function pre_process($person)
{
parent::pre_process($person);
/* can be received when pressing "Back" on the CSR-signing overview */
if (isset($_POST['deleteCSR'])) {
$authToken = Input::sanitizeCertKey($_POST['deleteCSR']);
CSR::deleteFromDB($person, $authToken);
return;
}
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
$emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail();
$registeredPersonMails = $this->person->getNumEmails();
/** e-mail selection was skipped */
if (isset($_GET['skipped_email']) && $_GET['skipped_email'] == 'yes') {
$this->tpl->assign('skippedEmail', true);
if (($emailsDesiredByNREN == '1' || $emailsDesiredByNREN == 'm') && $registeredPersonMails == 1) {
$this->person->regCertEmail($this->person->getEmail());
$this->person->storeRegCertEmails();
}
} else {
if (isset($_POST['subjAltName_email']) && is_array($_POST['subjAltName_email'])) {
foreach ($_POST['subjAltName_email'] as $key => $value) {
Logger::logEvent(LOG_INFO, "CP_Select_Email", "pre_process()", "User " . $this->person->getEPPN() . ", registering " . "the following e-mail: " . $value);
$this->person->regCertEmail(Input::sanitizeText($value));
}
$this->person->storeRegCertEmails();
}
}
}
public function pre_process($person)
{
parent::pre_process($person);
$res = false;
if ($this->person->isAuth()) {
if (isset($_GET['file_cert'])) {
$authKey = Input::sanitizeCertKey($_GET['file_cert']);
try {
$cert = $this->ca->getCert($authKey);
if (isset($cert) && $cert->isValid()) {
include 'file_download.php';
download_file($cert->getPEMContent(), 'usercert.pem');
exit(0);
}
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateMessageTag('downl_err_nodownload') . " " . htmlentities($cge->getMessage()));
}
} else {
if (isset($_GET['cert_status'])) {
$this->pollCertStatusAJAX(Input::sanitizeCertKey($_GET['cert_status']));
} else {
if (isset($_GET['certlist_all'])) {
$this->showAll = $_GET['certlist_all'] == "true";
} else {
if (isset($_GET['revoke']) && $_GET['revoke'] == 'revoke_single') {
$order_number = Input::sanitizeCertKey($_GET['order_number']);
/* sanitized by checking inclusion in the REVOCATION_REASONS
* array
*/
if (!array_key_exists('reason', $_GET)) {
Framework::error_output($this->translateMessageTag('rev_err_singlenoreason'));
return;
}
$reason = Input::sanitizeText(trim($_GET['reason']));
try {
if (!isset($order_number) || !isset($reason)) {
Framework::error_output("Revoke Certificate: Errors with parameters, not set properly");
} elseif (!$this->checkRevocationPermissions($order_number)) {
Framework::error_output($this->translateMessageTag('rev_err_singlenoperm'));
} elseif (!$this->ca->revokeCert($order_number, $reason)) {
Framework::error_output($this->translateMessageTag('rev_err_notyet1') . htmlentities($order_number) . $this->translateMessageTag('rev_err_notyet2') . htmlentities($reason));
} else {
Framework::message_output($this->translateMessageTag('rev_suc_single1') . htmlentities($order_number) . $this->translateMessageTag('rev_suc_single2'));
if (Config::get_config('ca_mode') === CA_COMODO && Config::get_config('capi_test') === true) {
Framework::message_output($this->translateTag('l10n_msg_revsim1', 'revocation'));
}
}
} catch (ConfusaGenException $cge) {
Framework::error_output($this->translateMessageTag('rev_err_singleunspec') . " " . htmlentities($cge->getMessage()));
}
}
}
}
}
}
return false;
}
public function pre_process($person)
{
parent::pre_process($person);
$script = file_get_contents('../include/fetch_attr.js');
$this->tpl->assign('rawScript', $script);
if (!$person->isNRENAdmin() && !$person->isSubscriberAdmin()) {
return;
}
if (isset($_POST['attributes_operation'])) {
switch ($_POST['attributes_operation']) {
case 'update_map':
$cn = Input::sanitizeText($_POST['cn']);
$mail = Input::sanitizeText($_POST['mail']);
/* only NREN-admin can change the mapping for
* - organization-identifier
* - entitlement
*/
if ($this->person->isNRENAdmin()) {
$epodn = Input::sanitizeText($_POST['epodn']);
