GEANT /
CAT
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $deco = new \web\lib\admin\PageDecoration(); |
| 25 | 25 | $uiElements = new web\lib\admin\UIElements(); |
@@ -49,16 +49,16 @@ discard block |
||
| 49 | 49 | <div class="infobox"> |
| 50 | 50 | <h2><?php $tablecaption = _("Your Personal Information"); echo $tablecaption; ?></h2> |
| 51 | 51 | <table> |
| 52 | - <caption><?php echo $tablecaption;?></caption> |
|
| 52 | + <caption><?php echo $tablecaption; ?></caption> |
|
| 53 | 53 | <tr> |
| 54 | - <th class="wai-invisible" scope="col"><?php echo _("Property Type");?></th> |
|
| 55 | - <th class="wai-invisible" scope="col"><?php echo _("Language if applicable");?></th> |
|
| 56 | - <th class="wai-invisible" scope="col"><?php echo _("Property Value");?></th> |
|
| 54 | + <th class="wai-invisible" scope="col"><?php echo _("Property Type"); ?></th> |
|
| 55 | + <th class="wai-invisible" scope="col"><?php echo _("Language if applicable"); ?></th> |
|
| 56 | + <th class="wai-invisible" scope="col"><?php echo _("Property Value"); ?></th> |
|
| 57 | 57 | </tr> |
| 58 | 58 | <?php echo $uiElements->infoblock($user->getAttributes(), "user", "User"); ?> |
| 59 | 59 | <tr> |
| 60 | 60 | <td> |
| 61 | - <?php echo "" . _("Unique Identifier") ?> |
|
| 61 | + <?php echo ""._("Unique Identifier") ?> |
|
| 62 | 62 | </td> |
| 63 | 63 | <td> |
| 64 | 64 | </td> |
@@ -70,14 +70,14 @@ discard block |
||
| 70 | 70 | </div> |
| 71 | 71 | |
| 72 | 72 | <form action='overview_certificates.php' method='GET' accept-charset='UTF-8'> |
| 73 | - <button type='submit'><?php echo sprintf(_('RADIUS/TLS Certificate management'));?></button> |
|
| 73 | + <button type='submit'><?php echo sprintf(_('RADIUS/TLS Certificate management')); ?></button> |
|
| 74 | 74 | </form> |
| 75 | 75 | |
| 76 | 76 | <?php |
| 77 | 77 | $mgmt = new \core\UserManagement(); |
| 78 | 78 | |
| 79 | 79 | if (!$user->isFederationAdmin()) { |
| 80 | - echo "<p>" . sprintf(_("You are not a %s manager."), $uiElements->nomenclatureFed) . "</p>"; |
|
| 80 | + echo "<p>".sprintf(_("You are not a %s manager."), $uiElements->nomenclatureFed)."</p>"; |
|
| 81 | 81 | echo $deco->footer(); |
| 82 | 82 | exit(0); |
| 83 | 83 | } |
@@ -90,16 +90,16 @@ discard block |
||
| 90 | 90 | <?php $tablecaption2 = sprintf(_("%s Properties: %s"), $uiElements->nomenclatureFed, $thefed->name); echo $tablecaption2; ?> |
| 91 | 91 | </h2> |
| 92 | 92 | <table> |
| 93 | - <caption><?php echo $tablecaption2;?></caption> |
|
| 93 | + <caption><?php echo $tablecaption2; ?></caption> |
|
| 94 | 94 | <tr> |
| 95 | - <th class="wai-invisible" scope="col"><?php echo _("Property Type");?></th> |
|
| 96 | - <th class="wai-invisible" scope="col"><?php echo _("Language if applicable");?></th> |
|
| 97 | - <th class="wai-invisible" scope="col"><?php echo _("Property Value");?></th> |
|
| 95 | + <th class="wai-invisible" scope="col"><?php echo _("Property Type"); ?></th> |
|
| 96 | + <th class="wai-invisible" scope="col"><?php echo _("Language if applicable"); ?></th> |
|
| 97 | + <th class="wai-invisible" scope="col"><?php echo _("Property Value"); ?></th> |
|
| 98 | 98 | </tr> |
| 99 | 99 | <!-- fed properties --> |
| 100 | 100 | <tr> |
| 101 | 101 | <td> |
| 102 | - <?php echo "" . _("Country") ?> |
|
| 102 | + <?php echo ""._("Country") ?> |
|
| 103 | 103 | </td> |
| 104 | 104 | <td> |
| 105 | 105 | </td> |
@@ -183,7 +183,7 @@ discard block |
||
| 183 | 183 | default: |
| 184 | 184 | throw new Exception("Error: unknown encryption status of invitation!?!"); |
| 185 | 185 | } |
| 186 | - echo $uiElements->boxRemark(ngettext("The invitation email was sent successfully.", "All invitation emails were sent successfully.", $counter) . " " . $cryptText, _("Sent successfully.")); |
|
| 186 | + echo $uiElements->boxRemark(ngettext("The invitation email was sent successfully.", "All invitation emails were sent successfully.", $counter)." ".$cryptText, _("Sent successfully.")); |
|
| 187 | 187 | break; |
| 188 | 188 | case "FAILURE": |
| 189 | 189 | echo $uiElements->boxError(_("No invitation email could be sent!"), _("Sending failure!")); |
@@ -203,7 +203,7 @@ discard block |
||
| 203 | 203 | default: |
| 204 | 204 | throw new Exception("Error: unknown encryption status of invitation!?!"); |
| 205 | 205 | } |
| 206 | - echo $uiElements->boxWarning(sprintf(_("Some invitation emails were sent successfully (%s in total), the others failed."), $counter) . " " . $cryptText, _("Partial success.")); |
|
| 206 | + echo $uiElements->boxWarning(sprintf(_("Some invitation emails were sent successfully (%s in total), the others failed."), $counter)." ".$cryptText, _("Partial success.")); |
|
| 207 | 207 | break; |
| 208 | 208 | case "INVALIDSYNTAX": |
| 209 | 209 | echo $uiElements->boxError(_("The invitation email address was malformed, no invitation was sent!"), _("The invitation email address was malformed, no invitation was sent!")); |
@@ -219,27 +219,27 @@ discard block |
||
| 219 | 219 | } else { |
| 220 | 220 | $link = 'http://'; |
| 221 | 221 | } |
| 222 | - $link .= $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME']; |
|
| 222 | + $link .= $_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']; |
|
| 223 | 223 | $link = htmlspecialchars($link); |
| 224 | 224 | if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] == 'LOCAL' && \config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] == 'LOCAL') { |
| 225 | 225 | echo "<table><tr> |
| 226 | - <td>" . sprintf(_("Diagnose reachability and connection parameters of any %s %s"), \config\ConfAssistant::CONSORTIUM['display_name'], $uiElements->nomenclatureIdP) . "</td> |
|
| 226 | + <td>" . sprintf(_("Diagnose reachability and connection parameters of any %s %s"), \config\ConfAssistant::CONSORTIUM['display_name'], $uiElements->nomenclatureIdP)."</td> |
|
| 227 | 227 | <td><form method='post' action='../diag/action_realmcheck.php' accept-charset='UTF-8'> |
| 228 | 228 | <input type='hidden' name='comefrom' id='comefrom' value='$link'/> |
| 229 | - <button id='realmcheck' style='cursor:pointer;' type='submit'>" . _("Go!") . "</button> |
|
| 229 | + <button id='realmcheck' style='cursor:pointer;' type='submit'>"._("Go!")."</button> |
|
| 230 | 230 | </form> |
| 231 | 231 | </td> |
| 232 | 232 | </tr> |
| 233 | 233 | </table>"; |
| 234 | 234 | } |
| 235 | 235 | if (\config\ConfAssistant::CONSORTIUM['name'] == 'eduroam') { |
| 236 | - $helptext = "<h3>" . sprintf(_("Need help? Refer to the <a href='%s'>%s manual</a>"), "https://wiki.geant.org/x/qJg7Bw", $uiElements->nomenclatureFed) . "</h3>"; |
|
| 236 | + $helptext = "<h3>".sprintf(_("Need help? Refer to the <a href='%s'>%s manual</a>"), "https://wiki.geant.org/x/qJg7Bw", $uiElements->nomenclatureFed)."</h3>"; |
|
| 237 | 237 | } else { |
| 238 | 238 | $helptext = ""; |
| 239 | 239 | } |
| 240 | 240 | ?> |
| 241 | 241 | <table class='user_overview' style='border:0px; width:unset'> |
| 242 | - <caption><?php echo _("Participant Details");?></caption> |
|
| 242 | + <caption><?php echo _("Participant Details"); ?></caption> |
|
| 243 | 243 | <tr> |
| 244 | 244 | <th scope='col'><?php echo sprintf(_("%s Name"), $uiElements->nomenclatureParticipant); ?></th> |
| 245 | 245 | <th scope='col'><?php echo _("Configured/<br>Visible/<br>OpenRoaming"); ?></th> |
@@ -248,7 +248,7 @@ discard block |
||
| 248 | 248 | $pending_invites = $mgmt->listPendingInvitations(); |
| 249 | 249 | |
| 250 | 250 | if (\config\Master::DB['enforce-external-sync']) { |
| 251 | - echo "<th scope='col'>" . sprintf(_("%s Database Sync Status"), \config\ConfAssistant::CONSORTIUM['display_name']) . "</th>"; |
|
| 251 | + echo "<th scope='col'>".sprintf(_("%s Database Sync Status"), \config\ConfAssistant::CONSORTIUM['display_name'])."</th>"; |
|
| 252 | 252 | } |
| 253 | 253 | ?> |
| 254 | 254 | <th scope='col'> |
@@ -265,9 +265,9 @@ discard block |
||
| 265 | 265 | $fedId = strtoupper($onefed['value']); |
| 266 | 266 | $thefed = new \core\Federation($fedId); |
| 267 | 267 | /// nomenclature for 'federation', federation name, nomenclature for 'inst' |
| 268 | - echo "<tr><td colspan='8'><strong>" . sprintf(_("The following %s are in your %s %s:"), $uiElements->nomenclatureParticipant, $uiElements->nomenclatureFed, '<span style="color:green">' . $thefed->name . '</span>') . "</strong></td></tr>"; |
|
| 269 | - echo "<tr><td colspan='2'><strong>". _("Quick search:")." </strong><input style='background:#eeeeee;' type='text' id='qsearch_" . $fedId . "'></td>"; |
|
| 270 | - echo "<td colspan='6' style='border-bottom-style: dotted;border-bottom-width: 1px;'><input type='checkbox' name='unlinked' id='unlinked_ck_" . $fedId . "'> ". _("Only not linked"). "</td>"; |
|
| 268 | + echo "<tr><td colspan='8'><strong>".sprintf(_("The following %s are in your %s %s:"), $uiElements->nomenclatureParticipant, $uiElements->nomenclatureFed, '<span style="color:green">'.$thefed->name.'</span>')."</strong></td></tr>"; |
|
| 269 | + echo "<tr><td colspan='2'><strong>"._("Quick search:")." </strong><input style='background:#eeeeee;' type='text' id='qsearch_".$fedId."'></td>"; |
|
| 270 | + echo "<td colspan='6' style='border-bottom-style: dotted;border-bottom-width: 1px;'><input type='checkbox' name='unlinked' id='unlinked_ck_".$fedId."'> "._("Only not linked")."</td>"; |
|
| 271 | 271 | echo "</tr>"; |
| 272 | 272 | // extract only pending invitations for *this* fed |
| 273 | 273 | $display_pendings = FALSE; |
@@ -316,21 +316,21 @@ discard block |
||
| 316 | 316 | } |
| 317 | 317 | echo "<td style='vertical-align:top;' class='inst_td'> |
| 318 | 318 | <input type='hidden' name='inst' value='" |
| 319 | - . $index . "'><span style='display:none' class='inst_name'>".$my_idp."</span><span>" . $idp_instance->name . "</span>" |
|
| 319 | + . $index."'><span style='display:none' class='inst_name'>".$my_idp."</span><span>".$idp_instance->name."</span>" |
|
| 320 | 320 | . " (<a href='overview_org.php?inst_id=" |
| 321 | - . $idp_instance->identifier . "'>" |
|
| 321 | + . $idp_instance->identifier."'>" |
|
| 322 | 322 | . (in_array($index, $userIdps) ? _("manage") : _("view")) |
| 323 | 323 | . "</a>)" |
| 324 | - . (empty($listOfSilverbulletRealms) ? "" : "<ul><li>" ) |
|
| 324 | + . (empty($listOfSilverbulletRealms) ? "" : "<ul><li>") |
|
| 325 | 325 | . implode("</li><li>", $listOfSilverbulletRealms) |
| 326 | - . (empty($listOfSilverbulletRealms) ? "" : "</li><ul>" ) |
|
| 326 | + . (empty($listOfSilverbulletRealms) ? "" : "</li><ul>") |
|
| 327 | 327 | . "</td>"; |
| 328 | 328 | // deployment status; need to dive into profiles for this |
| 329 | 329 | // show happy eyeballs if at least one profile is configured/showtime |
| 330 | 330 | echo "<td>"; |
| 331 | - echo ($idp_instance->maxProfileStatus() >= \core\IdP::PROFILES_CONFIGURED ? "C" : "-" ) |
|
| 331 | + echo ($idp_instance->maxProfileStatus() >= \core\IdP::PROFILES_CONFIGURED ? "C" : "-") |
|
| 332 | 332 | . " " |
| 333 | - . ($idp_instance->maxProfileStatus() >= \core\IdP::PROFILES_SHOWTIME ? "V" : "-" ) |
|
| 333 | + . ($idp_instance->maxProfileStatus() >= \core\IdP::PROFILES_SHOWTIME ? "V" : "-") |
|
| 334 | 334 | . " " |
| 335 | 335 | . "<span style='color:"; |
| 336 | 336 | switch ($idp_instance->maxOpenRoamingStatus()) { |
@@ -358,8 +358,8 @@ discard block |
||
| 358 | 358 | if (\config\Master::DB['enforce-external-sync']) { |
| 359 | 359 | echo "<td style='display: ruby;'>"; |
| 360 | 360 | if ($readonly === FALSE) { |
| 361 | - echo "<form method='post' action='inc/manageDBLink.inc.php?inst_id=" . $idp_instance->identifier . "' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'> |
|
| 362 | - <button type='submit'>" . _("Manage DB Link") . "</button> "; |
|
| 361 | + echo "<form method='post' action='inc/manageDBLink.inc.php?inst_id=".$idp_instance->identifier."' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'> |
|
| 362 | + <button type='submit'>" . _("Manage DB Link")."</button> "; |
|
| 363 | 363 | } |
| 364 | 364 | switch ($idpLinked) { |
| 365 | 365 | case 'nosync': |
@@ -368,7 +368,7 @@ discard block |
||
| 368 | 368 | // echo "<div class='acceptable'>" . _("Linked") . "</div>"; |
| 369 | 369 | break; |
| 370 | 370 | case 'notlinked': |
| 371 | - echo "<span class='notacceptable'>" . _("NOT linked") . "</span>"; |
|
| 371 | + echo "<span class='notacceptable'>"._("NOT linked")."</span>"; |
|
| 372 | 372 | break; |
| 373 | 373 | } |
| 374 | 374 | echo "</form>"; |
@@ -378,9 +378,9 @@ discard block |
||
| 378 | 378 | echo "<td style='vertical-align: top;'>"; |
| 379 | 379 | if ($readonly === FALSE) { |
| 380 | 380 | echo "<div style='white-space: nowrap;'> |
| 381 | - <form method='post' action='inc/manageAdmins.inc.php?inst_id=" . $index . "' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'> |
|
| 381 | + <form method='post' action='inc/manageAdmins.inc.php?inst_id=" . $index."' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'> |
|
| 382 | 382 | <button type='submit'>" . |
| 383 | - _("Add/Remove Administrators") . " |
|
| 383 | + _("Add/Remove Administrators")." |
|
| 384 | 384 | </button> |
| 385 | 385 | </form> |
| 386 | 386 | </div>"; |
@@ -393,7 +393,7 @@ discard block |
||
| 393 | 393 | echo "<tr> |
| 394 | 394 | <td colspan='2'> |
| 395 | 395 | <strong>" . |
