GEANT /
CAT
@@ -9,6 +9,6 @@ |
||
| 9 | 9 | * |
| 10 | 10 | */ |
| 11 | 11 | $root = dirname(dirname(__FILE__)); |
| 12 | - include($root."/config/config.php"); |
|
| 12 | + include($root . "/config/config.php"); |
|
| 13 | 13 | set_include_path(get_include_path() . PATH_SEPARATOR . "$root/core" . PATH_SEPARATOR . "$root"); |
| 14 | 14 | ?> |
@@ -163,7 +163,7 @@ discard block |
||
| 163 | 163 | * pass: password for the username |
| 164 | 164 | * @var array |
| 165 | 165 | */ |
| 166 | - public static $MAILSETTINGS = [ // we always use Submission |
|
| 166 | + public static $MAILSETTINGS = [// we always use Submission |
|
| 167 | 167 | 'host' => 'submission.capable.mta', |
| 168 | 168 | 'user'=> 'mailuser', |
| 169 | 169 | 'pass' => 'mailpass', |
@@ -174,21 +174,21 @@ discard block |
||
| 174 | 174 | * @var array |
| 175 | 175 | */ |
| 176 | 176 | public static $LANGUAGES = [ |
| 177 | - 'ca' => ['display' => 'Català', 'locale' => 'ca_ES.utf8'], |
|
| 178 | - 'de' => ['display' => 'Deutsch', 'locale' => 'de_DE.utf8'], |
|
| 177 | + 'ca' => ['display' => 'Català', 'locale' => 'ca_ES.utf8'], |
|
| 178 | + 'de' => ['display' => 'Deutsch', 'locale' => 'de_DE.utf8'], |
|
| 179 | 179 | 'en' => ['display' => 'English(GB)', 'locale' => 'en_GB.utf8'], |
| 180 | - 'es' => ['display' => 'Español', 'locale' => 'es_ES.utf8'], |
|
| 181 | - 'gl' => ['display' => 'Galego', 'locale' => 'gl_ES.utf8'], |
|
| 182 | - 'hr' => ['display' => 'Hrvatski', 'locale' => 'hr_HR.utf8'], |
|
| 183 | - 'it' => ['display' => 'Italiano', 'locale' => 'it_IT.utf8'], |
|
| 184 | - 'nb' => ['display' => 'Norsk', 'locale' => 'nb_NO.utf8'], |
|
| 185 | - 'pl' => ['display' => 'Polski', 'locale' => 'pl_PL.utf8'], |
|
| 180 | + 'es' => ['display' => 'Español', 'locale' => 'es_ES.utf8'], |
|
| 181 | + 'gl' => ['display' => 'Galego', 'locale' => 'gl_ES.utf8'], |
|
| 182 | + 'hr' => ['display' => 'Hrvatski', 'locale' => 'hr_HR.utf8'], |
|
| 183 | + 'it' => ['display' => 'Italiano', 'locale' => 'it_IT.utf8'], |
|
| 184 | + 'nb' => ['display' => 'Norsk', 'locale' => 'nb_NO.utf8'], |
|
| 185 | + 'pl' => ['display' => 'Polski', 'locale' => 'pl_PL.utf8'], |
|
| 186 | 186 | 'sl' => ['display' => 'Slovenščina', 'locale' => 'sl_SI.utf8'], |
| 187 | - 'sr' => ['display' => 'Srpski', 'locale' => 'sr_RS@latin'], |
|
| 188 | - 'fi' => ['display' => 'Suomi', 'locale' => 'fi_FI.utf8'], |
|
| 189 | - 'el' => ['display' => 'Ελληνικά', 'locale' => 'el_GR.utf8'], |
|
| 190 | - 'hu' => ['display' => 'Magyar', 'locale' => 'hu_HU.utf8'], |
|
| 191 | - 'pt' => ['display' => 'Português', 'locale' => 'pt_PT.utf8'], |
|
| 187 | + 'sr' => ['display' => 'Srpski', 'locale' => 'sr_RS@latin'], |
|
| 188 | + 'fi' => ['display' => 'Suomi', 'locale' => 'fi_FI.utf8'], |
|
| 189 | + 'el' => ['display' => 'Ελληνικά', 'locale' => 'el_GR.utf8'], |
|
| 190 | + 'hu' => ['display' => 'Magyar', 'locale' => 'hu_HU.utf8'], |
|
| 191 | + 'pt' => ['display' => 'Português', 'locale' => 'pt_PT.utf8'], |
|
| 192 | 192 | |
| 193 | 193 | // For the following languages, partial translations exist in Transifex, but |
| 194 | 194 | // they are not complete enough for display. Their Transifex content is not |
@@ -343,9 +343,9 @@ discard block |
||
| 343 | 343 | * NSIS version - with version 3 UTF installers will be created |
| 344 | 344 | * see also $PATHS['makensis'] |
| 345 | 345 | */ |
| 346 | - public static $NSIS_VERSION = 2 ; |
|
| 346 | + public static $NSIS_VERSION = 2; |
|
| 347 | 347 | |
| 348 | - public static $SUPERADMINS = [ |
|
| 348 | + public static $SUPERADMINS = [ |
|
| 349 | 349 | 'eptid:someuser', |
| 350 | 350 | 'http://sommeopenid.example/anotheruser', |
| 351 | 351 | 'I do not care about security!', |
@@ -137,10 +137,10 @@ discard block |
||
| 137 | 137 | <?php |
| 138 | 138 | if ($wizard_style) { |
| 139 | 139 | echo "<p>" . |
| 140 | - sprintf(_("In this section, you define on which media %s should be configured on user devices."),Config::$CONSORTIUM['name']) . "</p> |
|
| 140 | + sprintf(_("In this section, you define on which media %s should be configured on user devices."), Config::$CONSORTIUM['name']) . "</p> |
|
| 141 | 141 | <ul>"; |
| 142 | 142 | echo "<li>"; |
| 143 | - echo "<strong>" . ( count(Config::$CONSORTIUM['ssid']) > 0 ? _("Additional SSIDs:") : _("SSIDs:")) . " </strong>"; |
|
| 143 | + echo "<strong>" . (count(Config::$CONSORTIUM['ssid']) > 0 ? _("Additional SSIDs:") : _("SSIDs:")) . " </strong>"; |
|
| 144 | 144 | if (count(Config::$CONSORTIUM['ssid']) > 0) { |
| 145 | 145 | $ssidlist = ""; |
| 146 | 146 | foreach (Config::$CONSORTIUM['ssid'] as $ssid) |
@@ -157,7 +157,7 @@ discard block |
||
| 157 | 157 | echo "</li>"; |
| 158 | 158 | |
| 159 | 159 | echo "<li>"; |
| 160 | - echo "<strong>" . ( count(Config::$CONSORTIUM['ssid']) > 0 ? _("Additional Hotspot 2.0 / Passpoint Consortia:") : _("Hotspot 2.0 / Passpoint Consortia:")) . " </strong>"; |
|
| 160 | + echo "<strong>" . (count(Config::$CONSORTIUM['ssid']) > 0 ? _("Additional Hotspot 2.0 / Passpoint Consortia:") : _("Hotspot 2.0 / Passpoint Consortia:")) . " </strong>"; |
|
| 161 | 161 | if (count(Config::$CONSORTIUM['interworking-consortium-oi']) > 0) { |
| 162 | 162 | $consortiumlist = ""; |
| 163 | 163 | foreach (Config::$CONSORTIUM['interworking-consortium-oi'] as $oi) |
@@ -170,10 +170,10 @@ discard block |
||
| 170 | 170 | echo _("Please configure which Consortium OIs should be configured in the installers."); |
| 171 | 171 | } |
| 172 | 172 | echo "</li>"; |
| 173 | - echo "<li><strong>"._("Support for wired IEEE 802.1X:")." </strong>" |
|
| 174 | - . _("If you want to configure your users' devices with IEEE 802.1X support for wired ethernet, please check the corresponding box. Note that this makes the installation process a bit more difficult on some platforms (Windows: needs administrator privileges; Apple: attempting to install a profile with wired support on a device without an active wired ethernet card will fail)."). |
|
| 173 | + echo "<li><strong>" . _("Support for wired IEEE 802.1X:") . " </strong>" |
|
| 174 | + . _("If you want to configure your users' devices with IEEE 802.1X support for wired ethernet, please check the corresponding box. Note that this makes the installation process a bit more difficult on some platforms (Windows: needs administrator privileges; Apple: attempting to install a profile with wired support on a device without an active wired ethernet card will fail).") . |
|
| 175 | 175 | "</li>"; |
| 176 | - echo "<li><strong>"._("Removal of bootstrap/onboarding SSIDs:")." </strong>" |
|
| 176 | + echo "<li><strong>" . _("Removal of bootstrap/onboarding SSIDs:") . " </strong>" |
|
| 177 | 177 | . _("If you use a captive portal to distribute configurations, you may want to unconfigure/disable that SSID after the bootstrap process. With this option, the SSID will either be removed, or be defined as 'Only connect manually'.") |
| 178 | 178 | . "</li>"; |
| 179 | 179 | echo "</ul>"; |
@@ -31,10 +31,11 @@ discard block |
||
