/**
* delSubscriber - remove the subscriber from the NREN and Confusa.
*
* This will remove the subscriber *permanently* along with all it's
* affiliated subscriber admins (this is handled by the database-schema
* with the 'ON DELETE CASCADE'.
*
* @param id String|integer the ID of the institution/subscriber in the database.
*
*/
private function delSubscriber($id)
{
if (!isset($id) || $id === "") {
Framework::error_output("Cannot delete subscriber with unknown id!");
}
$nren = $this->person->getNREN();
/*
* Make sure that we are deleting a subscriber from the current NREN.
*/
try {
$query = "SELECT nren_id, subscriber FROM nren_subscriber_view ";
$query .= "WHERE nren=? AND subscriber_id=?";
$res = MDB2Wrapper::execute($query, array('text', 'text'), array($this->person->getNREN(), $id));
} catch (DBQueryException $dbqe) {
$errorTag = PW::create();
$msg = "Could not delete subscriber with ID {$id} from DB.";
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "delSubscriber()", $msg, __LINE__, $errorTag);
Framework::message_output($msg . "<br />[{$errorTag}] Server said: " . htmlentities($dbqe->getMessage()));
return false;
} catch (DBStatementException $dbse) {
$errorTag = PW::create();
$msg = "Could not delete subsriber with ID {$id} from DB, due to problems with the " . "statement. Probably this is a configuration error. Server said: " . $dbse->getMessage();
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "delSubscriber()", $msg, __LINE__, $errorTag);
Framework::message_output("[{$errorTag}]" . htmlentities($msg));
return false;
}
if (count($res) != 1) {
Framework::error_output("Could not find a unique NREN/subscriber pair for subscriber with id " . htmlentities($id));
return false;
}
$nren_id = $res[0]['nren_id'];
$subscriberName = $res[0]['subscriber'];
if (!isset($nren_id) || $nren_id == "") {
Framework::error_output("Could not get the NREN-ID for subscriber " . htmlentities($id) . "Will not delete subscriber (" . htmlentites($id) . ").");
return false;
}
/*
* Revoke all certificates for subscriber
*/
$ca = CAHandler::getCA($this->person);
$list = $ca->getCertListForPersons("", $subscriberName);
$count = 0;
foreach ($list as $key => $value) {
try {
if (isset($value['auth_key'])) {
echo "<pre>\n";
print_r($value);
echo "</pre>\n";
if ($ca->revokeCert($value['auth_key'], "privilegeWithdrawn")) {
$count = $count + 1;
}
}
} catch (CGE_KeyRevokeException $kre) {
echo $kre->getMessage() . "<br />\n";
}
Logger::logEvent(LOG_INFO, "NRENAdmin", "delSubscriber()", "Deleting subscriber, revoked {$count} issued certificates " . "for subscriber {$subscriberName}.");
}
MDB2Wrapper::update("DELETE FROM subscribers WHERE subscriber_id = ? AND nren_id = ?", array('text', 'text'), array($id, $nren_id));
Logger::logEvent(LOG_INFO, "NRENAdmin", "delSubscriber()", "Deleted subscriber with ID {$id}.\n");
$msg = $this->translateTag('l10n_suc_deletesubs1', 'nrenadmin') . htmlentities($subscriberName) . $this->translateTag('l10n_suc_deletesubs2', 'nrenadmin') . " " . htmlentities($id) . ". " . $this->translateTag('l10n_suc_deletesubs3', 'nrenadmin') . " " . $count . " " . $this->translateTag('l10n_suc_deletesubs4', 'nrenadmin');
Framework::success_output($msg);
}
/**
* insertNewCertificate() insert the new certificate into the robot hold
*
* Take a string holding the certificate and insert it into the keyhold
* given that the string is actually holding a valid certificate.
