/** * Redirect user immediately to receive_csr step if number e-mail * addresses is zero or both configured and available addresses equal * 1. Otherwise, display mail selection form. * @see Content_Page::pre_process() */ function pre_process($person) { parent::pre_process($person); $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); $this->person->clearRegCertEmails(); $emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail(); $registeredPersonMails = $this->person->getNumEmails(); $redirect = "receive_csr.php" . "?skipped_email=yes"; $redirect .= "&anticsrf=" . Framework::getAntiCSRF(); switch ($emailsDesiredByNREN) { case '0': header("Location: {$redirect}"); exit(0); break; case '1': case 'm': if ($registeredPersonMails == 1) { $this->person->regCertEmail($this->person->getEmail()); $this->person->storeRegCertEmails(); header("Location: {$redirect}"); exit(0); } break; } }
public function pre_process($person) { parent::pre_process($person); $auth = AuthHandler::getAuthManager($this->person); $this->discoPath = $auth->getDiscoPath(); /* * Handle country AuthN redirect. Both can redirect, if they don't, show * the map. */ $nren = NREN_Handler::getNREN($_SERVER['SERVER_NAME']); if (!empty($nren)) { $this->redirectToWAYF($nren); $this->forwardToDisco($nren); } /* if not redirected, continue */ if (array_key_exists('country', $_GET)) { $this->selected_country = htmlentities($_GET['country']); $nren = NREN_Handler::getNREN($url, 1); echo "redirecting to idp-part for " . $this->selected_country . ", stopping rendering of this page now\n"; exit(0); } /* textual view? */ if (array_key_exists('textual_view', $_GET)) { if ($_GET['textual_view'] === "yes") { $this->mapMode = false; } } else { /* ok, show map */ $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js', 'js/jquery-jvectormap-1.1.1.min.js', 'js/jquery-jvectormap-europe-mill-en.js')); } }
public function pre_process($person) { parent::pre_process($person); if (!is_null($person)) { AuthHandler::getAuthManager($this->person)->deAuthenticate(basename($_SERVER['SCRIPT_NAME'])); } }
function pre_process($person) { parent::pre_process($person); /* can be received when pressing "Back" on the CSR-signing overview */ if (isset($_POST['deleteCSR'])) { $authToken = Input::sanitizeCertKey($_POST['deleteCSR']); CSR::deleteFromDB($person, $authToken); return; } $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); $emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail(); $registeredPersonMails = $this->person->getNumEmails(); /** e-mail selection was skipped */ if (isset($_GET['skipped_email']) && $_GET['skipped_email'] == 'yes') { $this->tpl->assign('skippedEmail', true); if (($emailsDesiredByNREN == '1' || $emailsDesiredByNREN == 'm') && $registeredPersonMails == 1) { $this->person->regCertEmail($this->person->getEmail()); $this->person->storeRegCertEmails(); } } else { if (isset($_POST['subjAltName_email']) && is_array($_POST['subjAltName_email'])) { foreach ($_POST['subjAltName_email'] as $key => $value) { Logger::logEvent(LOG_INFO, "CP_Select_Email", "pre_process()", "User " . $this->person->getEPPN() . ", registering " . "the following e-mail: " . $value); $this->person->regCertEmail(Input::sanitizeText($value)); } $this->person->storeRegCertEmails(); } } }
function pre_process($person) { $res = false; parent::pre_process($person); if (!$this->person->isSubscriberAdmin()) { Framework::error_output("You are not authorized to view this page"); return false; } $this->person->setMode(ADMIN_MODE); /* Set flags to default-values */ $this->tpl->assign('cert_info', false); if (isset($_POST['robot_action'])) { $action = Input::sanitize($_POST['robot_action']); $comment = Input::sanitize($_POST['comment']); switch ($action) { case 'paste_new': if (isset($_POST['cert']) && $_POST['cert'] != "") { $cert = Input::sanitizeBase64($_POST['cert']); $res = $this->insertCertificate($cert, $comment); } break; case 'upload_new': $res = $this->handleFileCertificate($comment); break; default: Framework::error_output("Unknown robot-action (" . htmlentities($action) . ")."); $res = false; } } else { if (isset($_GET['robot_action'])) { $action = Input::sanitize($_GET['robot_action']); $serial = Input::sanitize($_GET['serial']); if (!isset($serial) || $serial == "") { $res = false; } switch ($action) { case 'delete': $res = $this->deleteCertificate($serial); break; case 'info': $this->tpl->assign('cert_info', true); $this->tpl->assign('cert_info_serial', $serial); break; case 'download_archive': if ($this->person->isAdmin()) { if ($this->downloadArchive()) { exit(0); } } break; default: Framework::error_output("Unknown action"); $res = false; } } } return $res; }
