$header_email = new Content_page();
$header_email->load_where(array('name' => 'header_email'));
$header_about = new Content_Page();
$header_about->load_where(array('name' => 'header_about'));
$content_pages = $this->Content_Page->get_like(array('name' => '_menucontent'));
$this->load->view('header', array('header_title' => $header_title->body, 'header_name' => $header_name->body, 'social_links' => $social_links, 'header_email' => $header_email->body, 'header_about' => $header_about->body, 'content_pages' => $content_pages));
} else {
$admin_about = new Content_Page();
$admin_about->load_where(array('name' => 'admin_about'));
$this->load->view('admin/header', array('header_title' => $header_title->body, 'header_name' => $header_name->body, 'admin_about' => $admin_about->body));
}
} else {
$this->load->view('header', array('header_name' => 'BlogSite Install'));
}
}
public static function sitemap()
{
$xml = new SimpleXMLElement('<urlset />');
$xml->addAttribute('xmlns', 'http://www.sitemaps.org/schemas/sitemap/0.9');
$_GET = array();
URL::absolute(true);
$links = array();
$Page = new Content_Page();
foreach ($Page->findShortList(array('IsEnabled = 1', 'Link <> '), 'Position asc') as $Page) {
if (!in_array($Page->Link, $links)) {
$links[] = $Page->Link;
foreach ($Page->getController()->getSitemapNode() as $link) {
$node = $xml->addChild('url');
$node->addChild('loc', $link);
}
}
}
$xml = $xml->asXML();
$xml = str_replace('<?xml version="1.0"?>', '<?xml version="1.0" encoding="UTF-8"?>', $xml);
$dom = new DOMDocument('1.0');
$dom->preserveWhiteSpace = false;
$dom->formatOutput = true;
$dom->loadXML($xml);
$xml = $dom->saveXML();
file_put_contents(FILES_DIR . '/sitemap.xml', $xml);
}
/**
* The function initializes pages array.
*
* @static
* @access private
*/
private static function init()
{
if (self::$pages === null) {
self::$pages = array();
$Page = new Content_Page();
foreach ($Page->findResult('Id, Name, Title, Link, Description, Articles, Documents, Posts') as $Page) {
self::$pages[$Page->Id] = $Page;
}
}
}
public function check()
{
if ($this->Type == self::PRODUCT) {
$Page = new Content_Page();
$this->Conflict = $Page->findSize(array('Link = /' . $this->Link)) > 0;
} else {
if ($this->Type == self::PAGE) {
$Product = new Product();
$this->Conflict = $Product->findSize(array('Slug = ' . ltrim($this->Link, '/'))) > 0;
}
}
}
public function archive($page = 0)
{
$this->load->model('Content_Page');
$top = new Content_Page();
$top->load_where(array('name' => 'blog_main'));
$total = $this->db->count_all('blog_posts');
$total_pages = ceil($total / BLOG_POSTS_PER_PAGE);
$offset = $page * BLOG_POSTS_PER_PAGE;
$blogs = $this->Blog_Post->get(BLOG_POSTS_PER_PAGE, $offset, "desc");
$this->load->view('blog/view', array('top' => $top->body, 'blogs' => $blogs, 'page' => $page, 'total' => $total, 'total_pages' => $total_pages));
$this->load->view('footer');
}
public function page($name = '')
{
$page = new Content_Page();
$page->load_where(array('name' => $name . '_menucontent'));
if (!$page->body) {
$page->load_where(array('name' => $name . '_content'));
}
if (!$page->body) {
show_404();
} else {
$this->load->view('home', array('page' => $page->body));
}
$this->load->view('footer');
}
/**
* Redirect user immediately to receive_csr step if number e-mail
* addresses is zero or both configured and available addresses equal
* 1. Otherwise, display mail selection form.
* @see Content_Page::pre_process()
*/
function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
$this->person->clearRegCertEmails();
$emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail();
$registeredPersonMails = $this->person->getNumEmails();
$redirect = "receive_csr.php" . "?skipped_email=yes";
$redirect .= "&anticsrf=" . Framework::getAntiCSRF();
switch ($emailsDesiredByNREN) {
case '0':
header("Location: {$redirect}");
exit(0);
break;
case '1':
case 'm':
if ($registeredPersonMails == 1) {
$this->person->regCertEmail($this->person->getEmail());
$this->person->storeRegCertEmails();
header("Location: {$redirect}");
exit(0);
}
break;
}
}
function pre_process($person)
{
parent::pre_process($person);
/* can be received when pressing "Back" on the CSR-signing overview */
if (isset($_POST['deleteCSR'])) {
$authToken = Input::sanitizeCertKey($_POST['deleteCSR']);
CSR::deleteFromDB($person, $authToken);
return;
}
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
$emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail();
$registeredPersonMails = $this->person->getNumEmails();
/** e-mail selection was skipped */
if (isset($_GET['skipped_email']) && $_GET['skipped_email'] == 'yes') {
$this->tpl->assign('skippedEmail', true);
if (($emailsDesiredByNREN == '1' || $emailsDesiredByNREN == 'm') && $registeredPersonMails == 1) {
$this->person->regCertEmail($this->person->getEmail());
$this->person->storeRegCertEmails();
}
} else {
if (isset($_POST['subjAltName_email']) && is_array($_POST['subjAltName_email'])) {
foreach ($_POST['subjAltName_email'] as $key => $value) {
Logger::logEvent(LOG_INFO, "CP_Select_Email", "pre_process()", "User " . $this->person->getEPPN() . ", registering " . "the following e-mail: " . $value);
$this->person->regCertEmail(Input::sanitizeText($value));
}
$this->person->storeRegCertEmails();
}
}
}
public function pre_process($person)
{
parent::pre_process($person);
if (!is_null($person)) {
AuthHandler::getAuthManager($this->person)->deAuthenticate(basename($_SERVER['SCRIPT_NAME']));
}
}
public function pre_process($person)
{
parent::pre_process($person);
$auth = AuthHandler::getAuthManager($this->person);
$this->discoPath = $auth->getDiscoPath();
/*
* Handle country AuthN redirect. Both can redirect, if they don't, show
* the map.