*
* @param String base64 encoded PEM formatted X.509 certificate
* @return boolean indicating the success of the opreation (true means inserted OK)
*/
private function insertCertificate($certificate, $comment)
{
/* validate certificate */
try {
$cert = new Certificate($certificate);
} catch (KeyNotFoundException $knfe) {
Framework::error_output(htmlentities($knfe->getMessage()));
return false;
} catch (CertificateException $ce) {
Framework::error_output(htmlentities($ce->getMessage()));
return false;
}
/* Find valid_until for cert */
try {
$query = "SELECT subscriber_id, uploaded_by, uploaded_date, valid_until, fingerprint ";
$query .= "FROM robot_certs WHERE fingerprint = ? OR serial=?";
$res = MDB2Wrapper::execute($query, array('text', 'text'), array($cert->getFingerprint(), $cert->getSerial()));
if (count($res) > 0) {
Framework::error_output($this->translateTag('l10n_err_certalrthere', 'robot'));
return false;
}
} catch (Exception $e) {
/* FIXME, add better exception mask & handling */
Framework::error_output(__FILE__ . ":" . __LINE__ . " FIXME: " . htmlentities($e->getMessage()));
return false;
}
/* Get subscriber, nren and admin_id */
try {
$query = "SELECT * FROM admins WHERE admin=? AND subscriber=? AND nren=? ";
$params = array('text', 'text', 'text');
$data = array($this->person->getEPPN(), $this->person->getSubscriber()->getDBID(), $this->person->getNREN()->getID());
$res = MDB2Wrapper::execute($query, $params, $data);
switch (count($res)) {
case 0:
/*
* Strange error. User is admin, yet not admin.
*
* Fixme: better error-reporting here, even
* though we cannot do much about it.
*/
$error_code = strtoupper(PW::create(8));
$error_msg = "[error_code: {$error_code}]<br /><br />\n";
$log_msg = "[{$error_code}] ";
$query = "SELECT * FROM admins WHERE admin=? AND admin_level=? AND subscriber IS NULL";
$params = array('text', 'text');
$data = array($this->person->getEPPN(), SUBSCRIBER_ADMIN);
$admin_query_res = MDB2Wrapper::execute($query, $params, $data);
if (count($admin_query_res) != 0) {
$error_msg .= "The subscriber-admin (" . htmlentites($this->person->getEPPN()) . ") is not properly connected ";
$error_msg .= "to any database. This is due to a database inconsistency ";
$error_msg .= "and is a direct result of someone manually adding the admin to the database ";
$error_msg .= "without connecting the admin to a subscriber.";
$log_msg .= "Subscriber-admin " . $this->person->getEPPN();
$log_msg .= " has not set any affilitated subscriber in the database.";
$log_msg .= " It should be " . $this->person->getSubscriber()->getOrgName();
$log_msg .= ", but is NULL. Please update the database.";
} else {
$error_msg .= "For some reason, the subscriber (" . $this->person->getSubscriber()->getOrgName() . ") ";
$error_msg .= "is not properly configured in the database. ";
$error_msg .= "The exact reason is unknown. Please contact operational support.";
$log_msg .= "Subscriber " . $this->person->getSubscriber()->getOrgName();
$log_msg .= " is not properly configured in the database.";
}
$error_msg .= "<br /><br />\nThis event has been logged, please contact operational support (provide the error-code) ";
$error_msg .= "to resolve this issue.";
Framework::error_output($error_msg);
Logger::log_event(LOG_ALERT, $log_msg);
return false;
case 1:
$admin_id = $res[0]['admin_id'];
$nren_id = $res[0]['nren'];
$subscriber_id = $res[0]['subscriber'];
break;
default:
/* FIXME: DB-inconsistency */
$error_code = strtoupper(PW::create(8));