public function pre_process($person) { parent::pre_process($person); $res = false; if ($this->person->isAuth()) { if (isset($_GET['file_cert'])) { $authKey = Input::sanitizeCertKey($_GET['file_cert']); try { $cert = $this->ca->getCert($authKey); if (isset($cert) && $cert->isValid()) { include 'file_download.php'; download_file($cert->getPEMContent(), 'usercert.pem'); exit(0); } } catch (ConfusaGenException $cge) { Framework::error_output($this->translateMessageTag('downl_err_nodownload') . " " . htmlentities($cge->getMessage())); } } else { if (isset($_GET['cert_status'])) { $this->pollCertStatusAJAX(Input::sanitizeCertKey($_GET['cert_status'])); } else { if (isset($_GET['certlist_all'])) { $this->showAll = $_GET['certlist_all'] == "true"; } else { if (isset($_GET['revoke']) && $_GET['revoke'] == 'revoke_single') { $order_number = Input::sanitizeCertKey($_GET['order_number']); /* sanitized by checking inclusion in the REVOCATION_REASONS * array */ if (!array_key_exists('reason', $_GET)) { Framework::error_output($this->translateMessageTag('rev_err_singlenoreason')); return; } $reason = Input::sanitizeText(trim($_GET['reason'])); try { if (!isset($order_number) || !isset($reason)) { Framework::error_output("Revoke Certificate: Errors with parameters, not set properly"); } elseif (!$this->checkRevocationPermissions($order_number)) { Framework::error_output($this->translateMessageTag('rev_err_singlenoperm')); } elseif (!$this->ca->revokeCert($order_number, $reason)) { Framework::error_output($this->translateMessageTag('rev_err_notyet1') . htmlentities($order_number) . $this->translateMessageTag('rev_err_notyet2') . htmlentities($reason)); } else { Framework::message_output($this->translateMessageTag('rev_suc_single1') . htmlentities($order_number) . $this->translateMessageTag('rev_suc_single2')); if (Config::get_config('ca_mode') === CA_COMODO && Config::get_config('capi_test') === true) { Framework::message_output($this->translateTag('l10n_msg_revsim1', 'revocation')); } } } catch (ConfusaGenException $cge) { Framework::error_output($this->translateMessageTag('rev_err_singleunspec') . " " . htmlentities($cge->getMessage())); } } } } } } return false; }
public function pre_process($person) { parent::pre_process($person); $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); /* need to confirm AUP only once per session */ if (isset($_POST['aup_box']) && $_POST['aup_box'] == "user_agreed") { CS::setSessionKey('hasAcceptedAUP', true); header("Location: select_email.php"); } }
public function pre_process($person) { if (!$person->isNRENAdmin()) { return false; } /* Need to do this /before/ pre-process to change page when we switch * to/from maint-mode */ $this->setPerson($person); $this->handleMaintMode(); parent::pre_process($person); $this->handleMaintText(); }
public function pre_process($person) { parent::pre_process($person); $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); if (isset($_GET['status_poll'])) { $order_number = Input::sanitizeCertKey($_GET['status_poll']); /* assign the order_number again */ $this->tpl->assign('order_number', $order_number); $this->tpl->assign('status_poll', true); $anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']); $this->tpl->assign('ganticsrf', $anticsrf); if ($this->ca->pollCertStatus($order_number)) { /* redirect to certificate download area */ CS::setSessionKey("browserCert", $order_number); header("Location: download_certificate.php"); } } /* when the key has been generated in the browser and the * resulting CSR has been uploaded to the server, we end up * here. */ if (isset($_POST['browserRequest'])) { $ua = Output::getUserAgent(); switch ($ua) { case "opera": case "safari": case "mozilla": case "chrome": $csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest']))); break; case "msie_pre_vista": case "msie_post_vista": $csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX; $csr = new CSR_PKCS10($csrContent); break; } if (!empty($csr) && $csr->isValid()) { try { $order_number = $this->signCSR($csr); $this->tpl->assign('order_number', $order_number); } catch (KeySignException $kse) { Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage()); Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: "******"CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__); } } }
