GEANT / CAT

web/admin/API.php

Spacing +7 added lines, -7 removed lines

@@ -20,7 +20,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 // no SAML auth on this page. The API key authenticates the entity
 
@@ -38,7 +38,7 @@ 
 $inputRaw = file_get_contents('php://input');
 $inputDecoded = json_decode($inputRaw, TRUE);
 if (!is_array($inputDecoded)) {
-    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data." . json_last_error_msg() . $inputRaw);
+    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data.".json_last_error_msg().$inputRaw);
     exit(1);
 }
 
@@ -132,7 +132,7 @@ 
             throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
         }
         $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+        $URL = "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/action_enrollment.php?token=".array_keys($newtokens)[0];
         $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
         // done with the essentials - display in response. But if we also have an email address, send it there
         $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
@@ -169,7 +169,7 @@ 
         if ($found) {
             $adminApi->returnSuccess([]);
         }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP ".$idp->identifier);
         break;
     case web\lib\admin\API::ACTION_STATISTICS_FED:
         $adminApi->returnSuccess($fed->downloadStats("array"));
@@ -216,10 +216,10 @@ 
                 $outer = "";
                 $profile->setAnonymousIDSupport(FALSE);
             } else {
-                $outer = $outer . "@";
+                $outer = $outer."@";
                 $profile->setAnonymousIDSupport(TRUE);
             }
-            $profile->setRealm($outer . $realm);
+            $profile->setRealm($outer.$realm);
         }
         /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
         $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
@@ -447,7 +447,7 @@ 
         // extract relevant subset of information from cert objects
         $certDetails = [];
         foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            $certDetails[$cert->ca_type.":".$cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
         }
         $adminApi->returnSuccess($certDetails);
         break;

Indentation +1 added lines, -1 removed lines

@@ -417,7 +417,7 @@
         $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
         $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
         $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+        $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
         if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
             // we need at least one of those
             $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");