$entitlement = Input::sanitizeText($_POST['entitlement']);
if ($this->person->getNREN()->saveMap($this->person->getEPPNKey(), $epodn, $cn, $mail, $entitlement)) {
Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes'));
}
} else {
if ($this->person->isSubscriberAdmin()) {
try {
$result = $this->person->getSubscriber()->saveMap($this->person->getEPPNKey(), $cn, $mail);
} catch (DBQueryException $dbqe) {
Framework::error_output($this->translateTag('l10n_err_updmap1', 'attributes') . "<br />" . $this->translateTag('l10n_label_cn', 'attributes') . ": " . htmlentities($cn) . "<br />" . $this->translateTag('l10n_label_mail', 'attributes') . ": " . htmlentities($mail) . "<br />" . $this->translateMessageTag('err_servsaid') . " " . htmlentities($dbqe->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbqe->getMessage());
} catch (DBStatementException $dbse) {
Framework::error_output("Could not update the subscriber-mapping, probably due to a " . "problem with the server-configuration. Server said: " . htmlentities($dbse->getMessage()));
Logger::log_event(LOG_NOTICE, __FILE__ . ", " . __LINE__ . ": " . $dbse->getMessage());
}
if ($result === true) {
Framework::success_output($this->translateTag('l10n_suc_updmap', 'attributes'));
}
}
}
break;
default:
Framework::error_output("Unknown operation chosen on attributes mask!");
break;
}
}
}
public function pre_process($person)
{
$res = true;
$this->setPerson($person);
$this->account = NRENAccount::get($this->person);
/* If the caller is not a nren-admin or Confusa is not in online mode, we stop here */
if (!$this->person->isNRENAdmin() || Config::get_config('ca_mode') != CA_COMODO) {
return false;
}
$login_name = false;
$password = false;
$ap_name = false;
if (isset($_POST['account']) && $_POST['account'] === 'edit') {
/* We must use POST as we may pass along a password and
* we do not want to set that statically in the subject-line. */
if (isset($_POST['login_name'])) {
$ln = $_POST['login_name'];
$login_name = Input::sanitizeText(htmlspecialchars($ln));
if ($ln === $login_name) {
$this->account->setLoginName($login_name);
$res = false;
} else {
/* FIXME: l10n */
Framework::error_output("The new login_name contains illegal characters, dropping new login!");
}
}
/* Do not sanitize password, we should allow special characters and
* stuff, we should url-encode it. If Comodo does not sanitize
* their password, it's their business, not ours. */
if (isset($_POST['password']) && $_POST['password'] !== "") {
$this->account->setPassword($_POST['password']);
}
if (isset($_POST['ap_name'])) {
$ap = $_POST['ap_name'];
$ap_name = Input::sanitizeText(htmlspecialchars($ap));
if ($ap === $ap_name) {
$this->account->setAPName($ap_name);
} else {
/* FIXME: l10n */
Framework::error_output("Cleaned ap-name and it contains illegal characters, dropping new name!");
$res = false;
}
}
/* should we validate? */
try {
$validate = false;
if (isset($_POST['verify_ca_cred']) && $_POST['verify_ca_cred'] === "yes") {
$validate = true;
}
if ($this->account->save($validate)) {
/* FIXME: l10n */
Framework::success_output("CA Account details successfully updated!");
} else {
Framework::message_output("No changes to account-details, not updating.");
}
} catch (ConfusaGenException $cge) {
/* FIXME: l10n */
Framework::error_output("Could not update account-data: " . $cge->getMessage());
}
}
parent::pre_process($person);
return $res;
}
public function pre_process($person)
{
parent::pre_process($person);
/* If user is not subscriber- or nren-admin, we stop here */
if (!$this->person->isNRENAdmin()) {
return false;
}
/* are we running in grid-mode? We must check this before we do
* any other processing */
if (Config::get_config('cert_product') == PRD_ESCIENCE) {
$this->tpl->assign('confusa_grid_restrictions', true);
} else {
$this->tpl->assign('confusa_grid_restrictions', false);
}
/* if the function exists due to failed field validation, it should
* display all affected fiels. Everything else is very annoying for
* the user.