public function pre_process($person) { parent::pre_process($person); $authvar = ""; $csr = null; if (isset($_POST['signCSR'])) { $this->signCSR(Input::sanitizeCertKey($_POST['signCSR'])); return; } /* Testing for uploaded files */ if (isset($_FILES['user_csr']['name'])) { try { $csr = CSRUpload::receiveUploadedCSR('user_csr', true); } catch (FileException $fileEx) { $msg = $this->translateTag('l10n_err_csrproc', 'processcsr'); Framework::error_output($msg . $fileEx->getMessage()); $this->csr = null; return; } } else { if (isset($_POST['user_csr'])) { try { $csr = CSRUPload::receivePastedCSR('user_csr'); } catch (ConfusaGenException $cge) { $msg = $this->translateTag('l10n_err_no_csr', 'processcsr'); Framework::error_output($msg . $cg - e > getMessage()); $this->csr = null; return; } } else { /* No CSR present, neither paste nor file, kindly bump user */ Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr')); return; } } if (!$csr->isValid()) { $msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr'); $msg .= Config::get_config('min_key_length'); $msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr'); Framework::error_output($msg); $this->csr = null; return; } if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) { $csr->setUploadedDate(date("Y-m-d H:i:s")); $csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']); $csr->storeDB($this->person); $this->csr = $csr; } }
public function pre_process($person) { parent::pre_process($person); $script = file_get_contents('../include/fetch_attr.js'); $this->tpl->assign('rawScript', $script); if (!$person->isNRENAdmin() && !$person->isSubscriberAdmin()) { return; } if (isset($_POST['attributes_operation'])) { switch ($_POST['attributes_operation']) { case 'update_map': $cn = Input::sanitizeText($_POST['cn']); $mail = Input::sanitizeText($_POST['mail']); /* only NREN-admin can change the mapping for * - organization-identifier * - entitlement */ if ($this->person->isNRENAdmin()) { $epodn = Input::sanitizeText($_POST['epodn']); $entitlement = Input::sanitizeText($_POST['entitlement']); if ($this->person->getNREN()->saveMap($this->person->getEPPNKey(), $epodn, $cn, $mail, $entitlement)) { Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes')); } } else { if ($this->person->isSubscriberAdmin()) { try { $result = $this->person->getSubscriber()->saveMap($this->person->getEPPNKey(), $cn, $mail); } catch (DBQueryException $dbqe) { Framework::error_output($this->translateTag('l10n_err_updmap1', 'attributes') . "<br />" . $this->translateTag('l10n_label_cn', 'attributes') . ": " . htmlentities($cn) . "<br />" . $this->translateTag('l10n_label_mail', 'attributes') . ": " . htmlentities($mail) . "<br />" . $this->translateMessageTag('err_servsaid') . " " . htmlentities($dbqe->getMessage())); Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbqe->getMessage()); } catch (DBStatementException $dbse) { Framework::error_output("Could not update the subscriber-mapping, probably due to a " . "problem with the server-configuration. Server said: " . htmlentities($dbse->getMessage())); Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbse->getMessage()); } if ($result === true) { Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes')); } } } break; default: Framework::error_output("Unknown operation chosen on attributes mask!"); break; } } }
/** * pre_process - if the user chose revocation action, forward here there * before rendering anything on the page */ public function pre_process($person) { parent::pre_process($person); if (isset($_POST['reason'])) { if (array_search(trim($_POST['reason']), ConfusaConstants::$REVOCATION_REASONS) === false) { Framework::error_output($this->translateMessageTag('rev_err_unknreason')); return; } } if (isset($_POST['revoke_operation'])) { $reason = null; if (array_key_exists('reason', $_POST)) { $reason = Input::sanitizeText(trim($_POST['reason'])); } switch ($_POST['revoke_operation']) { case 'revoke_by_cn': if (is_null($reason)) { Framework::error_output($this->translateTag('l10n_msg_revneedreas1', 'revocation')); return; } try { /** * POST['reason'] sanitized by checking inclusion in the * REVOCATION_REASONS array */ $this->revoke_certs(Input::sanitizeCommonName($_POST['common_name']), $reason); } catch (ConfusaGenException $cge) { Framework::error_output($this->translateTag('l10n_msg_revprob1', 'revocation') . " " . htmlentities($cge->getMessage())); } break; case 'revoke_by_list': if (is_null($reason)) { Framework::error_output($this->translateTag('l10n_msg_revneedreas2', 'revocation')); return; } try { $this->revoke_list($reason); } catch (ConfusaGenException $cge) { Framework::error_output($this->translateTag('l10n_msg_revprob1', 'revocation') . " " . htmlentities($cge->getMessage())); } break; default: break; } } }