| 396 | - sprintf(_("Pending invitations in the %s:"), $uiElements->nomenclatureFed) . " |
|
| 396 | + sprintf(_("Pending invitations in the %s:"), $uiElements->nomenclatureFed)." |
|
| 397 | 397 | </strong> |
| 398 | 398 | </td> |
| 399 | 399 | </tr>"; |
@@ -401,16 +401,16 @@ discard block |
||
| 401 | 401 | if (strtoupper($oneinvite['country']) == strtoupper($thefed->tld)) { |
| 402 | 402 | echo "<tr> |
| 403 | 403 | <td>" . |
| 404 | - $oneinvite['name'] . " |
|
| 404 | + $oneinvite['name']." |
|
| 405 | 405 | </td> |
| 406 | 406 | <td>" . |
| 407 | - $oneinvite['mail'] . " |
|
| 407 | + $oneinvite['mail']." |
|
| 408 | 408 | </td> |
| 409 | 409 | <td colspan=2>"; |
| 410 | 410 | if ($readonly === FALSE) { |
| 411 | 411 | echo "<form method='post' action='overview_federation.php' accept-charset='UTF-8'> |
| 412 | - <input type='hidden' name='invitation_id' value='" . $oneinvite['token'] . "'/> |
|
| 413 | - <button class='delete' type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_DELETE . "'>" . _("Revoke Invitation") . "</button> " |
|
| 412 | + <input type='hidden' name='invitation_id' value='" . $oneinvite['token']."'/> |
|
| 413 | + <button class='delete' type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_DELETE."'>"._("Revoke Invitation")."</button> " |
|
| 414 | 414 | . sprintf(_("(expires %s)"), $oneinvite['expiry']) |
| 415 | 415 | . "</form>"; |
| 416 | 416 | } |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | */ |
| 27 | 27 | ?> |
| 28 | 28 | <?php |
| 29 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 29 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 30 | 30 | |
| 31 | 31 | $deco = new \web\lib\admin\PageDecoration(); |
| 32 | 32 | $validator = new \web\lib\common\InputValidation(); |
@@ -121,7 +121,7 @@ discard block |
||
| 121 | 121 | $detectRealm = $validator->string($_POST['realm_to_detect']); |
| 122 | 122 | $localname = $validator->string($_POST['username_to_detect']); |
| 123 | 123 | $checker = new \core\diag\RADIUSTests($detectRealm, $localname); |
| 124 | - $detectionResult = $checker->autodetectCAWithProbe($localname . "@" . $detectRealm); |
|
| 124 | + $detectionResult = $checker->autodetectCAWithProbe($localname."@".$detectRealm); |
|
| 125 | 125 | $loggerInstance->debug(2, "CA Auto-Detection yields:"); |
| 126 | 126 | $loggerInstance->debug(2, $detectionResult); |
| 127 | 127 | if ($detectionResult['ROOT_CA'] !== NULL) { // we are lucky! |
@@ -163,8 +163,8 @@ discard block |
||
| 163 | 163 | <?php |
| 164 | 164 | echo $uiElements->instLevelInfoBoxes($my_inst); |
| 165 | 165 | |
| 166 | - echo "<form enctype='multipart/form-data' action='edit_profile_result.php?inst_id=$my_inst->identifier" . ($my_profile !== NULL ? "&profile_id=" . $my_profile->identifier : "") . "' method='post' accept-charset='UTF-8'> |
|
| 167 | - <input type='hidden' name='MAX_FILE_SIZE' value='" . \config\Master::MAX_UPLOAD_SIZE . "'>"; |
|
| 166 | + echo "<form enctype='multipart/form-data' action='edit_profile_result.php?inst_id=$my_inst->identifier".($my_profile !== NULL ? "&profile_id=".$my_profile->identifier : "")."' method='post' accept-charset='UTF-8'> |
|
| 167 | + <input type='hidden' name='MAX_FILE_SIZE' value='" . \config\Master::MAX_UPLOAD_SIZE."'>"; |
|
| 168 | 168 | $optionDisplay = new \web\lib\admin\OptionDisplay($profile_options, \core\Options::LEVEL_PROFILE); |
| 169 | 169 | ?> |
| 170 | 170 | <fieldset class="option_container"> |
@@ -173,19 +173,19 @@ discard block |
||
| 173 | 173 | </legend> |
| 174 | 174 | <?php |
| 175 | 175 | if ($wizardStyle) { |
| 176 | - echo "<p>" . _("We will now define a profile for your user group(s). You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.") . "</p>"; |
|
| 176 | + echo "<p>"._("We will now define a profile for your user group(s). You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.")."</p>"; |
|
| 177 | 177 | } |
| 178 | 178 | ?> |
| 179 | 179 | <h3><?php echo _("Profile Name and RADIUS realm"); ?></h3> |
| 180 | 180 | <?php |
| 181 | 181 | if ($wizardStyle) { |
| 182 | - echo "<p>" . _("First of all we need a name for the profile. This will be displayed to end users, so you may want to choose a descriptive name like 'Professors', 'Students of the Faculty of Bioscience', etc.") . "</p>"; |
|
| 183 | - echo "<p>" . _("Optionally, you can provide a longer descriptive text about who this profile is for. If you specify it, it will be displayed on the download page after the user has selected the profile name in the list.") . "</p>"; |
|
| 184 | - echo "<p>" . _("You can also tell us your RADIUS realm. "); |
|
| 182 | + echo "<p>"._("First of all we need a name for the profile. This will be displayed to end users, so you may want to choose a descriptive name like 'Professors', 'Students of the Faculty of Bioscience', etc.")."</p>"; |
|
| 183 | + echo "<p>"._("Optionally, you can provide a longer descriptive text about who this profile is for. If you specify it, it will be displayed on the download page after the user has selected the profile name in the list.")."</p>"; |
|
| 184 | + echo "<p>"._("You can also tell us your RADIUS realm. "); |
|
| 185 | 185 | if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] !== NULL) { |
| 186 | 186 | printf(_("This is useful if you want to use the sanity check module later, which tests reachability of your realm in the %s infrastructure. "), \config\ConfAssistant::CONSORTIUM['display_name']); |
| 187 | 187 | } |
| 188 | - echo _("It is required to enter the realm name if you want to support anonymous outer identities (see below).") . "</p>"; |
|
| 188 | + echo _("It is required to enter the realm name if you want to support anonymous outer identities (see below).")."</p>"; |
|
| 189 | 189 | } |
| 190 | 190 | |
| 191 | 191 | echo $optionDisplay->prefilledOptionTable("profile", $my_inst->federation); |
@@ -240,9 +240,9 @@ discard block |
||
| 240 | 240 | |
| 241 | 241 | <?php |
| 242 | 242 | if ($wizardStyle) { |
| 243 | - echo "<p>" . sprintf(_("Some installers support a feature called 'Anonymous outer identity'. If you don't know what this is, please read <a href='%s'>this article</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types") . "</p>"; |
|
| 244 | - echo "<p>" . _("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.") . "</p>"; |
|
| 245 | - echo "<p>" . _("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the information which of those (outer ID) username we can use for testing.") . "</p>"; |
|
| 243 | + echo "<p>".sprintf(_("Some installers support a feature called 'Anonymous outer identity'. If you don't know what this is, please read <a href='%s'>this article</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types")."</p>"; |
|
| 244 | + echo "<p>"._("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.")."</p>"; |
|
| 245 | + echo "<p>"._("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the information which of those (outer ID) username we can use for testing.")."</p>"; |
|
| 246 | 246 | } |
| 247 | 247 | ?> |
| 248 | 248 | <p> |
@@ -261,37 +261,37 @@ discard block |
||
| 261 | 261 | <tr> |
| 262 | 262 | <!-- checkbox and input field for anonymity support, available only when realm is known--> |
| 263 | 263 | <td> |
| 264 | - <span id='anon_support_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'> |
|
| 264 | + <span id='anon_support_label' style='<?php echo ($realm == "" ? "color:#999999" : ""); ?>'> |
|
| 265 | 265 | <?php echo _("Enable Anonymous Outer Identity:"); ?> |
| 266 | 266 | </span> |
| 267 | 267 | </td> |
| 268 | 268 | <td> |
| 269 | - <input type='checkbox' <?php echo ($useAnon != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='anon_support' onclick=' |
|
| 269 | + <input type='checkbox' <?php echo ($useAnon != FALSE ? "checked" : "").($realm == "" ? " disabled" : ""); ?> name='anon_support' onclick=' |
|
| 270 | 270 | if (this.form.elements["anon_support"].checked !== true) { |
| 271 | 271 | this.form.elements["anon_local"].setAttribute("disabled", "disabled"); |
| 272 | 272 | } else { |
| 273 | 273 | this.form.elements["anon_local"].removeAttribute("disabled"); |
| 274 | 274 | } |
| 275 | 275 | ;'/> |
| 276 | - <input type='text' <?php echo ($useAnon == FALSE ? "disabled" : "" ); ?> name='anon_local' value='<?php echo $anonLocal; ?>'/> |
|
| 276 | + <input type='text' <?php echo ($useAnon == FALSE ? "disabled" : ""); ?> name='anon_local' value='<?php echo $anonLocal; ?>'/> |
|
| 277 | 277 | </td> |
| 278 | 278 | </tr> |
| 279 | 279 | <tr> |
| 280 | 280 | <!-- checkbox and input field for check realm outer id, available only when realm is known--> |
| 281 | 281 | <td> |
| 282 | - <span id='checkuser_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'> |
|
| 282 | + <span id='checkuser_label' style='<?php echo ($realm == "" ? "color:#999999" : ""); ?>'> |
|
| 283 | 283 | <?php echo _("Use special Outer Identity for realm checks:"); ?> |
| 284 | 284 | </span> |
| 285 | 285 | </td> |
| 286 | 286 | <td> |
| 287 | - <input type='checkbox' <?php echo ($checkuserOuter != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='checkuser_support' onclick=' |
|
| 287 | + <input type='checkbox' <?php echo ($checkuserOuter != FALSE ? "checked" : "").($realm == "" ? " disabled" : ""); ?> name='checkuser_support' onclick=' |
|
| 288 | 288 | if (this.form.elements["checkuser_support"].checked !== true) { |
| 289 | 289 | this.form.elements["checkuser_local"].setAttribute("disabled", "disabled"); |
| 290 | 290 | } else { |
| 291 | 291 | this.form.elements["checkuser_local"].removeAttribute("disabled"); |
| 292 | 292 | } |
| 293 | 293 | ;'/> |
| 294 | - <input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='checkuser_local' value='<?php echo $checkuserValue; ?>'/> |
|
| 294 | + <input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : ""); ?> name='checkuser_local' value='<?php echo $checkuserValue; ?>'/> |
|
| 295 | 295 | </td> |
| 296 | 296 | </tr> |
| 297 | 297 | <tr> |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | </td> |
| 307 | 307 | <td> |
| 308 | 308 | <input type='checkbox' <?php |
| 309 | - echo ($verify != FALSE ? "checked" : "" ); |
|
| 309 | + echo ($verify != FALSE ? "checked" : ""); |
|
| 310 | 310 | ?> name='verify_support' onclick=' |
| 311 | 311 | if (this.form.elements["verify_support"].checked !== true || this.form.elements["realm"].value.length == 0) { |
| 312 | 312 | this.form.elements["hint_support"].setAttribute("disabled", "disabled"); |
@@ -318,12 +318,12 @@ discard block |
||
| 318 | 318 | </tr> |
| 319 | 319 | <tr> |
| 320 | 320 | <td> |
| 321 | - <span id='hint_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'> |
|
| 321 | + <span id='hint_label' style='<?php echo ($realm == "" ? "color:#999999" : ""); ?>'> |
|
| 322 | 322 | <?php echo _("Enforce exact realm in username"); ?> |
| 323 | 323 | </span> |
| 324 | 324 | </td> |
| 325 | 325 | <td> |
| 326 | - <input type='checkbox' <?php echo ($verify == FALSE ? "disabled" : "" ); ?> name='hint_support' <?php echo ( $hint != FALSE ? "checked" : "" ); ?> /> |
|
| 326 | + <input type='checkbox' <?php echo ($verify == FALSE ? "disabled" : ""); ?> name='hint_support' <?php echo ($hint != FALSE ? "checked" : ""); ?> /> |
|
| 327 | 327 | </td> |
| 328 | 328 | </tr> |
| 329 | 329 | </table> |
@@ -333,20 +333,20 @@ discard block |
||
| 333 | 333 | |
| 334 | 334 | <?php |
| 335 | 335 | if ($wizardStyle) { |
| 336 | - echo "<p>" . _("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).") . "</p>"; |
|
| 336 | + echo "<p>"._("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).")."</p>"; |
|
| 337 | 337 | } |
| 338 | 338 | ?> |
| 339 | 339 | <p> |
| 340 | 340 | |
| 341 | 341 | <?php |
| 342 | - echo "<span id='redirect_label' style='" . ($realm == "" ? "color:#999999" : "" ) . "'><label for='redirect'>" . _("Redirect end users to own web page:") . "</label></span> |
|
| 343 | - <input type='checkbox' name='redirect' id='redirect' " . ($blacklisted === FALSE ? "" : "checked " ) . "onclick=' |
|
| 342 | + echo "<span id='redirect_label' style='".($realm == "" ? "color:#999999" : "")."'><label for='redirect'>"._("Redirect end users to own web page:")."</label></span> |
|
| 343 | + <input type='checkbox' name='redirect' id='redirect' " . ($blacklisted === FALSE ? "" : "checked ")."onclick=' |
|
| 344 | 344 | if (this.form.elements[\"redirect\"].checked != true) { |
| 345 | 345 | this.form.elements[\"redirect_target\"].setAttribute(\"disabled\", \"disabled\"); |
| 346 | 346 | } else { |
| 347 | 347 | this.form.elements[\"redirect_target\"].removeAttribute(\"disabled\"); |
| 348 | 348 | };'/> |
| 349 | - <input type='text' name='redirect_target' " . ($blacklisted !== FALSE ? "value='$blacklisted'" : "disabled" ) . "/>"; |
|
| 349 | + <input type='text' name='redirect_target' " . ($blacklisted !== FALSE ? "value='$blacklisted'" : "disabled")."/>"; |
|
| 350 | 350 | ?> |
| 351 | 351 | </p> |
| 352 | 352 | |
@@ -355,7 +355,7 @@ discard block |
||
| 355 | 355 | <legend><strong><?php echo _("Supported EAP types"); ?></strong></legend> |
| 356 | 356 | <?php |
| 357 | 357 | if ($wizardStyle) { |