Switch Indentation +373 added lines, -373 removed lines

@@ -84,218 +84,218 @@ 
 }
 
 switch ($inputDecoded['ACTION']) {
-    case web\lib\admin\API::ACTION_NEWINST:
-        // create the inst, no admin, no attributes
-        $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
-        if ($typeRaw === FALSE) {
-            throw new Exception("We did not receive a valid participant type!");
-        }
-        $type = $validator->partType($typeRaw);
-        $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
-        // now add all submitted attributes
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
-        $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_DELINST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $idp->destroy();
-        $adminApi->returnSuccess([]);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_LIST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $adminApi->returnSuccess($idp->listOwners());
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_ADD:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        // here is the token
-        $mgmt = new core\UserManagement();
-        // we know we have an admin ID but scrutinizer wants this checked more explicitly
-        $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($admin === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
-        $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
-        // done with the essentials - display in response. But if we also have an email address, send it there
-        $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
-        if ($email !== FALSE) {
-            $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
-            $success["EMAIL SENT"] = $sent["SENT"];
-            if ($sent["SENT"] === TRUE) {
-                $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
+        case web\lib\admin\API::ACTION_NEWINST:
+            // create the inst, no admin, no attributes
+            $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
+            if ($typeRaw === FALSE) {
+                throw new Exception("We did not receive a valid participant type!");
             }
-        }
-        $adminApi->returnSuccess($success);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_DEL:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $currentAdmins = $idp->listOwners();
-        $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($toBeDeleted === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $found = FALSE;
-        foreach ($currentAdmins as $oneAdmin) {
-            if ($oneAdmin['MAIL'] == $toBeDeleted) {
-                $found = TRUE;
-                $mgmt = new core\UserManagement();
-                $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+            $type = $validator->partType($typeRaw);
+            $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
+            // now add all submitted attributes
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
+            $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
+            break;
+        case web\lib\admin\API::ACTION_DELINST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
             }
-        }
-        if ($found) {
+            $idp->destroy();
             $adminApi->returnSuccess([]);
-        }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_FED:
-        $adminApi->returnSuccess($fed->downloadStats("array"));
-        break;
-    case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
-        $retArray = [];
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        if ($idpIdentifier === FALSE) {
-            $allIdPs = $fed->listIdentityProviders(0);
-            foreach ($allIdPs as $instanceId => $oneIdP) {
-                $theIdP = $oneIdP["instance"];
-                $retArray[$instanceId] = $theIdP->getAttributes();
-            }
-        } else {
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_LIST:
             try {
-                $thisIdP = $validator->existingIdP($idpIdentifier);
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
             } catch (Exception $e) {
                 $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
                 exit(1);
             }
-            $retArray[$idpIdentifier] = $thisIdP->getAttributes();
-        }
-        foreach ($retArray as $instNumber => $oneInstData) {
-            foreach ($oneInstData as $attribNumber => $oneAttrib) {
-                if ($oneAttrib['name'] == "general:logo_file") {
-                    // JSON doesn't cope well with raw binary data, so b64 it
-                    $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+            $adminApi->returnSuccess($idp->listOwners());
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_ADD:
+            // IdP in question
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            // here is the token
+            $mgmt = new core\UserManagement();
+            // we know we have an admin ID but scrutinizer wants this checked more explicitly
+            $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($admin === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $newtokens = $mgmt->createTokens(true, [$admin], $idp);
+            $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+            $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
+            // done with the essentials - display in response. But if we also have an email address, send it there
+            $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
+            if ($email !== FALSE) {
+                $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
+                $success["EMAIL SENT"] = $sent["SENT"];
+                if ($sent["SENT"] === TRUE) {
+                    $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
                 }
             }
-        }
-        $adminApi->returnSuccess($retArray);
-        break;
-    case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
-    // fall-through intended: both get mostly identical treatment
-    case web\lib\admin\API::ACTION_NEWPROF_SB:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
-            $type = "RADIUS";
-        } else {
-            $type = "SILVERBULLET";
-        }
-        $profile = $idp->newProfile($type);
-        if ($profile === NULL) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
-            exit(1);
-        }
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
-            // auto-accept ToU?
-            if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
-                $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
-            }
-            // we're done at this point
-            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+            $adminApi->returnSuccess($success);
             break;
-        }
-        if (!$profile instanceof core\ProfileRADIUS) {
-            throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
-        }
-        /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
-          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
-        $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
-        $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
-        if ($realm !== FALSE) {
-            if ($outer === FALSE) {
-                $outer = "";
-                $profile->setAnonymousIDSupport(FALSE);
+        case web\lib\admin\API::ACTION_ADMIN_DEL:
+            // IdP in question
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            $currentAdmins = $idp->listOwners();
+            $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($toBeDeleted === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $found = FALSE;
+            foreach ($currentAdmins as $oneAdmin) {
+                if ($oneAdmin['MAIL'] == $toBeDeleted) {
+                    $found = TRUE;
+                    $mgmt = new core\UserManagement();
+                    $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+                }
+            }
+            if ($found) {
+                $adminApi->returnSuccess([]);
+            }
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_FED:
+            $adminApi->returnSuccess($fed->downloadStats("array"));