| 31 | 31 | $idpoptions = $my_inst->getAttributes(); |
| 32 | 32 | $inst_name = $my_inst->name; |
| 33 | 33 | |
| 34 | -if ($wizard_style) |
|
| 34 | +if ($wizard_style) { |
|
| 35 | 35 | $cat = defaultPagePrelude(sprintf(_("%s: IdP enrollment wizard (step 2)"), Config::$APPEARANCE['productname'])); |
| 36 | -else |
|
| 36 | +} else { |
|
| 37 | 37 | $cat = defaultPagePrelude(sprintf(_("%s: Editing IdP '%s'"), Config::$APPEARANCE['productname'], $inst_name)); |
| 38 | +} |
|
| 38 | 39 | // let's check if the inst handle actually exists in the DB and user is authorised |
| 39 | 40 | ?> |
| 40 | 41 | <script src="js/option_expand.js" type="text/javascript"></script> |
@@ -43,9 +44,10 @@ discard block |
||
| 43 | 44 | |
| 44 | 45 | <?php |
| 45 | 46 | $additional = FALSE; |
| 46 | -foreach ($idpoptions as $optionname => $optionvalue) |
|
| 47 | +foreach ($idpoptions as $optionname => $optionvalue) { |
|
| 47 | 48 | if ($optionvalue['name'] == "general:geo_coordinates") |
| 48 | 49 | $additional = TRUE; |
| 50 | +} |
|
| 49 | 51 | geo_widget_head($my_inst->federation, $inst_name) |
| 50 | 52 | ?> |
| 51 | 53 | <script> |
@@ -74,10 +76,11 @@ discard block |
||
| 74 | 76 | |
| 75 | 77 | <h1> |
| 76 | 78 | <?php |
| 77 | -if ($wizard_style) |
|
| 79 | +if ($wizard_style) { |
|
| 78 | 80 | echo _("Step 2: General Information about your IdP"); |
| 79 | -else |
|
| 81 | +} else { |
|
| 80 | 82 | printf(_("Editing IdP information for '%s'"), $inst_name); |
| 83 | +} |
|
| 81 | 84 | ?> |
| 82 | 85 | </h1> |
| 83 | 86 | <div class='infobox'> |
@@ -98,9 +101,10 @@ discard block |
||
| 98 | 101 | echo "<form enctype='multipart/form-data' action='edit_idp_result.php?inst_id=$my_inst->identifier" . ($wizard_style ? "&wizard=true" : "") . "' method='post' accept-charset='UTF-8'> |
| 99 | 102 | <input type='hidden' name='MAX_FILE_SIZE' value='" . Config::$MAX_UPLOAD_SIZE . "'>"; |
| 100 | 103 | |
| 101 | -if ($wizard_style) |
|
| 104 | +if ($wizard_style) { |
|
| 102 | 105 | echo "<p>" . |
| 103 | 106 | _("Hello, newcomer. Your institution is new to us. This wizard will ask you several questions about your IdP, so that we can generate beautiful profiles for you in the end. All of the information below is optional, but it is important to fill out as many fields as possible for the benefit of your end users.") . "</p>"; |
| 107 | +} |
|
| 104 | 108 | ?> |
| 105 | 109 | <fieldset class="option_container"> |
| 106 | 110 | <legend><strong><?php echo _("General Information"); ?></strong></legend> |
@@ -143,12 +147,14 @@ discard block |
||
| 143 | 147 | echo "<strong>" . ( count(Config::$CONSORTIUM['ssid']) > 0 ? _("Additional SSIDs:") : _("SSIDs:")) . " </strong>"; |
| 144 | 148 | if (count(Config::$CONSORTIUM['ssid']) > 0) { |
| 145 | 149 | $ssidlist = ""; |
| 146 | - foreach (Config::$CONSORTIUM['ssid'] as $ssid) |
|
| 147 | - $ssidlist .= ", '<strong>" . $ssid . "</strong>'"; |
|
| 150 | + foreach (Config::$CONSORTIUM['ssid'] as $ssid) { |
|
| 151 | + $ssidlist .= ", '<strong>" . $ssid . "</strong>'"; |
|
| 152 | + } |
|
| 148 | 153 | $ssidlist = substr($ssidlist, 2); |
| 149 | 154 | echo sprintf(ngettext("We will always configure this SSID for WPA2/AES: %s.", "We will always configure these SSIDs for WPA2/AES: %s.", count(Config::$CONSORTIUM['ssid'])), $ssidlist); |
| 150 | - if (Config::$CONSORTIUM['tkipsupport']) |
|
| 151 | - echo " " . _("They will also be configured for WPA/TKIP if the device supports multiple encryption types."); |
|
| 155 | + if (Config::$CONSORTIUM['tkipsupport']) { |
|
| 156 | + echo " " . _("They will also be configured for WPA/TKIP if the device supports multiple encryption types."); |
|
| 157 | + } |
|
| 152 | 158 | echo "<br/>" . sprintf(_("It is also possible to define custom additional SSIDs with the options '%s' and '%s' below."), display_name("media:SSID"), display_name("media:SSID_with_legacy")); |
| 153 | 159 | } else { |
| 154 | 160 | echo _("Please configure which SSIDs should be configured in the installers."); |
@@ -160,8 +166,9 @@ discard block |
||
| 160 | 166 | echo "<strong>" . ( count(Config::$CONSORTIUM['ssid']) > 0 ? _("Additional Hotspot 2.0 / Passpoint Consortia:") : _("Hotspot 2.0 / Passpoint Consortia:")) . " </strong>"; |
| 161 | 167 | if (count(Config::$CONSORTIUM['interworking-consortium-oi']) > 0) { |
| 162 | 168 | $consortiumlist = ""; |
| 163 | - foreach (Config::$CONSORTIUM['interworking-consortium-oi'] as $oi) |
|
| 164 | - $consortiumlist .= ", '<strong>" . $oi . "</strong>'"; |
|
| 169 | + foreach (Config::$CONSORTIUM['interworking-consortium-oi'] as $oi) { |
|
| 170 | + $consortiumlist .= ", '<strong>" . $oi . "</strong>'"; |
|
| 171 | + } |
|
| 165 | 172 | $consortiumlist = substr($consortiumlist, 2); |
| 166 | 173 | echo sprintf(ngettext("We will always configure this Consortium OI: %s.", "We will always configure these Consortium OIs: %s.", count(Config::$CONSORTIUM['interworking-consortium-oi'])), $consortiumlist); |
| 167 | 174 | |
@@ -190,11 +197,12 @@ discard block |
||
| 190 | 197 | <fieldset class="option_container"> |
| 191 | 198 | <legend><strong><?php echo _("Helpdesk Details for all users"); ?></strong></legend> |
| 192 | 199 | <?php |
| 193 | -if ($wizard_style) |
|
| 200 | +if ($wizard_style) { |
|
| 194 | 201 | echo "<p>" . |
| 195 | 202 | _("If your IdP provides a helpdesk for its users, it would be nice if you would tell us the pointers to this helpdesk. Some site installers might be able to signal this information to the user if he gets stuck.") . "</p> |
| 196 | 203 | <p>" . |
| 197 | 204 | _("If you enter a value here, it will be added to the site installers for all your users, and will be displayed on the download page. If you operate separate helpdesks for different user groups (we call this 'profiles'), or operate no help desk at all (shame on you!), you can also leave any of these fields empty and optionally specify per-profile helpdesk information later in this wizard.") . "</p>"; |
| 205 | +} |
|
| 198 | 206 | ?> |
| 199 | 207 | |
| 200 | 208 | <table id="expandable_support_options"> |
@@ -206,9 +214,10 @@ discard block |
||
| 206 | 214 | <!-- <fieldset class="option_container"> |
| 207 | 215 | <legend><strong><?php echo _("EAP details for all users"); ?></strong></legend> |
| 208 | 216 | <?php |
| 209 | -if ($wizard_style) |
|
| 217 | +if ($wizard_style) { |
|
| 210 | 218 | echo "<p>" . _("Most EAP methods need server-side authentication details, like the CA certificate and/or server name(s) of your authentication servers. If all the EAP methods you support work with the same CA and or Common Names of servers, you can enter them here and they will be added as trust anchors in all profiles. If the details differ per profile or per EAP-type, you can also enter them in the individual profiles later.") . "</p> |
| 211 | 219 | <p>" . sprintf(_("<strong>Note well: </strong>The server-side validation is a cornerstone of %s; without it, users are subject to man-in-the-middle attacks! We will not generate site installers without Trusted CA anchors and server names."), Config::$CONSORTIUM['name']) . "</p>"; |