| 358 | - echo "<p>" . _("Now, we need to know which EAP types your IdP supports. If you support multiple EAP types, you can assign every type a priority (1=highest). This tool will always generate an automatic installer for the EAP type with the highest priority; only if the user's device can't use that EAP type, we will use an EAP type further down in the list.") . "</p>"; |
|
| 358 | + echo "<p>"._("Now, we need to know which EAP types your IdP supports. If you support multiple EAP types, you can assign every type a priority (1=highest). This tool will always generate an automatic installer for the EAP type with the highest priority; only if the user's device can't use that EAP type, we will use an EAP type further down in the list.")."</p>"; |
|
| 359 | 359 | } |
| 360 | 360 | ?> |
| 361 | 361 | <?php |
@@ -388,7 +388,7 @@ discard block |
||
| 388 | 388 | <?php |
| 389 | 389 | $D = []; |
| 390 | 390 | foreach ($prefill_methods as $prio => $value) { |
| 391 | - print '<li>' . $value->getPrintableRep() . "</li>\n"; |
|
| 391 | + print '<li>'.$value->getPrintableRep()."</li>\n"; |
|
| 392 | 392 | $D[$value->getPrintableRep()] = $prio; |
| 393 | 393 | } |
| 394 | 394 | ?> |
@@ -414,7 +414,7 @@ discard block |
||
| 414 | 414 | } |
| 415 | 415 | $display = $a->getPrintableRep(); |
| 416 | 416 | if (!isset($D[$a->getPrintableRep()])) { |
| 417 | - print '<li class="eap1">' . $a->getPrintableRep() . "</li>\n"; |
|
| 417 | + print '<li class="eap1">'.$a->getPrintableRep()."</li>\n"; |
|
| 418 | 418 | } |
| 419 | 419 | } |
| 420 | 420 | ?> |
@@ -427,8 +427,8 @@ discard block |
||
| 427 | 427 | foreach ($methods as $a) { |
| 428 | 428 | $display = $a->getPrintableRep(); |
| 429 | 429 | $v = isset($D[$display]) ? $D[$display] : ''; |
| 430 | - print '<input type="hidden" class="eapm" name="' . $display . '" id="EAP-' . $display . '" value="' . $display . '">'; |
|
| 431 | - print '<input type="hidden" class="eapmv" name="' . $display . '-priority" id="EAP-' . $display . '-priority" value="' . $v . '">'; |
|
| 430 | + print '<input type="hidden" class="eapm" name="'.$display.'" id="EAP-'.$display.'" value="'.$display.'">'; |
|
| 431 | + print '<input type="hidden" class="eapmv" name="'.$display.'-priority" id="EAP-'.$display.'-priority" value="'.$v.'">'; |
|
| 432 | 432 | } |
| 433 | 433 | ?> |
| 434 | 434 | <br style="clear:both;" /> |
@@ -448,11 +448,11 @@ discard block |
||
| 448 | 448 | foreach ($optionsAlreadySet as $optionNames) { |
| 449 | 449 | if (preg_match("/^support:/", $optionNames)) { |
| 450 | 450 | $has_support_options[$optionNames] = "SET"; |
| 451 | - $support_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>"; |
|
| 451 | + $support_text .= "<li><strong>".$uiElements->displayName($optionNames)."</strong></li>"; |
|
| 452 | 452 | } |
| 453 | 453 | if (preg_match("/^media:/", $optionNames)) { |
| 454 | 454 | $has_media_options[$optionNames] = "SET"; |
| 455 | - $media_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>"; |
|
| 455 | + $media_text .= "<li><strong>".$uiElements->displayName($optionNames)."</strong></li>"; |
|
| 456 | 456 | } |
| 457 | 457 | } |
| 458 | 458 | $fields = [ |
@@ -461,12 +461,12 @@ discard block |
||
| 461 | 461 | "media" => _("Media Properties for this profile")]; |
| 462 | 462 | |
| 463 | 463 | foreach ($fields as $name => $description) { |
| 464 | - echo "<fieldset class='option_container' id='" . $name . "_override'> |
|
| 464 | + echo "<fieldset class='option_container' id='".$name."_override'> |
|
| 465 | 465 | <legend><strong>$description</strong></legend> |
| 466 | 466 | <p>"; |
| 467 | 467 | |
| 468 | - if (count(${"has_" . $name . "_options"}) > 0) { |
|
| 469 | - printf(ngettext("The option %s is already defined IdP-wide. If you set it here on profile level, this setting will override the IdP-wide one.", "The options %s are already defined IdP-wide. If you set them here on profile level, these settings will override the IdP-wide ones.", count(${"has_" . $name . "_options"})), "<ul>" . ${$name . "_text"} . "</ul>"); |
|
| 468 | + if (count(${"has_".$name."_options"}) > 0) { |
|
| 469 | + printf(ngettext("The option %s is already defined IdP-wide. If you set it here on profile level, this setting will override the IdP-wide one.", "The options %s are already defined IdP-wide. If you set them here on profile level, these settings will override the IdP-wide ones.", count(${"has_".$name."_options"})), "<ul>".${$name."_text"}."</ul>"); |
|
| 470 | 470 | } |
| 471 | 471 | |
| 472 | 472 | echo "</p>"; |
@@ -479,7 +479,7 @@ discard block |
||
| 479 | 479 | } |
| 480 | 480 | |
| 481 | 481 | if ($wizardStyle) { |
| 482 | - echo "<p>" . _("When you are sure that everything is correct, please click on 'Save data' and you will be taken to your IdP Dashboard page.") . "</p>"; |
|
| 482 | + echo "<p>"._("When you are sure that everything is correct, please click on 'Save data' and you will be taken to your IdP Dashboard page.")."</p>"; |
|
| 483 | 483 | } |
| 484 | 484 | if ($editMode == 'readonly') { |
| 485 | 485 | $discardLabel = _("Return"); |
@@ -487,5 +487,5 @@ discard block |
||
| 487 | 487 | if ($editMode == 'fullaccess') { |
| 488 | 488 | $discardLabel = _("Discard changes"); |
| 489 | 489 | } |
| 490 | -echo "<p><button type='submit' id='submitbutton' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button><button type='button' class='delete' id=='abortbutton' style='visibility: visible' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>".$discardLabel."</button></p></form>"; |
|
| 490 | +echo "<p><button type='submit' id='submitbutton' name='submitbutton' value='".web\lib\common\FormElements::BUTTON_SAVE."'>"._("Save data")."</button><button type='button' class='delete' id=='abortbutton' style='visibility: visible' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>".$discardLabel."</button></p></form>"; |
|
| 491 | 491 | echo $deco->footer(); |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $auth = new \web\lib\admin\Authentication(); |
| 25 | 25 | $loggerInstance = new \core\common\Logging(); |
@@ -90,7 +90,7 @@ discard block |
||
| 90 | 90 | $remaining_attribs = $my_profile->beginFlushMethodLevelAttributes($eaptype->getIntegerRep(), NULL); |
| 91 | 91 | $optionParser->processSubmittedFields($my_profile, $_POST, $_FILES, $eaptype->getIntegerRep(), NULL); |
| 92 | 92 | } |
| 93 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $my_profile->identifier . " - device/EAP-Type settings changed"); |
|
| 93 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$my_profile->identifier." - device/EAP-Type settings changed"); |
|
| 94 | 94 | header("Location: ../overview_installers.php?inst_id=$my_inst->identifier&profile_id=$my_profile->identifier"); |
| 95 | 95 | exit; |
| 96 | 96 | } |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | } |
| 105 | 105 | $captiontext = sprintf(_("device <strong>%s</strong>"), $device['display']); |
| 106 | 106 | $keyword = "device-specific"; |
| 107 | - $extrainput = "<input type='hidden' name='device' value='" . $device_key . "'/>"; |
|
| 107 | + $extrainput = "<input type='hidden' name='device' value='".$device_key."'/>"; |
|
| 108 | 108 | $dev = $device_key; |
| 109 | 109 | } elseif ($eaptype !== NULL) { |
| 110 | 110 | foreach ($my_profile->getAttributes() as $attrib) { |
@@ -115,13 +115,13 @@ discard block |
||
| 115 | 115 | |
| 116 | 116 | $captiontext = sprintf(_("EAP-Type <strong>%s</strong>"), $eaptype->getPrintableRep()); |
| 117 | 117 | $keyword = "eap-specific"; |
| 118 | - $extrainput = "<input type='hidden' name='eaptype' value='" . $eaptype->getIntegerRep() . "'>"; |
|
| 118 | + $extrainput = "<input type='hidden' name='eaptype' value='".$eaptype->getIntegerRep()."'>"; |
|
| 119 | 119 | $dev = ''; |
| 120 | 120 | } else { |
| 121 | 121 | throw new Exception("previous type checks make it impossible to reach this code path."); |
| 122 | 122 | } |
| 123 | 123 | ?> |
| 124 | -<p><?php echo _("Fine-tuning options for ") . $captiontext; ?></p> |
|
| 124 | +<p><?php echo _("Fine-tuning options for ").$captiontext; ?></p> |
|
| 125 | 125 | <hr/> |
| 126 | 126 | |
| 127 | 127 | <form action='inc/toggleRedirect.inc.php?inst_id=<?php echo $my_inst->identifier; ?>&profile_id=<?php echo $my_profile->identifier; ?>' method='post' accept-charset='UTF-8'><?php echo $extrainput; ?> |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | // see if we already have any attributes; if so, display these |
| 130 | 130 | $interesting_attribs = []; |
| 131 | 131 | foreach ($attribs as $attrib) { |
| 132 | - if ($attrib['level'] == \core\Options::LEVEL_METHOD && preg_match('/^' . $keyword . ':/', $attrib['name'])) { |
|
| 132 | + if ($attrib['level'] == \core\Options::LEVEL_METHOD && preg_match('/^'.$keyword.':/', $attrib['name'])) { |
|
| 133 | 133 | $interesting_attribs[] = $attrib; |
| 134 | 134 | } |
| 135 | 135 | } |
@@ -138,7 +138,7 @@ discard block |
||
| 138 | 138 | if (\config\Master::DB['INST']['readonly'] === FALSE) { |
| 139 | 139 | if ($editMode == 'fullaccess') { |
| 140 | 140 | ?> |
| 141 | - <button type='button' class='newoption' onclick='getXML("<?php echo $keyword;?>", "<?php echo $my_inst->federation;?>", "<?php echo $dev;?>")'><?php echo _("Add new option"); ?></button> |
|
| 141 | + <button type='button' class='newoption' onclick='getXML("<?php echo $keyword; ?>", "<?php echo $my_inst->federation; ?>", "<?php echo $dev; ?>")'><?php echo _("Add new option"); ?></button> |
|
| 142 | 142 | <br/> |
| 143 | 143 | <hr/> |
| 144 | 144 | <button type='submit' name='submitbutton' id='submitbutton' value='<?php echo web\lib\common\FormElements::BUTTON_SAVE; ?>'><?php echo _("Save data"); ?></button> |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $auth = new \web\lib\admin\Authentication(); |
| 25 | 25 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -114,12 +114,12 @@ discard block |
||
| 114 | 114 | </table> |
| 115 | 115 | </div> |
| 116 | 116 | <?php |
| 117 | - echo "<form enctype='multipart/form-data' action='edit_participant_result.php?inst_id=$my_inst->identifier" . ($wizardStyle ? "&wizard=true" : "") . "' method='post' accept-charset='UTF-8'> |
|
| 118 | - <input type='hidden' name='MAX_FILE_SIZE' value='" . \config\Master::MAX_UPLOAD_SIZE . "'>"; |
|
| 117 | + echo "<form enctype='multipart/form-data' action='edit_participant_result.php?inst_id=$my_inst->identifier".($wizardStyle ? "&wizard=true" : "")."' method='post' accept-charset='UTF-8'> |
|
| 118 | + <input type='hidden' name='MAX_FILE_SIZE' value='" . \config\Master::MAX_UPLOAD_SIZE."'>"; |
|
| 119 | 119 | |
| 120 | 120 | if ($wizardStyle) { |
| 121 | - echo "<p>" . |
|
| 122 | - sprintf(_("Hello, newcomer. The %s is new to us. This wizard will ask you several questions about it, so that we can generate beautiful profiles for you in the end. All of the information below is optional, but it is important to fill out as many fields as possible for the benefit of your end users."), $uiElements->nomenclatureParticipant) . "</p>"; |
|
| 121 | + echo "<p>". |
|
| 122 | + sprintf(_("Hello, newcomer. The %s is new to us. This wizard will ask you several questions about it, so that we can generate beautiful profiles for you in the end. All of the information below is optional, but it is important to fill out as many fields as possible for the benefit of your end users."), $uiElements->nomenclatureParticipant)."</p>"; |
|
| 123 | 123 | } |
| 124 | 124 | $optionDisplay = new web\lib\admin\OptionDisplay($idpoptions, \core\Options::LEVEL_IDP); |
| 125 | 125 | ?> |
@@ -127,11 +127,11 @@ discard block |
||
| 127 | 127 | <legend><strong><?php echo _("General Information"); ?></strong></legend> |
| 128 | 128 | <?php |
| 129 | 129 | if ($wizardStyle) { |
| 130 | - echo "<p>" . |
|
| 131 | - _("Some properties are valid across all deployment profiles. This is the place where you can describe those properties in a fine-grained way. The solicited information is used as follows:") . "</p> |
|
| 130 | + echo "<p>". |
|
| 131 | + _("Some properties are valid across all deployment profiles. This is the place where you can describe those properties in a fine-grained way. The solicited information is used as follows:")."</p> |
|
| 132 | 132 | <ul> |
| 133 | - <li>" . _("<strong>Logo</strong>: When you submit a logo, we will embed this logo into all installers where a custom logo is possible. We accept any image format, but for best results, we suggest SVG. If you don't upload a logo, we will use the generic logo instead (see top-right corner of this page).") . "</li> |
|
| 134 | - <li>" . sprintf(_("<strong>Name</strong>: The %s may have names in multiple languages. It is recommended to always populate at least the 'default/other' language, as it is used as a fallback if the system does not have a name in the exact language the user requests a download in."), $uiElements->nomenclatureParticipant) . "</li>"; |
|
| 133 | + <li>" . _("<strong>Logo</strong>: When you submit a logo, we will embed this logo into all installers where a custom logo is possible. We accept any image format, but for best results, we suggest SVG. If you don't upload a logo, we will use the generic logo instead (see top-right corner of this page).")."</li> |
|
| 134 | + <li>" . sprintf(_("<strong>Name</strong>: The %s may have names in multiple languages. It is recommended to always populate at least the 'default/other' language, as it is used as a fallback if the system does not have a name in the exact language the user requests a download in."), $uiElements->nomenclatureParticipant)."</li>"; |
