function __construct($person) { parent::__construct($person); $this->attributes = array(); $this->idp = ""; $personIndex = 0; try { $personIndex = (int) Config::get_config('bypass_id'); } catch (KeyNotFoundException $knfe) { Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . " bypass_id not set in config. Using default ID."); } switch ($personIndex) { case 0: $this->attributes = array('cn2' => array('John Doe'), 'eduPersonPrincipalName' => array('*****@*****.**'), 'mail2' => array('*****@*****.**'), 'country' => array('NN'), 'organization' => array('o=Hogwarts, dc=hsww, dc=wiz'), 'nren' => array('testnren'), 'eduPersonEntitlement2' => array('urn:mace:feide.no:sigma.uninett.no:confusa')); $this->idp = "idp.example.org"; break; case 1: $this->attributes = array('cn2' => array('Jane Doe'), 'eduPersonPrincipalName' => array('*****@*****.**'), 'mail2' => array('*****@*****.**', '*****@*****.**', '*****@*****.**'), 'country' => array('NN'), 'organization' => array('o=Barad, dc=Dur'), 'nren' => array('testnren'), 'eduPersonEntitlement2' => array('urn:mace:feide.no:sigma.uninett.no:confusaAdmin', 'urn:mace:feide.no:sigma.uninett.no:confusa')); $this->idp = "idp.example.org"; break; case 2: default: $this->attributes = array('cn2' => array('Ola Nordmann'), 'eduPersonPrincipalName' => array('*****@*****.**', '*****@*****.**', '*****@*****.**'), 'mail2' => array('*****@*****.**'), 'country' => array('NO'), 'organization' => array('o=Hogwarts, dc=hsww, dc=wiz'), 'nren' => array('testnren'), 'eduPersonEntitlement2' => array('urn:mace:feide.no:sigma.uninett.no:confusa')); $this->idp = "idp.example.org"; break; } }
/** * Get the version of the currently running Confusa instance. * * @return Version in the format major.minor.extra * @throws ConfusaGenException if the version of Confusa can not be determined */ public static function getConfusaVersion() { $version_file = file_get_contents(Config::get_config('install_path') . '/VERSION'); $major_v_line_start = strpos($version_file, "MAJOR_VERSION="); $major_v_line_end = strpos($version_file, "\n", $major_v_line_start); if ($major_v_line_start === false || $major_v_line_end === false) { throw new ConfusaGenException("Could not determine the major version of Confusa!" . " Please contact an administrator about that!"); } $major_v_line_start += 14; $major_version = substr($version_file, $major_v_line_start, $major_v_line_end - $major_v_line_start); $minor_v_line_start = strpos($version_file, "MINOR_VERSION="); $minor_v_line_end = strpos($version_file, "\n", $minor_v_line_start); if ($minor_v_line_start === false || $minor_v_line_end === false) { throw new ConfusaGenException("Could not determine the minor version of Confusa!" . " Please contact an administrator about that!"); } $minor_v_line_start += 14; $minor_version = substr($version_file, $minor_v_line_start, $minor_v_line_end - $minor_v_line_start); $extra_v_line_start = strpos($version_file, "EXTRA_VERSION="); $extra_v_line_end = strpos($version_file, "\n", $extra_v_line_start); if ($extra_v_line_start === false || $extra_v_line_end === false) { throw new ConfusaGenException("Could not determine the extra version of Confusa!" . " Please contact an administrator about that!"); } $extra_v_line_start += 14; $extra_version = substr($version_file, $extra_v_line_start, $extra_v_line_end - $extra_v_line_start); $confusaVersion = $major_version . "." . $minor_version . "." . $extra_version; return $confusaVersion; }
/** * sanitize a subscriber org-name (the /O= name in the subject DN). * This function does not perform any validation whatsoever, it just removes * characters that are not meant to be in subject-DN org-name. * * Update: it was discovered that the CA backend did not eat ',' in the * orgname too well and needs to be stripped out. * * @param $input string an input which is supposed to be a subscriber * org-name * @return string the sanitized input string */ static function sanitizeOrgName($input) { $output = preg_replace('/[^a-z0-9@_\\-\\.\\s]/i', '', $input); if (Config::get_config('cert_product') == PRD_ESCIENCE) { /* cannot use ',' and length > 64 */ return substr($output, 0, 64); } return $output; }
public function __construct() { $this->tpl = new Smarty(); $this->tpl->template_dir = Config::get_config('install_path') . 'templates'; $this->tpl->compile_dir = ConfusaConstants::$SMARTY_TEMPLATES_C; $this->tpl->config_dir = Config::get_config('install_path') . 'lib/smarty/configs'; $this->tpl->cache_dir = ConfusaConstants::$SMARTY_CACHE; $this->logErrors = array(); }
/** * dumpSession() dump the content of the session to stdout. * * This is only available when debug is enabled. */ public static function dumpSession() { if (Config::get_config('debug')) { self::testSession(); echo "<pre>\n"; echo "Session name. " . session_name() . "\n"; print_r($_SESSION); echo "</pre>\n"; } }