*/
$this->validationErrors = false;
/* handle nren-flags */
if (isset($_POST['subscriber'])) {
if (isset($_POST['id'])) {
$id = Input::sanitizeID($_POST['id']);
}
if (isset($_POST['state'])) {
$state = Input::sanitizeOrgState($_POST['state']);
}
if (isset($_POST['db_name'])) {
$db_name_trim = trim($_POST['db_name']);
$this->form_data['db_name'] = htmlentities($db_name_trim);
if ($this->form_data['db_name'] != $db_name_trim) {
$this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm');
$this->form_data['db_name'] = "";
$this->form_data['db_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* db_name */
if (isset($_POST['dn_name'])) {
$dn_name_trim = trim($_POST['dn_name']);
/* personal certificates may have UTF-8 chars in the DN */
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim);
} else {
$this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim);
}
/* warn user if characters got sanitized away */
if ($this->form_data['dn_name'] != $dn_name_trim) {
$this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname');
$this->form_data['dn_name'] = "";
$this->form_data['dn_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* dn_name */
if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") {
$subscr_email_trim = trim($_POST['subscr_email']);
$this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim);
if ($this->form_data['subscr_email'] != $subscr_email_trim) {
$this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail');
$this->form_data['subscr_email'] = "";
$this->form_data['subscr_email_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_email */
if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") {
$subscr_phone_trim = trim($_POST['subscr_phone']);
$this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim);
if ($this->form_data['subscr_phone'] != $subscr_phone_trim) {
$this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone');
$this->form_data['subscr_phone'] = "";
$this->form_data['subscr_phone_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_phone */
if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") {
$subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']);
$this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim);
if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) {
$this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers');
$this->form_data['subscr_responsible_name'] = "";
$this->form_data['subscr_responsible_name_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_responsible_name */
if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") {
$subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']);
$this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim);
if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) {
$this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail');
$this->validationErrors = true;
}
}
/* subscr_responsible_email */
if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") {
$this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment']));
}
if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") {
$subscr_help_url_trim = trim($_POST['subscr_help_url']);
$this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim);
if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) {
$this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl');
$this->form_data['subscr_help_url'] = "";
$this->form_data['subscr_help_url_invalid'] = true;
$this->validationErrors = true;
}
}
/* subscr_help_url */
if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") {
$subscr_help_email_trim = trim($_POST['subscr_help_email']);
$this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim);
if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) {
$this->form_data['subscr_help_email'] = "";
$this->form_data['subscr_help_email_invalid'] = true;
$this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail');
$this->validationErrors = true;
}
}
/* subscr_help_email */
/* don't continue, if data was stripped due to the field
* sanitation */
if ($this->validationErrors) {
return;
}
switch (htmlentities($_POST['subscriber'])) {
case 'edit':
$subscriber = null;
if ($this->person->getSubscriber()->hasDBID($id)) {
$subscriber = $this->person->getSubscriber();
} else {
/* Other subscruber than user's
* subscriber, must create new object
* from DB */
$subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
}
if (!is_null($subscriber)) {
/* subscriber will clean input */
$update = $subscriber->setState($state);
$update |= $subscriber->setEmail($this->form_data['subscr_email']);
$update |= $subscriber->setPhone($this->form_data['subscr_phone']);
$update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
$update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
$update |= $subscriber->setComment($this->form_data['subscr_comment']);
$update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
$update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
if ($update) {
if (!$subscriber->save(true)) {
Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin'));
