/** * @param $title string title in UTF-8 * @return string */ public static function html_start($title) { $title = REST::htmlspecialchars($title); $t_index = REST::urlencode(dirname($_SERVER['REQUEST_URI'])); if ($t_index != '/') { $t_index .= '/'; } $t_index = REST::htmlspecialchars($t_index); $portalurl = self::PORTAL_URL; $retval = REST::xml_header() . <<<EOS <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us"> <head> <title>{$title}</title> <link rel="stylesheet" type="text/css" href="{$portalurl}style.css" /> <link rel="index" rev="child" type="application/xhtml+xml" href="{$t_index}" /> </head><body> <div id="header"><p><a rel="index" rev="child" href="{$t_index}"><img border="0" src="{$portalurl}dirup.png"/> UP</a></p> <h1>{$title}</h1></div> EOS; return $retval; }
REST::fatal(REST::HTTP_BAD_REQUEST, 'Missing (one of) required parameters "email" and "password"'); } $dn = Portal_User::csa_dn(); if (empty($dn)) { REST::fatal(REST::HTTP_NOT_FOUND); } $escemail = Portal_MySQL::escape_string($_GET['email']); $md5password = md5($_GET['password']); $escdn = Portal_MySQL::escape_string($dn); Portal_MySQL::real_query(<<<EOS DELETE FROM `User` WHERE `user_dn` = {$escdn} AND `user_email` <> {$escemail}; EOS ); Portal_MySQL::real_query(<<<EOS UPDATE `User` SET `user_dn` = {$escdn} WHERE `user_email` = {$escemail} AND `user_password` = '{$md5password}'; EOS ); if (!Portal_MySQL::mysql()->affected_rows) { Portal_User::unauthorized(); } $url = REST::htmlspecialchars(Portal::portalURL()); REST::fatal(REST::HTTP_OK, <<<EOS <p>Registration complete.</p> <p>You can now start <a href="{$url}">using the GridApps web service</a>.</p> EOS );
/** * @param $name string the relative URL of the resource. May include query params. * @param $info array fieldname => value pairs with extra information about the resource. * @param $delete bool indicates whether the resource supports the DELETE method. * @return string */ public function line($name, $info = null, $delete = false) { if (!is_array($info)) { $info = array(); } if (!$this->header_sent) { if ($this->headers === null) { $this->headers = array_keys($info); } $this->start(); } // ⌧ (the erase sign) $expname = explode('?', $name, 2); $escname = htmlspecialchars(urldecode($expname[0]), ENT_QUOTES, 'UTF-8'); #$escsize = htmlspecialchars($size, ENT_QUOTES, 'UTF-8'); $is_coll = substr($expname[0], -1) === '/'; echo '<tr class="' . ($is_coll ? 'collection' : 'resource') . '">' . '<td class="delete">'; if ($delete) { echo '<form action="' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . (strstr($name, '?') === false ? '?' : '&') . 'http_method=DELETE" method="post"><input type="submit" value="✘" title="Delete ' . $escname . '"/></form>'; } echo '</td><td class="name"><a rel="child" href="' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '">' . $escname . '</a></td>'; foreach ($this->headers as $header) { echo '<td class="' . strtolower(preg_replace('/[^\\w\\d]+/', '', $header)) . '">'; if (isset($info[$header])) { $value = $info[$header]; if (strtolower(substr($header, -4)) != 'html') { $value = REST::htmlspecialchars($value); } echo $value; } echo "</td>\n"; } echo "</tr>\n"; }
* Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. You may obtain * a copy of the License at <http://www.apache.org/licenses/LICENSE-2.0> * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * $Id: databases.php 2459 2009-08-10 21:20:41Z pieterb $ **************************************************************************/ /** * File documentation. * @package Portal */ require_once 'include/global.php'; REST::require_method('GET', 'HEAD'); $user_id = Portal_User::current()->user_id(); $result = Portal_MySQL::query(<<<EOS SELECT DISTINCT `name` FROM `Database` WHERE `is_shared` > 0 OR `user_id` = {$user_id} EOS ); $action = REST::htmlspecialchars($_SERVER['REQUEST_URI']); $directory = RESTDir::factory('Available databases (by name)'); while ($row = $result->fetch_row()) { $directory->line($row[0] . '/'); } $directory->end();