/** * test_content - test a CSR for deficiencies * * This function is to be used when testing uploaded CSRs for flaws and errors. * It will test for: * - common text-patterns * - that the key meets the required key-length * - that it is a normal CSR (previous point will fail if it is a 'bogus' CSR * - that the auth_url is derived from the supplied CSR */ function test_content($content, $auth_url) { $testres = true; /* check for start */ $start = substr($content, 0, strlen("-----BEGIN CERTIFICATE REQUEST-----")); $end = substr($content, -(strlen("-----END CERTIFICATE REQUEST-----") + 1), -1); /* test start and ending of certificate */ if (strcmp("-----BEGIN CERTIFICATE REQUEST-----", $start) !== 0 && strcmp("-----END CERTIFICATE REQUEST-----", $end) !== 0) { Framework::error_output("malformed CSR. Please upload a proper CSR to the system."); return false; } /* test type. IGTF will soon change the charter to *not* issue DSA * certificates */ if (get_algorithm($content) !== "rsa") { Framework::error_output("Will only accept RSA keys!"); return false; } /* * test length of pubkey */ $length = Config::get_config('min_key_length'); if (csr_pubkey_length($content) < $length) { Framework::error_output("Uploaded key is not long enough. Please download a proper keyscript and try again."); return false; } /* * test CSR to blacklist. It is safe to call exec as we have tested the * content of the CSR. */ $cmd = "echo \"{$content}\" | openssl-vulnkey -"; exec($cmd, $output, $return_val); switch ($return_val) { case 0: /* key is not blacklisted */ break; case 1: Framework::error_output("Uploaded CSR is blacklisted!"); return false; case 127: Logger::log_event(LOG_ERR, __FILE__ . ":" . __LINE__ . " openssl-vulnkey not installed"); break; default: Logger::log_event(LOG_DEBUG, __FILE__ . ":" . __LINE__ . " Unknown return ({$return_val}) value from shell"); break; } /* * test authenticity of auth_url */ $hash = pubkey_hash($content, true); if (substr($hash, 0, ConfusaConstants::$AUTH_KEY_LENGTH) != $auth_url) { Framework::error_output("Uploaded key ({$hash}) and auth_url ({$auth_url}) does not match"); return false; } return true; }
function process() { if (CS::getSessionKey('hasAcceptedAUP') !== true) { Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr")); return; } $user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user')); $this->tpl->assign('email_status', $this->person->getNREN()->getEnableEmail()); $this->tpl->assign('user_cert_enabled', $user_cert_enabled); $this->tpl->assign('content', $this->tpl->fetch('select_email.tpl')); }
public function process() { if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->tpl->assign('cps', ConfusaConstants::$LINK_PERSONAL_CPS); } else { $this->tpl->assign('cps', ConfusaConstants::$LINK_ESCIENCE_CPS); } Logger::log_event(LOG_INFO, "User acknowledged session: " . CS::getSessionKey('hasAcceptedAUP')); $this->tpl->assign('aup_session_state', CS::getSessionKey('hasAcceptedAUP')); $this->tpl->assign('privacy_notice_text', $this->person->getNREN()->getPrivacyNotice($this->person)); $this->tpl->assign('content', $this->tpl->fetch('confirm_aup.tpl')); }
function show_headers() { global $title; global $extra_header; echo "<HTML>\n"; echo "<HEAD>\n"; echo "{$extra_header}\n"; echo "<TITLE>" . Config::get_config('system_name') . "{$title}</TITLE>\n"; echo "<LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"confusa.css\">\n"; echo "<LINK REL=\"shortcut icon\" HREF=\"graphics/icon.gif\" TYPE=\"image/gif\"/>\n"; echo "</HEAD>\n"; }
public function pre_process($person) { parent::pre_process($person); $authvar = ""; $csr = null; if (isset($_POST['signCSR'])) { $this->signCSR(Input::sanitizeCertKey($_POST['signCSR'])); return; } /* Testing for uploaded files */ if (isset($_FILES['user_csr']['name'])) { try { $csr = CSRUpload::receiveUploadedCSR('user_csr', true); } catch (FileException $fileEx) { $msg = $this->translateTag('l10n_err_csrproc', 'processcsr'); Framework::error_output($msg . $fileEx->getMessage()); $this->csr = null; return; } } else { if (isset($_POST['user_csr'])) { try { $csr = CSRUPload::receivePastedCSR('user_csr'); } catch (ConfusaGenException $cge) { $msg = $this->translateTag('l10n_err_no_csr', 'processcsr'); Framework::error_output($msg . $cg - e > getMessage()); $this->csr = null; return; } } else { /* No CSR present, neither paste nor file, kindly bump user */ Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr')); return; } } if (!$csr->isValid()) { $msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr'); $msg .= Config::get_config('min_key_length'); $msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr'); Framework::error_output($msg); $this->csr = null; return; } if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) { $csr->setUploadedDate(date("Y-m-d H:i:s")); $csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']); $csr->storeDB($this->person); $this->csr = $csr; } }
