private function handleMaintText()
{
if (array_key_exists("nren_maint_msg", $_POST)) {
if ($this->person->getNREN()->setMaintMsg($this->person, $_POST['nren_maint_msg'])) {
Framework::success_output($this->translateTag("l10n_nren_maint_msg_success", 'portal_config'));
} else {
Framework::error_output($this->translateTag("l10n_nren_maint_msg_failure", 'portal_config'));
}
}
}
public function pre_process($person)
{
parent::pre_process($person);
$script = file_get_contents('../include/fetch_attr.js');
$this->tpl->assign('rawScript', $script);
if (!$person->isNRENAdmin() && !$person->isSubscriberAdmin()) {
return;
}
if (isset($_POST['attributes_operation'])) {
switch ($_POST['attributes_operation']) {
case 'update_map':
$cn = Input::sanitizeText($_POST['cn']);
$mail = Input::sanitizeText($_POST['mail']);
/* only NREN-admin can change the mapping for
* - organization-identifier
* - entitlement
*/
if ($this->person->isNRENAdmin()) {
$epodn = Input::sanitizeText($_POST['epodn']);
$entitlement = Input::sanitizeText($_POST['entitlement']);
if ($this->person->getNREN()->saveMap($this->person->getEPPNKey(), $epodn, $cn, $mail, $entitlement)) {
Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes'));
}
} else {
if ($this->person->isSubscriberAdmin()) {
try {
$result = $this->person->getSubscriber()->saveMap($this->person->getEPPNKey(), $cn, $mail);
} catch (DBQueryException $dbqe) {
Framework::error_output($this->translateTag('l10n_err_updmap1', 'attributes') . "<br />" . $this->translateTag('l10n_label_cn', 'attributes') . ": " . htmlentities($cn) . "<br />" . $this->translateTag('l10n_label_mail', 'attributes') . ": " . htmlentities($mail) . "<br />" . $this->translateMessageTag('err_servsaid') . " " . htmlentities($dbqe->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbqe->getMessage());
} catch (DBStatementException $dbse) {
Framework::error_output("Could not update the subscriber-mapping, probably due to a " . "problem with the server-configuration. Server said: " . htmlentities($dbse->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbse->getMessage());
}
if ($result === true) {
Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes'));
}
}
}
break;
default:
Framework::error_output("Unknown operation chosen on attributes mask!");
break;
}
}
}
public function pre_process($person)
{
$res = true;
$this->setPerson($person);
$this->account = NRENAccount::get($this->person);
/* If the caller is not a nren-admin or Confusa is not in online mode, we stop here */
if (!$this->person->isNRENAdmin() || Config::get_config('ca_mode') != CA_COMODO) {
return false;
}
$login_name = false;
$password = false;
$ap_name = false;
if (isset($_POST['account']) && $_POST['account'] === 'edit') {
/* We must use POST as we may pass along a password and
* we do not want to set that statically in the subject-line. */
if (isset($_POST['login_name'])) {
$ln = $_POST['login_name'];
$login_name = Input::sanitizeText(htmlspecialchars($ln));
if ($ln === $login_name) {
$this->account->setLoginName($login_name);
$res = false;
} else {
/* FIXME: l10n */
Framework::error_output("The new login_name contains illegal characters, dropping new login!");
}
}
/* Do not sanitize password, we should allow special characters and
* stuff, we should url-encode it. If Comodo does not sanitize
* their password, it's their business, not ours. */
if (isset($_POST['password']) && $_POST['password'] !== "") {
$this->account->setPassword($_POST['password']);
}
if (isset($_POST['ap_name'])) {
$ap = $_POST['ap_name'];
$ap_name = Input::sanitizeText(htmlspecialchars($ap));
if ($ap === $ap_name) {
$this->account->setAPName($ap_name);
} else {
/* FIXME: l10n */
Framework::error_output("Cleaned ap-name and it contains illegal characters, dropping new name!");
$res = false;
}
}
/* should we validate? */
try {
$validate = false;
if (isset($_POST['verify_ca_cred']) && $_POST['verify_ca_cred'] === "yes") {
$validate = true;
}
if ($this->account->save($validate)) {
/* FIXME: l10n */
Framework::success_output("CA Account details successfully updated!");
} else {
Framework::message_output("No changes to account-details, not updating.");
}