| 220 | +} |
|
| 212 | 221 | ?> |
| 213 | 222 | <table id="expandable_eapserver_options"> |
| 214 | 223 | <?php |
@@ -18,10 +18,11 @@ |
||
| 18 | 18 | if ($ls['Code'] === 'urn:oasis:names:tc:SAML:2.0:status:Success' && !isset($ls['SubCode'])) { |
| 19 | 19 | /* Successful logout. */ |
| 20 | 20 | $url = htmlspecialchars($_SERVER['HTTP_HOST']) . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/admin/logout_check.php")); |
| 21 | - if ($_SERVER['HTTPS'] == "on") |
|
| 22 | - $url = "https://" . $url; |
|
| 23 | - else |
|
| 24 | - $url = "http://" . $url; |
|
| 21 | + if ($_SERVER['HTTPS'] == "on") { |
|
| 22 | + $url = "https://" . $url; |
|
| 23 | + } else { |
|
| 24 | + $url = "http://" . $url; |
|
| 25 | + } |
|
| 25 | 26 | |
| 26 | 27 | header("Location: $url"); |
| 27 | 28 | } else { |
@@ -31,10 +31,11 @@ |
||
| 31 | 31 | <?php |
| 32 | 32 | $remaining_attribs = $user->beginflushAttributes(); |
| 33 | 33 | |
| 34 | -if (isset($_POST['option'])) |
|
| 34 | +if (isset($_POST['option'])) { |
|
| 35 | 35 | foreach ($_POST['option'] as $opt_id => $optname) |
| 36 | 36 | if ($optname == "user:fedadmin") { |
| 37 | 37 | echo "Security violation: user tried to make himself federation administrator!"; |
| 38 | +} |
|
| 38 | 39 | exit(1); |
| 39 | 40 | } |
| 40 | 41 | ?> |
@@ -138,7 +138,7 @@ discard block |
||
| 138 | 138 | echo "</table></div>"; |
| 139 | 139 | } |
| 140 | 140 | if (Config::$CONSORTIUM['name'] == 'eduroam') |
| 141 | - $helptext = "<h3>" . sprintf(_("Need help? Refer to the <a href='%s'>Federation Operator manual</a>"),"https://wiki.geant.org/x/KQB_AQ")."</h3>"; |
|
| 141 | + $helptext = "<h3>" . sprintf(_("Need help? Refer to the <a href='%s'>Federation Operator manual</a>"), "https://wiki.geant.org/x/KQB_AQ") . "</h3>"; |
|
| 142 | 142 | else |
| 143 | 143 | $helptext = ""; |
| 144 | 144 | echo $helptext; |
@@ -186,7 +186,7 @@ discard block |
||
| 186 | 186 | // deployment status; need to dive into profiles for this |
| 187 | 187 | // show happy eyeballs if at least one profile is configured/showtime |
| 188 | 188 | echo "<td>"; |
| 189 | - echo ($idp_instance->isOneProfileConfigured() ? "C" : "" ) . " " . ($idp_instance->isOneProfileShowtime() ? "V" : "" ); |
|
| 189 | + echo ($idp_instance->isOneProfileConfigured() ? "C" : "") . " " . ($idp_instance->isOneProfileShowtime() ? "V" : ""); |
|
| 190 | 190 | echo "</td>"; |
| 191 | 191 | // get the coarse status overview |
| 192 | 192 | $status = $idp_instance->getAllProfileStatusOverview(); |
@@ -128,19 +128,21 @@ discard block |
||
| 128 | 128 | if (isset($_GET['invitation'])) { |
| 129 | 129 | echo "<div class='ca-summary' style='position:relative;'><table>"; |
| 130 | 130 | |
| 131 | - if ($_GET['invitation'] == "SUCCESS") |
|
| 132 | - echo UI_remark(_("The invitation email was sent successfully."), _("The invitation email was sent.")); |
|
| 133 | - else if ($_GET['invitation'] == "FAILURE") |
|
| 134 | - echo UI_error(_("The invitation email could not be sent!"), _("The invitation email could not be sent!")); |
|
| 135 | - else |
|
| 136 | - echo UI_error(_("Error: unknown result code of invitation!?!"), _("Unknown result!")); |
|
| 131 | + if ($_GET['invitation'] == "SUCCESS") { |
|
| 132 | + echo UI_remark(_("The invitation email was sent successfully."), _("The invitation email was sent.")); |
|
| 133 | + } else if ($_GET['invitation'] == "FAILURE") { |
|
| 134 | + echo UI_error(_("The invitation email could not be sent!"), _("The invitation email could not be sent!")); |
|
| 135 | + } else { |
|
| 136 | + echo UI_error(_("Error: unknown result code of invitation!?!"), _("Unknown result!")); |
|
| 137 | + } |
|
| 137 | 138 | |
| 138 | 139 | echo "</table></div>"; |
| 139 | 140 | } |
| 140 | - if (Config::$CONSORTIUM['name'] == 'eduroam') |
|
| 141 | - $helptext = "<h3>" . sprintf(_("Need help? Refer to the <a href='%s'>Federation Operator manual</a>"),"https://wiki.geant.org/x/KQB_AQ")."</h3>"; |
|
| 142 | - else |
|
| 143 | - $helptext = ""; |
|
| 141 | + if (Config::$CONSORTIUM['name'] == 'eduroam') { |
|
| 142 | + $helptext = "<h3>" . sprintf(_("Need help? Refer to the <a href='%s'>Federation Operator manual</a>"),"https://wiki.geant.org/x/KQB_AQ")."</h3>"; |
|
| 143 | + } else { |
|
| 144 | + $helptext = ""; |
|
| 145 | + } |
|
| 144 | 146 | echo $helptext; |
| 145 | 147 | |
| 146 | 148 | ?> |
@@ -153,8 +155,9 @@ discard block |
||
| 153 | 155 | $feds = $user->getAttributes("user:fedadmin"); |
| 154 | 156 | $pending_invites = $mgmt->listPendingInvitations(); |
| 155 | 157 | |
| 156 | - if (Config::$DB['enforce-external-sync']) |
|
| 157 | - echo "<th>" . sprintf(_("%s Database Sync Status"), Config::$CONSORTIUM['name']) . "</th>"; |
|
| 158 | + if (Config::$DB['enforce-external-sync']) { |
|
| 159 | + echo "<th>" . sprintf(_("%s Database Sync Status"), Config::$CONSORTIUM['name']) . "</th>"; |
|
| 160 | + } |
|
| 158 | 161 | ?> |
| 159 | 162 | <th><?php echo _("Administrator Management"); ?></th> |
| 160 | 163 | </tr> |
@@ -165,10 +168,11 @@ discard block |
||
| 165 | 168 | |
| 166 | 169 | // extract only pending invitations for *this* fed |
| 167 | 170 | $display_pendings = FALSE; |
| 168 | - foreach ($pending_invites as $oneinvite) |
|
| 169 | - if (strtoupper($oneinvite['country']) == strtoupper($thefed->identifier)) { |
|
| 171 | + foreach ($pending_invites as $oneinvite) { |
|
| 172 | + if (strtoupper($oneinvite['country']) == strtoupper($thefed->identifier)) { |
|
| 170 | 173 | // echo "PENDINGS!"; |
| 171 | 174 | $display_pendings = TRUE; |
| 175 | + } |
|
| 172 | 176 | } |
| 173 | 177 | |
| 174 | 178 | $idps = $thefed->listIdentityProviders(); |
@@ -253,8 +257,8 @@ discard block |
||
| 253 | 257 | </strong> |
| 254 | 258 | </td> |
| 255 | 259 | </tr>"; |
| 256 | - foreach ($pending_invites as $oneinvite) |
|
| 257 | - if (strtoupper($oneinvite['country']) == strtoupper($thefed->identifier)) { |
|
| 260 | + foreach ($pending_invites as $oneinvite) { |
|
| 261 | + if (strtoupper($oneinvite['country']) == strtoupper($thefed->identifier)) { |
|
| 258 | 262 | echo "<tr> |
| 259 | 263 | <td>" . |
| 260 | 264 | $oneinvite['name'] . " |
@@ -263,6 +267,7 @@ discard block |
||
| 263 | 267 | $oneinvite['mail'] . " |
| 264 | 268 | </td> |
| 265 | 269 | <td colspan=2>"; |
| 270 | + } |
|
| 266 | 271 | echo "<form method='post' action='overview_federation.php' accept-charset='UTF-8'> |
| 267 | 272 | <input type='hidden' name='invitation_id' value='" . $oneinvite['token'] . "'/> |
| 268 | 273 | <button class='delete' type='submit' name='submitbutton' value='" . BUTTON_DELETE . "'>" . _("Revoke Invitation") . "</button> |
@@ -18,7 +18,7 @@ discard block |
||
| 18 | 18 | $Cat = new CAT(); |
| 19 | 19 | $Cat->set_locale("web_admin"); |
| 20 | 20 | |
| 21 | -$additional_message = [ |
|
| 21 | +$additional_message = [ |
|
| 22 | 22 | L_OK => '', |
| 23 | 23 | L_REMARK => _("Some properties of the connection attempt were sub-optimal; the list is below."), |
