/** * getNREN() find an NREN and return it based on provided key * * This is a 'guess all' approach. If you know the type of key, consider * calling the matching routine directly. * * The key can be: * - the database-id of the NREN * - the wayf-url * - the idp_name * * @param mixed $key * @return NREN|null * @access public */ static function getNREN($key) { /* try URL first, this is via the idp_map, the most common case */ $nren = self::getByIdPURL(Input::sanitizeURL($key)); if ($nren) { return $nren; } /* try the URL of the portal */ $nren = self::getByURL(Input::sanitizeURL($key)); if ($nren) { return $nren; } $nren = self::getByWAYF(Input::sanitizeURL($key)); if ($nren) { return $nren; } $nren = self::getByID(Input::sanitizeID($key)); if ($nren) { return $nren; } return false; }
public function pre_process($person) { parent::pre_process($person); /* If user is not subscriber- or nren-admin, we stop here */ if (!$this->person->isNRENAdmin()) { return false; } /* are we running in grid-mode? We must check this before we do * any other processing */ if (Config::get_config('cert_product') == PRD_ESCIENCE) { $this->tpl->assign('confusa_grid_restrictions', true); } else { $this->tpl->assign('confusa_grid_restrictions', false); } /* if the function exists due to failed field validation, it should * display all affected fiels. Everything else is very annoying for * the user. */ $this->validationErrors = false; /* handle nren-flags */ if (isset($_POST['subscriber'])) { if (isset($_POST['id'])) { $id = Input::sanitizeID($_POST['id']); } if (isset($_POST['state'])) { $state = Input::sanitizeOrgState($_POST['state']); } if (isset($_POST['db_name'])) { $db_name_trim = trim($_POST['db_name']); $this->form_data['db_name'] = htmlentities($db_name_trim); if ($this->form_data['db_name'] != $db_name_trim) { $this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm'); $this->form_data['db_name'] = ""; $this->form_data['db_name_invalid'] = true; $this->validationErrors = true; } } /* db_name */ if (isset($_POST['dn_name'])) { $dn_name_trim = trim($_POST['dn_name']); /* personal certificates may have UTF-8 chars in the DN */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim); } else { $this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim); } /* warn user if characters got sanitized away */ if ($this->form_data['dn_name'] != $dn_name_trim) { $this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname'); $this->form_data['dn_name'] = ""; $this->form_data['dn_name_invalid'] = true; $this->validationErrors = true; } } /* dn_name */ if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") { $subscr_email_trim = trim($_POST['subscr_email']); $this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim); if ($this->form_data['subscr_email'] != $subscr_email_trim) { $this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail'); $this->form_data['subscr_email'] = ""; $this->form_data['subscr_email_invalid'] = true; $this->validationErrors = true; } } /* subscr_email */ if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") { $subscr_phone_trim = trim($_POST['subscr_phone']); $this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim); if ($this->form_data['subscr_phone'] != $subscr_phone_trim) { $this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone'); $this->form_data['subscr_phone'] = ""; $this->form_data['subscr_phone_invalid'] = true; $this->validationErrors = true; } } /* subscr_phone */ if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") { $subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']); $this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim); if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) { $this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers'); $this->form_data['subscr_responsible_name'] = ""; $this->form_data['subscr_responsible_name_invalid'] = true; $this->validationErrors = true; } } /* subscr_responsible_name */ if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") { $subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']); $this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim); if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) { $this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail'); $this->validationErrors = true; } } /* subscr_responsible_email */ if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") { $this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment'])); } if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") { $subscr_help_url_trim = trim($_POST['subscr_help_url']); $this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim); if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) { $this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl'); $this->form_data['subscr_help_url'] = ""; $this->form_data['subscr_help_url_invalid'] = true; $this->validationErrors = true; } } /* subscr_help_url */ if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") { $subscr_help_email_trim = trim($_POST['subscr_help_email']); $this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim); if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) { $this->form_data['subscr_help_email'] = ""; $this->form_data['subscr_help_email_invalid'] = true; $this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail'); $this->validationErrors = true; } } /* subscr_help_email */ /* don't continue, if data was stripped due to the field * sanitation */ if ($this->validationErrors) { return; } switch (htmlentities($_POST['subscriber'])) { case 'edit': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { /* Other subscruber than user's * subscriber, must create new object * from DB */ $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { /* subscriber will clean input */ $update = $subscriber->setState($state); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update) { if (!$subscriber->save(true)) { Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin')); } else { Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin')); } } /* show info-list for subscriber */ $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); } break; case 'editState': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { if ($subscriber->setState($state)) { if (!