/** * Get the auth manager based on the request * * @param $person The person for which the auth_manager should be created * @return an instance of Confusa_Auth */ public static function getAuthManager($person) { if (!isset(AuthHandler::$auth)) { if (Config::get_config('auth_bypass') === TRUE) { require_once 'Confusa_Auth_Bypass.php'; AuthHandler::$auth = new Confusa_Auth_Bypass($person); } else { /* Start the IdP and create the handler */ require_once 'Confusa_Auth_IdP.php'; AuthHandler::$auth = new Confusa_Auth_IdP($person); } } return AuthHandler::$auth; }
/** * Decorate the about::confusa template with the information from the * VERSION file */ private function assignVersionVariables() { try { $confusaVersion = MetaInfo::getConfusaVersion(); } catch (ConfusaGenException $cge) { Framework::error_output("Could not determine the version of Confusa! " . "Please contact an administrator about that!"); } $version_path = Config::get_config('install_path') . "VERSION"; $version_file = file_get_contents($version_path); $this->tpl->assign('cVersion', $confusaVersion); $cdn_line_start = strpos($version_file, "NAME="); $cdn_line_end = strpos($version_file, "\n", $cdn_line_start); if ($cdn_line_start === false || $cdn_line_end === false) { Framework::error_output("Could not determine the version codename of " . "Confusa! Please contact an administrator about " . "that!"); } $cdn_line_start += 5; $versionCodename = substr($version_file, $cdn_line_start, $cdn_line_end - $cdn_line_start); $this->tpl->assign('cCodename', $versionCodename); }
public function process() { $nren = $this->person->getNREN(); if (isset($nren) && $this->person->isAuth()) { $helpText = $nren->getHelpText($this->person); if (isset($helpText)) { $this->tpl->assign('nren_help_text', $helpText); } else { $this->tpl->assign('nren_contact_email', $nren->getContactEmail(true)); } if (Config::get_config('cert_product') == PRD_ESCIENCE) { $this->tpl->assign('portal_escience', true); } $this->tpl->assign('nren', $nren->getName()); $this->tpl->assign('content', $this->tpl->fetch('help.tpl')); } else { $this->tpl->assign('content', $this->tpl->fetch('help.tpl')); return; } }
/** * Constructor * * Note that the person is tied to a OAuth datastore here */ function __construct($person = NULL) { parent::__construct($person); /* Find the path to simpelsamlphp and run the autoloader */ try { $sspdir = Config::get_config('simplesaml_path'); } catch (KeyNotFoundException $knfe) { echo "Cannot find path to simplesaml. This install is not valid. Aborting.<br />\n"; Logger::log_event(LOG_ALERT, "Trying to instantiate simpleSAMLphp without a configured path."); exit(0); } require_once $sspdir . '/lib/_autoload.php'; SimpleSAML_Configuration::setConfigDir($sspdir . '/config'); $this->oauthStore = new OAuthDataStore_Confusa(); $this->oauthServer = new sspmod_oauth_OAuthServer($this->oauthStore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $this->oauthServer->add_signature_method($hmac_method); $req = OAuthRequest::from_request(); list($consumer, $this->accessToken) = $this->oauthServer->verify_request($req); $this->isAuthenticated = isset($this->accessToken); }
public function __construct($name) { $oConfig = Config::get_config('DB'); $aDatabases = $oConfig->get('databases'); if (!$aDatabases[$name]) { throw new Exception('Invalid Database'); } $aParams = $aDatabases[$name]; $sHost = $aParams[0]; if ($aParams[1]) { $sHost .= ':' . $aParams[1]; } $this->db = mysql_pconnect($sHost, $aParams[2], $aParams[3]); $retry = 0; while (!$this->db && ++$retry < 3) { _WARN('Could not connect to DB, attempt ' . $retry); $this->db = mysql_pconnect($sHost, $aParams[2], $aParams[3]); usleep(500); } if (!$this->db) { throw new Exception('Database connection failed'); } mysql_select_db($aParams[4]); }