| 24 | 24 | L_WARN => _("Some properties of the connection attempt were sub-optimal; the list is below."), |
@@ -28,20 +28,20 @@ discard block |
||
| 28 | 28 | |
| 29 | 29 | function disp_name($eap) { |
| 30 | 30 | $D = EAP::eapDisplayName($eap); |
| 31 | - return $D['OUTER'] . ( $D['INNER'] != '' ? '-' . $D['INNER'] : ''); |
|
| 31 | + return $D['OUTER'] . ($D['INNER'] != '' ? '-' . $D['INNER'] : ''); |
|
| 32 | 32 | } |
| 33 | 33 | |
| 34 | 34 | function printDN($dn) { |
| 35 | 35 | $out = ''; |
| 36 | 36 | foreach (array_reverse($dn) as $k => $v) { |
| 37 | - if(is_array ($v)) { |
|
| 37 | + if (is_array($v)) { |
|
| 38 | 38 | foreach ($v as $V) { |
| 39 | - if($out) |
|
| 39 | + if ($out) |
|
| 40 | 40 | $out .= ','; |
| 41 | 41 | $out .= "$k=$V"; |
| 42 | 42 | } |
| 43 | 43 | } else { |
| 44 | - if($out) |
|
| 44 | + if ($out) |
|
| 45 | 45 | $out .= ','; |
| 46 | 46 | $out .= "$k=$v"; |
| 47 | 47 | } |
@@ -50,32 +50,32 @@ discard block |
||
| 50 | 50 | } |
| 51 | 51 | |
| 52 | 52 | function printTm($tm) { |
| 53 | - return(gmdate(DateTime::COOKIE,$tm)); |
|
| 53 | + return(gmdate(DateTime::COOKIE, $tm)); |
|
| 54 | 54 | } |
| 55 | 55 | |
| 56 | 56 | |
| 57 | 57 | |
| 58 | -function process_result($testsuite,$host) { |
|
| 58 | +function process_result($testsuite, $host) { |
|
| 59 | 59 | $ret = []; |
| 60 | 60 | $server_info = []; |
| 61 | 61 | $udp_result = $testsuite->UDP_reachability_result[$host]; |
| 62 | - if(isset($udp_result['certdata']) && count($udp_result['certdata'])) { |
|
| 62 | + if (isset($udp_result['certdata']) && count($udp_result['certdata'])) { |
|
| 63 | 63 | foreach ($udp_result['certdata'] as $certdata) { |
| 64 | - if($certdata['type'] != 'server' && $certdata['type'] != 'totally_selfsigned' ) |
|
| 64 | + if ($certdata['type'] != 'server' && $certdata['type'] != 'totally_selfsigned') |
|
| 65 | 65 | continue; |
| 66 | - $server_cert = [ |
|
| 66 | + $server_cert = [ |
|
| 67 | 67 | 'subject' => printDN($certdata['subject']), |
| 68 | 68 | 'issuer' => printDN($certdata['issuer']), |
| 69 | 69 | 'validFrom' => printTm($certdata['validFrom_time_t']), |
| 70 | 70 | 'validTo' => printTm($certdata['validTo_time_t']), |
| 71 | - 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)",$certdata['serialNumber']), |
|
| 71 | + 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 72 | 72 | 'sha1' => $certdata['sha1'], |
| 73 | 73 | 'extensions' => $certdata['extensions'] |
| 74 | 74 | ]; |
| 75 | 75 | } |
| 76 | 76 | } |
| 77 | 77 | $ret['server_cert'] = $server_cert; |
| 78 | - if(isset($udp_result['incoming_server_names'][0]) ) { |
|
| 78 | + if (isset($udp_result['incoming_server_names'][0])) { |
|
| 79 | 79 | $ret['server'] = sprintf(_("Connected to %s."), $udp_result['incoming_server_names'][0]); |
| 80 | 80 | } |
| 81 | 81 | else |
@@ -119,7 +119,7 @@ discard block |
||
| 119 | 119 | exit; |
| 120 | 120 | */ |
| 121 | 121 | $hostindex = $_REQUEST['hostindex']; |
| 122 | -if(!is_numeric($hostindex)) |
|
| 122 | +if (!is_numeric($hostindex)) |
|
| 123 | 123 | exit; |
| 124 | 124 | |
| 125 | 125 | |
@@ -140,14 +140,14 @@ discard block |
||
| 140 | 140 | if ($_FILES['cert']['error'] == UPLOAD_ERR_OK) { |
| 141 | 141 | $clientcertdata = file_get_contents($_FILES['cert']['tmp_name']); |
| 142 | 142 | $privkey_pass = isset($_REQUEST['privkey_pass']) && $_REQUEST['privkey_pass'] ? $_REQUEST['privkey_pass'] : ""; //!! |
| 143 | - if(isset($_REQUEST['tls_username']) && $_REQUEST['tls_username']) { |
|
| 143 | + if (isset($_REQUEST['tls_username']) && $_REQUEST['tls_username']) { |
|
| 144 | 144 | $tls_username = valid_user($_REQUEST['tls_username']); |
| 145 | 145 | } else { |
| 146 | - if(openssl_pkcs12_read($clientcertdata,$certs,$privkey_pass)) { |
|
| 146 | + if (openssl_pkcs12_read($clientcertdata, $certs, $privkey_pass)) { |
|
| 147 | 147 | $mydetails = openssl_x509_parse($certs['cert']); |
| 148 | - if(isset($mydetails['subject']['CN']) && $mydetails['subject']['CN']) { |
|
| 149 | - $tls_username=$mydetails['subject']['CN']; |
|
| 150 | - debug(4,"PKCS12-CN=$tls_username\n"); |
|
| 148 | + if (isset($mydetails['subject']['CN']) && $mydetails['subject']['CN']) { |
|
| 149 | + $tls_username = $mydetails['subject']['CN']; |
|
| 150 | + debug(4, "PKCS12-CN=$tls_username\n"); |
|
| 151 | 151 | } else { |
| 152 | 152 | $testresult = RETVAL_INCOMPLETE_DATA; |
| 153 | 153 | $run_test = FALSE; |
@@ -161,14 +161,14 @@ discard block |
||
| 161 | 161 | $testresult = RETVAL_INCOMPLETE_DATA; |
| 162 | 162 | $run_test = FALSE; |
| 163 | 163 | } |
| 164 | - if($run_test) { |
|
| 165 | - debug(4,"TLS-USERNAME=$tls_username\n"); |
|
| 166 | - $testresult = $testsuite->UDP_login($hostindex, $eap, $tls_username, $privkey_pass,'', TRUE, TRUE, $clientcertdata); |
|
| 164 | + if ($run_test) { |
|
| 165 | + debug(4, "TLS-USERNAME=$tls_username\n"); |
|
| 166 | + $testresult = $testsuite->UDP_login($hostindex, $eap, $tls_username, $privkey_pass, '', TRUE, TRUE, $clientcertdata); |
|
| 167 | 167 | } |
| 168 | 168 | } else { |
| 169 | - $testresult = $testsuite->UDP_login($hostindex, $eap, $user_name, $user_password,$outer_user_name); |
|
| 169 | + $testresult = $testsuite->UDP_login($hostindex, $eap, $user_name, $user_password, $outer_user_name); |
|
| 170 | 170 | } |
| 171 | - $returnarray['result'][$i] = process_result($testsuite,$hostindex); |
|
| 171 | + $returnarray['result'][$i] = process_result($testsuite, $hostindex); |
|
| 172 | 172 | $returnarray['result'][$i]['eap'] = display_name($eap); |
| 173 | 173 | $returnarray['returncode'][$i] = $testresult; |
| 174 | 174 | |
@@ -176,7 +176,7 @@ discard block |
||
| 176 | 176 | switch ($testresult) { |
| 177 | 177 | case RETVAL_OK : |
| 178 | 178 | $level = $returnarray['result'][$i]['level']; |
| 179 | - switch($level) { |
|
| 179 | + switch ($level) { |
|
| 180 | 180 | case L_OK : |
| 181 | 181 | $message = _("<strong>Test successful.</strong>"); |
| 182 | 182 | break; |
@@ -228,21 +228,21 @@ discard block |
||
| 228 | 228 | $i = 0; |
| 229 | 229 | $returnarray['hostindex'] = $hostindex; |
| 230 | 230 | $testresult = $testsuite->UDP_reachability($hostindex); |
| 231 | - $returnarray['result'][$i] = process_result($testsuite,$hostindex); |
|
| 231 | + $returnarray['result'][$i] = process_result($testsuite, $hostindex); |
|
| 232 | 232 | $returnarray['result'][$i]['eap'] = 'ALL'; |
| 233 | 233 | $returnarray['returncode'][$i] = $testresult; |
| 234 | 234 | // a failed check may not have gotten any certificate, be prepared for that |
| 235 | 235 | switch ($testresult) { |
| 236 | 236 | case RETVAL_CONVERSATION_REJECT: |
| 237 | 237 | $level = $returnarray['result'][$i]['level']; |
| 238 | - if($level > L_OK) |
|
| 238 | + if ($level > L_OK) |
|
| 239 | 239 | $message = _("<strong>Test partially successful</strong>: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned.") . ' ' . $additional_message[$level]; |
| 240 | 240 | else |
| 241 | 241 | $message = _("<strong>Test successful</strong>: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned."); |