+            break;
+        case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
+            $retArray = [];
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            if ($idpIdentifier === FALSE) {
+                $allIdPs = $fed->listIdentityProviders(0);
+                foreach ($allIdPs as $instanceId => $oneIdP) {
+                    $theIdP = $oneIdP["instance"];
+                    $retArray[$instanceId] = $theIdP->getAttributes();
+                }
             } else {
-                $outer = $outer . "@";
-                $profile->setAnonymousIDSupport(TRUE);
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = $thisIdP->getAttributes();
             }
-            $profile->setRealm($outer . $realm);
-        }
-        /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
-        $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
-        if ($testuser !== FALSE) {
-            $profile->setRealmCheckUser(TRUE, $testuser);
-        }
-        /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
+            foreach ($retArray as $instNumber => $oneInstData) {
+                foreach ($oneInstData as $attribNumber => $oneAttrib) {
+                    if ($oneAttrib['name'] == "general:logo_file") {
+                        // JSON doesn't cope well with raw binary data, so b64 it
+                        $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+                    }
+                }
+            }
+            $adminApi->returnSuccess($retArray);
+            break;
+        case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
+        // fall-through intended: both get mostly identical treatment
+        case web\lib\admin\API::ACTION_NEWPROF_SB:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
+                $type = "RADIUS";
+            } else {
+                $type = "SILVERBULLET";
+            }
+            $profile = $idp->newProfile($type);
+            if ($profile === NULL) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
+                exit(1);
+            }
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
+                // auto-accept ToU?
+                if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
+                    $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
+                }
+                // we're done at this point
+                $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+                break;
+            }
+            if (!$profile instanceof core\ProfileRADIUS) {
+                throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
+            }
+            /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
+          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
+            $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
+            $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
+            if ($realm !== FALSE) {
+                if ($outer === FALSE) {
+                    $outer = "";
+                    $profile->setAnonymousIDSupport(FALSE);
+                } else {
+                    $outer = $outer . "@";
+                    $profile->setAnonymousIDSupport(TRUE);
+                }
+                $profile->setRealm($outer . $realm);
+            }
+            /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
+            $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
+            if ($testuser !== FALSE) {
+                $profile->setRealmCheckUser(TRUE, $testuser);
+            }
+            /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
           const AUXATTRIB_PROFILE_INPUT_VERIFY = 'ATTRIB-PROFILE-VERIFYREALM'; */
-        $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
-        $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
-        if ($enforce !== FALSE) {
-            $profile->setInputVerificationPreference($enforce, $hint);
-        }
-        /* const AUXATTRIB_PROFILE_EAPTYPE */
-        $iterator = 1;
-        foreach ($scrubbedParameters as $oneParam) {
-            if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
-                $type = new \core\common\EAP($oneParam["VALUE"]);
-                $profile->addSupportedEapMethod($type, $iterator);
-                $iterator = $iterator + 1;
+            $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
+            $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
+            if ($enforce !== FALSE) {
+                $profile->setInputVerificationPreference($enforce, $hint);
             }
-        }
-        // reinstantiate $profile freshly from DB - it was updated in the process
-        $profileFresh = new core\ProfileRADIUS($profile->identifier);
-        $profileFresh->prepShowtime();
-        $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_ENDUSER_NEW:
-    // fall-through intentional, those two actions are doing nearly identical things
-    case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
-        $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
-        if ($expiryRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+            /* const AUXATTRIB_PROFILE_EAPTYPE */
+            $iterator = 1;
+            foreach ($scrubbedParameters as $oneParam) {
+                if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
+                    $type = new \core\common\EAP($oneParam["VALUE"]);
+                    $profile->addSupportedEapMethod($type, $iterator);
+                    $iterator = $iterator + 1;
+                }
+            }
+            // reinstantiate $profile freshly from DB - it was updated in the process
+            $profileFresh = new core\ProfileRADIUS($profile->identifier);
+            $profileFresh->prepShowtime();
+            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
             break;
-        }
-        $expiry = new DateTime($expiryRaw);
-        try {
-            switch ($inputDecoded['ACTION']) {
+        case web\lib\admin\API::ACTION_ENDUSER_NEW:
+        // fall-through intentional, those two actions are doing nearly identical things
+        case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
+            $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
+            if ($expiryRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+                break;
+            }
+            $expiry = new DateTime($expiryRaw);
+            try {
+                switch ($inputDecoded['ACTION']) {
                 case web\lib\admin\API::ACTION_ENDUSER_NEW:
                     $retval = $profile->addUser($user, $expiry);
                     break;
@@ -308,7 +308,7 @@ 
                         $retval = 1; // function doesn't have any failure vectors not raising an Exception and doesn't return a value
                     }
                     break;
-            }
+                }
         } catch (Exception $e) {
             $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?");
             exit(1);
@@ -319,25 +319,25 @@ 
         }
         $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
-    // fall-through intended: both actions are very similar
-    case \web\lib\admin\API::ACTION_TOKEN_NEW:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
-        if ($userId === FALSE) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
-            exit(1);
-        }
-        $additionalInfo = [];
-        switch ($inputDecoded['ACTION']) { // this is where the two differ
+        case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
+        // fall-through intended: both actions are very similar
+        case \web\lib\admin\API::ACTION_TOKEN_NEW:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
+            if ($userId === FALSE) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
+                exit(1);
+            }
+            $additionalInfo = [];
+            switch ($inputDecoded['ACTION']) { // this is where the two differ
             case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
                 $result = $profile->deactivateUser($userId);
                 break;
@@ -370,7 +370,7 @@ 
                     }
                 }
                 break;
-        }
+            }
 