|
| 135 | 135 | echo "</ul>"; |
| 136 | 136 | } |
| 137 | 137 | echo $optionDisplay->prefilledOptionTable("general", $my_inst->federation); |
@@ -146,44 +146,44 @@ discard block |
||
| 146 | 146 | <legend><strong><?php echo _("Media Properties"); ?></strong></legend> |
| 147 | 147 | <?php |
| 148 | 148 | if ($wizardStyle) { |
| 149 | - echo "<p>" . |
|
| 150 | - sprintf(_("In this section, you define on which media %s should be configured on user devices."), \config\ConfAssistant::CONSORTIUM['display_name']) . "</p> |
|
| 149 | + echo "<p>". |
|
| 150 | + sprintf(_("In this section, you define on which media %s should be configured on user devices."), \config\ConfAssistant::CONSORTIUM['display_name'])."</p> |
|
| 151 | 151 | <ul>"; |
| 152 | 152 | echo "<li>"; |
| 153 | - echo "<strong>" . ( count(\config\ConfAssistant::CONSORTIUM['ssid']) > 0 ? _("Additional SSIDs:") : _("SSIDs:")) . " </strong>"; |
|
| 153 | + echo "<strong>".(count(\config\ConfAssistant::CONSORTIUM['ssid']) > 0 ? _("Additional SSIDs:") : _("SSIDs:"))." </strong>"; |
|
| 154 | 154 | if (count(\config\ConfAssistant::CONSORTIUM['ssid']) > 0) { |
| 155 | 155 | $ssidlist = ""; |
| 156 | 156 | foreach (\config\ConfAssistant::CONSORTIUM['ssid'] as $ssid) { |
| 157 | - $ssidlist .= ", '<strong>" . $ssid . "</strong>'"; |
|
| 157 | + $ssidlist .= ", '<strong>".$ssid."</strong>'"; |
|
| 158 | 158 | } |
| 159 | 159 | $ssidlist = substr($ssidlist, 2); |
| 160 | 160 | echo sprintf(ngettext("We will always configure this SSID for WPA2/AES: %s.", "We will always configure these SSIDs for WPA2/AES: %s.", count(\config\ConfAssistant::CONSORTIUM['ssid'])), $ssidlist); |
| 161 | - echo "<br/>" . sprintf(_("It is also possible to define custom additional SSIDs with the option '%s' below."), $uiElements->displayName("media:SSID")); |
|
| 161 | + echo "<br/>".sprintf(_("It is also possible to define custom additional SSIDs with the option '%s' below."), $uiElements->displayName("media:SSID")); |
|
| 162 | 162 | } else { |
| 163 | 163 | echo _("Please configure which SSIDs should be configured in the installers."); |
| 164 | 164 | } |
| 165 | - echo " " . _("By default, we will only configure the SSIDs with WPA2/AES encryption. By using the '(with WPA/TKIP)' option you can specify that we should include legacy support for WPA/TKIP where possible."); |
|
| 165 | + echo " "._("By default, we will only configure the SSIDs with WPA2/AES encryption. By using the '(with WPA/TKIP)' option you can specify that we should include legacy support for WPA/TKIP where possible."); |
|
| 166 | 166 | echo "</li>"; |
| 167 | 167 | |
| 168 | 168 | echo "<li>"; |
| 169 | - echo "<strong>" . ( count(\config\ConfAssistant::CONSORTIUM['ssid']) > 0 ? _("Additional Hotspot 2.0 / Passpoint Consortia:") : _("Hotspot 2.0 / Passpoint Consortia:")) . " </strong>"; |
|
| 169 | + echo "<strong>".(count(\config\ConfAssistant::CONSORTIUM['ssid']) > 0 ? _("Additional Hotspot 2.0 / Passpoint Consortia:") : _("Hotspot 2.0 / Passpoint Consortia:"))." </strong>"; |
|
| 170 | 170 | if (count(\config\ConfAssistant::CONSORTIUM['interworking-consortium-oi']) > 0) { |
| 171 | 171 | $consortiumlist = ""; |
| 172 | 172 | foreach (\config\ConfAssistant::CONSORTIUM['interworking-consortium-oi'] as $oi) { |
| 173 | - $consortiumlist .= ", '<strong>" . $oi . "</strong>'"; |
|
| 173 | + $consortiumlist .= ", '<strong>".$oi."</strong>'"; |
|
| 174 | 174 | } |
| 175 | 175 | $consortiumlist = substr($consortiumlist, 2); |
| 176 | 176 | echo sprintf(ngettext("We will always configure this Consortium OI: %s.", "We will always configure these Consortium OIs: %s.", count(\config\ConfAssistant::CONSORTIUM['interworking-consortium-oi'])), $consortiumlist); |
| 177 | 177 | |
| 178 | - echo "<br/>" . sprintf(_("It is also possible to define custom additional OIs with the option '%s' below."), $uiElements->displayName("media:consortium_OI")); |
|
| 178 | + echo "<br/>".sprintf(_("It is also possible to define custom additional OIs with the option '%s' below."), $uiElements->displayName("media:consortium_OI")); |
|
| 179 | 179 | } else { |
| 180 | 180 | echo _("Please configure which Consortium OIs should be configured in the installers."); |
| 181 | 181 | } |
| 182 | 182 | echo "</li>"; |
| 183 | - echo "<li><strong>" . _("Support for wired IEEE 802.1X:") . " </strong>" |
|
| 184 | - . _("If you want to configure your users' devices with IEEE 802.1X support for wired ethernet, please check the corresponding box. Note that this makes the installation process a bit more difficult on some platforms (Windows: needs administrator privileges; Apple: attempting to install a profile with wired support on a device without an active wired ethernet card will fail).") . |
|
| 183 | + echo "<li><strong>"._("Support for wired IEEE 802.1X:")." </strong>" |
|
| 184 | + . _("If you want to configure your users' devices with IEEE 802.1X support for wired ethernet, please check the corresponding box. Note that this makes the installation process a bit more difficult on some platforms (Windows: needs administrator privileges; Apple: attempting to install a profile with wired support on a device without an active wired ethernet card will fail)."). |
|
| 185 | 185 | "</li>"; |
| 186 | - echo "<li><strong>" . _("Removal of bootstrap/onboarding SSIDs:") . " </strong>" |
|
| 186 | + echo "<li><strong>"._("Removal of bootstrap/onboarding SSIDs:")." </strong>" |
|
| 187 | 187 | . _("If you use a captive portal to distribute configurations, you may want to unconfigure/disable that SSID after the bootstrap process. With this option, the SSID will either be removed, or be defined as 'Only connect manually'.") |
| 188 | 188 | . "</li>"; |
| 189 | 189 | echo "</ul>"; |
@@ -199,18 +199,18 @@ discard block |
||
| 199 | 199 | <legend><strong><?php echo _("Helpdesk Details for all users"); ?></strong></legend> |
| 200 | 200 | <?php |
| 201 | 201 | if ($wizardStyle) { |
| 202 | - echo "<p>" . _("This section can be used to upload specific Terms of Use for your users and to display details of how your users can reach your local helpdesk.") . "</p>"; |
|
| 202 | + echo "<p>"._("This section can be used to upload specific Terms of Use for your users and to display details of how your users can reach your local helpdesk.")."</p>"; |
|
| 203 | 203 | |
| 204 | 204 | if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] == "LOCAL") { |
| 205 | - echo "<p>" . |
|
| 206 | - sprintf(_("Do you provide helpdesk services for your users? If so, it would be nice if you would tell us the pointers to this helpdesk."), $uiElements->nomenclatureParticipant) . "</p>" . |
|
| 207 | - "<p>" . |
|
| 208 | - _("If you enter a value here, it will be added to the installers for all your users, and will be displayed on the download page. If you operate separate helpdesks for different user groups (we call this 'profiles') specify per-profile helpdesk information later in this wizard. If you operate no help desk at all, just leave these fields empty.") . "</p>"; |
|
| 205 | + echo "<p>". |
|
| 206 | + sprintf(_("Do you provide helpdesk services for your users? If so, it would be nice if you would tell us the pointers to this helpdesk."), $uiElements->nomenclatureParticipant)."</p>". |
|
| 207 | + "<p>". |
|
| 208 | + _("If you enter a value here, it will be added to the installers for all your users, and will be displayed on the download page. If you operate separate helpdesks for different user groups (we call this 'profiles') specify per-profile helpdesk information later in this wizard. If you operate no help desk at all, just leave these fields empty.")."</p>"; |
|
| 209 | 209 | if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] == "LOCAL") { |
| 210 | - echo "<p>" . sprintf(_("For %s deployments, providing at least a local e-mail contact is required."), config\ConfAssistant::SILVERBULLET['product_name']) . " " . _("This is the contact point for your organisation. It may be displayed publicly.") . "</p>"; |
|
| 210 | + echo "<p>".sprintf(_("For %s deployments, providing at least a local e-mail contact is required."), config\ConfAssistant::SILVERBULLET['product_name'])." "._("This is the contact point for your organisation. It may be displayed publicly.")."</p>"; |
|
| 211 | 211 | } |
| 212 | 212 | } elseif (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] == "LOCAL") { |
| 213 | - echo "<p>" . _("Providing at least a local support e-mail contact is required.") . " " . _("This is the contact point for your end users' level 1 support.") . "</p>"; |
|
| 213 | + echo "<p>"._("Providing at least a local support e-mail contact is required.")." "._("This is the contact point for your end users' level 1 support.")."</p>"; |
|
| 214 | 214 | } |
| 215 | 215 | } |
| 216 | 216 | echo $optionDisplay->prefilledOptionTable("support", $fed->tld); |
@@ -225,9 +225,9 @@ discard block |
||
| 225 | 225 | $discardLabel = _("Discard changes"); |
| 226 | 226 | } |
| 227 | 227 | if ($wizardStyle) { |
| 228 | - echo "<p>" . sprintf(_("When you are sure that everything is correct, please click on %sContinue ...%s"), "<button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_CONTINUE . "'>", "</button>") . "</p></form>"; |
|
| 228 | + echo "<p>".sprintf(_("When you are sure that everything is correct, please click on %sContinue ...%s"), "<button type='submit' name='submitbutton' value='".web\lib\common\FormElements::BUTTON_CONTINUE."'>", "</button>")."</p></form>"; |
|
| 229 | 229 | } else { |
| 230 | - echo "<div><button type='submit' id='submitbutton' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button> <button type='button' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>".$discardLabel."</button></div></form>"; |
|
| 230 | + echo "<div><button type='submit' id='submitbutton' name='submitbutton' value='".web\lib\common\FormElements::BUTTON_SAVE."'>"._("Save data")."</button> <button type='button' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>".$discardLabel."</button></div></form>"; |
|
| 231 | 231 | } |
| 232 | 232 | echo $deco->footer(); |
| 233 | 233 | |
| 234 | 234 | \ No newline at end of file |
@@ -40,80 +40,80 @@ discard block |
||
| 40 | 40 | } |
| 41 | 41 | |
| 42 | 42 | switch ($_POST['submitbutton']) { |
| 43 | - case web\lib\common\FormElements::BUTTON_DELETE: |
|
| 44 | - if (!isset($_GET['profile_id'])) { |
|
| 45 | - throw new Exception("Can only delete a profile that exists and is named!"); |
|
| 46 | - } |
|
| 47 | - $profileToBeDel = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier); |
|
| 48 | - $profileToBeDel->destroy(); |
|
| 49 | - $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile " . $profileToBeDel->identifier); |
|
| 50 | - header("Location: overview_org.php?inst_id=$my_inst->identifier"); |
|
| 51 | - exit; |
|
| 52 | - case web\lib\common\FormElements::BUTTON_SAVE: |
|
| 53 | - if (isset($_GET['profile_id'])) { |
|
| 54 | - $profile = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier); |
|
| 55 | - echo $deco->pageheader(sprintf(_("%s: Edit Profile - Result"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
|
| 56 | - } else { |
|
| 57 | - $profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS); |
|
| 58 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $my_inst->identifier . " - Profile created"); |
|
| 59 | - echo $deco->pageheader(sprintf(_("%s: Profile wizard (step 3 completed)"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
|
| 60 | - } |
|
| 61 | - if (!$profile instanceof \core\ProfileRADIUS) { |
|
| 62 | - throw new Exception("This page should only be called to submit RADIUS Profile information!"); |
|
| 63 | - } |
|
| 64 | -// extended input checks |
|
| 65 | - $realm = FALSE; |
|
| 66 | - if (isset($_POST['realm']) && $_POST['realm'] != "") { |
|
| 67 | - $realm = $validator->realm(filter_input(INPUT_POST, 'realm', FILTER_SANITIZE_STRING)); |
|
| 68 | - } |
|
| 43 | + case web\lib\common\FormElements::BUTTON_DELETE: |
|
| 44 | + if (!isset($_GET['profile_id'])) { |
|
| 45 | + throw new Exception("Can only delete a profile that exists and is named!"); |
|
| 46 | + } |
|
| 47 | + $profileToBeDel = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier); |
|
| 48 | + $profileToBeDel->destroy(); |
|
| 49 | + $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile " . $profileToBeDel->identifier); |
|
| 50 | + header("Location: overview_org.php?inst_id=$my_inst->identifier"); |
|
| 51 | + exit; |
|
| 52 | + case web\lib\common\FormElements::BUTTON_SAVE: |
|
| 53 | + if (isset($_GET['profile_id'])) { |
|
| 54 | + $profile = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier); |
|
| 55 | + echo $deco->pageheader(sprintf(_("%s: Edit Profile - Result"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
|
| 56 | + } else { |
|
| 57 | + $profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS); |
|
| 58 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $my_inst->identifier . " - Profile created"); |
|
| 59 | + echo $deco->pageheader(sprintf(_("%s: Profile wizard (step 3 completed)"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
|
| 60 | + } |
|