| 242 | 242 | break; |
| 243 | 243 | case RETVAL_IMMEDIATE_REJECT: |
| 244 | 244 | $message = _("<strong>Test FAILED</strong>: the request was rejected immediately, without EAP conversation. This is not necessarily an error: if the RADIUS server enforces that outer identities correspond to an existing username, then this result is expected (Note: you could configure a valid outer identity in your profile settings to get past this hurdle). In all other cases, the server appears misconfigured or it is unreachable."); |
| 245 | - $level= L_WARN; |
|
| 245 | + $level = L_WARN; |
|
| 246 | 246 | break; |
| 247 | 247 | case RETVAL_NO_RESPONSE: |
| 248 | 248 | $returnarray['result'][$i]['server'] = 0; |
@@ -255,10 +255,10 @@ discard block |
||
| 255 | 255 | break; |
| 256 | 256 | default: |
| 257 | 257 | $message = _("unhandled error"); |
| 258 | - $level= L_ERROR; |
|
| 258 | + $level = L_ERROR; |
|
| 259 | 259 | break; |
| 260 | 260 | } |
| 261 | -debug(4,"SERVER=".$returnarray['result'][$i]['server']."\n"); |
|
| 261 | +debug(4, "SERVER=" . $returnarray['result'][$i]['server'] . "\n"); |
|
| 262 | 262 | $returnarray['result'][$i]['level'] = $level; |
| 263 | 263 | $returnarray['result'][$i]['message'] = $message; |
| 264 | 264 | break; |
@@ -36,13 +36,15 @@ discard block |
||
| 36 | 36 | foreach (array_reverse($dn) as $k => $v) { |
| 37 | 37 | if(is_array ($v)) { |
| 38 | 38 | foreach ($v as $V) { |
| 39 | - if($out) |
|
| 40 | - $out .= ','; |
|
| 39 | + if($out) { |
|
| 40 | + $out .= ','; |
|
| 41 | + } |
|
| 41 | 42 | $out .= "$k=$V"; |
| 42 | 43 | } |
| 43 | 44 | } else { |
| 44 | - if($out) |
|
| 45 | - $out .= ','; |
|
| 45 | + if($out) { |
|
| 46 | + $out .= ','; |
|
| 47 | + } |
|
| 46 | 48 | $out .= "$k=$v"; |
| 47 | 49 | } |
| 48 | 50 | } |
@@ -61,8 +63,9 @@ discard block |
||
| 61 | 63 | $udp_result = $testsuite->UDP_reachability_result[$host]; |
| 62 | 64 | if(isset($udp_result['certdata']) && count($udp_result['certdata'])) { |
| 63 | 65 | foreach ($udp_result['certdata'] as $certdata) { |
| 64 | - if($certdata['type'] != 'server' && $certdata['type'] != 'totally_selfsigned' ) |
|
| 65 | - continue; |
|
| 66 | + if($certdata['type'] != 'server' && $certdata['type'] != 'totally_selfsigned' ) { |
|
| 67 | + continue; |
|
| 68 | + } |
|
| 66 | 69 | $server_cert = [ |
| 67 | 70 | 'subject' => printDN($certdata['subject']), |
| 68 | 71 | 'issuer' => printDN($certdata['issuer']), |
@@ -77,9 +80,9 @@ discard block |
||
| 77 | 80 | $ret['server_cert'] = $server_cert; |
| 78 | 81 | if(isset($udp_result['incoming_server_names'][0]) ) { |
| 79 | 82 | $ret['server'] = sprintf(_("Connected to %s."), $udp_result['incoming_server_names'][0]); |
| 83 | + } else { |
|
| 84 | + $ret['server'] = 0; |
|
| 80 | 85 | } |
| 81 | - else |
|
| 82 | - $ret['server'] = 0; |
|
| 83 | 86 | $ret['level'] = L_OK; |
| 84 | 87 | $ret['time_millisec'] = sprintf("%d", $udp_result['time_millisec']); |
| 85 | 88 | if (isset($udp_result['cert_oddities']) && count($udp_result['cert_oddities']) > 0) { |
@@ -100,8 +103,9 @@ discard block |
||
| 100 | 103 | return $ret; |
| 101 | 104 | } |
| 102 | 105 | |
| 103 | -if (!isset($_REQUEST['test_type']) || !$_REQUEST['test_type']) |
|
| 106 | +if (!isset($_REQUEST['test_type']) || !$_REQUEST['test_type']) { |
|
| 104 | 107 | exit; |
| 108 | +} |
|
| 105 | 109 | |
| 106 | 110 | $test_type = $_REQUEST['test_type']; |
| 107 | 111 | $check_realm = valid_Realm($_REQUEST['realm']); |
@@ -119,8 +123,9 @@ discard block |
||
| 119 | 123 | exit; |
| 120 | 124 | */ |
| 121 | 125 | $hostindex = $_REQUEST['hostindex']; |
| 122 | -if(!is_numeric($hostindex)) |
|
| 126 | +if(!is_numeric($hostindex)) { |
|
| 123 | 127 | exit; |
| 128 | +} |
|
| 124 | 129 | |
| 125 | 130 | |
| 126 | 131 | $returnarray = []; |
@@ -235,10 +240,11 @@ discard block |
||
| 235 | 240 | switch ($testresult) { |
| 236 | 241 | case RETVAL_CONVERSATION_REJECT: |
| 237 | 242 | $level = $returnarray['result'][$i]['level']; |
| 238 | - if($level > L_OK) |
|
| 239 | - $message = _("<strong>Test partially successful</strong>: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned.") . ' ' . $additional_message[$level]; |
|
| 240 | - else |
|
| 241 | - $message = _("<strong>Test successful</strong>: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned."); |
|
| 243 | + if($level > L_OK) { |
|
| 244 | + $message = _("<strong>Test partially successful</strong>: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned.") . ' ' . $additional_message[$level]; |
|
| 245 | + } else { |
|
| 246 | + $message = _("<strong>Test successful</strong>: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned."); |
|
| 247 | + } |
|
| 242 | 248 | break; |
| 243 | 249 | case RETVAL_IMMEDIATE_REJECT: |
| 244 | 250 | $message = _("<strong>Test FAILED</strong>: the request was rejected immediately, without EAP conversation. This is not necessarily an error: if the RADIUS server enforces that outer identities correspond to an existing username, then this result is expected (Note: you could configure a valid outer identity in your profile settings to get past this hurdle). In all other cases, the server appears misconfigured or it is unreachable."); |
@@ -276,23 +282,28 @@ discard block |
||
| 276 | 282 | } else { |
| 277 | 283 | $returnarray['message'] = $testsuite->return_codes[$testsuite->TLS_CA_checks_result[$host]['status']]["message"]; |
| 278 | 284 | $returnarray['level'] = L_OK; |
| 279 | - if ($testsuite->TLS_CA_checks_result[$host]['status'] != RETVAL_CONNECTION_REFUSED) |
|
| 280 | - $returnarray['message'] .= ' (' . sprintf(_("elapsed time: %d"), $testsuite->TLS_CA_checks_result[$host]['time_millisec']) . ' ms)'; |
|
| 281 | - else |
|
| 282 | - $returnarray['level'] = L_ERROR; |
|
| 285 | + if ($testsuite->TLS_CA_checks_result[$host]['status'] != RETVAL_CONNECTION_REFUSED) { |
|
| 286 | + $returnarray['message'] .= ' (' . sprintf(_("elapsed time: %d"), $testsuite->TLS_CA_checks_result[$host]['time_millisec']) . ' ms)'; |
|
| 287 | + } else { |
|
| 288 | + $returnarray['level'] = L_ERROR; |
|
| 289 | + } |
|
| 283 | 290 | if ($testsuite->TLS_CA_checks_result[$host]['status'] == RETVAL_OK) { |
| 284 | 291 | $returnarray['certdata'] = []; |
| 285 | 292 | $returnarray['certdata']['subject'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['subject']; |
| 286 | 293 | $returnarray['certdata']['issuer'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['issuer']; |
| 287 | 294 | $returnarray['certdata']['extensions'] = []; |
| 288 | - if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) |
|
| 289 | - $returnarray['certdata']['extensions']['subjectaltname'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
|
| 290 | - if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['policyoid'])) |
|
| 291 | - $returnarray['certdata']['extensions']['policies'] = join(' ', $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['policyoid']); |
|
| 292 | - if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['crlDistributionPoint'])) |