} else {
Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin'));
}
}
/* show info-list for subscriber */
$this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo());
$this->tpl->assign('subscriber_details', true);
$this->tpl->assign('subscriber_detail_id', $id);
}
break;
case 'editState':
$subscriber = null;
if ($this->person->getSubscriber()->hasDBID($id)) {
$subscriber = $this->person->getSubscriber();
} else {
$subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
}
if (!is_null($subscriber)) {
if ($subscriber->setState($state)) {
if (!$subscriber->save(true)) {
Framework::error_output("Could not update state of subscriber. Is the database-layer broken?");
Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin"));
}
}
}
break;
case 'info':
$this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo());
$this->tpl->assign('subscriber_details', true);
$this->tpl->assign('subscriber_detail_id', $id);
break;
case 'add':
if (!isset($this->form_data['db_name'])) {
break;
}
$inheritUIDAttr = isset($_POST['inherit_uid_attr']);
$subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN());
if ($subscriber->isValid()) {
Framework::error_output("Cannot create new, already existing.");
break;
}
$update = $subscriber->setState($state);
$update |= $subscriber->setOrgName($this->form_data['dn_name']);
$update |= $subscriber->setEmail($this->form_data['subscr_email']);
$update |= $subscriber->setPhone($this->form_data['subscr_phone']);
$update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
$update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
$update |= $subscriber->setComment($this->form_data['subscr_comment']);
$update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
$update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
if ($update && $subscriber->create()) {
Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin'));
}
if (!$inheritUIDAttr) {
$nren = $this->person->getNREN();
$nrenMap = $nren->getMap();
$uidAttr = Input::sanitizeAlpha($_POST['uid_attr']);
$subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']);
}
break;
case 'delete':
$this->delSubscriber($id);
break;
}
}
/* isset($_POST['subscriber'] */
}
static function sanitizeText($input)
{
if (!isset($input) || empty($input)) {
return null;
}
if (is_array($input)) {
foreach ($input as $var => $val) {
$output[$var] = Input::sanitizeText($val);
}
}
$input = stripslashes($input);
/* in text is feasible to want newlines, to format the appearance of the
* text. Since it is undesired to directly insert newlines into the DB
* convert them to <br /> tags. Direct HTML insertion has been dealt
* with using htmlentities*/
/* allow <br /> tags with strip_tags, otherwise the <br />'s you insert
* here will be stripped the next time the text is sanitized!
*/
$input = strtr(strip_tags($input, '<br>'), array("\n" => '<br />', "\r\n" => '<br />'));
/* The following is a *HACK*
* However, since we want to use the mysql_real_escape_string,
* we have to make sure that the database has been
* contacted. *sigh*
*
* Note that this *may* throw an exception from the database.
*/
if (!Input::$bootstrapped) {
MDB2Wrapper::execute("SELECT current_timestamp()", null, null);
Input::$bootstrapped = true;
}
/* Escape the string */
$output = mysql_real_escape_string($input);
return $output;
}
/**
* getSubscriberByIO() find a subscriber in the database and decoraate a
* Subscriber-object
*
* @param int $id the db-id for the subscriber
* @param NREN $nren
* @return Subscriber|null
* @access public
*/
static function getSubscriberByID($id, $nren)
{
if (is_null($nren)) {
return null;
}
if (is_null($id)) {
return null;
}
try {
$res = MDB2Wrapper::execute("SELECT name FROM subscribers WHERE subscriber_id=?", array('text'), array(Input::sanitizeText($id)));
} catch (ConfusaGenException $cge) {
echo $cge->getMessage();
return null;
}
if (count($res) != 1) {
echo "wrong count";
return null;
}
return new Subscriber($res[0]['name'], $nren);
}
public function pre_process($person)
{
parent::pre_process($person);
/* if $person is not a NREN admin we stop here */
if (!$this->person->isNRENAdmin()) {
return false;
}
if (isset($_POST['stylist_operation'])) {
switch (htmlentities($_POST['stylist_operation'])) {
case 'change_help_text':
$new_text = Input::sanitizeText($_POST['help_text']);
$this->updateNRENHelpText($this->person->getNREN(), $new_text);
break;
case 'change_about_text':
$new_text = Input::sanitizeText($_POST['about_text']);
$this->updateNRENAboutText($this->person->getNREN(), $new_text);
break;
case 'change_privnotice_text':
$new_text = Input::sanitizeText($_POST['privnotice_text']);
$this->updateNRENPrivacyNotice($this->person->getNREN(), $new_text);
break;
case 'change_css':
if (isset($_POST['reset'])) {
$this->resetNRENCSS($this->person->getNREN());
} else {
if (isset($_POST['download'])) {
$new_css = Input::sanitizeCSS($_POST['css_content']);
$this->downloadNRENCSS($new_css);
} else {
if (isset($_POST['change'])) {
/* the CSS will not be inserted into the DB or executed in another way.