} catch (ConfusaGenException $cge) {
/* FIXME: l10n */
Framework::error_output("Could not update account-data: " . $cge->getMessage());
}
}
parent::pre_process($person);
return $res;
}
private function deleteAdmin($admin, $level)
{
/* does the current user have the rights? */
try {
$query = "SELECT a.* FROM admins a LEFT JOIN nrens n on n.nren_id = a.nren";
$query .= " WHERE (a.admin=? OR a.admin=?) AND n.name=?";
$res = MDB2Wrapper::execute($query, array('text', 'text', 'text'), array($admin, $this->person->getEPPN(), $this->person->getNREN()));
switch (count($res)) {
case 0:
Framework::error_output("Did not find neither the admin to delete or the current admin in the database. Cannot continue.");
return;
case 1:
if ($res[0]['admin'] != $admin) {
Framework::error_output("Cannot find the admin to delete in the admins-table. Cannot continue.");
return;
}
break;
case 2:
$id = 0;
if ($res[1]['admin'] == $admin) {
$id = 1;
}
$nrenID = $res[$id]['nren'];
$subscriberID = $res[$id]['subscriber'];
break;
default:
Framework::error_output("Too many hits in the database. Cannot decide where to go from here.");
return;
}
} catch (DBStatementException $dbse) {
$msg = "Cannot find id-values in the database due to server problems. Server said: " . htmlentities($dbse->getMessage());
Framework::error_output($msg);
return;
} catch (DBQueryException $dbqe) {
$msg = "Cannot find id-values due to data inconsistency. Server said: " . htmlentities($dbqe->getMessage());
Framework::error_output($msg);
return;
}
/* Find the admin-level of both admins and make sure that the
* enforcer (the admin performing the deletion) has the rights
* to do so. */
if ($res[0]['admin'] == $admin) {
$targetLevel = (int) $res[0]['admin_level'];
$enforcerLevel = (int) $res[1]['admin_level'];
} else {
$targetLevel = (int) $res[1]['admin_level'];
$enforcerLevel = (int) $res[0]['admin_level'];
}
if ($enforcerLevel < $targetLevel) {
Framework::error_output("Cannot delete admin with higher admin-level.");
return;
}
if ($targetLevel == NREN_ADMIN) {
$query = "DELETE FROM admins WHERE admin=? AND nren=?";
$params = array('text', 'text');
$data = array($admin, $nrenID);
} else {
$query = "DELETE FROM admins WHERE admin=? AND nren=? AND subscriber=?";
$params = array('text', 'text', 'text');
$data = array($admin, $nrenID, $subscriberID);
}
try {
MDB2Wrapper::update($query, $params, $data);
Logger::log_event(LOG_INFO, "Successfully deleted admin {$admin} with level {$targetLevel}");
} catch (DBStatementException $dbse) {
Framework::error_output("Could not delete the admin because the statement was bad " . "Please contact an administrator. Server said " . htmlentities($dbse->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . ": Problem occured when trying to delete " . "admin {$admin} with level {$level}: " . $dbse->getMessage());
} catch (DBQueryException $dbqe) {
Framework::error_output("Could not delete the admin because of problems with the " . "received data. Server said " . htmlentities($dbqe->getMessage()));
Logger::log_event(LOG_INFO, __FILE__ . ":" . __LINE__ . ": Problem occured when tyring to delete " . "admin {$admin} with level {$level}: " . $dbqe->getMessage());
}
Framework::success_output($this->translateTag('l10n_suc_deleteadm1', 'admin') . " " . htmlentities($admin));
}
private function mailCert($authKey)
{
try {
$cert = $this->ca->getCert($authKey);
if (isset($cert)) {
$mm = new MailManager($this->person, Config::get_config('sys_from_address'), Config::get_config('system_name'), Config::get_config('sys_header_from_address'));
$mm->setSubject($this->translateTag('l10n_mail_subject', 'download'));
$mm->setBody($this->translateTag('l10n_mail_body', 'download'));
$mm->addAttachment($cert, 'usercert.pem');
if (!$mm->sendMail()) {
Framework::error_output($this->translateMessageTag('downl_err_sendmail'));
return false;
}
} else {
return false;
}
} catch (ConfusaGenException $e) {
Framework::error_output($this->translateMessageTag('downl_err_sendmail2') . " " . htmlentities($e->getMessage()));
return false;
}
Framework::success_output($this->translateMessageTag('downl_suc_mail'));
}
/**
* delSubscriber - remove the subscriber from the NREN and Confusa.