|
| 293 | - $returnarray['certdata']['extensions']['crldistributionpoints'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['crlDistributionPoint']; |
|
| 294 | - if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['authorityInfoAccess'])) |
|
| 295 | - $returnarray['certdata']['extensions']['authorityinfoaccess'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['authorityInfoAccess']; |
|
| 295 | + if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
|
| 296 | + $returnarray['certdata']['extensions']['subjectaltname'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
|
| 297 | + } |
|
| 298 | + if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['policyoid'])) { |
|
| 299 | + $returnarray['certdata']['extensions']['policies'] = join(' ', $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['policyoid']); |
|
| 300 | + } |
|
| 301 | + if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['crlDistributionPoint'])) { |
|
| 302 | + $returnarray['certdata']['extensions']['crldistributionpoints'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['crlDistributionPoint']; |
|
| 303 | + } |
|
| 304 | + if (isset($testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['authorityInfoAccess'])) { |
|
| 305 | + $returnarray['certdata']['extensions']['authorityinfoaccess'] = $testsuite->TLS_CA_checks_result[$host]['certdata']['extensions']['authorityInfoAccess']; |
|
| 306 | + } |
|
| 296 | 307 | } |
| 297 | 308 | $returnarray['cert_oddities'] = []; |
| 298 | 309 | } |
@@ -306,10 +317,11 @@ discard block |
||
| 306 | 317 | $k = 0; |
| 307 | 318 | // the host member of the array may not exist if RETVAL_SKIPPED came out |
| 308 | 319 | // (e.g. no client cert to test with). Be prepared for that |
| 309 | - if (isset($testsuite->TLS_clients_checks_result[$host])) |
|
| 310 | - foreach ($testsuite->TLS_clients_checks_result[$host]['ca'] as $type => $cli) { |
|
| 320 | + if (isset($testsuite->TLS_clients_checks_result[$host])) { |
|
| 321 | + foreach ($testsuite->TLS_clients_checks_result[$host]['ca'] as $type => $cli) { |
|
| 311 | 322 | foreach ($cli as $key => $val) { |
| 312 | 323 | $returnarray['ca'][$k][$key] = $val; |
| 324 | + } |
|
| 313 | 325 | } |
| 314 | 326 | $k++; |
| 315 | 327 | } |
@@ -347,8 +359,9 @@ discard block |
||
| 347 | 359 | $oids = check_policy($data); |
| 348 | 360 | if (!empty($oids)) { |
| 349 | 361 | $printedres .= '<li>' . _("Certificate policies") . ':'; |
| 350 | - foreach ($oids as $k => $o) |
|
| 351 | - $printedres .= " $o ($k)"; |
|
| 362 | + foreach ($oids as $k => $o) { |
|
| 363 | + $printedres .= " $o ($k)"; |
|
| 364 | + } |
|
| 352 | 365 | } |
| 353 | 366 | if (($crl = certificate_get_field($data, 'crlDistributionPoints'))) { |
| 354 | 367 | $printedres .= '<li>' . _("crlDistributionPoints") . ': ' . $crl; |
@@ -37,7 +37,7 @@ discard block |
||
| 37 | 37 | |
| 38 | 38 | function print_test_results($t) { |
| 39 | 39 | $out = ''; |
| 40 | - switch($t->test_result['global']) { |
|
| 40 | + switch ($t->test_result['global']) { |
|
| 41 | 41 | case L_OK: |
| 42 | 42 | $message = "Your configuration appears to be fine."; |
| 43 | 43 | break; |
@@ -51,10 +51,10 @@ discard block |
||
| 51 | 51 | $message = "Your configuration appears to be fine."; |
| 52 | 52 | break; |
| 53 | 53 | } |
| 54 | - $out .= UI_message($t->test_result['global'],"<br><strong>Test Summary</strong><br>".$message."<br>See below for details<br><hr>"); |
|
| 55 | - foreach ($t->out as $test => $test_val) { |
|
| 56 | - foreach ($test_val as $o) { |
|
| 57 | - $out .= UI_message($o['level'],$o['message']); |
|
| 54 | + $out .= UI_message($t->test_result['global'], "<br><strong>Test Summary</strong><br>" . $message . "<br>See below for details<br><hr>"); |
|
| 55 | + foreach ($t->out as $test => $test_val) { |
|
| 56 | + foreach ($test_val as $o) { |
|
| 57 | + $out .= UI_message($o['level'], $o['message']); |
|
| 58 | 58 | } |
| 59 | 59 | } |
| 60 | 60 | return($out); |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | |
| 63 | 63 | function return_test_results($t) { |
| 64 | 64 | $out = ''; |
| 65 | - switch($t->test_result['global']) { |
|
| 65 | + switch ($t->test_result['global']) { |
|
| 66 | 66 | case L_OK: |
| 67 | 67 | $message = "Your configuration appears to be fine."; |
| 68 | 68 | break; |
@@ -76,10 +76,10 @@ discard block |
||
| 76 | 76 | $message = "Your configuration appears to be fine."; |
| 77 | 77 | break; |
| 78 | 78 | } |
| 79 | - $out .= UI_message($t->test_result['global'],"<br><strong>Test Summary</strong><br>".$message."<br>See below for details<br><hr>"); |
|
| 80 | - foreach ($t->out as $test => $test_val) { |
|
| 81 | - foreach ($test_val as $o) { |
|
| 82 | - $out .= UI_message($o['level'],$o['message']); |
|
| 79 | + $out .= UI_message($t->test_result['global'], "<br><strong>Test Summary</strong><br>" . $message . "<br>See below for details<br><hr>"); |
|
| 80 | + foreach ($t->out as $test => $test_val) { |
|
| 81 | + foreach ($test_val as $o) { |
|
| 82 | + $out .= UI_message($o['level'], $o['message']); |
|
| 83 | 83 | } |
| 84 | 84 | } |
| 85 | 85 | return($out); |
@@ -100,7 +100,7 @@ discard block |
||
| 100 | 100 | } |
| 101 | 101 | $test = new SanityTest(); |
| 102 | 102 | $test->run_tests($Tests); |
| 103 | -$format = empty($_REQUEST['format']) ? 'include' : $_REQUEST['format']; |
|
| 103 | +$format = empty($_REQUEST['format']) ? 'include' : $_REQUEST['format']; |
|
| 104 | 104 | switch ($format) { |
| 105 | 105 | case 'include': |
| 106 | 106 | $o = print_test_results($test); |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | <div class='infobox' style='text-align:center;'> |
| 86 | 86 | <h2><?php echo _("Institution Download Area QR Code"); ?></h2> |
| 87 | 87 | <?php |
| 88 | - $displayurl = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . dirname(dirname($_SERVER['SCRIPT_NAME'])) . "?idp=" . $my_inst->identifier; |
|
| 88 | + $displayurl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . dirname(dirname($_SERVER['SCRIPT_NAME'])) . "?idp=" . $my_inst->identifier; |
|
| 89 | 89 | $uri = "data:image/png;base64," . base64_encode(png_inject_consortium_logo(QRcode::png($displayurl, FALSE, QR_ECLEVEL_Q, 12))); |
| 90 | 90 | $size = getimagesize($uri); |
| 91 | 91 | echo "<img width='" . ($size[0] / 4) . "' height='" . ($size[1] / 4) . "' src='$uri' alt='QR-code'/>"; |
@@ -115,7 +115,7 @@ discard block |
||
| 115 | 115 | </td> |
| 116 | 116 | <td> |
| 117 | 117 | <form action='edit_idp_result.php?inst_id=<?php echo $my_inst->identifier; ?>' method='post' accept-charset='UTF-8'> |
| 118 | - <button class='delete' type='submit' name='submitbutton' value='<?php echo BUTTON_DELETE; ?>' onclick="return confirm('<?php echo ( Config::$CONSORTIUM['selfservice_registration'] === NULL ? _("After deleting the IdP, you can not recreate it yourself - you need a new invitation token from the federation administrator!") . " " : "" ) . sprintf(_("Do you really want to delete your IdP %s?"), $my_inst->name); ?>')"><?php echo _("Delete IdP"); ?></button> |