*/
$nren = NREN_Handler::getNREN($_SERVER['SERVER_NAME']);
if (!empty($nren)) {
$this->redirectToWAYF($nren);
$this->forwardToDisco($nren);
}
/* if not redirected, continue */
if (array_key_exists('country', $_GET)) {
$this->selected_country = htmlentities($_GET['country']);
$nren = NREN_Handler::getNREN($url, 1);
echo "redirecting to idp-part for " . $this->selected_country . ", stopping rendering of this page now\n";
exit(0);
}
/* textual view? */
if (array_key_exists('textual_view', $_GET)) {
if ($_GET['textual_view'] === "yes") {
$this->mapMode = false;
}
} else {
/* ok, show map */
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js', 'js/jquery-jvectormap-1.1.1.min.js', 'js/jquery-jvectormap-europe-mill-en.js'));
}
}
function pre_process($person)
{
$res = false;
parent::pre_process($person);
if (!$this->person->isSubscriberAdmin()) {
Framework::error_output("You are not authorized to view this page");
return false;
}
$this->person->setMode(ADMIN_MODE);
/* Set flags to default-values */
$this->tpl->assign('cert_info', false);
if (isset($_POST['robot_action'])) {
$action = Input::sanitize($_POST['robot_action']);
$comment = Input::sanitize($_POST['comment']);
switch ($action) {
case 'paste_new':
if (isset($_POST['cert']) && $_POST['cert'] != "") {
$cert = Input::sanitizeBase64($_POST['cert']);
$res = $this->insertCertificate($cert, $comment);
}
break;
case 'upload_new':
$res = $this->handleFileCertificate($comment);
break;
default:
Framework::error_output("Unknown robot-action (" . htmlentities($action) . ").");
$res = false;
}
} else {
if (isset($_GET['robot_action'])) {
$action = Input::sanitize($_GET['robot_action']);
$serial = Input::sanitize($_GET['serial']);
if (!isset($serial) || $serial == "") {
$res = false;
}
switch ($action) {
case 'delete':
$res = $this->deleteCertificate($serial);
break;
case 'info':
$this->tpl->assign('cert_info', true);
$this->tpl->assign('cert_info_serial', $serial);
break;
case 'download_archive':
if ($this->person->isAdmin()) {
if ($this->downloadArchive()) {
exit(0);
}
}
break;
default:
Framework::error_output("Unknown action");
$res = false;
}
}
}
return $res;
}
public function pre_process($person)
{
parent::pre_process($person);
$res = false;
if ($this->person->isAuth()) {
if (isset($_GET['file_cert'])) {
$authKey = Input::sanitizeCertKey($_GET['file_cert']);
try {
$cert = $this->ca->getCert($authKey);
if (isset($cert) && $cert->isValid()) {
include 'file_download.php';
download_file($cert->getPEMContent(), 'usercert.pem');
exit(0);
}
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateMessageTag('downl_err_nodownload') . " " . htmlentities($cge->getMessage()));
}
} else {
if (isset($_GET['cert_status'])) {
$this->pollCertStatusAJAX(Input::sanitizeCertKey($_GET['cert_status']));
} else {
if (isset($_GET['certlist_all'])) {
$this->showAll = $_GET['certlist_all'] == "true";
} else {
if (isset($_GET['revoke']) && $_GET['revoke'] == 'revoke_single') {
$order_number = Input::sanitizeCertKey($_GET['order_number']);
/* sanitized by checking inclusion in the REVOCATION_REASONS
* array
*/
if (!array_key_exists('reason', $_GET)) {
Framework::error_output($this->translateMessageTag('rev_err_singlenoreason'));
return;
}
$reason = Input::sanitizeText(trim($_GET['reason']));
try {
if (!isset($order_number) || !isset($reason)) {
Framework::error_output("Revoke Certificate: Errors with parameters, not set properly");
} elseif (!$this->checkRevocationPermissions($order_number)) {
Framework::error_output($this->translateMessageTag('rev_err_singlenoperm'));
} elseif (!$this->ca->revokeCert($order_number, $reason)) {
Framework::error_output($this->translateMessageTag('rev_err_notyet1') . htmlentities($order_number) . $this->translateMessageTag('rev_err_notyet2') . htmlentities($reason));
} else {
Framework::message_output($this->translateMessageTag('rev_suc_single1') . htmlentities($order_number) . $this->translateMessageTag('rev_suc_single2'));
if (Config::get_config('ca_mode') === CA_COMODO && Config::get_config('capi_test') === true) {
Framework::message_output($this->translateTag('l10n_msg_revsim1', 'revocation'));
}
}
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateMessageTag('rev_err_singleunspec') . " " . htmlentities($cge->getMessage()));
}
}
}
}
}
}
return false;
}
public function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
/* need to confirm AUP only once per session */
if (isset($_POST['aup_box']) && $_POST['aup_box'] == "user_agreed") {
CS::setSessionKey('hasAcceptedAUP', true);
header("Location: select_email.php");
}
}
public function pre_process($person)
{
if (!$person->isNRENAdmin()) {
return false;
}
/* Need to do this /before/ pre-process to change page when we switch
* to/from maint-mode */
$this->setPerson($person);
$this->handleMaintMode();
parent::pre_process($person);
$this->handleMaintText();
}