*
* This will remove the subscriber *permanently* along with all it's
* affiliated subscriber admins (this is handled by the database-schema
* with the 'ON DELETE CASCADE'.
*
* @param id String|integer the ID of the institution/subscriber in the database.
*
*/
private function delSubscriber($id)
{
if (!isset($id) || $id === "") {
Framework::error_output("Cannot delete subscriber with unknown id!");
}
$nren = $this->person->getNREN();
/*
* Make sure that we are deleting a subscriber from the current NREN.
*/
try {
$query = "SELECT nren_id, subscriber FROM nren_subscriber_view ";
$query .= "WHERE nren=? AND subscriber_id=?";
$res = MDB2Wrapper::execute($query, array('text', 'text'), array($this->person->getNREN(), $id));
} catch (DBQueryException $dbqe) {
$errorTag = PW::create();
$msg = "Could not delete subscriber with ID {$id} from DB.";
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "delSubscriber()", $msg, __LINE__, $errorTag);
Framework::message_output($msg . "<br />[{$errorTag}] Server said: " . htmlentities($dbqe->getMessage()));
return false;
} catch (DBStatementException $dbse) {
$errorTag = PW::create();
$msg = "Could not delete subsriber with ID {$id} from DB, due to problems with the " . "statement. Probably this is a configuration error. Server said: " . $dbse->getMessage();
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "delSubscriber()", $msg, __LINE__, $errorTag);
Framework::message_output("[{$errorTag}]" . htmlentities($msg));
return false;
}
if (count($res) != 1) {
Framework::error_output("Could not find a unique NREN/subscriber pair for subscriber with id " . htmlentities($id));
return false;
}
$nren_id = $res[0]['nren_id'];
$subscriberName = $res[0]['subscriber'];
if (!isset($nren_id) || $nren_id == "") {
Framework::error_output("Could not get the NREN-ID for subscriber " . htmlentities($id) . "Will not delete subscriber (" . htmlentites($id) . ").");
return false;
}
/*
* Revoke all certificates for subscriber
*/
$ca = CAHandler::getCA($this->person);
$list = $ca->getCertListForPersons("", $subscriberName);
$count = 0;
foreach ($list as $key => $value) {
try {
if (isset($value['auth_key'])) {
echo "<pre>\n";
print_r($value);
echo "</pre>\n";
if ($ca->revokeCert($value['auth_key'], "privilegeWithdrawn")) {
$count = $count + 1;
}
}
} catch (CGE_KeyRevokeException $kre) {
echo $kre->getMessage() . "<br />\n";
}
Logger::logEvent(LOG_INFO, "NRENAdmin", "delSubscriber()", "Deleting subscriber, revoked {$count} issued certificates " . "for subscriber {$subscriberName}.");
}
MDB2Wrapper::update("DELETE FROM subscribers WHERE subscriber_id = ? AND nren_id = ?", array('text', 'text'), array($id, $nren_id));
Logger::logEvent(LOG_INFO, "NRENAdmin", "delSubscriber()", "Deleted subscriber with ID {$id}.\n");
$msg = $this->translateTag('l10n_suc_deletesubs1', 'nrenadmin') . htmlentities($subscriberName) . $this->translateTag('l10n_suc_deletesubs2', 'nrenadmin') . " " . htmlentities($id) . ". " . $this->translateTag('l10n_suc_deletesubs3', 'nrenadmin') . " " . $count . " " . $this->translateTag('l10n_suc_deletesubs4', 'nrenadmin');
Framework::success_output($msg);
}
/**
* deleteCertificate() - remove a certificate associated with the
* subscriber from the database.