* Hence do not sanitize it. It will contain 'dangerous' string portions,
* such as { : ' anyways, so it would be hard to insert it into the DB properly*/
$new_css = Input::sanitizeCSS($_POST['css_content']);
$this->updateNRENCSS($this->person->getNREN(), $new_css);
}
}
}
break;
case 'change_mail':
if (isset($_POST['reset'])) {
$this->resetNRENMailTpl($this->person->getNREN());
} else {
if (isset($_POST['change'])) {
$new_template = strip_tags($_POST['mail_content']);
$this->updateNRENMailTpl($this->person->getNREN(), $new_template);
} else {
if (isset($_POST['test'])) {
/* see where mail_content is set in
* process() for how the current
* template is kept. */
$this->sendNRENTestMail($this->person, strip_tags($_POST['mail_content']));
}
}
}
break;
case 'upload_logo':
$position = $_POST['position'];
if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) {
Framework::error_output("The specified position " . htmlentities($position) . " is not a legal logo position!");
return;
}
if (isset($_FILES['nren_logo']['name'])) {
/* only allow image uploads */
if (strpos($_FILES['nren_logo']['type'], 'image/') !== false) {
$this->uploadLogo('nren_logo', $position, $this->person->getNREN());
} else {
Framework::error_output($this->translateTag('l10n_error_upload_logo_invalid', 'stylist'));
}
}
break;
case 'delete_logo':
$position = $_POST['position'];
if (array_search($position, ConfusaConstants::$ALLOWED_LOGO_POSITIONS) === FALSE) {
Framework::error_output($this->translateTag('l10n_error_upload_logo_position', 'stylist'));
return;
}
$this->deleteLogo($position, $this->person->getNREN());
break;
case 'change_title':
if (isset($_POST['portalTitle'])) {
$titleValue = Input::sanitize($_POST['portalTitle']);
} else {
$titleValue = "";
}
if (isset($_POST['changeButton'])) {
$showTitle = isset($_POST['showPortalTitle']);
$this->updateNRENTitle($this->person->getNREN(), $titleValue, $showTitle);
}
break;
default:
Framework::error_output("Unknown operation chosen in the stylist!");
break;
}
}
}
/**
* showAdminRevokeTable - Render a revocation interface for the sublime of users.
*
* For NREN admins it is planned to restrict the permission to revoke to an
* incident response team. Revocation can either take place
* by a wildcard-search for an ePPN or by uplading a CSV with ePPNs (or other
* unique identifiers) which will be searched wrapped into wildcards
*/
private function showAdminRevokeTable()
{
if (!$this->person->isAdmin()) {
Logger::log_event(LOG_ALERT, "User " . stripslashes($this->person->getX509ValidCN()) . " allowed to set admin-mode, but is not admin");
Framework::error_output("Impossible condition. NON-Admin user in admin-mode!");
return;
}
$common_name = "";
/* Get the right subscriber for which revocation should happen */
if ($this->person->isNRENAdmin()) {
$subscribers = $this->getNRENSubscribers($this->person->getNREN());
if (isset($_POST['subscriber'])) {
$subscriber = Input::sanitizeOrgName($_POST['subscriber']);
$this->tpl->assign('active_subscriber', $subscriber);
/* check if the given subscriber is a legitimate subscriber
* for the given NREN
*/
$isNRENSubscriber = false;
foreach ($subscribers as $nren_subscriber) {
if ($subscriber === $nren_subscriber->getOrgName()) {
$isNRENSubscriber = true;
break;
}
}
if ($isNRENSubscriber === false) {
Logger::log_event(LOG_NOTICE, "[nadm] Administrator for NREN " . $this->person->getNREN() . ", contacting us from " . $_SERVER['REMOTE_ADDR'] . " tried to revoke certificates for " . "subscriber {$subscriber}, which is not part of the NREN!");
Framework::error_output("Subscriber " . htmlentities($subscriber) . " is not part of your NREN!");
return;
}
} else {
/* if no preferred subscriber is set, use the
* subscriber where the NREN-admin belongs.
* If, for some strange reason, the NREN has no
* Subscriber set, not even via the IdP, use the
* first in the list.