DELETE FROM `Token` WHERE `token_id`={$escjobid} AND `user_id`={$escuserid}; EOS ); if (!Portal_MySQL::mysql()->affected_rows) { REST::fatal(REST::HTTP_NOT_FOUND); } REST::header(array('status' => REST::HTTP_NO_CONTENT)); exit; } // The user tries to get information about eir jobs if (file_exists($fullfilename = Portal::JOBRESULTS_DIR . $jobid)) { REST::redirect(REST::HTTP_SEE_OTHER, Portal::portalURL() . "jobresults/{$jobid}"); } $result = Portal_MySQL::query(<<<EOS SELECT `token_error` FROM `Token` WHERE `token_id`={$escjobid} AND `user_id`={$escuserid}; EOS ); if (!($row = $result->fetch_row())) { // Can't find what the user is looking for REST::fatal(REST::HTTP_GONE); } if (empty($row[0])) { REST::fatal(REST::HTTP_NOT_FOUND, "<p>Your job hasn't been executed yet. Try again later.</p>"); } REST::fatal(REST::HTTP_OK, '<p>Your job finished with the following error:</p><pre>' . REST::htmlspecialchars($row[0]) . '</pre>');
public static function html_end() { $retval = '<div id="footer">'; if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($_SERVER['SERVER_PORT'] == self::PORT_SSL) { $switchto = 'X.509 Client Certificate Authentication'; $url = 'https://' . $_SERVER['SERVER_NAME'] . ':' . self::PORT_SSL_CSA . $_SERVER['REQUEST_URI']; } elseif ($_SERVER['SERVER_PORT'] == self::PORT_SSL_CSA) { $switchto = 'Username/Password Authentication'; $url = 'https://' . $_SERVER['SERVER_NAME'] . ':' . self::PORT_SSL . $_SERVER['REQUEST_URI']; } $retval .= '<div id="changeauth"><a href="' . REST::htmlspecialchars($url) . '">Switch to ' . $switchto . '</a></div>'; } // if ($_SERVER['REQUEST_METHOD'] === 'GET') { // if ($_SERVER['SERVER_PORT'] == Portal::PORT_SSL) { // $switchto = 'X.509 Client Certificate Authentication'; // $url = 'https://' . $_SERVER['SERVER_NAME'] . ':' . Portal::PORT_SSL_CSA . // $_SERVER['REQUEST_URI']; // } else { // $switchto = 'Username/Password Authentication'; // $url = 'https://' . $_SERVER['SERVER_NAME'] . ':' . Portal::PORT_SSL . // $_SERVER['REQUEST_URI']; // } // $retval .= '<a href="' . REST::htmlspecialchars($url) . '">Switch to ' . // $switchto . '</a>'; // } $retval .= '</div></body></html>'; return $retval; }
* See the License for the specific language governing permissions and * limitations under the License. * * $Id: register.php 2459 2009-08-10 21:20:41Z pieterb $ **************************************************************************/ /** * File documentation. * @package Portal */ require_once 'include/global.php'; $referrer = empty($_GET['referrer']) ? null : REST::htmlspecialchars($_GET['referrer']); if (isset($_GET['email']) && isset($_GET['name'])) { // Check the email address for syntax: $_GET['email'] = strtolower($_GET['email']); if (!preg_match('/^[\\w\\d\\-.]+@[\\w\\d\\-]+(?:\\.[\\w\\d\\-]+)*\\.\\w+$/', $_GET['email'])) { REST::fatal(REST::HTTP_BAD_REQUEST, '<p>"' . REST::htmlspecialchars($_GET['email']) . '" is not a well-formed e-mail address.</p>'); } // Check the name: $_GET['name'] = preg_replace('/\\s+/', ' ', trim($_GET['name'])); if ($_GET['name'] === '') { REST::fatal(REST::HTTP_BAD_REQUEST, '<p>Please provide a display name.</p>'); } $escemail = Portal_MySQL::escape_string($_GET['email']); $escname = Portal_MySQL::escape_string($_GET['name']); // $dn = ($_SERVER['SERVER_PORT'] == Portal::PORT_SSL_CSA) // ? Portal_User::csa_dn() : null; // $escdn = Portal_MySQL::escape_string($dn); $password = Portal_User::createPassword(); $md5password = md5($password); Portal_MySQL::real_query(<<<EOS INSERT INTO `User` (`user_email`, `user_name`, `user_password`)
/** * Never returns */ public static function unauthorized() { if ($_SERVER['SERVER_PORT'] == Portal::PORT_PLAIN) { REST::redirect(REST::HTTP_TEMPORARY_REDIRECT, 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']); } header('WWW-Authenticate: Basic realm="Grid Portal"'); $register = REST::htmlspecialchars('https://' . $_SERVER['SERVER_NAME'] . Portal::portalURL() . 'register?referrer=' . urlencode(REST::urlbase() . $_SERVER['REQUEST_URI'])); REST::fatal(REST::HTTP_UNAUTHORIZED, "<p>You can register <a href=\"{$register}\">here</a>.</p>"); exit; }