*
* @param String $serial the serial-number of the certificate.
* @return Boolean the result.
*/
private function deleteCertificate($serial)
{
$cert = $this->getRobotCert($serial);
if (isset($cert)) {
try {
MDB2Wrapper::update("DELETE FROM robot_certs WHERE id=?", array('text'), array($cert['id']));
Framework::success_output($this->translateTag('l10n_suc_deletecert1', 'robot') . htmlentities($serial) . $this->translateTag('l10n_suc_deletecert2', 'robot'));
Logger::log_event(LOG_NOTICE, "[RI] " . $this->person->getEPPN() . " from " . $this->person->getSubscriber()->getOrgName() . " deleted certificate {$serial} from the database");
return true;
} catch (Exception $e) {
Framework::error_output(htmlentities($e->getMessage()));
return false;
}
} else {
Framework::error_output("Could not find certificate (" . htmlentities($serial) . ") in database.");
return false;
}
/* Unreachable, but nevertheless */
return false;
}
/**
* Delete the NREN logo for the given position within Confusa. This will
* really delete the physical file containing the logo.
*
* @param $position string a position from
* ConfusaConstants::$ALLOWED_IMG_POSITIONS
* @param $nren string the name of the NREN, whose custom-logo should be
* removed
* @return void
*/
private function deleteLogo($position, $nren)
{
$basepath = Config::get_config('custom_logo') . $nren . "/custom_";
$basepath .= $position . ".";
$result = FALSE;
foreach (ConfusaConstants::$ALLOWED_IMG_SUFFIXES as $sfx) {
$logoName = $basepath . $sfx;
if (file_exists($logoName)) {
$result = unlink($logoName);
break;
}
}
if ($result === FALSE) {
Framework::error_output($this->translateTag('l10n_error_delete_logo', 'stylist'));
Logger::log_event(LOG_INFO, "[nadm] Error when trying to delete " . "NREN logo {$logoName}, for NREN {$nren}.");
} else {
Framework::success_output($this->translateTag('l10n_success_delete_logo', 'stylist'));
}
}
/**
* Update the contact information for a subscriber to a new value
*
* @param $contact_email string A general subscriber-mail address
* @param $contact_phone string The (main) phone number of the subscriber
* @param $resp_name string The name of a responsible person at the subscr.
* @param $resp_email string e-mail address of a responsible person
* @param $help_url string URL of the subscriber's helpdesk
* @param $help_email string e-mail address of the subscriber's helpdesk
* @param $language string the language code for the subscriber's preferred
* language
*/
private function updateSubscriberContact($language)
{
$subscriber = $this->person->getSubscriber();
$subscriber->setEmail($contact_email);
$subscriber->setPhone($contact_phone);
$subscriber->setRespName($resp_name);
$subscriber->setRespEmail($resp_email);
$subscriber->setHelpURL($help_url);
$subscriber->setHelpEmail($help_email);
$subscriber->setLanguage($language);
try {
$subscriber->save();
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateTag('l10n_err_updatesubscr', 'contactinfo') . " " . htmlentities($cge->getMessage()));
Logger::log_event(LOG_INFO, "[sadm] Could not update " . "contact of subscriber {$subscriber}: " . $cge->getMessage());
}
Framework::success_output($this->translateTag('l10n_suc_updatesubscr', 'contactinfo') . " " . htmlentities($subscriber->getIdPName()) . ".");
Logger::log_event(LOG_DEBUG, "[sadm] Updated contact for subscriber {$subscriber}.");
}