public function process() { if (!$this->person->isNRENAdmin()) { $errorTag = PW::create(); Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . " tried to access the accountant.", __LINE__, $errorTag); $this->tpl->assign('reason', "[{$errorTag}] You are not an NREN-admin"); $this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl')); return; } else { if (Config::get_config('ca_mode') != CA_COMODO) { $errorTag = PW::create(); Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . "tried to access the accountant, " . "even though Confusa is not using the Comodo CA.", __LINE__, $errorTag); $this->tpl->assign('reason', "[{$errorTag}] Confusa is not using Comodo CA"); $this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl')); return; } } /* set fields in template */ if (!$this->account->getLoginName()) { $this->tpl->assign('login_name', $this->translateTag('l10n_fieldval_undefined', 'accountant')); } else { $this->tpl->assign('login_name', $this->account->getLoginName()); } if (!$this->account->getPassword()) { $this->tpl->assign('password', $this->translateTag('l10n_fieldval_undefined', 'accountant')); } else { $this->tpl->assign('password', $this->translateTag('l10n_label_passwhidden', 'accountant')); } if (!$this->account->getAPName()) { $this->tpl->assign('ap_name', $this->translateTag('l10n_fieldval_undefined', 'accountant')); } else { $this->tpl->assign('ap_name', $this->account->getAPName()); } $this->tpl->assign('verify_ca', 'yes'); $this->tpl->assign('content', $this->tpl->fetch('accountant.tpl')); }
} catch (Exception $e) { echo $e->getMessage(); exit(0); } $name = $parsedXML->getName(); if ($name != "ConfusaRobot") { echo "Wrong type of XML. Aborting.\n"; exit(0); } foreach ($parsedXML as $key => $value) { switch ($key) { case 'revocationList': $res = Robot::parseRevList($value, $admin); break; default: if (Config::get_config('debug')) { echo "Unknown type ({$key}). Are you sure you are following the DTD?\n"; /* only exit in debug-mode to minimize * number of log-entries etc. * * In prod. we want to parse the entire file. */ exit(0); } break; } } } if (!is_null($res)) { printXMLRes($res, 'revokeList'); }
/** * Send the mail to the recipient * * @return boolean true, if succesful, false otherwise */ public function sendMail() { if (!Config::get_config('auth_bypass')) { return $this->mailer->Send(); } return false; }
require_once 'confusa_include.php'; require_once 'Config.php'; require_once 'Input.php'; require_once 'confusa_constants.php'; /* * Get the custom NREN logo from the filesystem and return it as an image */ if (isset($_GET['nren'])) { $nren = Input::sanitize($_GET['nren']); $position = Input::sanitize($_GET['pos']); $suffix = Input::sanitize($_GET['suffix']); $logo_path = Config::get_config('custom_logo') . $nren . '/custom_' . $position . '.'; $logo_path .= $suffix; } else { if (isset($_GET['op'])) { $logo_path = Config::get_config('operator_logo'); $suffix = substr($logo_path, strlen($logo_path) - 3, strlen($logo_path) - 1); } else { exit(1); } } /* * Search if there is one custom.png, custom.jpg or custom.any_other_ * allowed_suffix file in the custom-logo folder. * * If there isn't return null */ if (file_exists($logo_path)) { $fp = fopen($logo_path, "r"); $image = fread($fp, filesize($logo_path)); fclose($fp);
private function mailCert($authKey) { try { $cert = $this->ca->getCert($authKey); if (isset($cert)) { $mm = new MailManager($this->person, Config::get_config('sys_from_address'), Config::get_config('system_name'), Config::get_config('sys_header_from_address')); $mm->setSubject($this->translateTag('l10n_mail_subject', 'download')); $mm->setBody($this->translateTag('l10n_mail_body', 'download')); $mm->addAttachment($cert, 'usercert.pem'); if (!$mm->sendMail()) { Framework::error_output($this->translateMessageTag('downl_err_sendmail')); return false; } } else { return false; } } catch (ConfusaGenException $e) { Framework::error_output($this->translateMessageTag('downl_err_sendmail2') . " " . htmlentities($e->getMessage())); return false; } Framework::success_output($this->translateMessageTag('downl_suc_mail')); }
/** * Render the page for a NREN-admin */ private function processNRENAdmin() { $admins = $this->getNRENAdmins($this->person->getNREN()); try { /* Get a list of subscribers (as * Subscriber-objects) */ $subscribers = $this->person->getNREN()->getSubscriberList('name'); } catch (DBQueryException $dbqe) { Framework::error_output("Cannot retrieve subscriber from database!<br /> " . "Probably wrong syntax for query, ask an admin to investigate." . "Server said: " . htmlentities($dbse->getMessage())); } catch (DBStatementException $dbse) { Framework::error_output("Query failed. This probably means that the values passed to the " . "database are wrong. Server said: " . htmlentities($dbqe->getMessage())); } $current_subscriber = null; /* Are we looking at a particular subscriber? */ if (isset($_POST['subscriberID'])) { $current_subscriber_id = Input::sanitizeID($_POST['subscriberID']); foreach ($subscribers as $nren_subscriber) { if ($nren_subscriber->getDBID() == $current_subscriber_id) { $current_subscriber = $nren_subscriber; break; } } } else { if (!is_null($subscribers)) { $current_subscriber = $subscribers[0]; } } if (isset($current_subscriber)) { $subscriber_admins = $this->getSubscriberAdmins($current_subscriber->getDBID(), SUBSCRIBER_ADMIN); $this->tpl->assign('subscriber', $current_subscriber); $this->tpl->assign('subscriber_admins', $subscriber_admins); } /* does the NREN-admin have the admin-entitlement (for downgrading)? */ if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin'))) { $this->tpl->assign('has_adm_entl', true); } else { $this->tpl->assign('has_adm_entl', false); } $nren = $this->person->getNREN(); $idpList = $nren->getIdPList(); /* append an empty entry to the beginning */ $idpList = array_merge((array) '-', $idpList); $this->tpl->assign('idps', $idpList); $this->tpl->assign('nren_admins', $admins); $this->tpl->assign('nren', $nren); $this->tpl->assign('subscribers', $subscribers); }