public function pre_process($person) { parent::pre_process($person); $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); }
public function pre_process($person) { parent::pre_process($person); /* If user is not subscriber- or nren-admin, we stop here */ if (!$this->person->isNRENAdmin()) { return false; } /* are we running in grid-mode? We must check this before we do * any other processing */ if (Config::get_config('cert_product') == PRD_ESCIENCE) { $this->tpl->assign('confusa_grid_restrictions', true); } else { $this->tpl->assign('confusa_grid_restrictions', false); } /* if the function exists due to failed field validation, it should * display all affected fiels. Everything else is very annoying for * the user. */ $this->validationErrors = false; /* handle nren-flags */ if (isset($_POST['subscriber'])) { if (isset($_POST['id'])) { $id = Input::sanitizeID($_POST['id']); } if (isset($_POST['state'])) { $state = Input::sanitizeOrgState($_POST['state']); } if (isset($_POST['db_name'])) { $db_name_trim = trim($_POST['db_name']); $this->form_data['db_name'] = htmlentities($db_name_trim); if ($this->form_data['db_name'] != $db_name_trim) { $this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm'); $this->form_data['db_name'] = ""; $this->form_data['db_name_invalid'] = true; $this->validationErrors = true; } } /* db_name */ if (isset($_POST['dn_name'])) { $dn_name_trim = trim($_POST['dn_name']); /* personal certificates may have UTF-8 chars in the DN */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim); } else { $this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim); } /* warn user if characters got sanitized away */ if ($this->form_data['dn_name'] != $dn_name_trim) { $this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname'); $this->form_data['dn_name'] = ""; $this->form_data['dn_name_invalid'] = true; $this->validationErrors = true; } } /* dn_name */ if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") { $subscr_email_trim = trim($_POST['subscr_email']); $this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim); if ($this->form_data['subscr_email'] != $subscr_email_trim) { $this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail'); $this->form_data['subscr_email'] = ""; $this->form_data['subscr_email_invalid'] = true; $this->validationErrors = true; } } /* subscr_email */ if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") { $subscr_phone_trim = trim($_POST['subscr_phone']); $this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim); if ($this->form_data['subscr_phone'] != $subscr_phone_trim) { $this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone'); $this->form_data['subscr_phone'] = ""; $this->form_data['subscr_phone_invalid'] = true; $this->validationErrors = true; } } /* subscr_phone */ if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") { $subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']); $this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim); if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) { $this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers'); $this->form_data['subscr_responsible_name'] = ""; $this->form_data['subscr_responsible_name_invalid'] = true; $this->validationErrors = true; } } /* subscr_responsible_name */ if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") { $subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']); $this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim); if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) { $this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail'); $this->validationErrors = true; } } /* subscr_responsible_email */ if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") { $this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment'])); } if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") { $subscr_help_url_trim = trim($_POST['subscr_help_url']); $this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim); if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) { $this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl'); $this->form_data['subscr_help_url'] = ""; $this->form_data['subscr_help_url_invalid'] = true; $this->validationErrors = true; } } /* subscr_help_url */ if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") { $subscr_help_email_trim = trim($_POST['subscr_help_email']); $this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim); if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) { $this->form_data['subscr_help_email'] = ""; $this->form_data['subscr_help_email_invalid'] = true; $this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail'); $this->validationErrors = true; } } /* subscr_help_email */ /* don't continue, if data was stripped due to the field * sanitation */ if ($this->validationErrors) { return; } switch (htmlentities($_POST['subscriber'])) { case 'edit': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { /* Other subscruber than user's * subscriber, must create new object * from DB */ $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { /* subscriber will clean input */ $update = $subscriber->setState($state); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update) { if (!$subscriber->save(true)) { Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin')); } else { Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin')); } } /* show info-list for subscriber */ $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); } break; case 'editState': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { if ($subscriber->setState($state)) { if (!$subscriber->save(true)) { Framework::error_output("Could not update state of subscriber. Is the database-layer broken?"); Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin")); } } } break; case 'info': $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); break; case 'add': if (!isset($this->form_data['db_name'])) { break; } $inheritUIDAttr = isset($_POST['inherit_uid_attr']); $subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN()); if ($subscriber->isValid()) { Framework::error_output("Cannot create new, already existing."); break; } $update = $subscriber->setState($state); $update |= $subscriber->setOrgName($this->form_data['dn_name']); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update && $subscriber->create()) { Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin')); } if (!$inheritUIDAttr) { $nren = $this->person->getNREN(); $nrenMap = $nren->getMap(); $uidAttr = Input::sanitizeAlpha($_POST['uid_attr']); $subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']); } break; case 'delete': $this->delSubscriber($id); break; } } /* isset($_POST['subscriber'] */ }
public function pre_process($person) { parent::pre_process($person); /* IF user is not subscirber- or nren-admin, we stop here */ if (!($this->person->isSubscriberAdmin() || $this->person->isNRENAdmin())) { return false; } if (isset($_POST['setting'])) { switch ($_POST['setting']) { case 'nren_contact': if ($this->person->isNRENAdmin()) { if (array_key_exists('contact_email', $_POST)) { $this->form_data['contact_email'] = Input::sanitizeEmail($_POST['contact_email']); if ($_POST['contact_email'] !== $this->form_data['contact_email']) { $this->displayInvalidCharError($_POST['contact_email'], $_POST['contact_email'], 'l10n_label_contactemail'); $this->form_data['contact_email'] = ""; $this->validationError = true; } } if (array_key_exists('contact_phone', $_POST)) { $this->form_data['contact_phone'] = Input::sanitizePhone($_POST['contact_phone']); if ($_POST['contact_phone'] !== $this->form_data['contact_phone']) { $this->displayInvalidCharError($_POST['contact_phone'], $this->form_data['contact_phone'], 'l10n_label_contactphone'); $this->form_data['contact_phone'] = ""; $this->validationError = true; } } if (array_key_exists('cert_phone', $_POST)) { $this->form_data['sanitizedCertPhone'] = Input::sanitizePhone($_POST['cert_phone']); if ($_POST['cert_phone'] != $this->form_data['sanitizedCertPhone']) { $this->displayInvalidCharError($_POST['cert_phone'], $this->form_data['sanitizedCertPhone'], 'l10n_label_certphone'); $this->form_data['sanitizedCertPhone'] = ""; $this->validationError = true; } } if (array_key_exists('cert_email', $_POST)) { $this->form_data['sanitizedCertEmail'] = Input::sanitizeEmail($_POST['cert_email']); if ($_POST['cert_email'] != $this->form_data['sanitizedCertEmail']) { $this->displayInvalidCharError($_POST['cert_email'], $this->form_data['sanitizedCertEmail'], 'l10n_label_certmail'); $this->form_data['sanitizedCertEmail'] = ""; $this->validationError = true; } } if (array_key_exists('url', $_POST)) { $this->form_data['sanitizedURL'] = Input::sanitizeURL($_POST['url']); if ($_POST['url'] != $this->form_data['sanitizedURL']) { $this->displayInvalidCharError($_POST['url'], $this->form_data['sanitizedURL'], 'l10n_label_nrenurl'); $this->form_data['sanitizedURL'] = ""; $this->validationError = true; } } if (array_key_exists('wayf_url', $_POST)) { $this->form_data['sanitizedWAYF'] = Input::sanitizeURL($_POST['wayf_url']); if ($_POST['wayf_url'] != $this->form_data['sanitizedWAYF']) { $this->displayInvalidCharError($_POST['wayf_url'], $this->form_data['sanitizedWAYF'], 'l10n_label_wayfurl'); $this->form_data['sanitizedWAYF'] = ""; $this->validationError = true; } } if (array_key_exists('enable_email', $_POST) && isset($_POST['enable_email'])) { if (Config::get_config('cert_product') == PRD_PERSONAL) { if (array_key_exists($_POST['enable_email'], $this->PERSONAL_MAILOPTIONS)) { $this->form_data['enable_email'] = $_POST['enable_email']; } } else { if (array_key_exists($_POST['enable_email'], $this->ESCIENCE_MAILOPTIONS)) { $this->form_data['enable_email'] = $_POST['enable_email']; } } } if (array_key_exists('reauth_timeout', $_POST) && isset($_POST['reauth_timeout'])) { $this->form_data['reauth_timeout'] = Input::sanitizeNumeric($_POST['reauth_timeout']); } if (isset($_POST['cert_validity']) && array_search($_POST['cert_validity'], ConfusaConstants::$CAPI_VALID_PERSONAL) !== FALSE) { $this->form_data['cert_validity'] = $_POST['cert_validity']; } if (isset($_POST['language'])) { $this->form_data['language'] = Input::sanitizeLangCode($_POST['language']); } /* don't continue if information has been stripped */ if ($this->validation_error) { return; } if ($this->updateNRENContact()) { Framework::success_output($this->translateTag('l10n_suc_updatenren', 'contactinfo') . " " . $this->person->getNREN()->getName()); } } break; case 'subscriber_contact': if ($this->person->isSubscriberAdmin()) { $sanitizedMail = Input::sanitizeEmail($_POST['contact_email']); $sanitizedPhone = Input::sanitizePhone($_POST['contact_phone']); $sanitizedRespName = Input::sanitizePersonName($_POST['resp_name']); $sanitizedRespMail = Input::sanitizeEmail($_POST['resp_email']); $sanitizedHelpdeskURL = Input::sanitizeURL($_POST['helpdesk_url']); $sanitizedHelpdeskMail = Input::sanitizeEmail($_POST['helpdesk_email']); $this->validationError = false; if ($_POST['contact_email'] != $sanitizedMail) { $this->displayInvalidCharError($_POST['contact_email'], $sanitizedMail, 'l10n_label_contactemail'); $this->validationError = true; } if ($_POST['contact_phone'] != $sanitizedPhone) { $this->displayInvalidCharError($_POST['contact_phone'], $sanitizedPhone, 'l10n_label_contactphone'); $this->validationError = true; } if ($_POST['resp_name'] != $sanitizedRespName) { $this->displayInvalidCharError($_POST['resp_name'], $sanitizedRespName, 'l10n_label_respname'); $this->validationError = true; } if ($_POST['resp_email'] != $sanitizedRespMail) { $this->displayInvalidCharError($_POST['resp_email'], $sanitizedRespMail, 'l10n_label_respemail'); $this->validationError = true; } if ($_POST['helpdesk_url'] != $sanitizedHelpdeskURL) { $this->displayInvalidCharError($_POST['helpdesk_url'], $sanitizedHelpdeskURL, 'l10n_label_helpdeskurl'); $this->validationError = true; } if ($_POST['helpdesk_email'] != $sanitizedHelpdeskMail) { $this->displayInvalidCharError($_POST['helpdesk_email'], $sanitizedHelpdeskMail, 'l10n_label_helpemail'); $this->validationError = true; } /* * don't continue if data got stripped */ if ($this->validationError) { return; } $this->updateSubscriberContact($sanitizedMail, $sanitizedPhone, $sanitizedRespName, $sanitizedRespMail, $sanitizedHelpdeskURL, $sanitizedHelpdeskMail, Input::sanitizeLangCode($_POST['language'])); } break; default: Framework::error_output("Unknown action (" . htmlentities($_POST['setting']) . ")"); break; } } }
public function pre_process($person) { parent::pre_process($person); /* IF user is not subscirber- or nren-admin, we stop here */ if (!($this->person->isSubscriberAdmin() || $this->person->isNRENAdmin())) { return false; } if (isset($_POST['nren_operation'])) { if (!$this->person->isNRENAdmin()) { Framework::error_output("You need NREN-administrator privileges in order to complete this request."); return false; } /* operations called by the NREN-admin */ switch (htmlentities($_POST['nren_operation'])) { case 'delete_nren_admin': $admin = Input::sanitizeEPPN($_POST['nren_admin']); $this->deleteAdmin($admin, NREN_ADMIN); break; case 'downgrade_self': if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin'))) { $this->downgradeNRENAdmin($this->person->getEPPN(), $this->person->getSubscriber()->getDBID()); } break; case 'upgrade_subs_admin': $admin = Input::sanitizeEPPN($_POST['subs_admin']); $this->upgradeSubscriberAdmin($admin); break; case 'add_nren_admin': $admin = Input::sanitizeEPPN($_POST['nren_admin']); $idp = htmlentities($_POST['idp']); if ($idp === '-') { $this->addNRENAdmin($admin, NULL); } else { $this->addNRENAdmin($admin, $idp); } break; case 'delete_subs_admin': $admin = Input::sanitizeEPPN($_POST['subs_admin']); $this->deleteAdmin($admin, SUBSCRIBER_ADMIN); break; case 'add_subs_admin': $admin = Input::sanitizeEPPN($_POST['subs_admin']); $subscriberID = Input::sanitizeID($_POST['subscriberID']); $this->addSubscriberAdmin($admin, SUBSCRIBER_ADMIN, $subscriberID); break; default: break; } /* operations called by the subscriber admin */ } else { if (isset($_POST['subs_operation'])) { if (!