|
| 118 | + <button class='delete' type='submit' name='submitbutton' value='<?php echo BUTTON_DELETE; ?>' onclick="return confirm('<?php echo (Config::$CONSORTIUM['selfservice_registration'] === NULL ? _("After deleting the IdP, you can not recreate it yourself - you need a new invitation token from the federation administrator!") . " " : "") . sprintf(_("Do you really want to delete your IdP %s?"), $my_inst->name); ?>')"><?php echo _("Delete IdP"); ?></button> |
|
| 119 | 119 | </form> |
| 120 | 120 | |
| 121 | 121 | </td> |
@@ -230,7 +230,7 @@ discard block |
||
| 230 | 230 | $has_realm = $profile_list->getAttributes("internal:realm"); |
| 231 | 231 | $has_realm = $has_realm[0]['value']; |
| 232 | 232 | echo "<div class='profilemodulebuttons' style='float:right;'>"; |
| 233 | - if (count(Config::$RADIUSTESTS['UDP-hosts']) > 0 || ( count(Config::$RADIUSTESTS['TLS-clientcerts']) > 0 && Config::$RADIUSTESTS['TLS-discoverytag'] != "")) |
|
| 233 | + if (count(Config::$RADIUSTESTS['UDP-hosts']) > 0 || (count(Config::$RADIUSTESTS['TLS-clientcerts']) > 0 && Config::$RADIUSTESTS['TLS-discoverytag'] != "")) |
|
| 234 | 234 | echo "<form action='action_realmcheck.php?inst_id=$my_inst->identifier&profile_id=$profile_list->identifier' method='post' accept-charset='UTF-8'> |
| 235 | 235 | <button type='submit' name='profile_action' value='check' " . ($has_realm ? "" : "disabled='disabled' title='" . _("The realm can only be checked if you configure the realm!") . "'") . "> |
| 236 | 236 | " . _("Check realm reachability") . " |
@@ -264,7 +264,7 @@ discard block |
||
| 264 | 264 | if (isset($URL['device-specific:redirect'])) |
| 265 | 265 | $displayurl = $URL['device-specific:redirect'][0]; |
| 266 | 266 | else |
| 267 | - $displayurl = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" ? 'https://' : 'http://' ) . $_SERVER['SERVER_NAME'] . dirname(dirname($_SERVER['SCRIPT_NAME'])) . "?idp=" . $my_inst->identifier . "&profile=" . $profile_list->identifier; |
|
| 267 | + $displayurl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . dirname(dirname($_SERVER['SCRIPT_NAME'])) . "?idp=" . $my_inst->identifier . "&profile=" . $profile_list->identifier; |
|
| 268 | 268 | echo "<a href='$displayurl' style='white-space: nowrap; text-align: center;'>"; |
| 269 | 269 | $uri = "data:image/png;base64," . base64_encode(png_inject_consortium_logo(QRcode::png($displayurl, FALSE, QR_ECLEVEL_Q, 12))); |
| 270 | 270 | $size = getimagesize($uri); |
@@ -28,8 +28,9 @@ discard block |
||
| 28 | 28 | |
| 29 | 29 | // delete stored realm |
| 30 | 30 | |
| 31 | -if (isset($_SESSION['check_realm'])) |
|
| 31 | +if (isset($_SESSION['check_realm'])) { |
|
| 32 | 32 | unset($_SESSION['check_realm']); |
| 33 | +} |
|
| 33 | 34 | |
| 34 | 35 | |
| 35 | 36 | geo_widget_head($my_inst->federation, $my_inst->name); |
@@ -95,15 +96,17 @@ discard block |
||
| 95 | 96 | </div> |
| 96 | 97 | <?php |
| 97 | 98 | $loadmap = FALSE; |
| 98 | - foreach ($idpoptions as $optionname => $optionvalue) |
|
| 99 | - if ($optionvalue['name'] == "general:geo_coordinates") |
|
| 99 | + foreach ($idpoptions as $optionname => $optionvalue) { |
|
| 100 | + if ($optionvalue['name'] == "general:geo_coordinates") |
|
| 100 | 101 | $loadmap = TRUE; |
| 101 | - if ($loadmap) |
|
| 102 | - echo ' |
|
| 102 | + } |
|
| 103 | + if ($loadmap) { |
|
| 104 | + echo ' |
|
| 103 | 105 | <div class="infobox" style="width:270px;"> |
| 104 | 106 | <div id="map" style="width:100%; height:150px"></div> |
| 105 | 107 | </div> |
| 106 | 108 | '; |
| 109 | + } |
|
| 107 | 110 | ?> |
| 108 | 111 | </div> |
| 109 | 112 | <table> |
@@ -131,8 +134,8 @@ discard block |
||
| 131 | 134 | <h2><?php _("Available Support actions"); ?></h2> |
| 132 | 135 | <table> |
| 133 | 136 | <?php |
| 134 | - if (count(Config::$RADIUSTESTS['UDP-hosts']) > 0 || Config::$RADIUSTESTS['TLS-discoverytag'] != "") |
|
| 135 | - echo "<tr> |
|
| 137 | + if (count(Config::$RADIUSTESTS['UDP-hosts']) > 0 || Config::$RADIUSTESTS['TLS-discoverytag'] != "") { |
|
| 138 | + echo "<tr> |
|
| 136 | 139 | <td>" . _("Check another realm's reachability") . "</td> |
| 137 | 140 | <td><form method='post' action='action_realmcheck.php?inst_id=$my_inst->identifier' accept-charset='UTF-8'> |
| 138 | 141 | <input type='text' name='realm' id='realm'> |
@@ -140,7 +143,9 @@ discard block |
||
| 140 | 143 | </form> |
| 141 | 144 | </td> |
| 142 | 145 | </tr>"; |
| 143 | - if (Config::$CONSORTIUM['name'] == "eduroam") // SW: APPROVED |
|
| 146 | + } |
|
| 147 | + if (Config::$CONSORTIUM['name'] == "eduroam") { |
|
| 148 | + // SW: APPROVED |
|
| 144 | 149 | echo "<tr> |
| 145 | 150 | <td>" . _("Check server status of European federations") . "</td> |
| 146 | 151 | <td> |
@@ -149,14 +154,17 @@ discard block |
||
| 149 | 154 | </form> |
| 150 | 155 | </td> |
| 151 | 156 | </tr>"; |
| 157 | + } |
|
| 152 | 158 | ?> |
| 153 | 159 | </table> |
| 154 | 160 | <hr/> |
| 155 | 161 | <h2><?php echo _("Profiles for this institution"); ?></h2> |
| 156 | 162 | <?php |
| 157 | 163 | $profiles_for_this_idp = $my_inst->listProfiles(); |
| 158 | - if (count($profiles_for_this_idp) == 0) // no profiles yet. |
|
| 164 | + if (count($profiles_for_this_idp) == 0) { |
|
| 165 | + // no profiles yet. |
|
| 159 | 166 | echo _("There are not yet any profiles for your institution."); |
| 167 | + } |
|
| 160 | 168 | |
| 161 | 169 | foreach ($profiles_for_this_idp as $profile_list) { |
| 162 | 170 | echo "<div style='display: table-row; margin-bottom: 20px;'>"; |
@@ -170,9 +178,10 @@ discard block |
||
| 170 | 178 | // readiness - but want to display it before! |
| 171 | 179 | |
| 172 | 180 | $has_overrides = FALSE; |
| 173 | - foreach ($attribs as $attrib) |
|
| 174 | - if ($attrib['level'] == "Profile" && !preg_match("/^(internal:|profile:name|profile:description)/", $attrib['name'])) |
|
| 181 | + foreach ($attribs as $attrib) { |
|
| 182 | + if ($attrib['level'] == "Profile" && !preg_match("/^(internal:|profile:name|profile:description)/", $attrib['name'])) |
|
| 175 | 183 | $has_overrides = TRUE; |
| 184 | + } |
|
| 176 | 185 | |
| 177 | 186 | $buffer_eaptypediv = "<div style='margin-bottom:40px; float:left;'>" . _("<strong>EAP Types</strong> (in order of preference):") . "<br/>"; |
| 178 | 187 | $typelist = $profile_list->getEapMethodsinOrderOfPreference(); |
@@ -196,9 +205,10 @@ discard block |
||
| 196 | 205 | $allcomplete = FALSE; |
| 197 | 206 | }; |
| 198 | 207 | $eapattribs = $profile_list->getAttributes(0, $eaptype); |
| 199 | - foreach ($attribs as $attrib) |
|
| 200 | - if ($attrib['level'] == "Method" && !preg_match("/^internal:/", $attrib['name'])) |
|
| 208 | + foreach ($attribs as $attrib) { |
|
| 209 | + if ($attrib['level'] == "Method" && !preg_match("/^internal:/", $attrib['name'])) |
|
| 201 | 210 | $buffer_eaptypediv .= "<img src='../resources/images/icons/Letter-E-blue-icon.png' alt='" . _("Option override on EAP Method level is in effect.") . "'>"; |