         if ($result !== TRUE) {
             $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "These parameters did not lead to an existing, active user.");
@@ -378,69 +378,69 @@ 
         }
         $adminApi->returnSuccess($additionalInfo);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
-        $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
-        if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
-            // we need at least one of those
-            $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
-            break;
-        }
-        if ($certSerial !== FALSE) { // we got a cert serial
-            $serial = explode(":", $certSerial);
-            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+        case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
             }
-        if ($certCN !== FALSE) { // we got a cert CN
-            $cert = new \core\SilverbulletCertificate($certCN);
-        }
-        if ($cert !== NULL) { // we found a cert; verify it and extract userId
-            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-            if ($cert->profileId != $profile->identifier) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+            list($idp, $profile) = $evaluation;
+            $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
+            $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+		    $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+            if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
+                // we need at least one of those
+                $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
+                break;
             }
-            $userId = $cert->userId;
-        }
-        if ($userId !== FALSE) {
-            $userList = $profile->getUserById($userId);
-        }
-        if ($userName !== FALSE) {
-            $userList = $profile->getUserByName($userName);
-        }
-        if (count($userList) === 1) {
-            foreach ($userList as $oneUserId => $oneUserName) {
-                return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+            if ($certSerial !== FALSE) { // we got a cert serial
+                $serial = explode(":", $certSerial);
+                $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+                }
+            if ($certCN !== FALSE) { // we got a cert CN
+                $cert = new \core\SilverbulletCertificate($certCN);
             }
-        }
-        $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
-        break;
-    case \web\lib\admin\API::ACTION_ENDUSER_LIST:
-    // fall-through: those two are similar
-    case \web\lib\admin\API::ACTION_TOKEN_LIST:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $allUsers = $profile->listAllUsers();
-        // this is where they differ
-        switch ($inputDecoded['ACTION']) {
+            if ($cert !== NULL) { // we found a cert; verify it and extract userId
+                if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+                }
+                if ($cert->profileId != $profile->identifier) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+                }
+                $userId = $cert->userId;
+            }
+            if ($userId !== FALSE) {
+                $userList = $profile->getUserById($userId);
+            }
+            if ($userName !== FALSE) {
+                $userList = $profile->getUserByName($userName);
+            }
+            if (count($userList) === 1) {
+                foreach ($userList as $oneUserId => $oneUserName) {
+                    return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+                }
+            }
+            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
+            break;
+        case \web\lib\admin\API::ACTION_ENDUSER_LIST:
+        // fall-through: those two are similar
+        case \web\lib\admin\API::ACTION_TOKEN_LIST:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $allUsers = $profile->listAllUsers();
+            // this is where they differ
+            switch ($inputDecoded['ACTION']) {
             case \web\lib\admin\API::ACTION_ENDUSER_LIST:
                 $adminApi->returnSuccess($allUsers);
                 break;
@@ -459,105 +459,105 @@ 
                     $infoSet[$oneTokenObject->userId] = [\web\lib\admin\API::AUXATTRIB_TOKEN => $oneTokenObject->invitationTokenString, "STATUS" => $oneTokenObject->invitationTokenStatus];
                 }
                 $adminApi->returnSuccess($infoSet);
-        }
-        break;
-    case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
-        $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
-        if ($tokenRaw === FALSE) {
-            exit(1);
-        }
-        $token = new core\SilverbulletInvitation($tokenRaw);
-        if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
-            exit(1);
-        }
-        $token->revokeInvitation();
-        $adminApi->returnSuccess([]);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_LIST:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        if ($prof_id === FALSE || !is_int($user_id)) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $invitations = $profile->userStatus($user_id);
-        // now pull out cert information from the object
-        $certs = [];
-        foreach ($invitations as $oneInvitation) {
-            $certs = array_merge($certs, $oneInvitation->associatedCertificates);
-        }
-        // extract relevant subset of information from cert objects
-        $certDetails = [];
-        foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
-        }
-        $adminApi->returnSuccess($certDetails);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_REVOKE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $cert->revokeCertificate();
-        $adminApi->returnSuccess([]);
+            }
         break;
-    case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
-        if ($annotationRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+        case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
+            $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
+            if ($tokenRaw === FALSE) {
+                exit(1);
+            }
+            $token = new core\SilverbulletInvitation($tokenRaw);
+            if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
+                exit(1);
+            }
+            $token->revokeInvitation();
+            $adminApi->returnSuccess([]);
             break;
-        }
-        $annotation = json_decode($annotationRaw, TRUE);
-        $cert->annotate($annotation);
-        $adminApi->returnSuccess([]);
+        case \web\lib\admin\API::ACTION_CERT_LIST:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            if ($prof_id === FALSE || !is_int($user_id)) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $invitations = $profile->userStatus($user_id);
+            // now pull out cert information from the object
+            $certs = [];
+            foreach ($invitations as $oneInvitation) {
+                $certs = array_merge($certs, $oneInvitation->associatedCertificates);
+            }
+            // extract relevant subset of information from cert objects
+            $certDetails = [];
+            foreach ($certs as $cert) {
+                $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            }
+            $adminApi->returnSuccess($certDetails);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_REVOKE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $cert->revokeCertificate();
+            $adminApi->returnSuccess([]);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
+            if ($annotationRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+                break;
+            }
+            $annotation = json_decode($annotationRaw, TRUE);
+            $cert->annotate($annotation);
+            $adminApi->returnSuccess([]);
 