$this->person->isSubscriberAdmin()) { Framework::error_output("You do not have sufficient permissions in order to complete this transaction."); return false; } switch (htmlentities($_POST['subs_operation'])) { case 'delete_subs_admin': $admin = Input::sanitizeEPPN($_POST['subs_admin']); $this->deleteAdmin($admin, SUBSCRIBER_ADMIN); break; case 'add_subs_admin': $admin = Input::sanitizeEPPN($_POST['subs_admin']); $this->addSubscriberAdmin($admin, SUBSCRIBER_ADMIN, $this->person->getSubscriber()->getDBID()); break; case 'downgrade_subs_admin': $admin = Input::sanitizeEPPN($_POST['subs_admin']); $this->downgradeSubscriberAdmin($admin, $this->person->getSubscriber()->getDBID()); break; case 'upgrade_subs_sub_admin': $admin = Input::sanitizeEPPN($_POST['subs_sub_admin']); $this->upgradeSubscriberSubAdmin($admin, $this->person->getSubscriber()->getDBID()); break; case 'delete_subs_sub_admin': $admin = Input::sanitizeEPPN($_POST['subs_sub_admin']); $this->deleteAdmin($admin, SUBSCRIBER_SUB_ADMIN); break; case 'add_subs_sub_admin': $admin = Input::sanitizeEPPN($_POST['subs_sub_admin']); $this->addSubscriberAdmin($admin, SUBSCRIBER_SUB_ADMIN, $this->person->getSubscriber()->getDBID()); break; default: break; } } } }
public function pre_process($person) { parent::pre_process($person); /* if $person is not a NREN admin we stop here */ if (!$this->person->isNRENAdmin()) { return false; } if (isset($_POST['stylist_operation'])) { switch (htmlentities($_POST['stylist_operation'])) { case 'change_help_text': $new_text = Input::sanitizeText($_POST['help_text']); $this->updateNRENHelpText($this->person->getNREN(), $new_text); break; case 'change_about_text': $new_text = Input::sanitizeText($_POST['about_text']); $this->updateNRENAboutText($this->person->getNREN(), $new_text); break; case 'change_privnotice_text': $new_text = Input::sanitizeText($_POST['privnotice_text']); $this->updateNRENPrivacyNotice($this->person->getNREN(), $new_text); break; case 'change_css': if (isset($_POST['reset'])) { $this->resetNRENCSS($this->person->getNREN()); } else { if (isset($_POST['download'])) { $new_css = Input::sanitizeCSS($_POST['css_content']); $this->downloadNRENCSS($new_css); } else { if (isset($_POST['change'])) { /* the CSS will not be inserted into the DB or executed in another way. * Hence do not sanitize it. It will contain 'dangerous' string portions, * such as { : ' anyways, so it would be hard to insert it into the DB properly*/ $new_css = Input::sanitizeCSS($_POST['css_content']); $this->updateNRENCSS($this->person->getNREN(), $new_css); } } } break; case 'change_mail': if (isset($_POST['reset'])) { $this->resetNRENMailTpl($this->person->getNREN()); } else { if (isset($_POST['change'])) { $new_template = strip_tags($_POST['mail_content']); $this->updateNRENMailTpl($this->person->getNREN(), $new_template); } else { if (isset($_POST['test'])) { /* see where mail_content is set in * process() for how the current * template is kept. */ $this->sendNRENTestMail($this->person, strip_tags($_POST['mail_content'])); } } } break; case 'upload_logo': $position = $_POST['position']; if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) { Framework::error_output("The specified position " . htmlentities($position) . " is not a legal logo position!"); return; } if (isset($_FILES['nren_logo']['name'])) { /* only allow image uploads */ if (strpos($_FILES['nren_logo']['type'], 'image/') !== false) { $this->uploadLogo('nren_logo', $position, $this->person->getNREN()); } else { Framework::error_output($this->translateTag('l10n_error_upload_logo_invalid', 'stylist')); } } break; case 'delete_logo': $position = $_POST['position']; if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) { Framework::error_output($this->translateTag('l10n_error_upload_logo_position', 'stylist')); return; } $this->deleteLogo($position, $this->person->getNREN()); break; case 'change_title': if (isset($_POST['portalTitle'])) { $titleValue = Input::sanitize($_POST['portalTitle']); } else { $titleValue = ""; } if (isset($_POST['changeButton'])) { $showTitle = isset($_POST['showPortalTitle']); $this->updateNRENTitle($this->person->getNREN(), $titleValue, $showTitle); } break; default: Framework::error_output("Unknown operation chosen in the stylist!"); break; } } }