*/
$subscriber = $this->person->getSubscriber();
if (is_null($subscriber)) {
$subscriber = $subscribers[0];
}
}
if (!is_null($subscriber) && $subscriber instanceof Subscriber) {
$this->tpl->assign('active_subscriber', $subscriber->getOrgName());
}
if (!is_null($subscribers)) {
$this->tpl->assign('subscribers', $subscribers);
} else {
$this->tpl->assign('subscribers', false);
}
} else {
/* not specified any subscriber, use user's subscriber */
$subscriber = $this->person->getSubscriber()->getOrgName();
$this->tpl->assign('active_subscriber', $subscriber);
}
$this->tpl->assign('file_name', 'eppn_list');
/* No need to do processing */
if (!isset($_POST['revoke_operation'])) {
$this->tpl->assign('search_string', $common_name);
return;
}
/* Test for revoke-commands */
switch ($_POST['revoke_operation']) {
/* when we want so search for a particular certificate
* to revoke. */
case 'search_by_cn':
$common_name = Input::sanitizeText($_POST['search']);
$this->searchCertsDisplay($common_name, $subscriber);
break;
case 'search_by_list':
$this->search_list_display('eppn_list', $subscriber);
break;
default:
break;
}
$this->tpl->assign('search_string', $common_name);
}
/**
* decorateNREN() Add information about the NREN to the object.
*
* This function will use the idp_name to find the NREN from the
* database.
*
* It will store all elements in the row in the object so it can be used
* at a later time.
*
* The database looks like the following:
*
* +---------------+-------------+------+-----+---------+----------------+
* | Field | Type | Null | Key | Default | Extra |
* +---------------+-------------+------+-----+---------+----------------+
* | nren_id | int(11) | NO | PRI | NULL | auto_increment |
* | name | varchar(30) | YES | | NULL | |
* | country | char(2) | NO | | NULL | |
* | about | text | YES | | NULL | |
* | help | text | YES | | NULL | |
* | lang | varchar(5) | NO | | NULL | |
* | contact_email | varchar(64) | NO | | NULL | |
* | contact_phone | varchar(24) | NO | | NULL | |
* | cert_email | varchar(64) | YES | | NULL | |
* | cert_phone | varchar(16) | YES | | NULL | |
* | enable_email | enum('0','1','n') | YES | | NULL | |
* | maint_msg | text | YES | | NULL | |
* | maint_mode | enum('y','n') | YES | | n | |
* +---------------+-------------+------+-----+---------+----------------+
*
* We do not retrieve all fields, the large text-fields ('help' and
* 'about') are ignored, and will only be retrieved if specifically
* asked for.
*
* @param void
* @return void
* @access private
*/
private function decorateNREN()
{
$query = "SELECT\tn.nren_id,\t\tn.name, ";
$query .= "\t\tn.contact_email,\tn.contact_phone,n.cert_email, ";
$query .= "\t\tn.cert_phone,\t\tn.lang,\t\tn.url, ";
$query .= "\t\tn.country,\tn.maint_mode,\tidp.idp_url as idp_url, ";
$query .= "\t\tn.enable_email,\tn.cert_validity, ";
$query .= "\t\tn.show_portal_title, n.portal_title, n.wayf_url, n.reauth_timeout ";
$query .= "FROM idp_map idp LEFT JOIN ";
$query .= "nrens n on idp.nren_id = n.nren_id WHERE idp.idp_url=?";
try {
$res = MDB2Wrapper::execute($query, array('text'), array($this->idp_name));
switch (count($res)) {
case 0:
if (Config::get_config('debug')) {
Framework::error_output("No IdP with name (" . $this->idp_name . ") found in db!");
}
Logger::log_event(LOG_NOTICE, "Could not find NREN-map for idp " . $this->idp_name . ". Is the NREN bootstrapped properly?");
return false;
case 1:
/* decorate NREN */
foreach ($res[0] as $k => $value) {
$key = strtolower(Input::sanitizeText($k));
$this->data[$key] = Input::sanitizeText($value);
}
/* hack to work around MySQLs very limited view on the difference
* between 0 and NULL
*/
if (is_null($this->data['enable_email'])) {
$this->data['enable_email'] = 0;
}
break;
default:
echo "too many nrens (" . count($res) . ") found in db. Aborting.<br />\n";
return false;
}
} catch (ConfusaGenException $cge) {
Framework::error_output("Cannot connect to DB. Server said:<br />" . $cge->getMessage());
Logger::log_event(LOG_ALERT, __FILE__ . ":" . __LINE__ . " error with db-connect. " . $cge->getMessage());
return false;
}
return true;
}