| 61 | + if (!$profile instanceof \core\ProfileRADIUS) { |
|
| 62 | + throw new Exception("This page should only be called to submit RADIUS Profile information!"); |
|
| 63 | + } |
|
| 64 | + // extended input checks |
|
| 65 | + $realm = FALSE; |
|
| 66 | + if (isset($_POST['realm']) && $_POST['realm'] != "") { |
|
| 67 | + $realm = $validator->realm(filter_input(INPUT_POST, 'realm', FILTER_SANITIZE_STRING)); |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - $anon = FALSE; |
|
| 71 | - if (isset($_POST['anon_support'])) { |
|
| 72 | - $anon = $validator->boolean($_POST['anon_support']); |
|
| 73 | - } |
|
| 70 | + $anon = FALSE; |
|
| 71 | + if (isset($_POST['anon_support'])) { |
|
| 72 | + $anon = $validator->boolean($_POST['anon_support']); |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - $anonLocal = "anonymous"; |
|
| 76 | - if (isset($_POST['anon_local'])) { |
|
| 77 | - $anonLocal = $validator->string(filter_input(INPUT_POST, 'anon_local', FILTER_SANITIZE_STRING)); |
|
| 78 | - } else { // get the old anon outer id from DB. People don't appreciate "forgetting" it when unchecking anon id |
|
| 79 | - $local = $profile->getAttributes("internal:anon_local_value"); |
|
| 80 | - if (isset($local[0])) { |
|
| 81 | - $anonLocal = $local[0]['value']; |
|
| 75 | + $anonLocal = "anonymous"; |
|
| 76 | + if (isset($_POST['anon_local'])) { |
|
| 77 | + $anonLocal = $validator->string(filter_input(INPUT_POST, 'anon_local', FILTER_SANITIZE_STRING)); |
|
| 78 | + } else { // get the old anon outer id from DB. People don't appreciate "forgetting" it when unchecking anon id |
|
| 79 | + $local = $profile->getAttributes("internal:anon_local_value"); |
|
| 80 | + if (isset($local[0])) { |
|
| 81 | + $anonLocal = $local[0]['value']; |
|
| 82 | + } |
|
| 82 | 83 | } |
| 83 | - } |
|
| 84 | 84 | |
| 85 | - $checkuser = FALSE; |
|
| 86 | - if (isset($_POST['checkuser_support'])) { |
|
| 87 | - $checkuser = $validator->boolean($_POST['checkuser_support']); |
|
| 88 | - } |
|
| 85 | + $checkuser = FALSE; |
|
| 86 | + if (isset($_POST['checkuser_support'])) { |
|
| 87 | + $checkuser = $validator->boolean($_POST['checkuser_support']); |
|
| 88 | + } |
|
| 89 | 89 | |
| 90 | - $checkuser_name1 = "anonymous"; |
|
| 91 | - if (isset($_POST['checkuser_local'])) { |
|
| 92 | - $checkuser_name1 = $validator->string($_POST['checkuser_local']); |
|
| 93 | - } else { // get the old value from profile settings. People don't appreciate "forgetting" it when unchecking |
|
| 94 | - $checkuser_name1 = $profile->getAttributes("internal:checkuser_value")[0]['value']; |
|
| 95 | - } |
|
| 96 | -// it's a RADIUS username; and it's displayed later on. Be sure it contains no |
|
| 97 | -// "interesting" HTML characters before further processing |
|
| 98 | - $checkuser_name = htmlentities($checkuser_name1); |
|
| 90 | + $checkuser_name1 = "anonymous"; |
|
| 91 | + if (isset($_POST['checkuser_local'])) { |
|
| 92 | + $checkuser_name1 = $validator->string($_POST['checkuser_local']); |
|
| 93 | + } else { // get the old value from profile settings. People don't appreciate "forgetting" it when unchecking |
|
| 94 | + $checkuser_name1 = $profile->getAttributes("internal:checkuser_value")[0]['value']; |
|
| 95 | + } |
|
| 96 | + // it's a RADIUS username; and it's displayed later on. Be sure it contains no |
|
| 97 | + // "interesting" HTML characters before further processing |
|
| 98 | + $checkuser_name = htmlentities($checkuser_name1); |
|
| 99 | 99 | |
| 100 | - $verify = FALSE; |
|
| 101 | - $hint = FALSE; |
|
| 102 | - $redirect = FALSE; |
|
| 103 | - if (isset($_POST['verify_support'])) { |
|
| 104 | - $verify = $validator->boolean($_POST['verify_support']); |
|
| 105 | - } |
|
| 106 | - if (isset($_POST['hint_support'])) { |
|
| 107 | - $hint = $validator->boolean($_POST['hint_support']); |
|
| 108 | - } |
|
| 109 | - if (isset($_POST['redirect'])) { |
|
| 110 | - $redirect = $validator->boolean($_POST['redirect']); |
|
| 111 | - } |
|
| 112 | - ?> |
|
| 113 | - <h1><?php |
|
| 114 | - $tablecaption = _("Submitted attributes for this profile"); |
|
| 115 | - echo $tablecaption; |
|
| 116 | - ?></h1> |
|
| 100 | + $verify = FALSE; |
|
| 101 | + $hint = FALSE; |
|
| 102 | + $redirect = FALSE; |
|
| 103 | + if (isset($_POST['verify_support'])) { |
|
| 104 | + $verify = $validator->boolean($_POST['verify_support']); |
|
| 105 | + } |
|
| 106 | + if (isset($_POST['hint_support'])) { |
|
| 107 | + $hint = $validator->boolean($_POST['hint_support']); |
|
| 108 | + } |
|
| 109 | + if (isset($_POST['redirect'])) { |
|
| 110 | + $redirect = $validator->boolean($_POST['redirect']); |
|
| 111 | + } |
|
| 112 | + ?> |
|
| 113 | + <h1><?php |
|
| 114 | + $tablecaption = _("Submitted attributes for this profile"); |
|
| 115 | + echo $tablecaption; |
|
| 116 | + ?></h1> |
|
| 117 | 117 | <table> |
| 118 | 118 | <caption><?php echo $tablecaption; ?></caption> |
| 119 | 119 | <tr> |
@@ -121,245 +121,245 @@ discard block |
||
| 121 | 121 | <th class="wai-invisible" scope="col"><?php echo _("Details"); ?></th> |
| 122 | 122 | </tr> |
| 123 | 123 | <?php |
| 124 | - $uiElements = new web\lib\admin\UIElements(); |
|
| 125 | - // set realm info, if submitted |
|
| 126 | - if ($realm !== FALSE) { |
|
| 127 | - $profile->setRealm($anonLocal . "@" . $realm); |
|
| 128 | - echo $uiElements->boxOkay(sprintf(_("Realm: <strong>%s</strong>"), $realm)); |
|
| 129 | - } else { |
|
| 130 | - $profile->setRealm(""); |
|
| 131 | - } |
|
| 132 | - // set anon ID, if submitted |
|
| 133 | - if ($anon !== FALSE) { |
|
| 134 | - if ($realm === FALSE) { |
|
| 135 | - echo $uiElements->boxError(_("Anonymous Outer Identities cannot be turned on: realm is missing!")); |
|
| 124 | + $uiElements = new web\lib\admin\UIElements(); |
|
| 125 | + // set realm info, if submitted |
|
| 126 | + if ($realm !== FALSE) { |
|
| 127 | + $profile->setRealm($anonLocal . "@" . $realm); |
|
| 128 | + echo $uiElements->boxOkay(sprintf(_("Realm: <strong>%s</strong>"), $realm)); |
|
| 136 | 129 | } else { |
| 137 | - $profile->setAnonymousIDSupport(true); |
|
| 138 | - echo $uiElements->boxOkay(sprintf(_("Anonymous Identity support is <strong>%s</strong>, the anonymous outer identity is <strong>%s</strong>"), _("ON"), $profile->realm)); |
|
| 130 | + $profile->setRealm(""); |
|
| 139 | 131 | } |
| 140 | - } else { |
|
| 141 | - $profile->setAnonymousIDSupport(false); |
|
| 142 | - echo $uiElements->boxOkay(sprintf(_("Anonymous Identity support is <strong>%s</strong>"), _("OFF"))); |
|
| 143 | - if ($verify === FALSE) { // no anon outer ID, and no realm suffix verification? Bad idea! |
|
| 144 | - echo $uiElements->boxWarning(_("Without Anonymous Identity, the actual username will be used as outer identity and be the basis for request routing. For that to work, the username must have a correct realm suffix. Yet, realm suffix verification has been turned OFF. Supplicants will not verify that usernames contain a realm, and errors such as username 'johndoe' which will not work in roaming scenarios will not be prohibited. Consider checking the box 'Enforce realm suffix in username'!")); |
|
| 145 | - } |
|
| 146 | - } |
|
| 147 | - |
|
| 148 | - if ($checkuser !== FALSE) { |
|
| 149 | - if ($realm === FALSE) { |
|
| 150 | - echo $uiElements->boxError(_("Realm check username cannot be configured: realm is missing!")); |
|
| 132 | + // set anon ID, if submitted |
|
| 133 | + if ($anon !== FALSE) { |
|
| 134 | + if ($realm === FALSE) { |
|
| 135 | + echo $uiElements->boxError(_("Anonymous Outer Identities cannot be turned on: realm is missing!")); |
|
| 136 | + } else { |
|
| 137 | + $profile->setAnonymousIDSupport(true); |
|
| 138 | + echo $uiElements->boxOkay(sprintf(_("Anonymous Identity support is <strong>%s</strong>, the anonymous outer identity is <strong>%s</strong>"), _("ON"), $profile->realm)); |
|
| 139 | + } |
|
| 151 | 140 | } else { |
| 152 | - $profile->setRealmcheckUser(true, $checkuser_name); |
|
| 153 | - echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name . "@" . $realm)); |
|
| 141 | + $profile->setAnonymousIDSupport(false); |
|
| 142 | + echo $uiElements->boxOkay(sprintf(_("Anonymous Identity support is <strong>%s</strong>"), _("OFF"))); |
|
| 143 | + if ($verify === FALSE) { // no anon outer ID, and no realm suffix verification? Bad idea! |
|
| 144 | + echo $uiElements->boxWarning(_("Without Anonymous Identity, the actual username will be used as outer identity and be the basis for request routing. For that to work, the username must have a correct realm suffix. Yet, realm suffix verification has been turned OFF. Supplicants will not verify that usernames contain a realm, and errors such as username 'johndoe' which will not work in roaming scenarios will not be prohibited. Consider checking the box 'Enforce realm suffix in username'!")); |
|
| 145 | + } |
|
| 154 | 146 | } |
| 155 | - } else { |
|
| 156 | - $profile->setRealmCheckUser(false); |
|
| 157 | - echo $uiElements->boxOkay(_("No special username for realm checks is configured.")); |
|
| 158 | - } |
|
| 159 | 147 | |
| 160 | - if ($verify !== FALSE) { |
|
| 161 | - $profile->setInputVerificationPreference($verify, $hint); |
|
| 162 | - $extratext = ""; |
|
| 163 | - if (!empty($realm)) { |
|
| 164 | - if ($hint !== FALSE) { |
|
| 165 | - $extratext = " " . sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm); |
|
| 148 | + if ($checkuser !== FALSE) { |
|
| 149 | + if ($realm === FALSE) { |
|
| 150 | + echo $uiElements->boxError(_("Realm check username cannot be configured: realm is missing!")); |
|
| 166 | 151 | } else { |
| 167 | - $extratext = " " . sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm); |
|
| 152 | + $profile->setRealmcheckUser(true, $checkuser_name); |
|
| 153 | + echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name . "@" . $realm)); |
|
| 168 | 154 | } |
| 155 | + } else { |
|
| 156 | + $profile->setRealmCheckUser(false); |
|
| 157 | + echo $uiElements->boxOkay(_("No special username for realm checks is configured.")); |
|
| 169 | 158 | } |
| 170 | - echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.") . $extratext); |
|
| 171 | - } else { |
|
| 172 | - $profile->setInputVerificationPreference(false, false); |
|
| 173 | - } |
|
| 174 | - |
|
| 175 | - echo $optionParser->processSubmittedFields($profile, $_POST, $_FILES); |
|
| 176 | 159 | |
| 177 | - if ($redirect !== FALSE) { |
|
| 178 | - if (!isset($_POST['redirect_target']) || $_POST['redirect_target'] == "") { |
|
| 179 | - echo $uiElements->boxError(_("Redirection can't be activated - you did not specify a target location!")); |
|
| 180 | - } elseif (!preg_match("/^(http|https):\/\//", $_POST['redirect_target'])) { |
|
| 181 | - echo $uiElements->boxError(_("Redirection can't be activated - the target needs to be a complete URL starting with http:// or https:// !")); |
|
| 182 | - } else { |
|
| 183 | - $profile->addAttribute("device-specific:redirect", 'C', $_POST['redirect_target']); |
|
| 184 | - // check if there is a device-level redirect which effectively disables profile-level redirect, and warn if so |
|
| 185 | - $redirects = $profile->getAttributes("device-specific:redirect"); |
|
| 186 | - $deviceSpecificFound = FALSE; |
|
| 187 | - foreach ($redirects as $oneRedirect) { |
|
| 188 | - if ($oneRedirect["level"] == \core\Options::LEVEL_METHOD) { |
|
| 189 | - $deviceSpecificFound = TRUE; |
|
| 160 | + if ($verify !== FALSE) { |
|
| 161 | + $profile->setInputVerificationPreference($verify, $hint); |
|
| 162 | + $extratext = ""; |
|
| 163 | + if (!empty($realm)) { |
|
| 164 | + if ($hint !== FALSE) { |
|
| 165 | + $extratext = " " . sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm); |
|
| 166 | + } else { |
|
| 167 | + $extratext = " " . sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm); |
|
| 190 | 168 | } |
| 191 | 169 | } |
| 192 | - if ($deviceSpecificFound) { |
|
| 193 | - echo $uiElements->boxWarning(sprintf(_("Redirection set to <strong>%s</strong>, but will be ignored due to existing device-level redirect."), htmlspecialchars($_POST['redirect_target']))); |
|
| 194 | - } else { |
|
| 195 | - echo $uiElements->boxOkay(sprintf(_("Redirection set to <strong>%s</strong>"), htmlspecialchars($_POST['redirect_target']))); |
|
| 196 | - } |
|
| 170 | + echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.") . $extratext); |
|
| 171 | + } else { |
|
| 172 | + $profile->setInputVerificationPreference(false, false); |
|
| 197 | 173 | } |
| 198 | - } else { |
|
| 199 | - echo $uiElements->boxOkay(_("Redirection is <strong>OFF</strong>")); |
|
| 200 | - } |
|
| 201 | 174 | |
| 202 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - attributes changed"); |
|
| 203 | - // reload the profile to ingest new CA and server names if any; before checking EAP completeness |
|
| 204 | - $reloadedProfileNr1 = \core\ProfileFactory::instantiate($profile->identifier); |
|
| 205 | - foreach (\core\common\EAP::listKnownEAPTypes() as $a) { |
|
| 206 | - if ($a->getIntegerRep() == \core\common\EAP::INTEGER_SILVERBULLET) { // do not allow adding silverbullet via the backdoor |
|
| 207 | - continue; |
|
| 208 | - } |
|
| 209 | - if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep() . "-priority"]) && is_numeric($_POST[$a->getPrintableRep() . "-priority"])) { |