public function pre_process($person) { $res = true; $this->setPerson($person); $this->account = NRENAccount::get($this->person); /* If the caller is not a nren-admin or Confusa is not in online mode, we stop here */ if (!$this->person->isNRENAdmin() || Config::get_config('ca_mode') != CA_COMODO) { return false; } $login_name = false; $password = false; $ap_name = false; if (isset($_POST['account']) && $_POST['account'] === 'edit') { /* We must use POST as we may pass along a password and * we do not want to set that statically in the subject-line. */ if (isset($_POST['login_name'])) { $ln = $_POST['login_name']; $login_name = Input::sanitizeText(htmlspecialchars($ln)); if ($ln === $login_name) { $this->account->setLoginName($login_name); $res = false; } else { /* FIXME: l10n */ Framework::error_output("The new login_name contains illegal characters, dropping new login!"); } } /* Do not sanitize password, we should allow special characters and * stuff, we should url-encode it. If Comodo does not sanitize * their password, it's their business, not ours. */ if (isset($_POST['password']) && $_POST['password'] !== "") { $this->account->setPassword($_POST['password']); } if (isset($_POST['ap_name'])) { $ap = $_POST['ap_name']; $ap_name = Input::sanitizeText(htmlspecialchars($ap)); if ($ap === $ap_name) { $this->account->setAPName($ap_name); } else { /* FIXME: l10n */ Framework::error_output("Cleaned ap-name and it contains illegal characters, dropping new name!"); $res = false; } } /* should we validate? */ try { $validate = false; if (isset($_POST['verify_ca_cred']) && $_POST['verify_ca_cred'] === "yes") { $validate = true; } if ($this->account->save($validate)) { /* FIXME: l10n */ Framework::success_output("CA Account details successfully updated!"); } else { Framework::message_output("No changes to account-details, not updating."); } } catch (ConfusaGenException $cge) { /* FIXME: l10n */ Framework::error_output("Could not update account-data: " . $cge->getMessage()); } } parent::pre_process($person); return $res; }
public function pre_process($person) { parent::pre_process($person); if (isset($_GET['send_file'])) { include_once 'file_download.php'; switch (htmlentities($_GET['send_file'])) { case 'cacert': try { $this->makeCertAvailable(); $cert = new Certificate(file_get_contents($this->cert_path)); $idx = strrpos($this->cert_url, "/"); $cert_name = substr($this->cert_url, $idx + 1); download_file($cert->getPEMContent(), $cert_name); } catch (ConfusaGenException $cge) { Framework::error_output($this->translateTag('l10n_cacert_fetch_error', 'rootcert')); } break; case 'cachain': try { $this->makeChainAvailable(); $idx = strrpos($this->cert_url, "/"); $cert_name = substr($this->cert_url, $idx + 1); $dot_idx = strrpos($cert_name, "."); $cert_name = substr($cert_name, 0, $dot_idx); $cert_name = $cert_name . '_bundle.pem'; download_file(file_get_contents($this->cert_path), $cert_name); } catch (ConfusaGenException $cge) { Framework::error_output($this->translateTag('l10n_cachain_fetch_error', 'rootcert')); } break; case 'crl': try { $this->makeCRLAvailable(); $crl = new CRL(file_get_contents($this->crl_path)); $idx = strrpos($this->crl_url, "/"); $crl_name = substr($this->crl_url, $idx + 1); download_file($crl->getPEMContent(), $crl_name); } catch (ConfusaGenException $cge) { Framework::error_output($this->translateTag('l10n_crl_fetch_error', 'rootcert')); } break; default: return; } exit(1); } else { if (isset($_GET['link']) && file_exists($this->cert_path)) { switch (htmlentities($_GET['link'])) { case 'cacert': $cert = new Certificate(file_get_contents($this->cert_path)); header("Content-type: application/x-x509-ca-cert"); // IE fix (for HTTPS only) header("Cache-Control: private"); header("Pragma: private"); header("Content-Length: " . strlen($cert->getPEMContent())); header("Content-Disposition: inline; filename=confusa.pem"); echo $cert->getPEMContent(); exit(0); break; case 'crl': $crl = new CRL(file_get_contents($this->crl_path)); // IE fix (for HTTPS only) header("Cache-Control: private"); header("Pragma: private"); header("Content-type: application/x-pkcs7-crl"); header("Content-Length: " . strlen($crl->getPEMContent())); header("Content-Disposition: inline; filename=confusa.crl"); echo $crl->getPEMContent(); exit(0); break; } } } return false; }