/** * Display CSR generation choices. Fail if user has not accepted AUP * or number of registered e-mail addresses does not match the number * mandated by the NREN. * @see Content_Page::process() */ function process() { if (CS::getSessionKey('hasAcceptedAUP') !== true) { Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr")); return; } $numberRequiredEmails = $this->person->getNREN()->getEnableEmail(); switch ($numberRequiredEmails) { case 'n': case '0': break; case '1': case 'm': $numberEmails = count($this->person->getRegCertEmails()); if ($numberEmails < 1) { Framework::error_output($this->translateTag('l10n_err_emailmissing', 'processcsr')); $this->tpl->assign('disable_next_button', true); } break; default: break; } if (isset($_GET['show'])) { switch ($_GET['show']) { case 'upload_csr': /* FIXME: constants */ $this->tpl->assign('nextScript', 'upload_csr.php'); $this->tpl->assign('upload_csr', true); break; case 'paste_csr': $this->tpl->assign('nextScript', 'upload_csr.php'); $this->tpl->assign('paste_csr', true); break; default: $this->tpl->assign('nextScript', 'browser_csr.php'); $this->tpl->assign('browser_csr', true); break; } } else { $this->tpl->assign('nextScript', 'browser_csr.php'); $this->tpl->assign('browser_csr', true); } $user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user')); $this->tpl->assign('user_cert_enabled', $user_cert_enabled); $this->tpl->assign('content', $this->tpl->fetch('receive_csr.tpl')); }
/** * Return if this person may request a new certificate. This is dependant * on a few conditions: * - person is fully decorated * - 'confusa' entitlement is set * - subscriber of the person is in state 'subscribed' * * @return permission object containing * permissionGranted true/false based on whether the permission was granted * reasons array with reasons for granting/rejecting the permissions */ public function mayRequestCertificate() { $permission = new Permission(); $permission->setPermission(true); $translator = new Translator(); $translator->guessBestLanguage($this); if (empty($this->eppn)) { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_reas_malfeppn', 'reasons')); } if (empty($this->given_name)) { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_reas_nogivenname', 'reasons')); } if (empty($this->email)) { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_reas_noemailaddr', 'reasons')); } if (is_null($this->getNREN()->getCountry()) || $this->getNREN()->getCountry() == "") { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_reas_nocountryname', 'reasons')); } $subscriberOrgName = $this->subscriber->getOrgName(); if (empty($subscriberOrgName)) { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons')); } if (Config::get_config('capi_test') && Config::get_config('ca_mode') === CA_COMODO && $subscriberOrgName == ConfusaConstants::$CAPI_TEST_O_PREFIX) { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons')); } if (empty($this->entitlement) || !$this->testEntitlementAttribute(Config::get_config('entitlement_user'))) { $permission->setPermission(false); $permission->addReason(Config::get_config('entitlement_user') . " " . $translator->getTextForTag('l10n_reas_noentitlement', 'reasons')); } $query = "SELECT org_state FROM subscribers WHERE name=?"; /* Bubble up exceptions */ $res = MDB2Wrapper::execute($query, array('text'), array($this->subscriber->getIdPName())); if (count($res) == 0) { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_instunkn1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instunkn2', 'reasons')); return $permission; } else { if (count($res) > 1) { throw new CGE_AuthException("More than one DB-entry with same subscriberOrgName " . $this->subscriber->getOrgName()); } } if ($res[0]['org_state'] !== 'subscribed') { $permission->setPermission(false); $permission->addReason($translator->getTextForTag('l10n_instnsubscr1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instnsubscr2', 'reasons')); } return $permission; }