$subscriber->save(true)) { Framework::error_output("Could not update state of subscriber. Is the database-layer broken?"); Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin")); } } } break; case 'info': $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); break; case 'add': if (!isset($this->form_data['db_name'])) { break; } $inheritUIDAttr = isset($_POST['inherit_uid_attr']); $subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN()); if ($subscriber->isValid()) { Framework::error_output("Cannot create new, already existing."); break; } $update = $subscriber->setState($state); $update |= $subscriber->setOrgName($this->form_data['dn_name']); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update && $subscriber->create()) { Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin')); } if (!$inheritUIDAttr) { $nren = $this->person->getNREN(); $nrenMap = $nren->getMap(); $uidAttr = Input::sanitizeAlpha($_POST['uid_attr']); $subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']); } break; case 'delete': $this->delSubscriber($id); break; } } /* isset($_POST['subscriber'] */ }
/** * Render the page for a NREN-admin */ private function processNRENAdmin() { $admins = $this->getNRENAdmins($this->person->getNREN()); try { /* Get a list of subscribers (as * Subscriber-objects) */ $subscribers = $this->person->getNREN()->getSubscriberList('name'); } catch (DBQueryException $dbqe) { Framework::error_output("Cannot retrieve subscriber from database!<br /> " . "Probably wrong syntax for query, ask an admin to investigate." . "Server said: " . htmlentities($dbse->getMessage())); } catch (DBStatementException $dbse) { Framework::error_output("Query failed. This probably means that the values passed to the " . "database are wrong. Server said: " . htmlentities($dbqe->getMessage())); } $current_subscriber = null; /* Are we looking at a particular subscriber? */ if (isset($_POST['subscriberID'])) { $current_subscriber_id = Input::sanitizeID($_POST['subscriberID']); foreach ($subscribers as $nren_subscriber) { if ($nren_subscriber->getDBID() == $current_subscriber_id) { $current_subscriber = $nren_subscriber; break; } } } else { if (!is_null($subscribers)) { $current_subscriber = $subscribers[0]; } } if (isset($current_subscriber)) { $subscriber_admins = $this->getSubscriberAdmins($current_subscriber->getDBID(), SUBSCRIBER_ADMIN); $this->tpl->assign('subscriber', $current_subscriber); $this->tpl->assign('subscriber_admins', $subscriber_admins); } /* does the NREN-admin have the admin-entitlement (for downgrading)? */ if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin'))) { $this->tpl->assign('has_adm_entl', true); } else { $this->tpl->assign('has_adm_entl', false); } $nren = $this->person->getNREN(); $idpList = $nren->getIdPList(); /* append an empty entry to the beginning */ $idpList = array_merge((array) '-', $idpList); $this->tpl->assign('idps', $idpList); $this->tpl->assign('nren_admins', $admins); $this->tpl->assign('nren', $nren); $this->tpl->assign('subscribers', $subscribers); }
/** * save() save the Certificate to the database. * * This function requires that the owner is a registred * administrator. It will then save all the registred fields to the * database and connect the admin to the certificate. * * The function will handle both new certificates as well as updating * existing ones. * * @param void * @return Boolean flag indicating if the save-operation succeeded * @access public */ public function save() { /* is it a new certificate? */ if (!$this->getCertFromDB()) { if (!isset($this->owner)) { return false; } try { $admin_res = MDB2Wrapper::execute("SELECT * FROM admins WHERE admin_id=?", array('text'), array($this->owner)); if (count($admin_res) == 0) { return false; } if (count($admin_res) > 1) { Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Corrupted database. Multiple admins with same primary key!"); return false; } $this->subscriber = Input::sanitizeID($admin_res[0]['subscriber']); } catch (DBStatementException $dbse) { Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could not find Admin (statement), server said: " . $dbse->getMessage()); return false; } catch (DBQueryException $dbqe) { Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could not find Admin (query), server said: " . $dbqe->getMessage()); return false; } $update = "INSERT INTO robot_certs (subscriber_id, uploaded_by, "; $update .= " uploaded_date, valid_until, cert, fingerprint, "; $update .= "serial, comment)"; $update .= " VALUES(?, ?, current_timestamp(), ?, ?, ?, ?, ?)"; $params = array('text', 'text', 'text', 'text', 'text', 'text', 'text'); $data = array($this->subscriber, $this->owner, $this->getEndDate(), $this->getPEMContent(), $this->getFingerprint(), $this->getSerial(), $this->getComment()); echo "{$update}\n"; try { MDB2Wrapper::update($update, $params, $data); return true; } catch (DBStatementException $dbse) { Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could save Robot-cert (statement), server said: " . $dbse->getMessage()); return false; } catch (DBQueryException $dbqe) { Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could save Robot-cert (query), server said: " . $dbqe->getMessage()); return false; } } else { if (is_array($this->changed) && count($this->changed) > 0) { /* existing certificate, but things have changed. */ $query = "UPDATE robot_certs SET "; $params = array(); $data = array(); foreach ($this->changed as $key => $value) { $query .= "{$key}=:{$key}, "; $data[$key] = $value; } $query = substr($query, 0, -2) . " WHERE id=:id"; $data['id'] = $this->db_id; try { MDB2Wrapper::update($query, null, $data); echo "updated OK\n"; return true; } catch (DBStatementException $dbse) { $msg = __CLASS__ . "::" . __FUNCTION__ . "(" . __LINE__ . ") "; $msg .= "Cannot connect properly to database, some internal error. "; $msg .= "Make sure the DB is configured correctly." . $dbse->getMessage(); } catch (DBQueryException $dbqe) { $msg = __CLASS__ . "::" . __FUNCTION__ . "(" . __LINE__ . ") "; $msg .= "Cannot connect properly to database, "; $msg .= "errors with supplied data."; } } } return false; }