|
| 210 | - $priority = (int) $_POST[$a->getPrintableRep() . "-priority"]; |
|
| 211 | - // add EAP type to profile as requested, but ... |
|
| 212 | - $reloadedProfileNr1->addSupportedEapMethod($a, $priority); |
|
| 213 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $reloadedProfileNr1->identifier . " - supported EAP types changed"); |
|
| 214 | - // see if we can enable the EAP type, or if info is missing |
|
| 215 | - $eapcompleteness = $reloadedProfileNr1->isEapTypeDefinitionComplete($a); |
|
| 216 | - if ($eapcompleteness === true) { |
|
| 217 | - echo $uiElements->boxOkay(_("Supported EAP Type: ") . "<strong>" . $a->getPrintableRep() . "</strong>"); |
|
| 175 | + echo $optionParser->processSubmittedFields($profile, $_POST, $_FILES); |
|
| 176 | + |
|
| 177 | + if ($redirect !== FALSE) { |
|
| 178 | + if (!isset($_POST['redirect_target']) || $_POST['redirect_target'] == "") { |
|
| 179 | + echo $uiElements->boxError(_("Redirection can't be activated - you did not specify a target location!")); |
|
| 180 | + } elseif (!preg_match("/^(http|https):\/\//", $_POST['redirect_target'])) { |
|
| 181 | + echo $uiElements->boxError(_("Redirection can't be activated - the target needs to be a complete URL starting with http:// or https:// !")); |
|
| 218 | 182 | } else { |
| 219 | - $warntext = ""; |
|
| 220 | - if (is_array($eapcompleteness)) { |
|
| 221 | - foreach ($eapcompleteness as $item) { |
|
| 222 | - $warntext .= "<strong>" . $uiElements->displayName($item) . "</strong> "; |
|
| 183 | + $profile->addAttribute("device-specific:redirect", 'C', $_POST['redirect_target']); |
|
| 184 | + // check if there is a device-level redirect which effectively disables profile-level redirect, and warn if so |
|
| 185 | + $redirects = $profile->getAttributes("device-specific:redirect"); |
|
| 186 | + $deviceSpecificFound = FALSE; |
|
| 187 | + foreach ($redirects as $oneRedirect) { |
|
| 188 | + if ($oneRedirect["level"] == \core\Options::LEVEL_METHOD) { |
|
| 189 | + $deviceSpecificFound = TRUE; |
|
| 223 | 190 | } |
| 224 | 191 | } |
| 225 | - echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext) . "<br/>" . _("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
| 192 | + if ($deviceSpecificFound) { |
|
| 193 | + echo $uiElements->boxWarning(sprintf(_("Redirection set to <strong>%s</strong>, but will be ignored due to existing device-level redirect."), htmlspecialchars($_POST['redirect_target']))); |
|
| 194 | + } else { |
|
| 195 | + echo $uiElements->boxOkay(sprintf(_("Redirection set to <strong>%s</strong>"), htmlspecialchars($_POST['redirect_target']))); |
|
| 196 | + } |
|
| 226 | 197 | } |
| 198 | + } else { |
|
| 199 | + echo $uiElements->boxOkay(_("Redirection is <strong>OFF</strong>")); |
|
| 227 | 200 | } |
| 228 | - } |
|
| 229 | - // re-instantiate $profile again, we need to do final checks on the |
|
| 230 | - // full set of new information |
|
| 231 | - $reloadedProfileNr2 = \core\ProfileFactory::instantiate($profile->identifier); |
|
| 232 | - $significantChanges = \core\AbstractProfile::significantChanges($profile, $reloadedProfileNr2); |
|
| 233 | - if (count($significantChanges) > 0) { |
|
| 234 | - $myInstOriginal = new \core\IdP($profile->institution); |
|
| 235 | - // send a notification/alert mail to someone we know is in charge |
|
| 236 | - $text = _("To whom it may concern,") . "\n\n"; |
|
| 237 | - /// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name |
|
| 238 | - $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureIdP, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n"; |
|
| 239 | - if (isset($significantChanges[\core\AbstractProfile::CA_CLASH_ADDED])) { |
|
| 240 | - $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:") . "\n\n"; |
|
| 241 | - $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED] . "\n\n"; |
|
| 242 | - } |
|
| 243 | - if (isset($significantChanges[\core\AbstractProfile::CA_ADDED])) { |
|
| 244 | - $text .= _("A new trusted root CA was added. The details are below:") . "\n\n"; |
|
| 245 | - $text .= $significantChanges[\core\AbstractProfile::CA_ADDED] . "\n\n"; |
|
| 246 | - } |
|
| 247 | - if (isset($significantChanges[\core\AbstractProfile::SERVERNAME_ADDED])) { |
|
| 248 | - $text .= _("A new acceptable server name for the authentication server was added. The details are below:") . "\n\n"; |
|
| 249 | - $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED] . "\n\n"; |
|
| 201 | + |
|
| 202 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - attributes changed"); |
|
| 203 | + // reload the profile to ingest new CA and server names if any; before checking EAP completeness |
|
| 204 | + $reloadedProfileNr1 = \core\ProfileFactory::instantiate($profile->identifier); |
|
| 205 | + foreach (\core\common\EAP::listKnownEAPTypes() as $a) { |
|
| 206 | + if ($a->getIntegerRep() == \core\common\EAP::INTEGER_SILVERBULLET) { // do not allow adding silverbullet via the backdoor |
|
| 207 | + continue; |
|
| 208 | + } |
|
| 209 | + if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep() . "-priority"]) && is_numeric($_POST[$a->getPrintableRep() . "-priority"])) { |
|
| 210 | + $priority = (int) $_POST[$a->getPrintableRep() . "-priority"]; |
|
| 211 | + // add EAP type to profile as requested, but ... |
|
| 212 | + $reloadedProfileNr1->addSupportedEapMethod($a, $priority); |
|
| 213 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $reloadedProfileNr1->identifier . " - supported EAP types changed"); |
|
| 214 | + // see if we can enable the EAP type, or if info is missing |
|
| 215 | + $eapcompleteness = $reloadedProfileNr1->isEapTypeDefinitionComplete($a); |
|
| 216 | + if ($eapcompleteness === true) { |
|
| 217 | + echo $uiElements->boxOkay(_("Supported EAP Type: ") . "<strong>" . $a->getPrintableRep() . "</strong>"); |
|
| 218 | + } else { |
|
| 219 | + $warntext = ""; |
|
| 220 | + if (is_array($eapcompleteness)) { |
|
| 221 | + foreach ($eapcompleteness as $item) { |
|
| 222 | + $warntext .= "<strong>" . $uiElements->displayName($item) . "</strong> "; |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | + echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext) . "<br/>" . _("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
| 226 | + } |
|
| 227 | + } |
|
| 250 | 228 | } |
| 251 | - $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n"; |
|
| 252 | - $text .= _("Greetings, ") . "\n\n" . \config\Master::APPEARANCE['productname_long']; |
|
| 253 | - // (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly) |
|
| 254 | - $fed = new core\Federation($myInstOriginal->federation); |
|
| 255 | - $loggerInstance->debug(2, $myInstOriginal->federation, "FED: ", "\n"); |
|
| 256 | - foreach ($fed->listFederationAdmins() as $id) { |
|
| 257 | - $user = new core\User($id); |
|
| 258 | - $mailaddr = $user->getAttributes("user:email")[0]['value']; |
|
| 259 | - $loggerInstance->debug(2, $mailaddr, "FED MAIL: ", "\n"); |
|
| 260 | - $user->sendMailToUser(sprintf(_("%s: Significant Changes made to %s"), \config\Master::APPEARANCE['productname'], $ui->nomenclatureIdP), $text); |
|
| 229 | + // re-instantiate $profile again, we need to do final checks on the |
|
| 230 | + // full set of new information |
|
| 231 | + $reloadedProfileNr2 = \core\ProfileFactory::instantiate($profile->identifier); |
|
| 232 | + $significantChanges = \core\AbstractProfile::significantChanges($profile, $reloadedProfileNr2); |
|
| 233 | + if (count($significantChanges) > 0) { |
|
| 234 | + $myInstOriginal = new \core\IdP($profile->institution); |
|
| 235 | + // send a notification/alert mail to someone we know is in charge |
|
| 236 | + $text = _("To whom it may concern,") . "\n\n"; |
|
| 237 | + /// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name |
|
| 238 | + $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureIdP, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n"; |
|
| 239 | + if (isset($significantChanges[\core\AbstractProfile::CA_CLASH_ADDED])) { |
|
| 240 | + $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:") . "\n\n"; |
|
| 241 | + $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED] . "\n\n"; |
|
| 242 | + } |
|
| 243 | + if (isset($significantChanges[\core\AbstractProfile::CA_ADDED])) { |
|
| 244 | + $text .= _("A new trusted root CA was added. The details are below:") . "\n\n"; |
|
| 245 | + $text .= $significantChanges[\core\AbstractProfile::CA_ADDED] . "\n\n"; |
|
| 246 | + } |
|
| 247 | + if (isset($significantChanges[\core\AbstractProfile::SERVERNAME_ADDED])) { |
|
| 248 | + $text .= _("A new acceptable server name for the authentication server was added. The details are below:") . "\n\n"; |
|
| 249 | + $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED] . "\n\n"; |
|
| 250 | + } |
|
| 251 | + $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n"; |
|
| 252 | + $text .= _("Greetings, ") . "\n\n" . \config\Master::APPEARANCE['productname_long']; |
|
| 253 | + // (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly) |
|
| 254 | + $fed = new core\Federation($myInstOriginal->federation); |
|
| 255 | + $loggerInstance->debug(2, $myInstOriginal->federation, "FED: ", "\n"); |
|
| 256 | + foreach ($fed->listFederationAdmins() as $id) { |
|
| 257 | + $user = new core\User($id); |
|
| 258 | + $mailaddr = $user->getAttributes("user:email")[0]['value']; |
|
| 259 | + $loggerInstance->debug(2, $mailaddr, "FED MAIL: ", "\n"); |
|
| 260 | + $user->sendMailToUser(sprintf(_("%s: Significant Changes made to %s"), \config\Master::APPEARANCE['productname'], $ui->nomenclatureIdP), $text); |
|
| 261 | + } |
|
| 261 | 262 | } |
| 262 | - } |
|
| 263 | - $reloadedProfileNr2->prepShowtime(); |
|
| 263 | + $reloadedProfileNr2->prepShowtime(); |
|
| 264 | 264 | |
| 265 | - // do OpenRoaming initial diagnostic checks |
|
| 266 | - // numbers correspond to RFC7585Tests::OVERALL_LEVEL |
|
| 267 | - $resultLevel = \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO; |
|
| 268 | - if (sizeof($reloadedProfileNr2->getAttributes("media:openroaming")) > 0) { |
|
| 269 | - $resultLevel = \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_GOOD; // assume all is well, degrade if we have concrete findings to suggest otherwise |
|
| 270 | - $tag = "aaa+auth:radius.tls.tcp"; |
|
| 271 | - // do we know the realm at all? Notice if not. |
|
| 272 | - if (!isset($reloadedProfileNr2->getAttributes("internal:realm")[0]['value'])) { |
|
| 273 | - echo $uiElements->boxRemark(_("The profile information does not include the realm, so no DNS checks for OpenRoaming can be executed.")); |
|
| 274 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_NOTE]); |
|
| 265 | + // do OpenRoaming initial diagnostic checks |
|
| 266 | + // numbers correspond to RFC7585Tests::OVERALL_LEVEL |
|
| 267 | + $resultLevel = \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO; |
|
| 268 | + if (sizeof($reloadedProfileNr2->getAttributes("media:openroaming")) > 0) { |
|
| 269 | + $resultLevel = \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_GOOD; // assume all is well, degrade if we have concrete findings to suggest otherwise |
|
| 270 | + $tag = "aaa+auth:radius.tls.tcp"; |
|
| 271 | + // do we know the realm at all? Notice if not. |
|
| 272 | + if (!isset($reloadedProfileNr2->getAttributes("internal:realm")[0]['value'])) { |
|
| 273 | + echo $uiElements->boxRemark(_("The profile information does not include the realm, so no DNS checks for OpenRoaming can be executed.")); |
|
| 274 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_NOTE]); |
|
| 275 | 275 | |
| 276 | - } else { |
|
| 277 | - $dnsChecks = new \core\diag\RFC7585Tests($reloadedProfileNr2->getAttributes("internal:realm")[0]['value'], $tag); |
|
| 278 | - $relevantNaptrRecords = $dnsChecks->relevantNAPTR(); |
|
| 279 | - if ($relevantNaptrRecords <= 0) { |
|
| 280 | - echo $uiElements->boxError(_("There is no relevant DNS NAPTR record ($tag) for this realm. OpenRoaming will not work.")); |
|
| 281 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 282 | 276 | } else { |
| 283 | - $recordCompliance = $dnsChecks->relevantNAPTRcompliance(); |
|
| 284 | - if ($recordCompliance != core\diag\AbstractTest::RETVAL_OK) { |
|
| 285 | - echo $uiElements->boxWarning(_("The DNS NAPTR record ($tag) for this realm is not syntax conform. OpenRoaming will likely not work.")); |
|
| 286 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_WARN]); |
|
| 287 | - } |
|
| 288 | - $fed = new \core\Federation($my_inst->federation); |
|
| 289 | - // check if target is the expected one, if set by NRO |
|
| 290 | - $hasCustomTarget = $fed->getAttributes("fed:openroaming_customtarget"); |
|
| 291 | - if (sizeof($hasCustomTarget) > 0) { |
|
| 292 | - foreach ($dnsChecks->NAPTR_records as $orpointer) { |
|
| 293 | - if ($orpointer["replacement"] != $hasCustomTarget[0]['value']) { |
|
| 294 | - echo $uiElements->boxRemark(_("The SRV target of an OpenRoaming NAPTR record is unexpected.")); |
|
| 295 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_NOTE]); |
|
| 277 | + $dnsChecks = new \core\diag\RFC7585Tests($reloadedProfileNr2->getAttributes("internal:realm")[0]['value'], $tag); |
|
| 278 | + $relevantNaptrRecords = $dnsChecks->relevantNAPTR(); |
|