/** * updateFromDB() update the current subscriber-object with fresh data * from the database. * * @param void * @return Boolean true on sucess. * @access private */ private function updateFromDB() { if ($this->pendingChanges) { /* WARNING, we may get corrupted data * Should never be here, but even so? * * FIXME: decide: error-handling, or ignore? */ if (Config::get_config('debug')) { echo __CLASS__ . "::" . __FUNCTION__ . " Warning! updating values from DB while " . "there are uncommited messages in Subscriber"; } } $query = "SELECT * FROM subscribers WHERE name=:subscriber_name AND nren_id=:nren_id"; $data = array(); $data['subscriber_name'] = $this->idp_name; $data['nren_id'] = $this->nren->getID(); try { $res = MDB2Wrapper::execute($query, null, $data); if (count($res) != 1) { return false; } } catch (DBStatementException $dbse) { $msg = "Cannot connect properly to database, some internal error. "; $msg .= "Make sure the DB is configured correctly."; throw new ConfusaGenException($msg); } catch (DBQueryException $dbqe) { $msg = "Cannot connect properly to database, "; $msg .= "errors with supplied data."; throw new ConfusaGenException($msg); } /* Update all subscriber-data */ $this->setDBID($res[0]['subscriber_id']); $this->setEmail($res[0]['subscr_email'], false); $this->setPhone($res[0]['subscr_phone'], false); $this->setRespName($res[0]['subscr_resp_name'], false); $this->setRespEmail($res[0]['subscr_resp_email'], false); $this->setOrgName($res[0]['dn_name']); $this->setState($res[0]['org_state'], false); $this->setComment($res[0]['subscr_comment'], false); $this->setLanguage($res[0]['lang'], false); $this->setHelpURL($res[0]['subscr_help_url'], false); $this->setHelpEmail($res[0]['subscr_help_email'], false); return true; }
public function pre_process($person) { parent::pre_process($person); /* If user is not subscriber- or nren-admin, we stop here */ if (!$this->person->isNRENAdmin()) { return false; } /* are we running in grid-mode? We must check this before we do * any other processing */ if (Config::get_config('cert_product') == PRD_ESCIENCE) { $this->tpl->assign('confusa_grid_restrictions', true); } else { $this->tpl->assign('confusa_grid_restrictions', false); } /* if the function exists due to failed field validation, it should * display all affected fiels. Everything else is very annoying for * the user. */ $this->validationErrors = false; /* handle nren-flags */ if (isset($_POST['subscriber'])) { if (isset($_POST['id'])) { $id = Input::sanitizeID($_POST['id']); } if (isset($_POST['state'])) { $state = Input::sanitizeOrgState($_POST['state']); } if (isset($_POST['db_name'])) { $db_name_trim = trim($_POST['db_name']); $this->form_data['db_name'] = htmlentities($db_name_trim); if ($this->form_data['db_name'] != $db_name_trim) { $this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm'); $this->form_data['db_name'] = ""; $this->form_data['db_name_invalid'] = true; $this->validationErrors = true; } } /* db_name */ if (isset($_POST['dn_name'])) { $dn_name_trim = trim($_POST['dn_name']); /* personal certificates may have UTF-8 chars in the DN */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim); } else { $this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim); } /* warn user if characters got sanitized away */ if ($this->form_data['dn_name'] != $dn_name_trim) { $this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname'); $this->form_data['dn_name'] = ""; $this->form_data['dn_name_invalid'] = true; $this->validationErrors = true; } } /* dn_name */ if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") { $subscr_email_trim = trim($_POST['subscr_email']); $this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim); if ($this->form_data['subscr_email'] != $subscr_email_trim) { $this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail'); $this->form_data['subscr_email'] = ""; $this->form_data['subscr_email_invalid'] = true; $this->validationErrors = true; } } /* subscr_email */ if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") { $subscr_phone_trim = trim($_POST['subscr_phone']); $this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim); if ($this->form_data['subscr_phone'] != $subscr_phone_trim) { $this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone'); $this->form_data['subscr_phone'] = ""; $this->form_data['subscr_phone_invalid'] = true; $this->validationErrors = true; } } /* subscr_phone */ if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") { $subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']); $this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim); if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) { $this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers'); $this->form_data['subscr_responsible_name'] = ""; $this->form_data['subscr_responsible_name_invalid'] = true; $this->validationErrors = true; } } /* subscr_responsible_name */ if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") { $subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']); $this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim); if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) { $this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail'); $this->validationErrors = true; } } /* subscr_responsible_email */ if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") { $this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment'])); } if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") { $subscr_help_url_trim = trim($_POST['subscr_help_url']); $this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim); if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) { $this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl'); $this->form_data['subscr_help_url'] = ""; $this->form_data['subscr_help_url_invalid'] = true; $this->validationErrors = true; } } /* subscr_help_url */ if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") { $subscr_help_email_trim = trim($_POST['subscr_help_email']); $this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim); if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) { $this->form_data['subscr_help_email'] = ""; $this->form_data['subscr_help_email_invalid'] = true; $this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail'); $this->validationErrors = true; } } /* subscr_help_email */ /* don't continue, if data was stripped due to the field * sanitation */ if ($this->validationErrors) { return; } switch (htmlentities($_POST['subscriber'])) { case 'edit': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { /* Other subscruber than user's * subscriber, must create new object * from DB */ $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { /* subscriber will clean input */ $update = $subscriber->setState($state); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update) { if (!$subscriber->save(true)) { Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin')); } else { Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin')); } } /* show info-list for subscriber */ $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); } break; case 'editState': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { if ($subscriber->setState($state)) { if (!$subscriber->save(true)) { Framework::error_output("Could not update state of subscriber. Is the database-layer broken?"); Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin")); } } } break; case 'info': $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); break; case 'add': if (!isset($this->form_data['db_name'])) { break; } $inheritUIDAttr = isset($_POST['inherit_uid_attr']); $subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN()); if ($subscriber->isValid()) { Framework::error_output("Cannot create new, already existing."); break; } $update = $subscriber->setState($state); $update |= $subscriber->setOrgName($this->form_data['dn_name']); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update && $subscriber->create()) { Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin')); } if (!$inheritUIDAttr) { $nren = $this->person->getNREN(); $nrenMap = $nren->getMap(); $uidAttr = Input::sanitizeAlpha($_POST['uid_attr']); $subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']); } break; case 'delete': $this->delSubscriber($id); break; } } /* isset($_POST['subscriber'] */ }
/** * downloadArchive() pack the RI-library in a zip-file and present it as * a file to download. * * @param : void * @return : Boolean True if no errors were encountered. */ private function downloadArchive() { require_once 'file_download.php'; $confusa_client = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/Confusa_Client.py"); $parser = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/Parser.py"); $https_client = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/HTTPSClient.py"); $timeout = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/Timeout.py"); $readme = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/README"); $license = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/LICENSE"); $gplv3 = file_get_contents(Config::get_config('install_path') . "/COPYING"); $init = file_get_contents(Config::get_config('install_path') . "/extlibs/XML_Client/__init__.py"); $zip = new ZipArchive(); $name = tempnam($ZIP_CACHE, "XML_Cli_"); $zip->open($name, ZipArchive::OVERWRITE); $zip->addFromString("XML_Client/Confusa_Client.py", $confusa_client); $zip->addFromString("XML_Client/Parser.py", $parser); $zip->addFromString("XML_Client/HTTPSClient.py", $https_client); $zip->addFromString("XML_Client/Timeout.py", $timeout); $zip->addFromString("XML_Client/README", $readme); $zip->addFromString("XML_Client/LICENSE", $license); $zip->addFromString("XML_Client/COPYING", $gplv3); $zip->addFromString("XML_Client/__init__.py", $init); if ($zip->numFiles != 8) { Logger::log_event(LOG_NOTICE, " Could not add all RI-library files to ZIP-archive."); Framework::error_output("Error creating archive. Cannot send"); return False; } if ($zip->close()) { $contents = file_get_contents($name); download_zip($contents, "XML_Client.zip"); } unlink($name); Logger::log_event(LOG_NOTICE, "Sending XML_Client.zip to " . $this->person->getEPPN()); return True; }