$error_msg = "[error_code: {$error_code}] multiple instances of admin (";
$error_msg .= $this->person->getEPPN() . ") found in the database.";
$log_msg = "[{$error_code}] multiple hits (" . count($res) . ")on ";
$log_msg .= $this->person->getEPPN() . " in admins-table.";
Framework::error_output($error_msg);
Logger::log_event(LOG_ALERT, $log_msg);
return false;
}
} catch (Exception $e) {
Framework::error_output(hmtlentities($e->getMessage()));
/* FIXME, add proper exception handling */
return false;
}
try {
if (!isset($comment) || $comment == "") {
$comment = " ";
}
$update = "INSERT INTO robot_certs (subscriber_id, uploaded_by, uploaded_date, valid_until, cert, fingerprint, serial, comment)";
$update .= " VALUES(?, ?, current_timestamp(), ?, ?, ?, ?, ?)";
$params = array('text', 'text', 'text', 'text', 'text', 'text', 'text');
$data = array($subscriber_id, $admin_id, $cert->getEndDate(), $cert->getPEMContent(), $cert->getFingerprint(), $cert->getSerial(), $comment);
MDB2Wrapper::update($update, $params, $data);
Logger::log_event(LOG_INFO, "[RI] Added new certificate (" . $cert->getSerial() . ") for subscriber " . $this->person->getSubscriber()->getOrgName() . " associated with admin " . $this->person->getEPPN());
} catch (Exception $e) {
/* FIXME */
Framework::error_output("Couldn't update robot_certs, server said:<br />\n" . htmlentities($e->getMessage()));
return false;
}
Framework::success_output($this->translateTag('l10n_suc_insertcert1', 'robot') . " " . $cert->getSerial() . $this->translateTag('l10n_suc_insertcert2', 'robot'));
return true;
}
/**
* Sign the CSR with the passed authToken. If signing succeeds, the class
* member authKey is set to the orderNumber/certHash. If not, an error is
* displayer
* @param $authToken pubkey hash of the CSR that is to be signed
*/
private function signCSR($authToken)
{
$csr = CSR::getFromDB($this->person->getX509ValidCN(), $authToken);
if (!isset($csr) || !$csr) {
$errorTag = PW::create();
Framework::error_output("[{$errorTag}] Did not find CSR with auth_token " . htmlentities($auth_token));
$msg = "User " . $this->person->getEPPN() . " ";
$msg .= "tried to delete CSR with auth_token " . $authToken . " but was unsuccessful";
Logger::logEvent(LOG_NOTICE, "Process_CSR", "approveCSR({$authToken})", $msg, __LINE__, $errorTag);
return false;
}
try {
if (!isset($this->ca)) {
Framework::error_output($this->translateTag('l10n_err_noca', 'processcsr'));
return false;
}
$permission = $this->person->mayRequestCertificate();
if ($permission->isPermissionGranted() === false) {
Framework::error_output($this->translateTag('l10n_err_noperm1', 'processcsr') . "<br /><br />" . $permission->getFormattedReasons() . "<br />" . $this->translateTag('l10n_err_noperm2', 'processcsr'));
return;
}
$this->authKey = $this->ca->signKey($csr);
} catch (CGE_ComodoAPIException $capie) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentities($capie));
return false;
} catch (ConfusaGenException $e) {
$msg = $this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br /><i>" . htmlentities($e->getMessage()) . "</i><br />";
Framework::error_output($msg);
return false;
} catch (KeySigningException $kse) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentites($kse->getMessage()));
return false;
}
CSR::deleteFromDB($this->person, $authToken);
}
function lakohely_stat()
{
// adatbázis kapcsolódás
require_once '../php/connection.php';
// Rendelések lekérdezése
$stid = oci_parse($connect, "SELECT varos, COUNT(varos) FROM lakcim\r\n\t\t\t\t\t\t\t\tGROUP BY varos\r\n\t\t\t\t\t\t\t\tORDER BY COUNT(varos) desc");