public function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
if (isset($_GET['status_poll'])) {
$order_number = Input::sanitizeCertKey($_GET['status_poll']);
/* assign the order_number again */
$this->tpl->assign('order_number', $order_number);
$this->tpl->assign('status_poll', true);
$anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']);
$this->tpl->assign('ganticsrf', $anticsrf);
if ($this->ca->pollCertStatus($order_number)) {
/* redirect to certificate download area */
CS::setSessionKey("browserCert", $order_number);
header("Location: download_certificate.php");
}
}
/* when the key has been generated in the browser and the
* resulting CSR has been uploaded to the server, we end up
* here.
*/
if (isset($_POST['browserRequest'])) {
$ua = Output::getUserAgent();
switch ($ua) {
case "opera":
case "safari":
case "mozilla":
case "chrome":
$csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest'])));
break;
case "msie_pre_vista":
case "msie_post_vista":
$csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX;
$csr = new CSR_PKCS10($csrContent);
break;
}
if (!empty($csr) && $csr->isValid()) {
try {
$order_number = $this->signCSR($csr);
$this->tpl->assign('order_number', $order_number);
} catch (KeySignException $kse) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage());
Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: "******"CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__);
}
}
}
public function pre_process($person)
{
parent::pre_process($person);
$authvar = "";
$csr = null;
if (isset($_POST['signCSR'])) {
$this->signCSR(Input::sanitizeCertKey($_POST['signCSR']));
return;
}
/* Testing for uploaded files */
if (isset($_FILES['user_csr']['name'])) {
try {
$csr = CSRUpload::receiveUploadedCSR('user_csr', true);
} catch (FileException $fileEx) {
$msg = $this->translateTag('l10n_err_csrproc', 'processcsr');
Framework::error_output($msg . $fileEx->getMessage());
$this->csr = null;
return;
}
} else {
if (isset($_POST['user_csr'])) {
try {
$csr = CSRUPload::receivePastedCSR('user_csr');
} catch (ConfusaGenException $cge) {
$msg = $this->translateTag('l10n_err_no_csr', 'processcsr');
Framework::error_output($msg . $cg - e > getMessage());
$this->csr = null;
return;
}
} else {
/* No CSR present, neither paste nor file, kindly bump user */
Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr'));
return;
}
}
if (!$csr->isValid()) {
$msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr');
$msg .= Config::get_config('min_key_length');
$msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr');
Framework::error_output($msg);
$this->csr = null;
return;
}
if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) {
$csr->setUploadedDate(date("Y-m-d H:i:s"));
$csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']);
$csr->storeDB($this->person);
$this->csr = $csr;
}
}
public function pre_process($person)
{
parent::pre_process($person);
$script = file_get_contents('../include/fetch_attr.js');
$this->tpl->assign('rawScript', $script);
if (!$person->isNRENAdmin() && !$person->isSubscriberAdmin()) {
return;
}
if (isset($_POST['attributes_operation'])) {
switch ($_POST['attributes_operation']) {
case 'update_map':
$cn = Input::sanitizeText($_POST['cn']);
$mail = Input::sanitizeText($_POST['mail']);
/* only NREN-admin can change the mapping for
* - organization-identifier
* - entitlement
*/
if ($this->person->isNRENAdmin()) {
$epodn = Input::sanitizeText($_POST['epodn']);
$entitlement = Input::sanitizeText($_POST['entitlement']);
if ($this->person->getNREN()->saveMap($this->person->getEPPNKey(), $epodn, $cn, $mail, $entitlement)) {
Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes'));
}
} else {
if ($this->person->isSubscriberAdmin()) {
try {
$result = $this->person->getSubscriber()->saveMap($this->person->getEPPNKey(), $cn, $mail);
} catch (DBQueryException $dbqe) {
Framework::error_output($this->translateTag('l10n_err_updmap1', 'attributes') . "<br />" . $this->translateTag('l10n_label_cn', 'attributes') . ": " . htmlentities($cn) . "<br />" . $this->translateTag('l10n_label_mail', 'attributes') . ": " . htmlentities($mail) . "<br />" . $this->translateMessageTag('err_servsaid') . " " . htmlentities($dbqe->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbqe->getMessage());
} catch (DBStatementException $dbse) {
Framework::error_output("Could not update the subscriber-mapping, probably due to a " . "problem with the server-configuration. Server said: " . htmlentities($dbse->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbse->getMessage());
}
if ($result === true) {
Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes'));
}
}
}
break;
default:
Framework::error_output("Unknown operation chosen on attributes mask!");
break;
}
}
}
/**
* pre_process - if the user chose revocation action, forward here there
* before rendering anything on the page