-        break;
+            break;
 
-    default:
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
+        default:
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
 }
\ No newline at end of file

config/autoloader.php

Spacing +5 added lines, -5 removed lines

@@ -19,7 +19,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once __DIR__ . "/../core/Psr4Autoloader.php";
+require_once __DIR__."/../core/Psr4Autoloader.php";
 use core\autoloader\Psr4Autoloader;
 
 // instantiate the loader
@@ -30,10 +30,10 @@ 
 
 // register the base directories for the namespace prefix
 // include configuration
-$loader->addNamespace('config', __DIR__ );
+$loader->addNamespace('config', __DIR__);
 // include CAT/core library
-$loader->addNamespace('core', __DIR__ . "/../core");
+$loader->addNamespace('core', __DIR__."/../core");
 // include CAT/devices library
-$loader->addNamespace('devices', __DIR__ . "/../devices");
+$loader->addNamespace('devices', __DIR__."/../devices");
 // include CAT/web library
-$loader->addNamespace('web', __DIR__ . "/../web");
\ No newline at end of file
+$loader->addNamespace('web', __DIR__."/../web");
\ No newline at end of file

web/admin/inc/filepreview.php

Spacing +3 added lines, -3 removed lines

@@ -22,7 +22,7 @@ 
 ?>
 <?php
 
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $validator = new \web\lib\common\InputValidation();
 $idRaw = $_GET["id"] ?? "";
@@ -37,7 +37,7 @@ 
     // Set data type and caching for 30 days
     $info = new finfo();
     $filetype = $info->buffer($finalBlob, FILEINFO_MIME_TYPE);
-    header("Content-type: " . $filetype);
+    header("Content-type: ".$filetype);
 
     switch ($filetype) {
         case "text/rtf": // fall-through, same treatment
@@ -54,7 +54,7 @@ 
     header("Cache-Control: must-revalidate");
     $offset = 60 * 60 * 24 * 30;
     // gmdate can't possibly fail, because it operates on time() and an integer offset
-    $ExpStr = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
+    $ExpStr = "Expires: "./** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset)." GMT";
     header($ExpStr);
     //  Print out the image
     echo $finalBlob;