if (!$stid) {
$e = oci_error($connect);
trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// Lekérdezés
$r = oci_execute($stid);
if (!$r) {
$e = oci_error($stid);
trigger_error(htmlentites($e['message'], ENT_QUOTES), E_USER_ERROR);
}
print "<table id='tablazat'>\n";
print "<tr>\n";
print "<th>Lakóhely</th>\n";
print "<th>Felhasználók száma</th>\n";
print "</tr>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) {
print "<tr>\n";
foreach ($row as $item) {
print " <td>" . ($item !== null ? htmlentities(iconv("ISO-8859-1", "UTF-8", $item), ENT_QUOTES) : " ") . "</td>\n";
}
print "</tr>\n";
}
print "</table>\n";
oci_free_statement($stid);
oci_close($connect);
}
<?php
// adatbázis kapcsolódás
require_once '/php/connection.php';
// Rendelések lekérdezése
$email = $_SESSION['email'];
$stid = oci_parse($connect, "select termek_nev, ar from termek where termek_id = (select termek_id from rendeles_reszletei where rendeles_id = (Select rendeles_id from rendeles\r\n\twhere EMAIL = '" . addslashes($email) . "'))");
if (!$stid) {
$e = oci_error($connect);
trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// Lekérdezés
$r = oci_execute($stid);
if (!$r) {
$e = oci_error($stid);
trigger_error(htmlentites($e['message'], ENT_QUOTES), E_USER_ERROR);
}
print "<table id='tablazat'>\n";
print "<tr>\n";
print "<th>Termék neve</th>\n";
print "<th>Ára</th>\n";
print "</tr>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) {
print "<tr>\n";
foreach ($row as $item) {
print " <td>" . ($item !== null ? htmlentities(iconv("ISO-8859-1", "UTF-8", $item), ENT_QUOTES) : " ") . "</td>\n";
}
print "</tr>\n";
}
print "</table>\n";
oci_free_statement($stid);
function search($term)
{
global $connect;
// termékek lekérdezése !!!NEM TRIVIÁLIS LEKÉRDEZÉS!!!
$stid = oci_parse($connect, "SELECT termek_id, termek_nev, termek_kep, rovid_leiras, ar, kategoria.kategoria_id, kategoria.kategoria_nev\r\n\t\t\t\t\t\t\t\t\tFROM termek \r\n\t\t\t\t\t\t\t\t\tINNER JOIN kategoria ON termek.kategoria_id=kategoria.kategoria_id \r\n\t\t\t\t\t\t\t\t\tWHERE termek_nev LIKE '%{$term}%' \r\n\t\t\t\t\t\t\t\t\tORDER BY termek.termek_nev");
if (!$stid) {
$e = oci_error($connect);
trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// Lekérdezés
$r = oci_execute($stid);
if (!$r) {
$e = oci_error($stid);
trigger_error(htmlentites($e['message'], ENT_QUOTES), E_USER_ERROR);
}
while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) {
?>
<div class="search-box">
<div class="search-title">
<a href="/netshop/product-profil.php?pid=<?php
echo $row['TERMEK_ID'];
?>
"><img src="/netshop/<?php
echo $row['TERMEK_KEP'];
?>
" class="pp-img" alt="<?php
echo iconv('ISO-8859-1', 'UTF-8', $row['TERMEK_NEV']);
?>
" /></a><br />
<a href="/netshop/product-profil.php?pid=<?php
echo $row['TERMEK_ID'];
?>
"><?php
echo iconv("ISO-8859-1", "UTF-8", $row['TERMEK_NEV']);
?>
</a>
</div>
<div class="search-info">
<div class="search-category">
<a href="/netshop/category_view.php?id=<?php
echo $row['KATEGORIA_ID'];
?>
"><?php
echo $row['KATEGORIA_NEV'];
?>
</a>
</div>
<div class="search-short">
<p><?php
echo iconv("ISO-8859-1", "UTF-8", $row['ROVID_LEIRAS']);
?>
</p>
</div>
<div class="search-price">
<?php
echo $row['AR'];
?>
Ft <a href="php/cart.php?add_id=<?php
echo $row['TERMEK_ID'];
?>
"><img src="/netshop/img/cart.png" alt="Kosárba tesz!" /></a>
</div>
</div>
<br class="clearfix" />
</div>
<?php
}
oci_free_statement($stid);
oci_close($connect);
}