*/
public function pre_process($person)
{
parent::pre_process($person);
if (isset($_POST['reason'])) {
if (array_search(trim($_POST['reason']), ConfusaConstants::$REVOCATION_REASONS) === false) {
Framework::error_output($this->translateMessageTag('rev_err_unknreason'));
return;
}
}
if (isset($_POST['revoke_operation'])) {
$reason = null;
if (array_key_exists('reason', $_POST)) {
$reason = Input::sanitizeText(trim($_POST['reason']));
}
switch ($_POST['revoke_operation']) {
case 'revoke_by_cn':
if (is_null($reason)) {
Framework::error_output($this->translateTag('l10n_msg_revneedreas1', 'revocation'));
return;
}
try {
/**
* POST['reason'] sanitized by checking inclusion in the
* REVOCATION_REASONS array
*/
$this->revoke_certs(Input::sanitizeCommonName($_POST['common_name']), $reason);
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateTag('l10n_msg_revprob1', 'revocation') . " " . htmlentities($cge->getMessage()));
}
break;
case 'revoke_by_list':
if (is_null($reason)) {
Framework::error_output($this->translateTag('l10n_msg_revneedreas2', 'revocation'));
return;
}
try {
$this->revoke_list($reason);
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateTag('l10n_msg_revprob1', 'revocation') . " " . htmlentities($cge->getMessage()));
}
break;
default:
break;
}
}
}
public function pre_process($person)
{
parent::pre_process($person);
/* If user is not subscriber- or nren-admin, we stop here */
if (!$this->person->isNRENAdmin()) {
return false;
}
/* are we running in grid-mode? We must check this before we do
* any other processing */
if (Config::get_config('cert_product') == PRD_ESCIENCE) {
$this->tpl->assign('confusa_grid_restrictions', true);
} else {
$this->tpl->assign('confusa_grid_restrictions', false);
}
/* if the function exists due to failed field validation, it should
* display all affected fiels. Everything else is very annoying for
* the user.
*/
$this->validationErrors = false;
/* handle nren-flags */
if (isset($_POST['subscriber'])) {
if (isset($_POST['id'])) {
$id = Input::sanitizeID($_POST['id']);
}
if (isset($_POST['state'])) {
$state = Input::sanitizeOrgState($_POST['state']);
}
if (isset($_POST['db_name'])) {
$db_name_trim = trim($_POST['db_name']);
$this->form_data['db_name'] = htmlentities($db_name_trim);
if ($this->form_data['db_name'] != $db_name_trim) {
$this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm');
$this->form_data['db_name'] = "";
$this->form_data['db_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* db_name */
if (isset($_POST['dn_name'])) {
$dn_name_trim = trim($_POST['dn_name']);
/* personal certificates may have UTF-8 chars in the DN */
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim);
} else {
$this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim);
}
/* warn user if characters got sanitized away */
if ($this->form_data['dn_name'] != $dn_name_trim) {
$this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname');
$this->form_data['dn_name'] = "";
$this->form_data['dn_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* dn_name */
if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") {
$subscr_email_trim = trim($_POST['subscr_email']);
$this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim);
if ($this->form_data['subscr_email'] != $subscr_email_trim) {
$this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail');
$this->form_data['subscr_email'] = "";
$this->form_data['subscr_email_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_email */
if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") {
$subscr_phone_trim = trim($_POST['subscr_phone']);
$this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim);
if ($this->form_data['subscr_phone'] != $subscr_phone_trim) {
$this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone');
$this->form_data['subscr_phone'] = "";
$this->form_data['subscr_phone_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_phone */
if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") {
$subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']);
$this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim);
if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) {
$this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers');
$this->form_data['subscr_responsible_name'] = "";
$this->form_data['subscr_responsible_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_responsible_name */
if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") {
$subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']);
$this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim);
if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) {
$this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail');
$this->validationErrors = true;
}
}
/* subscr_responsible_email */
if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") {