| 279 | + if ($relevantNaptrRecords <= 0) { |
|
| 280 | + echo $uiElements->boxError(_("There is no relevant DNS NAPTR record ($tag) for this realm. OpenRoaming will not work.")); |
|
| 281 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 282 | + } else { |
|
| 283 | + $recordCompliance = $dnsChecks->relevantNAPTRcompliance(); |
|
| 284 | + if ($recordCompliance != core\diag\AbstractTest::RETVAL_OK) { |
|
| 285 | + echo $uiElements->boxWarning(_("The DNS NAPTR record ($tag) for this realm is not syntax conform. OpenRoaming will likely not work.")); |
|
| 286 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_WARN]); |
|
| 287 | + } |
|
| 288 | + $fed = new \core\Federation($my_inst->federation); |
|
| 289 | + // check if target is the expected one, if set by NRO |
|
| 290 | + $hasCustomTarget = $fed->getAttributes("fed:openroaming_customtarget"); |
|
| 291 | + if (sizeof($hasCustomTarget) > 0) { |
|
| 292 | + foreach ($dnsChecks->NAPTR_records as $orpointer) { |
|
| 293 | + if ($orpointer["replacement"] != $hasCustomTarget[0]['value']) { |
|
| 294 | + echo $uiElements->boxRemark(_("The SRV target of an OpenRoaming NAPTR record is unexpected.")); |
|
| 295 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_NOTE]); |
|
| 296 | + } |
|
| 296 | 297 | } |
| 297 | 298 | } |
| 298 | - } |
|
| 299 | - $srvResolution = $dnsChecks->relevantNAPTRsrvResolution(); |
|
| 300 | - $hostnameResolution = $dnsChecks->relevantNAPTRhostnameResolution(); |
|
| 299 | + $srvResolution = $dnsChecks->relevantNAPTRsrvResolution(); |
|
| 300 | + $hostnameResolution = $dnsChecks->relevantNAPTRhostnameResolution(); |
|
| 301 | 301 | |
| 302 | - if ($srvResolution <= 0) { |
|
| 303 | - echo $uiElements->boxError(_("The DNS SRV target for NAPTR $tag does not resolve. OpenRoaming will not work.")); |
|
| 304 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 305 | - } elseif ($hostnameResolution <= 0) { |
|
| 306 | - echo $uiElements->boxError(_("The DNS hostnames in the SRV records do not resolve to actual host IPs. OpenRoaming will not work.")); |
|
| 307 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 308 | - } |
|
| 309 | - // connect to all IPs we found and see if they are really an OpenRoaming server |
|
| 310 | - $allHostsOkay = TRUE; |
|
| 311 | - $oneHostOkay = FALSE; |
|
| 312 | - $testCandidates = []; |
|
| 313 | - foreach ($dnsChecks->NAPTR_hostname_records as $oneServer) { |
|
| 314 | - $testCandidates[$oneServer['hostname']][] = ($oneServer['family'] == "IPv4" ? $oneServer['IP'] : "[" . $oneServer['IP'] . "]") . ":" . $oneServer['port']; |
|
| 315 | - } |
|
| 316 | - foreach ($testCandidates as $oneHost => $listOfIPs) { |
|
| 317 | - $connectionTests = new core\diag\RFC6614Tests(array_values($listOfIPs), $oneHost, "openroaming"); |
|
| 318 | - // for now (no OpenRoaming client certs available) only run server-side tests |
|
| 319 | - foreach ($listOfIPs as $oneIP) { |
|
| 320 | - $connectionResult = $connectionTests->cApathCheck($oneIP); |
|
| 321 | - if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 322 | - $allHostsOkay = FALSE; |
|
| 323 | - } else { |
|
| 324 | - $oneHostOkay = TRUE; |
|
| 302 | + if ($srvResolution <= 0) { |
|
| 303 | + echo $uiElements->boxError(_("The DNS SRV target for NAPTR $tag does not resolve. OpenRoaming will not work.")); |
|
| 304 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 305 | + } elseif ($hostnameResolution <= 0) { |
|
| 306 | + echo $uiElements->boxError(_("The DNS hostnames in the SRV records do not resolve to actual host IPs. OpenRoaming will not work.")); |
|
| 307 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 308 | + } |
|
| 309 | + // connect to all IPs we found and see if they are really an OpenRoaming server |
|
| 310 | + $allHostsOkay = TRUE; |
|
| 311 | + $oneHostOkay = FALSE; |
|
| 312 | + $testCandidates = []; |
|
| 313 | + foreach ($dnsChecks->NAPTR_hostname_records as $oneServer) { |
|
| 314 | + $testCandidates[$oneServer['hostname']][] = ($oneServer['family'] == "IPv4" ? $oneServer['IP'] : "[" . $oneServer['IP'] . "]") . ":" . $oneServer['port']; |
|
| 315 | + } |
|
| 316 | + foreach ($testCandidates as $oneHost => $listOfIPs) { |
|
| 317 | + $connectionTests = new core\diag\RFC6614Tests(array_values($listOfIPs), $oneHost, "openroaming"); |
|
| 318 | + // for now (no OpenRoaming client certs available) only run server-side tests |
|
| 319 | + foreach ($listOfIPs as $oneIP) { |
|
| 320 | + $connectionResult = $connectionTests->cApathCheck($oneIP); |
|
| 321 | + if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 322 | + $allHostsOkay = FALSE; |
|
| 323 | + } else { |
|
| 324 | + $oneHostOkay = TRUE; |
|
| 325 | + } |
|
| 325 | 326 | } |
| 326 | 327 | } |
| 327 | - } |
|
| 328 | - if (!$allHostsOkay) { |
|
| 329 | - if (!$oneHostOkay) { |
|
| 330 | - echo $uiElements->boxError(_("When connecting to the discovered OpenRoaming endpoints, they all had errors. OpenRoaming will likely not work.")); |
|
| 331 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 332 | - } else { |
|
| 333 | - echo $uiElements->boxWarning(_("When connecting to the discovered OpenRoaming endpoints, only a subset of endpoints had no errors.")); |
|
| 334 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_WARN]); |
|
| 328 | + if (!$allHostsOkay) { |
|
| 329 | + if (!$oneHostOkay) { |
|
| 330 | + echo $uiElements->boxError(_("When connecting to the discovered OpenRoaming endpoints, they all had errors. OpenRoaming will likely not work.")); |
|
| 331 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_ERROR]); |
|
| 332 | + } else { |
|
| 333 | + echo $uiElements->boxWarning(_("When connecting to the discovered OpenRoaming endpoints, only a subset of endpoints had no errors.")); |
|
| 334 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_WARN]); |
|
| 335 | + } |
|
| 335 | 336 | } |
| 336 | 337 | } |
| 337 | 338 | } |
| 338 | - } |
|
| 339 | 339 | |
| 340 | - if (!$dnsChecks->allResponsesSecure) { |
|
| 341 | - echo $uiElements->boxWarning(_("At least one DNS response was NOT secured using DNSSEC. OpenRoaming ANPs may refuse to connect to the endpoint.")); |
|
| 342 | - $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_WARN]); |
|
| 340 | + if (!$dnsChecks->allResponsesSecure) { |
|
| 341 | + echo $uiElements->boxWarning(_("At least one DNS response was NOT secured using DNSSEC. OpenRoaming ANPs may refuse to connect to the endpoint.")); |
|
| 342 | + $resultLevel = min([$resultLevel, \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_WARN]); |
|
| 343 | + } |
|
| 344 | + if ($resultLevel == \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_GOOD) { |
|
| 345 | + echo $uiElements->boxOkay(_("Initial diagnostics regarding the DNS part of OpenRoaming (including DNSSEC) were successful.")); |
|
| 346 | + } |
|
| 343 | 347 | } |
| 344 | - if ($resultLevel == \core\AbstractProfile::OVERALL_OPENROAMING_LEVEL_GOOD) { |
|
| 345 | - echo $uiElements->boxOkay(_("Initial diagnostics regarding the DNS part of OpenRoaming (including DNSSEC) were successful.")); |
|
| 346 | - } |
|
| 347 | - } |
|
| 348 | - $reloadedProfileNr2->setOpenRoamingReadinessInfo($resultLevel); |
|
| 349 | - ?> |
|
| 348 | + $reloadedProfileNr2->setOpenRoamingReadinessInfo($resultLevel); |
|
| 349 | + ?> |
|
| 350 | 350 | </table> |
| 351 | 351 | <br/> |
| 352 | 352 | <form method='post' action='overview_org.php?inst_id=<?php echo $my_inst->identifier; ?>' accept-charset='UTF-8'> |
| 353 | 353 | <button type='submit'><?php echo _("Continue to dashboard"); ?></button> |
| 354 | 354 | </form> |
| 355 | 355 | <?php |
| 356 | - if (count($reloadedProfileNr2->getEapMethodsinOrderOfPreference(1)) > 0) { |
|
| 357 | - echo "<form method='post' action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$reloadedProfileNr2->identifier' accept-charset='UTF-8'> |
|
| 356 | + if (count($reloadedProfileNr2->getEapMethodsinOrderOfPreference(1)) > 0) { |
|
| 357 | + echo "<form method='post' action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$reloadedProfileNr2->identifier' accept-charset='UTF-8'> |
|
| 358 | 358 | <button type='submit'>" . _("Continue to Installer Fine-Tuning and Download") . "</button> |
| 359 | 359 | </form>"; |
| 360 | - } |
|
| 361 | - echo $deco->footer(); |
|
| 362 | - break; |
|
| 363 | - default: |
|
| 364 | - throw new Exception("Unknown submit value received."); |
|
| 360 | + } |
|
| 361 | + echo $deco->footer(); |
|
| 362 | + break; |
|
| 363 | + default: |
|
| 364 | + throw new Exception("Unknown submit value received."); |
|
| 365 | 365 | } |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $auth = new \web\lib\admin\Authentication(); |
| 25 | 25 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -46,7 +46,7 @@ discard block |
||
| 46 | 46 | } |
| 47 | 47 | $profileToBeDel = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier); |
| 48 | 48 | $profileToBeDel->destroy(); |
| 49 | - $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile " . $profileToBeDel->identifier); |
|
| 49 | + $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile ".$profileToBeDel->identifier); |
|
| 50 | 50 | header("Location: overview_org.php?inst_id=$my_inst->identifier"); |
| 51 | 51 | exit; |
| 52 | 52 | case web\lib\common\FormElements::BUTTON_SAVE: |
@@ -55,7 +55,7 @@ discard block |
||
| 55 | 55 | echo $deco->pageheader(sprintf(_("%s: Edit Profile - Result"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
| 56 | 56 | } else { |
| 57 | 57 | $profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS); |
| 58 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $my_inst->identifier . " - Profile created"); |
|
| 58 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP ".$my_inst->identifier." - Profile created"); |
|
| 59 | 59 | echo $deco->pageheader(sprintf(_("%s: Profile wizard (step 3 completed)"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
| 60 | 60 | } |
| 61 | 61 | if (!$profile instanceof \core\ProfileRADIUS) { |
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | $uiElements = new web\lib\admin\UIElements(); |
| 125 | 125 | // set realm info, if submitted |
| 126 | 126 | if ($realm !== FALSE) { |
| 127 | - $profile->setRealm($anonLocal . "@" . $realm); |
|
| 127 | + $profile->setRealm($anonLocal."@".$realm); |
|
| 128 | 128 | echo $uiElements->boxOkay(sprintf(_("Realm: <strong>%s</strong>"), $realm)); |
| 129 | 129 | } else { |
| 130 | 130 | $profile->setRealm(""); |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | echo $uiElements->boxError(_("Realm check username cannot be configured: realm is missing!")); |
| 151 | 151 | } else { |
| 152 | 152 | $profile->setRealmcheckUser(true, $checkuser_name); |
| 153 | - echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name . "@" . $realm)); |
|
| 153 | + echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name."@".$realm)); |
|
| 154 | 154 | } |
| 155 | 155 | } else { |
| 156 | 156 | $profile->setRealmCheckUser(false); |
@@ -162,12 +162,12 @@ discard block |
||
| 162 | 162 | $extratext = ""; |
| 163 | 163 | if (!empty($realm)) { |
| 164 | 164 | if ($hint !== FALSE) { |
| 165 | - $extratext = " " . sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm); |
|
| 165 | + $extratext = " ".sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm); |
|
| 166 | 166 | } else { |
| 167 | - $extratext = " " . sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm); |
|
| 167 | + $extratext = " ".sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm); |
|
| 168 | 168 | } |
| 169 | 169 | } |
| 170 | - echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.") . $extratext); |
|
| 170 | + echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.").$extratext); |
|
| 171 | 171 | } else { |
| 172 | 172 | $profile->setInputVerificationPreference(false, false); |
| 173 | 173 | } |
@@ -199,30 +199,30 @@ discard block |
||
| 199 | 199 | echo $uiElements->boxOkay(_("Redirection is <strong>OFF</strong>")); |
| 200 | 200 | } |
| 201 | 201 | |
| 202 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - attributes changed"); |
|
| 202 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$profile->identifier." - attributes changed"); |
|
| 203 | 203 | // reload the profile to ingest new CA and server names if any; before checking EAP completeness |
| 204 | 204 | $reloadedProfileNr1 = \core\ProfileFactory::instantiate($profile->identifier); |
| 205 | 205 | foreach (\core\common\EAP::listKnownEAPTypes() as $a) { |
| 206 | 206 | if ($a->getIntegerRep() == \core\common\EAP::INTEGER_SILVERBULLET) { // do not allow adding silverbullet via the backdoor |
| 207 | 207 | continue; |
| 208 | 208 | } |
| 209 | - if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep() . "-priority"]) && is_numeric($_POST[$a->getPrintableRep() . "-priority"])) { |
|
| 210 | - $priority = (int) $_POST[$a->getPrintableRep() . "-priority"]; |
|
| 209 | + if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep()."-priority"]) && is_numeric($_POST[$a->getPrintableRep()."-priority"])) { |
|
| 210 | + $priority = (int) $_POST[$a->getPrintableRep()."-priority"]; |
|
| 211 | 211 | // add EAP type to profile as requested, but ... |
| 212 | 212 | $reloadedProfileNr1->addSupportedEapMethod($a, $priority); |