| 211 | + } |
|
| 202 | 212 | $buffer_eaptypediv .= "<br/>"; |
| 203 | 213 | } |
| 204 | 214 | $buffer_headline = "<h2 style='overflow:auto;'>"; |
@@ -206,23 +216,27 @@ discard block |
||
| 206 | 216 | $buffer_headline .= "<div style='float:right;'>"; |
| 207 | 217 | $sufficient_config = $profile_list->getSufficientConfig(); |
| 208 | 218 | $showtime = $profile_list->getShowtime(); |
| 209 | - if ($has_overrides) |
|
| 210 | - $buffer_headline .= UI_remark("", _("Option override on profile level is in effect."), TRUE); |
|
| 211 | - if (!$allcomplete) |
|
| 212 | - $buffer_headline .= UI_error("", _("The information in this profile is incomplete."), TRUE); |
|
| 213 | - if ($showtime) |
|
| 214 | - $buffer_headline .= UI_okay("", _("This profile is shown on the user download interface."), TRUE); |
|
| 215 | - else if ($sufficient_config) |
|
| 216 | - $buffer_headline .= UI_warning("", sprintf(_("This profile is NOT shown on the user download interface, even though we have enough information to show. To enable the profile, add the attribute \"%s\" and tick the corresponding box."), display_name("profile:production")), TRUE); |
|
| 219 | + if ($has_overrides) { |
|
| 220 | + $buffer_headline .= UI_remark("", _("Option override on profile level is in effect."), TRUE); |
|
| 221 | + } |
|
| 222 | + if (!$allcomplete) { |
|
| 223 | + $buffer_headline .= UI_error("", _("The information in this profile is incomplete."), TRUE); |
|
| 224 | + } |
|
| 225 | + if ($showtime) { |
|
| 226 | + $buffer_headline .= UI_okay("", _("This profile is shown on the user download interface."), TRUE); |
|
| 227 | + } else if ($sufficient_config) { |
|
| 228 | + $buffer_headline .= UI_warning("", sprintf(_("This profile is NOT shown on the user download interface, even though we have enough information to show. To enable the profile, add the attribute \"%s\" and tick the corresponding box."), display_name("profile:production")), TRUE); |
|
| 229 | + } |
|
| 217 | 230 | $buffer_headline .= "</div>"; |
| 218 | 231 | |
| 219 | 232 | $buffer_headline .= sprintf(_("Profile: %s"), $profile_name) . "</h2>"; |
| 220 | 233 | |
| 221 | 234 | echo $buffer_headline; |
| 222 | 235 | |
| 223 | - if (array_search(EAP::$TTLS_PAP, $typelist) !== FALSE && array_search(EAP::$TTLS_GTC, $typelist) === FALSE && array_search(EAP::$PEAP_MSCHAP2, $typelist) === FALSE && array_search(EAP::$TTLS_MSCHAP2, $typelist) === FALSE) |
|
| 224 | - /// Hmmm... IdP Supports TTLS-PAP, but not TTLS-GTC nor anything based on MSCHAPv2. That locks out Symbian users; and is easy to circumvent. Tell the admin... |
|
| 236 | + if (array_search(EAP::$TTLS_PAP, $typelist) !== FALSE && array_search(EAP::$TTLS_GTC, $typelist) === FALSE && array_search(EAP::$PEAP_MSCHAP2, $typelist) === FALSE && array_search(EAP::$TTLS_MSCHAP2, $typelist) === FALSE) { |
|
| 237 | + /// Hmmm... IdP Supports TTLS-PAP, but not TTLS-GTC nor anything based on MSCHAPv2. That locks out Symbian users; and is easy to circumvent. Tell the admin... |
|
| 225 | 238 | $buffer_eaptypediv .= "<p>" . sprintf(_("Read this <a href='%s'>tip</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types#eap-types-choices") . "</p>"; |
| 239 | + } |
|
| 226 | 240 | |
| 227 | 241 | $buffer_eaptypediv .= "</div>"; |
| 228 | 242 | echo $buffer_eaptypediv; |
@@ -230,12 +244,13 @@ discard block |
||
| 230 | 244 | $has_realm = $profile_list->getAttributes("internal:realm"); |
| 231 | 245 | $has_realm = $has_realm[0]['value']; |
| 232 | 246 | echo "<div class='profilemodulebuttons' style='float:right;'>"; |
| 233 | - if (count(Config::$RADIUSTESTS['UDP-hosts']) > 0 || ( count(Config::$RADIUSTESTS['TLS-clientcerts']) > 0 && Config::$RADIUSTESTS['TLS-discoverytag'] != "")) |
|
| 234 | - echo "<form action='action_realmcheck.php?inst_id=$my_inst->identifier&profile_id=$profile_list->identifier' method='post' accept-charset='UTF-8'> |
|
| 247 | + if (count(Config::$RADIUSTESTS['UDP-hosts']) > 0 || ( count(Config::$RADIUSTESTS['TLS-clientcerts']) > 0 && Config::$RADIUSTESTS['TLS-discoverytag'] != "")) { |
|
| 248 | + echo "<form action='action_realmcheck.php?inst_id=$my_inst->identifier&profile_id=$profile_list->identifier' method='post' accept-charset='UTF-8'> |
|
| 235 | 249 | <button type='submit' name='profile_action' value='check' " . ($has_realm ? "" : "disabled='disabled' title='" . _("The realm can only be checked if you configure the realm!") . "'") . "> |
| 236 | 250 | " . _("Check realm reachability") . " |
| 237 | 251 | </button> |
| 238 | 252 | </form>"; |
| 253 | + } |
|
| 239 | 254 | echo "<form action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$profile_list->identifier' method='post' accept-charset='UTF-8'> |
| 240 | 255 | <button type='submit' name='profile_action' value='check' " . ($has_eaptypes ? "" : "disabled='disabled' title='" . _("You have not fully configured any supported EAP types!") . "'") . "> |
| 241 | 256 | " . _("Installer Fine-Tuning and Download") . " |
@@ -261,10 +276,11 @@ discard block |
||
| 261 | 276 | if ($profile_list->getShowtime()) { |
| 262 | 277 | echo "<div style='display: table-cell; text-align:center;'><p><strong>" . _("User Download Link") . "</strong></p>"; |
| 263 | 278 | $URL = $profile_list->getCollapsedAttributes(); |
| 264 | - if (isset($URL['device-specific:redirect'])) |
|
| 265 | - $displayurl = $URL['device-specific:redirect'][0]; |
|
| 266 | - else |
|
| 267 | - $displayurl = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" ? 'https://' : 'http://' ) . $_SERVER['SERVER_NAME'] . dirname(dirname($_SERVER['SCRIPT_NAME'])) . "?idp=" . $my_inst->identifier . "&profile=" . $profile_list->identifier; |
|
| 279 | + if (isset($URL['device-specific:redirect'])) { |
|
| 280 | + $displayurl = $URL['device-specific:redirect'][0]; |
|
| 281 | + } else { |
|
| 282 | + $displayurl = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" ? 'https://' : 'http://' ) . $_SERVER['SERVER_NAME'] . dirname(dirname($_SERVER['SCRIPT_NAME'])) . "?idp=" . $my_inst->identifier . "&profile=" . $profile_list->identifier; |
|
| 283 | + } |
|
| 268 | 284 | echo "<a href='$displayurl' style='white-space: nowrap; text-align: center;'>"; |
| 269 | 285 | $uri = "data:image/png;base64," . base64_encode(png_inject_consortium_logo(QRcode::png($displayurl, FALSE, QR_ECLEVEL_Q, 12))); |
| 270 | 286 | $size = getimagesize($uri); |
@@ -277,8 +293,9 @@ discard block |
||
| 277 | 293 | echo "<div style='width:20px;'></div>"; |
| 278 | 294 | echo "<div style='display: table-cell; min-width:200px;'><p><strong>" . _("User Downloads") . "</strong></p><table>"; |
| 279 | 295 | $stats = $profile_list->getUserDownloadStats(); |
| 280 | - foreach ($stats as $dev => $count) |
|
| 281 | - echo "<tr><td><strong>$dev</strong></td><td>$count</td></tr>"; |
|
| 296 | + foreach ($stats as $dev => $count) { |
|
| 297 | + echo "<tr><td><strong>$dev</strong></td><td>$count</td></tr>"; |
|
| 298 | + } |
|
| 282 | 299 | echo "</table></div>"; |
| 283 | 300 | } |
| 284 | 301 | echo "</div>"; |