$this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment']));
}
if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") {
$subscr_help_url_trim = trim($_POST['subscr_help_url']);
$this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim);
if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) {
$this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl');
$this->form_data['subscr_help_url'] = "";
$this->form_data['subscr_help_url_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_help_url */
if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") {
$subscr_help_email_trim = trim($_POST['subscr_help_email']);
$this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim);
if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) {
$this->form_data['subscr_help_email'] = "";
$this->form_data['subscr_help_email_invalid'] = true;
$this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail');
$this->validationErrors = true;
}
}
/* subscr_help_email */
/* don't continue, if data was stripped due to the field
* sanitation */
if ($this->validationErrors) {
return;
}
switch (htmlentities($_POST['subscriber'])) {
case 'edit':
$subscriber = null;
if ($this->person->getSubscriber()->hasDBID($id)) {
$subscriber = $this->person->getSubscriber();
} else {
/* Other subscruber than user's
* subscriber, must create new object
* from DB */
$subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
}
if (!is_null($subscriber)) {
/* subscriber will clean input */
$update = $subscriber->setState($state);
$update |= $subscriber->setEmail($this->form_data['subscr_email']);
$update |= $subscriber->setPhone($this->form_data['subscr_phone']);
$update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
$update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
$update |= $subscriber->setComment($this->form_data['subscr_comment']);
$update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
$update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
if ($update) {
if (!$subscriber->save(true)) {
Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin'));
} else {
Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin'));
}
}
/* show info-list for subscriber */
$this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo());
$this->tpl->assign('subscriber_details', true);
$this->tpl->assign('subscriber_detail_id', $id);
}
break;
case 'editState':
$subscriber = null;
if ($this->person->getSubscriber()->hasDBID($id)) {
$subscriber = $this->person->getSubscriber();
} else {
$subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
}
if (!is_null($subscriber)) {
if ($subscriber->setState($state)) {
if (!$subscriber->save(true)) {
Framework::error_output("Could not update state of subscriber. Is the database-layer broken?");
Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin"));
}
}
}
break;
case 'info':
$this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo());
$this->tpl->assign('subscriber_details', true);
$this->tpl->assign('subscriber_detail_id', $id);
break;
case 'add':
if (!isset($this->form_data['db_name'])) {
break;
}
$inheritUIDAttr = isset($_POST['inherit_uid_attr']);
$subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN());
if ($subscriber->isValid()) {
Framework::error_output("Cannot create new, already existing.");
break;
}
$update = $subscriber->setState($state);
$update |= $subscriber->setOrgName($this->form_data['dn_name']);
$update |= $subscriber->setEmail($this->form_data['subscr_email']);
$update |= $subscriber->setPhone($this->form_data['subscr_phone']);
$update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
$update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
$update |= $subscriber->setComment($this->form_data['subscr_comment']);
$update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
$update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
if ($update && $subscriber->create()) {
Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin'));
}
if (!$inheritUIDAttr) {
$nren = $this->person->getNREN();
$nrenMap = $nren->getMap();
$uidAttr = Input::sanitizeAlpha($_POST['uid_attr']);
$subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']);
}
break;
case 'delete':
$this->delSubscriber($id);
break;
}
}
/* isset($_POST['subscriber'] */
}
function __construct()
{
parent::__construct("Help", false, "index");
}
public function pre_process($person)
{
$res = true;
$this->setPerson($person);
$this->account = NRENAccount::get($this->person);
/* If the caller is not a nren-admin or Confusa is not in online mode, we stop here */
if (!$this->person->isNRENAdmin() || Config::get_config('ca_mode') != CA_COMODO) {
return false;
}
$login_name = false;
$password = false;
$ap_name = false;
if (isset($_POST['account']) && $_POST['account'] === 'edit') {
/* We must use POST as we may pass along a password and
* we do not want to set that statically in the subject-line. */