| 213 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $reloadedProfileNr1->identifier . " - supported EAP types changed"); |
|
| 213 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$reloadedProfileNr1->identifier." - supported EAP types changed"); |
|
| 214 | 214 | // see if we can enable the EAP type, or if info is missing |
| 215 | 215 | $eapcompleteness = $reloadedProfileNr1->isEapTypeDefinitionComplete($a); |
| 216 | 216 | if ($eapcompleteness === true) { |
| 217 | - echo $uiElements->boxOkay(_("Supported EAP Type: ") . "<strong>" . $a->getPrintableRep() . "</strong>"); |
|
| 217 | + echo $uiElements->boxOkay(_("Supported EAP Type: ")."<strong>".$a->getPrintableRep()."</strong>"); |
|
| 218 | 218 | } else { |
| 219 | 219 | $warntext = ""; |
| 220 | 220 | if (is_array($eapcompleteness)) { |
| 221 | 221 | foreach ($eapcompleteness as $item) { |
| 222 | - $warntext .= "<strong>" . $uiElements->displayName($item) . "</strong> "; |
|
| 222 | + $warntext .= "<strong>".$uiElements->displayName($item)."</strong> "; |
|
| 223 | 223 | } |
| 224 | 224 | } |
| 225 | - echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext) . "<br/>" . _("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
| 225 | + echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext)."<br/>"._("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
| 226 | 226 | } |
| 227 | 227 | } |
| 228 | 228 | } |
@@ -233,23 +233,23 @@ discard block |
||
| 233 | 233 | if (count($significantChanges) > 0) { |
| 234 | 234 | $myInstOriginal = new \core\IdP($profile->institution); |
| 235 | 235 | // send a notification/alert mail to someone we know is in charge |
| 236 | - $text = _("To whom it may concern,") . "\n\n"; |
|
| 236 | + $text = _("To whom it may concern,")."\n\n"; |
|
| 237 | 237 | /// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name |
| 238 | - $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureIdP, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n"; |
|
| 238 | + $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureIdP, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name)."\n\n"; |
|
| 239 | 239 | if (isset($significantChanges[\core\AbstractProfile::CA_CLASH_ADDED])) { |
| 240 | - $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:") . "\n\n"; |
|
| 241 | - $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED] . "\n\n"; |
|
| 240 | + $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:")."\n\n"; |
|
| 241 | + $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED]."\n\n"; |
|
| 242 | 242 | } |
| 243 | 243 | if (isset($significantChanges[\core\AbstractProfile::CA_ADDED])) { |
| 244 | - $text .= _("A new trusted root CA was added. The details are below:") . "\n\n"; |
|
| 245 | - $text .= $significantChanges[\core\AbstractProfile::CA_ADDED] . "\n\n"; |
|
| 244 | + $text .= _("A new trusted root CA was added. The details are below:")."\n\n"; |
|
| 245 | + $text .= $significantChanges[\core\AbstractProfile::CA_ADDED]."\n\n"; |
|
| 246 | 246 | } |
| 247 | 247 | if (isset($significantChanges[\core\AbstractProfile::SERVERNAME_ADDED])) { |
| 248 | - $text .= _("A new acceptable server name for the authentication server was added. The details are below:") . "\n\n"; |
|
| 249 | - $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED] . "\n\n"; |
|
| 248 | + $text .= _("A new acceptable server name for the authentication server was added. The details are below:")."\n\n"; |
|
| 249 | + $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED]."\n\n"; |
|
| 250 | 250 | } |
| 251 | - $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n"; |
|
| 252 | - $text .= _("Greetings, ") . "\n\n" . \config\Master::APPEARANCE['productname_long']; |
|
| 251 | + $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.")."\n\n"; |
|
| 252 | + $text .= _("Greetings, ")."\n\n".\config\Master::APPEARANCE['productname_long']; |
|
| 253 | 253 | // (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly) |
| 254 | 254 | $fed = new core\Federation($myInstOriginal->federation); |
| 255 | 255 | $loggerInstance->debug(2, $myInstOriginal->federation, "FED: ", "\n"); |
@@ -311,14 +311,14 @@ discard block |
||
| 311 | 311 | $oneHostOkay = FALSE; |
| 312 | 312 | $testCandidates = []; |
| 313 | 313 | foreach ($dnsChecks->NAPTR_hostname_records as $oneServer) { |
| 314 | - $testCandidates[$oneServer['hostname']][] = ($oneServer['family'] == "IPv4" ? $oneServer['IP'] : "[" . $oneServer['IP'] . "]") . ":" . $oneServer['port']; |
|
| 314 | + $testCandidates[$oneServer['hostname']][] = ($oneServer['family'] == "IPv4" ? $oneServer['IP'] : "[".$oneServer['IP']."]").":".$oneServer['port']; |
|
| 315 | 315 | } |
| 316 | 316 | foreach ($testCandidates as $oneHost => $listOfIPs) { |
| 317 | 317 | $connectionTests = new core\diag\RFC6614Tests(array_values($listOfIPs), $oneHost, "openroaming"); |
| 318 | 318 | // for now (no OpenRoaming client certs available) only run server-side tests |
| 319 | 319 | foreach ($listOfIPs as $oneIP) { |
| 320 | 320 | $connectionResult = $connectionTests->cApathCheck($oneIP); |
| 321 | - if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 321 | + if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || (isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 322 | 322 | $allHostsOkay = FALSE; |
| 323 | 323 | } else { |
| 324 | 324 | $oneHostOkay = TRUE; |
@@ -355,7 +355,7 @@ discard block |
||
| 355 | 355 | <?php |
| 356 | 356 | if (count($reloadedProfileNr2->getEapMethodsinOrderOfPreference(1)) > 0) { |
| 357 | 357 | echo "<form method='post' action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$reloadedProfileNr2->identifier' accept-charset='UTF-8'> |
| 358 | - <button type='submit'>" . _("Continue to Installer Fine-Tuning and Download") . "</button> |
|
| 358 | + <button type='submit'>"._("Continue to Installer Fine-Tuning and Download")."</button> |
|
| 359 | 359 | </form>"; |
| 360 | 360 | } |
| 361 | 361 | echo $deco->footer(); |
@@ -73,17 +73,17 @@ discard block |
||
| 73 | 73 | $retval = "<div class='sidebar'><p>"; |
| 74 | 74 | $user = new \core\User($_SESSION['user']); |
| 75 | 75 | if ($advancedControls) { |
| 76 | - $retval .= "<strong>" . _("You are:") . "</strong> ".$_SESSION['name'] |
|
| 76 | + $retval .= "<strong>"._("You are:")."</strong> ".$_SESSION['name'] |
|
| 77 | 77 | ."<br/> |
| 78 | 78 | <br/>"; |
| 79 | 79 | if ($user->isFederationAdmin()) { |
| 80 | - $retval .= "<a href='" . \core\CAT::getRootUrlPath() . "/admin/overview_federation.php'>" . _("The NRO page") . "</a> "; |
|
| 80 | + $retval .= "<a href='".\core\CAT::getRootUrlPath()."/admin/overview_federation.php'>"._("The NRO page")."</a> "; |
|
| 81 | 81 | |
| 82 | 82 | } |
| 83 | - $retval .= "<a href='" . \core\CAT::getRootUrlPath() . "/admin/overview_user.php'>" . _("Go to your Profile page") . "</a> |
|
| 84 | - <a href='" . \core\CAT::getRootUrlPath() . "/admin/inc/logout.php'>" . _("Logout") . "</a> "; |
|
| 83 | + $retval .= "<a href='".\core\CAT::getRootUrlPath()."/admin/overview_user.php'>"._("Go to your Profile page")."</a> |
|
| 84 | + <a href='" . \core\CAT::getRootUrlPath()."/admin/inc/logout.php'>"._("Logout")."</a> "; |
|
| 85 | 85 | } |
| 86 | - $retval .= "<a href='" . \core\CAT::getRootUrlPath() . "/'>" . _("Start page") . "</a> |
|
| 86 | + $retval .= "<a href='".\core\CAT::getRootUrlPath()."/'>"._("Start page")."</a> |
|
| 87 | 87 | </p> |
| 88 | 88 | </div> <!-- sidebar -->"; |
| 89 | 89 | \core\common\Entity::outOfThePotatoes(); |
@@ -107,23 +107,23 @@ discard block |
||
| 107 | 107 | <h1>$cap1</h1> |
| 108 | 108 | </div><!--header_captions--> |
| 109 | 109 | <div id='langselection' style='padding-top:20px; padding-".$this->start.":10px;'> |
| 110 | - <form action='$place' method='GET' accept-charset='UTF-8'>" . _("View this page in") . " |
|
| 110 | + <form action='$place' method='GET' accept-charset='UTF-8'>"._("View this page in")." |
|
| 111 | 111 | <select id='lang' name='lang' onchange='this.form.submit()'>"; |
| 112 | 112 | |
| 113 | 113 | foreach (\config\Master::LANGUAGES as $lang => $getValue) { |
| 114 | - $retval .= "<option value='$lang' " . (strtoupper($language) == strtoupper($lang) ? "selected" : "" ) . " >" . $getValue['display'] . "</option> "; |
|
| 114 | + $retval .= "<option value='$lang' ".(strtoupper($language) == strtoupper($lang) ? "selected" : "")." >".$getValue['display']."</option> "; |
|
| 115 | 115 | } |
| 116 | 116 | $retval .= "</select>"; |
| 117 | 117 | |
| 118 | 118 | foreach ($_GET as $getVar => $getValue) { |
| 119 | 119 | $filterValue = filter_input(INPUT_GET, $getVar, FILTER_SANITIZE_STRING); |
| 120 | 120 | if ($getVar != "lang" && $getValue != "") { |
| 121 | - $retval .= "<input type='hidden' name='" . htmlspecialchars($getVar) . "' value='" . htmlspecialchars($filterValue) . "'>"; |
|
| 121 | + $retval .= "<input type='hidden' name='".htmlspecialchars($getVar)."' value='".htmlspecialchars($filterValue)."'>"; |
|
| 122 | 122 | } |
| 123 | 123 | } |
| 124 | 124 | $retval .= "</form> |
| 125 | 125 | </div><!--langselection-->"; |
| 126 | - $logoUrl = \core\CAT::getRootUrlPath() . "/resources/images/consortium_logo.png"; |
|
| 126 | + $logoUrl = \core\CAT::getRootUrlPath()."/resources/images/consortium_logo.png"; |
|
| 127 | 127 | $retval .= "<div class='consortium_logo'> |
| 128 | 128 | <img id='test_locate' src='$logoUrl' alt='Consortium Logo'> |
| 129 | 129 | </div> <!-- consortium_logo --> |
@@ -216,7 +216,7 @@ discard block |
||
| 216 | 216 | |
| 217 | 217 | if (isset(\config\Master::APPEARANCE['MOTD']) && \config\Master::APPEARANCE['MOTD'] != "") { |
| 218 | 218 | $retval .= "<div id='header_MOTD' style='display:inline-block; padding-".$this->start.":20px;vertical-align:top;'> |
| 219 | - <p class='MOTD'>" . \config\Master::APPEARANCE['MOTD'] . "</p> |
|
| 219 | + <p class='MOTD'>" . \config\Master::APPEARANCE['MOTD']."</p> |
|
| 220 | 220 | </div><!--header_MOTD-->"; |
| 221 | 221 | } |
| 222 | 222 | $retval .= $this->sidebar($advancedControls); |
@@ -242,9 +242,9 @@ discard block |
||
| 242 | 242 | <html xmlns='http://www.w3.org/1999/xhtml' lang='$ourlocale'".($this->langObject->rtl ? "dir='rtl'" : "")."> |
| 243 | 243 | <head lang='$ourlocale'> |
| 244 | 244 | <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>"; |
| 245 | - $cssUrl = \core\CAT::getRootUrlPath() . "/resources/css/cat.css.php"; |
|
| 245 | + $cssUrl = \core\CAT::getRootUrlPath()."/resources/css/cat.css.php"; |
|
| 246 | 246 | $retval .= "<link rel='stylesheet' type='text/css' href='$cssUrl' />"; |
| 247 | - $retval .= "<title>" . htmlspecialchars($pagetitle) . "</title>"; |
|
| 247 | + $retval .= "<title>".htmlspecialchars($pagetitle)."</title>"; |
|
| 248 | 248 | return $retval; |
| 249 | 249 | } |
| 250 | 250 | |
@@ -258,7 +258,7 @@ discard block |
||
| 258 | 258 | // we may need to jump up one dir if we are either in admin/ or accountstatus/ |
| 259 | 259 | // (accountstatus courtesy of my good mood. It's userspace not admin space so |
| 260 | 260 | // it shouldn't be using this function any more.) |
| 261 | - $logoBase = \core\CAT::getRootUrlPath() . "/resources/images"; |
|
| 261 | + $logoBase = \core\CAT::getRootUrlPath()."/resources/images"; |
|
| 262 | 262 | return "<span id='logos'><img src='$logoBase/dante.png' alt='DANTE' style='height:23px;width:47px'/> |
| 263 | 263 | <img src='$logoBase/eu.png' alt='EU' style='height:23px;width:27px;border-width:0px;'/></span> |
| 264 | 264 | <span id='eu_text' style='text-align:right;'><a href='http://ec.europa.eu/dgs/connect/index_en.htm' style='text-decoration:none; vertical-align:top;'>European Commission Communications Networks, Content and Technology</a></span>"; |
@@ -40,7 +40,7 @@ discard block |
||
| 40 | 40 | private function inputValidationError($customtext) |
| 41 | 41 | { |
| 42 | 42 | \core\common\Entity::intoThePotatoes(); |
| 43 | - $retval = "<p>" . _("Input validation error: ") . $customtext . "</p>"; |
|
| 43 | + $retval = "<p>"._("Input validation error: ").$customtext."</p>"; |
|
| 44 | 44 | \core\common\Entity::outOfThePotatoes(); |
| 45 | 45 | return $retval; |
| 46 | 46 | } |
@@ -135,14 +135,14 @@ discard block |
||
| 135 | 135 | } |
| 136 | 136 | if ($user->isFederationAdmin($temp->federation)) { |
| 137 | 137 | $this->loggerInstance->debug(4, "You are fed admin for this IdP\n"); |
| 138 | - return [$temp,'readonly']; |
|
| 138 | + return [$temp, 'readonly']; |
|
| 139 | 139 | } |
| 140 | 140 | throw new Exception($this->inputValidationError("This IdP identifier is not accessible!")); |
| 141 | 141 | } |
| 142 | 142 | if ($claimedFedBinding !== NULL && strtoupper($temp->federation) != strtoupper($claimedFedBinding->tld)) { |
| 143 | 143 | throw new Exception($this->inputValidationError("This IdP does not belong to the claimed federation!")); |
| 144 | 144 | } |
| 145 | - return [$temp,'nouser']; |
|
| 145 | + return [$temp, 'nouser']; |
|
| 146 | 146 | } |
| 147 | 147 | |
| 148 | 148 | /** |
@@ -584,7 +584,7 @@ discard block |
||
| 584 | 584 | try { |
| 585 | 585 | $image->readImageBlob($binary); |
| 586 | 586 | } catch (\ImagickException $exception) { |
| 587 | - echo "Error" . $exception->getMessage(); |
|
| 587 | + echo "Error".$exception->getMessage(); |
|
| 588 | 588 | return FALSE; |
| 589 | 589 | } |
| 590 | 590 | // image survived the sanity check |