$pass = $_POST["pass"]; $situacao_tempo; // recebe o tempo de atraso ou de adiantamento $func = new Funcionario(); $funcAux = new Funcionario(); $atrasado = false; // se esta ou não atrasado $adiantado = false; // se esta ou não adiantado $tipo; if ($func->verifica_func($cpf, $pass)) { // verificando se senha e usuario correspondem // echo "<script>alert('verificou');</script>"; $funcAux = $func->get_func_cpf($cpf); $config = new Config(); $TEMP_LIMIT_ATRASO = $config->get_config("temp_limit_atraso", $funcAux->id_empresa); // tempo limite de atraso ou adiantamento aceito echo "<script>alert('{$TEMP_LIMIT_ATRASO}');</script>"; $id = $funcAux->id; //verificar horarios $turno = new Turno(); //instanciando um novo turno $turno = $turno->getTurnoById($funcAux->id_turno); $horarios = new Horarios(); date_default_timezone_set('America/Sao_Paulo'); $hora = date("H:i:s"); $data = date("Y-m-d"); /* 1 = iniciou o expediente 2 = saiu pro almoco
<?php require_once 'confusa_include.php'; require_once 'Config.php'; require_once 'Input.php'; $nren = Input::sanitizeNRENName($_GET['nren']); $css_path = Config::get_config('custom_css') . $nren . '/custom.css'; header("Content-type: text/css"); if (file_exists($css_path)) { $fp = fopen($css_path, "r"); $css = fread($fp, filesize($css_path)); fclose($fp); echo $css; } else { echo ""; }
/** * Return a textual and user-understandable message for common remote-API * errors. * * @param $errorCode int a usually 2-3 digits long error code returned by the Comodo API * @return string a verbose message corresponding to the error code */ private function capiErrorMessage($errorCode, $errorMessage) { $msg = ""; switch ($errorCode) { case "-3": case "-4": if (strpos($errorMessage, "loginPassword") !== FALSE || strpos($errorMessage, "loginName") !== FALSE || strpos($errorMessage, "ap") !== FALSE) { $msg .= "<br /><br />Probably this error message means that something is wrong "; $msg .= "with the credentials with which Confusa connects to the remote CA."; $msg .= " The credentials are defined per NREN, "; $msg .= "in your case for " . $this->person->getNREN() . "."; $msg .= " Please ask an administrator to configure this properly."; } break; case "-16": $msg .= "<br /><br />Probably this error message means that something is wrong "; $msg .= "with the credentials with which Confusa connects to the remote CA."; $msg .= " The credentials are defined per NREN, "; $msg .= "in your case for " . $this->person->getNREN() . "."; $msg .= " Please ask an administrator to configure this properly."; break; case "-13": $msg .= "<br /><br />You created a certificate with a non-standard keysize! Please "; $msg .= "create your certificate requests with a keysize of " . Config::get_config('default_key_length'); $msg .= " bits!"; break; case "-20": $msg .= "<br /><br />Your certificate request has been rejected, either by mistake "; $msg .= "or because you are not entitled to get certificates. Please contact an "; $msg .= "administrator."; break; case "-21": $msg .= "<br /><br />The certificate has been revoked, either by yourself or an "; $msg .= "administrator. You can not use it anymore and you should not download it "; $msg .= "anymore!"; break; } return $msg; }
// $row = mysql_fetch_array($result, MYSQL_ASSOC); // $text = $_POST['obs']; // $id_hor = $row['id']; // $query = "UPDATE horarios SET observacao_funcionario = '%s' WHERE id = '%s'"; // $g->tratar_query($query, $text, $id_hor); // $sql->close_conn($conn); echo "<script>habilita()</script>"; // habilita o botão enviar echo '<script> enabledYes();</script>'; } ?> <?php $config = new Config(); $TEMP_LIMIT_ATRASO = $config->get_config("temp_limit_atraso"); // tempo limite de atraso ou adiantamento aceito // $INTERVALO_MIN = 10;// tempo minimo entre um registro e outro if (isset($_POST['cpf']) && isset($_POST['pass'])) { // echo "<script>desabilita()</script>";// desabilita o botão enviar para não ser possivel clicar duas vezes $cpf = $_POST["cpf"]; // $id = $_POST["cpf"]; $pass = $_POST["pass"]; $situacao_tempo; // recebe o tempo de atraso ou de adiantamento $func = new Funcionario(); $funcAux = new Funcionario(); $atrasado = false; // se esta ou não atrasado $adiantado = false; // se esta ou não adiantado