if (isset($_POST['login_name'])) {
$ln = $_POST['login_name'];
$login_name = Input::sanitizeText(htmlspecialchars($ln));
if ($ln === $login_name) {
$this->account->setLoginName($login_name);
$res = false;
} else {
/* FIXME: l10n */
Framework::error_output("The new login_name contains illegal characters, dropping new login!");
}
}
/* Do not sanitize password, we should allow special characters and
* stuff, we should url-encode it. If Comodo does not sanitize
* their password, it's their business, not ours. */
if (isset($_POST['password']) && $_POST['password'] !== "") {
$this->account->setPassword($_POST['password']);
}
if (isset($_POST['ap_name'])) {
$ap = $_POST['ap_name'];
$ap_name = Input::sanitizeText(htmlspecialchars($ap));
if ($ap === $ap_name) {
$this->account->setAPName($ap_name);
} else {
/* FIXME: l10n */
Framework::error_output("Cleaned ap-name and it contains illegal characters, dropping new name!");
$res = false;
}
}
/* should we validate? */
try {
$validate = false;
if (isset($_POST['verify_ca_cred']) && $_POST['verify_ca_cred'] === "yes") {
$validate = true;
}
if ($this->account->save($validate)) {
/* FIXME: l10n */
Framework::success_output("CA Account details successfully updated!");
} else {
Framework::message_output("No changes to account-details, not updating.");
}
} catch (ConfusaGenException $cge) {
/* FIXME: l10n */
Framework::error_output("Could not update account-data: " . $cge->getMessage());
}
}
parent::pre_process($person);
return $res;
}
public function update_page_data($id, $name = FALSE, $URI = FALSE, $tags = FALSE)
{
// Nothing to update
if ($name === FALSE && $URI === FALSE && $tags === FALSE) {
return TRUE;
}
if (!($current_page_data = $this->get_page_data($id))) {
return FALSE;
}
// Check if there is something to update in the content_pages table
if ($name && $current_page_data['name'] != $name || $URI && $current_page_data['URI'] != $URI) {
$sql = 'UPDATE content_pages SET ';
if ($name && $current_page_data['name'] != $name) {
if ($this->page_name_available($name)) {
$sql .= 'name = ' . $this->pdo->quote($name) . ', ';
} else {
return FALSE;
}
}
if ($URI && $current_page_data['URI'] != $URI) {
if (Content_Page::page_URI_available($URI)) {
$sql .= 'URI = ' . $this->pdo->quote($URI) . ', ';
} else {
return FALSE;
}
}
// Finalize and run the query to the content_pages table
$sql = substr($sql, 0, strlen($sql) - 2) . ' WHERE id = ' . $this->pdo->quote($id);
$this->pdo->exec($sql);
}
// Check if there is something to update in the types connection table
if (is_array($tags)) {
// First remove all the old ones
$this->pdo->exec('DELETE FROM content_pages_tags WHERE page_id = ' . $this->pdo->quote($id));
if (count($tags)) {
// Then add the new ones
$sql = 'INSERT INTO content_pages_tags (page_id, tag_id, template_field_id) VALUES';
foreach ($tags as $template_field_id => $tag_ids) {
foreach ($tag_ids as $tag_id) {
$sql .= '(' . $this->pdo->quote($id) . ',' . $this->pdo->quote($tag_id) . ',' . $this->pdo->quote($template_field_id) . '),';
}
}
$this->pdo->exec(substr($sql, 0, strlen($sql) - 1));
}
}
return TRUE;
}
<?php
defined('SYSPATH') or die('No direct script access.');
// Check and set up user content directory
if (!is_writable(Kohana::$config->load('user_content.dir'))) {
throw new Kohana_Exception('Directory :dir must be writable', array(':dir' => Debug::path(Kohana::$config->load('user_content.dir'))));
}
if (Kohana::$environment === Kohana::DEVELOPMENT && !is_dir(Kohana::$config->load('user_content.dir') . '/images')) {
if (!mkdir(Kohana::$config->load('user_content.dir') . '/images')) {
throw new Kohana_Exception('Failed to create :dir', array(':dir' => Debug::path(Kohana::$config->load('user_content.dir') . '/images')));
}
}
Route::set('admin', 'admin/<controller>(/<action>(/<options>))', array('action' => '[a-zA-Z0-9_-]+', 'options' => '.*'))->defaults(array('directory' => 'admin', 'controller' => 'admin', 'action' => 'index'));
Route::set('css', 'css/<path>.css', array('path' => '[a-zA-Z0-9_/\\.-]+'))->defaults(array('controller' => 'media', 'action' => 'css'));
Route::set('img', 'img/<file>', array('file' => '[a-zA-Z0-9_/\\.-]+'))->defaults(array('controller' => 'media', 'action' => 'img'));
Route::set('js', 'js/<path>.js', array('path' => '[a-zA-Z0-9_/\\.-]+'))->defaults(array('controller' => 'media', 'action' => 'js'));
Route::set('xsl', 'xsl/<path>.xsl', array('path' => '[a-zA-Z0-9_/\\.-]+'))->defaults(array('controller' => 'media', 'action' => 'xsl'));
// User content images
Route::set('user_content/images', 'user_content/images/<file>', array('file' => '[a-zA-Z0-9_/\\.-]+'))->defaults(array('controller' => 'media', 'action' => 'user_content_image'));
// Set dynamic routes from the pages model
$URIs = array();
foreach (Content_Page::get_pages() as $page) {
$URIs[] = $page['URI'];
}
if (count($URIs)) {
Route::set('generic', '<page>', array('page' => implode('|', $URIs)))->defaults(array('controller' => 'generic', 'action' => 'index'));
}
// Single content page
Route::set('singlecontent', 'content/<id>', array('id' => '\\d+'))->defaults(array('controller' => 'generic', 'action' => 'singlecontent'));
public function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
}
function __construct()
{
parent::__construct("About Confusa", false, "credits");
}
public function pre_process($person)
{
parent::pre_process($person);
/* IF user is not subscirber- or nren-admin, we stop here */
if (!($this->person->isSubscriberAdmin() || $this->person->isNRENAdmin())) {
return false;
}
if (isset($_POST['nren_operation'])) {
if (!$this->person->isNRENAdmin()) {
Framework::error_output("You need NREN-administrator privileges in order to complete this request.");
return false;
}
/* operations called by the NREN-admin */
switch (htmlentities($_POST['nren_operation'])) {
case 'delete_nren_admin':
$admin = Input::sanitizeEPPN($_POST['nren_admin']);
$this->deleteAdmin($admin, NREN_ADMIN);
break;
case 'downgrade_self':
if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin'))) {
$this->downgradeNRENAdmin($this->person->getEPPN(), $this->person->getSubscriber()->getDBID());
}
break;
case 'upgrade_subs_admin':
$admin = Input::sanitizeEPPN($_POST['subs_admin']);
$this->upgradeSubscriberAdmin($admin);
break;
case 'add_nren_admin':
$admin = Input::sanitizeEPPN($_POST['nren_admin']);
$idp = htmlentities($_POST['idp']);
if ($idp === '-') {
$this->addNRENAdmin($admin, NULL);
} else {
$this->addNRENAdmin($admin, $idp);
}
break;
case 'delete_subs_admin':
$admin = Input::sanitizeEPPN($_POST['subs_admin']);
$this->deleteAdmin($admin, SUBSCRIBER_ADMIN);
break;
case 'add_subs_admin':
$admin = Input::sanitizeEPPN($_POST['subs_admin']);
$subscriberID = Input::sanitizeID($_POST['subscriberID']);
$this->addSubscriberAdmin($admin, SUBSCRIBER_ADMIN, $subscriberID);
break;
default:
break;
}
/* operations called by the subscriber admin */
} else {
if (isset($_POST['subs_operation'])) {
if (!$this->person->isSubscriberAdmin()) {
Framework::error_output("You do not have sufficient permissions in order to complete this transaction.");
return false;
}
switch (htmlentities($_POST['subs_operation'])) {
case 'delete_subs_admin':
$admin = Input::sanitizeEPPN($_POST['subs_admin']);
$this->deleteAdmin($admin, SUBSCRIBER_ADMIN);
break;
case 'add_subs_admin':
$admin = Input::sanitizeEPPN($_POST['subs_admin']);
$this->addSubscriberAdmin($admin, SUBSCRIBER_ADMIN, $this->person->getSubscriber()->getDBID());
break;
case 'downgrade_subs_admin':
$admin = Input::sanitizeEPPN($_POST['subs_admin']);
$this->downgradeSubscriberAdmin($admin, $this->person->getSubscriber()->getDBID());
break;
case 'upgrade_subs_sub_admin':
$admin = Input::sanitizeEPPN($_POST['subs_sub_admin']);
$this->upgradeSubscriberSubAdmin($admin, $this->person->getSubscriber()->getDBID());
break;
case 'delete_subs_sub_admin':
$admin = Input::sanitizeEPPN($_POST['subs_sub_admin']);
$this->deleteAdmin($admin, SUBSCRIBER_SUB_ADMIN);
break;
case 'add_subs_sub_admin':
$admin = Input::sanitizeEPPN($_POST['subs_sub_admin']);
$this->addSubscriberAdmin($admin, SUBSCRIBER_SUB_ADMIN, $this->person->getSubscriber()->getDBID());
break;
default:
break;
}
}
}
}
/**
* The function returns link for current object.
*
* @static
* @access public
* @param mixed $Object The object.
* @param string $tag The tag.
* @param bool $restoreGet If TRUE returns link with GET parameters.
* @return string The URL.
*/
public static function get($Object, $tag = '', $restoreGet = false)
{
$link = '';
if ($restoreGet && count($_GET)) {
$link .= strpos($link, '?') === false ? '?' : '&';
$link .= http_build_query($_GET);
}
if ($Object instanceof Content_Page) {
if (!$Object->Link && $Object->Children) {
foreach (Content_Page::getChildren($Object->Id) as $Child) {
if ($Child->Link) {
return self::abs($Child->Link);
}
}
}
return self::abs($Object->Link);
}
if ($Object instanceof Paginator) {
$data = $_GET;
if (isset($data['page'])) {
unset($data['page']);
}
$data['page'] = $tag;
$arr = explode('?', Request::get('REQUEST_URI', '/', 'SERVER'));
return self::abs($arr[0] . '?' . http_build_query($data));
}
if ($Object instanceof Article) {
if ($tag) {
if ($tag instanceof Product) {
return self::abs($Object->getParentLink() . '/view/' . $Object->Id . '?backto=' . Article_Reference::PRODUCT . '-' . $tag->Id . self::restoreGet('&'));
} else {
return self::abs($Object->getParentLink() . '?tag=' . urlencode($tag instanceof Tag ? $tag->Name : $tag) . self::restoreGet('&'));
}
} else {
return self::abs($Object->getParentLink() . '/view/' . $Object->Id . self::restoreGet());
}
return self::abs($Object->getParentLink() . '/view/' . $Object->Id . self::restoreGet());
}
if ($Object instanceof Article_Tag) {
return self::abs(_L('Controller_Frontend_Articles') . '?tag=' . urlencode($Object->getTag()->Name) . self::restoreGet('&'));
}
if ($Object instanceof Gallery) {
return self::abs(_L('Controller_Frontend_Gallery') . '/view/' . $Object->Id . self::restoreGet());
}
if ($Object instanceof Product) {
/*
$Layout = $Object->getCategory()->getLayout();
$url = _L('Controller_Frontend_Catalog');
if ( $Layout instanceof Product_Layout_Hardware )
{
$url = _L('Controller_Frontend_Catalog_Hardware');
}
if ( $Layout instanceof Product_Layout_Product || $Layout instanceof Product_Layout_Custom )
{
$url = _L('Controller_Frontend_Catalog_Product');
}
if ( $Layout instanceof Product_Layout_Standard )
{
$url = _L('Controller_Frontend_Catalog_Standard');
}
if ( $Layout instanceof Product_Layout_Custom )
{
$url = _L('Controller_Frontend_Catalog_Custom');
}
*
*/
return self::abs($Object->getCategory()->Slug . '/view/' . $Object->Id . self::restoreGet());
}
if ($Object instanceof Product_Category) {
return self::abs($Object->Slug . self::restoreGet());
}
if ($Object instanceof Proud) {
return self::abs('clients/view/' . $Object->Id . self::restoreGet());
}
if ($Object instanceof Product_Brand) {
return self::abs(_L('Controller_Frontend_Brands') . '/' . String::toLinkCase($Object->Name));
}
if ($Object instanceof Banner) {
return self::abs($Object->getURL());
}
if ($Object instanceof Subscription) {
return self::abs(_L('Controller_Frontend_Articles') . '/unsubscribe/' . $Object->getCode());
}
if ($Object instanceof Controller) {
return self::abs(_L($Object));
}
if (is_string($Object) && $Object != '') {
return self::abs($Object);
}
return self::abs(_L('Controller_Frontend'));
}
public function action_rm_page()
{
$content_page = new Content_Page($this->request->param('options'));
$content_page->rm_page();
$this->redirect();
}
public function pre_process($person)
{
parent::pre_process($person);
/* if $person is not a NREN admin we stop here */
if (!$this->person->isNRENAdmin()) {
return false;
}
if (isset($_POST['stylist_operation'])) {
switch (htmlentities($_POST['stylist_operation'])) {
case 'change_help_text':
$new_text = Input::sanitizeText($_POST['help_text']);
$this->updateNRENHelpText($this->person->getNREN(), $new_text);
break;
case 'change_about_text':
$new_text = Input::sanitizeText($_POST['about_text']);
$this->updateNRENAboutText($this->person->getNREN(), $new_text);
break;
case 'change_privnotice_text':
$new_text = Input::sanitizeText($_POST['privnotice_text']);
$this->updateNRENPrivacyNotice($this->person->getNREN(), $new_text);
break;
case 'change_css':
if (isset($_POST['reset'])) {
$this->resetNRENCSS($this->person->getNREN());
} else {
if (isset($_POST['download'])) {
$new_css = Input::sanitizeCSS($_POST['css_content']);
$this->downloadNRENCSS($new_css);
} else {
if (isset($_POST['change'])) {
/* the CSS will not be inserted into the DB or executed in another way.
* Hence do not sanitize it. It will contain 'dangerous' string portions,
* such as { : ' anyways, so it would be hard to insert it into the DB properly*/
$new_css = Input::sanitizeCSS($_POST['css_content']);
$this->updateNRENCSS($this->person->getNREN(), $new_css);
}
}
}
break;
case 'change_mail':
if (isset($_POST['reset'])) {
$this->resetNRENMailTpl($this->person->getNREN());
} else {
if (isset($_POST['change'])) {
$new_template = strip_tags($_POST['mail_content']);
$this->updateNRENMailTpl($this->person->getNREN(), $new_template);
} else {
if (isset($_POST['test'])) {
/* see where mail_content is set in
* process() for how the current
* template is kept. */
$this->sendNRENTestMail($this->person, strip_tags($_POST['mail_content']));
}
}
}
break;
case 'upload_logo':
$position = $_POST['position'];
if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) {
Framework::error_output("The specified position " . htmlentities($position) . " is not a legal logo position!");
return;
}
if (isset($_FILES['nren_logo']['name'])) {
/* only allow image uploads */
if (strpos($_FILES['nren_logo']['type'], 'image/') !== false) {
$this->uploadLogo('nren_logo', $position, $this->person->getNREN());
} else {
Framework::error_output($this->translateTag('l10n_error_upload_logo_invalid', 'stylist'));
}
}
break;
case 'delete_logo':
$position = $_POST['position'];
if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) {
Framework::error_output($this->translateTag('l10n_error_upload_logo_position', 'stylist'));
return;
}
$this->deleteLogo($position, $this->person->getNREN());
break;
case 'change_title':
if (isset($_POST['portalTitle'])) {
$titleValue = Input::sanitize($_POST['portalTitle']);
} else {
$titleValue = "";
}
if (isset($_POST['changeButton'])) {
$showTitle = isset($_POST['showPortalTitle']);
$this->updateNRENTitle($this->person->getNREN(), $titleValue, $showTitle);
}
break;
default:
Framework::error_output("Unknown operation chosen in the stylist!");
break;
}
}
}