web/lib/admin/UIElements.php

Spacing +31 added lines, -31 removed lines

@@ -147,7 +147,7 @@ 
         $find = array_keys($displayNames, $input, TRUE);
 
         if (count($find) == 0) { // this is an error! throw an Exception
-            throw new \Exception("The translation of an option name was requested, but the option is not known to the system: " . htmlentities($input));
+            throw new \Exception("The translation of an option name was requested, but the option is not known to the system: ".htmlentities($input));
         }
         \core\common\Entity::outOfThePotatoes();
         return $find[0];
@@ -168,7 +168,7 @@ 
 
         foreach ($optionlist as $option) {
             $type = $optioninfo->optionType($option['name']);
-            if (preg_match('/^' . $class . '/', $option['name']) && $option['level'] == "$level") {
+            if (preg_match('/^'.$class.'/', $option['name']) && $option['level'] == "$level") {
                 // all non-multilang attribs get this assignment ...
                 $language = "";
                 $content = $option['value'];
@@ -186,19 +186,19 @@ 
                         $locationMarkers[] = $coords;
                         break;
                     case "file":
-                        $retval .= "<tr><td>" . $this->displayName($option['name']) . "</td><td>$language</td><td>";
+                        $retval .= "<tr><td>".$this->displayName($option['name'])."</td><td>$language</td><td>";
                         switch ($option['name']) {
                             case "general:logo_file":
                             case "fed:logo_file":
-                                $retval .= $this->previewImageinHTML('ROWID-' . $option['level'] . '-' . $option['row']);
+                                $retval .= $this->previewImageinHTML('ROWID-'.$option['level'].'-'.$option['row']);
                                 break;
                             case "eap:ca_file":
                             // fall-through intended: display both the same way
                             case "fed:minted_ca_file":
-                                $retval .= $this->previewCAinHTML('ROWID-' . $option['level'] . '-' . $option['row']);
+                                $retval .= $this->previewCAinHTML('ROWID-'.$option['level'].'-'.$option['row']);
                                 break;
                             case "support:info_file":
-                                $retval .= $this->previewInfoFileinHTML('ROWID-' . $option['level'] . '-' . $option['row']);
+                                $retval .= $this->previewInfoFileinHTML('ROWID-'.$option['level'].'-'.$option['row']);
                                 break;
                             default:
                         }
@@ -208,10 +208,10 @@ 
                             // do not display the option at all; it gets auto-set by the ProfileSilverbullet constructor and doesn't have to be seen
                             break;
                         }
-                        $retval .= "<tr><td>" . $this->displayName($option['name']) . "</td><td>$language</td><td><strong>" . ($content == "on" ? _("on") : _("off") ) . "</strong></td></tr>";
+                        $retval .= "<tr><td>".$this->displayName($option['name'])."</td><td>$language</td><td><strong>".($content == "on" ? _("on") : _("off"))."</strong></td></tr>";
                         break;
                     default:
-                        $retval .= "<tr><td>" . $this->displayName($option['name']) . "</td><td>$language</td><td><strong>$content</strong></td></tr>";
+                        $retval .= "<tr><td>".$this->displayName($option['name'])."</td><td>$language</td><td><strong>$content</strong></td></tr>";
                 }
             }
         }
@@ -220,11 +220,11 @@ 
             $locationCount = 0;
             foreach ($locationMarkers as $g) {
                 $locationCount++;
-                $marker .= '<marker name="' . $locationCount . '" lat="' . $g['lat'] . '" lng="' . $g['lon'] . '" />';
+                $marker .= '<marker name="'.$locationCount.'" lat="'.$g['lat'].'" lng="'.$g['lon'].'" />';
             }
             $marker .= '<\/markers>'; // some validator says this should be escaped
             $jMarker = json_encode($locationMarkers);
-            $retval .= '<tr><td><script>markers=\'' . $marker . '\'; jmarkers = \'' . $jMarker . '\';</script></td><td></td><td></td></tr>';
+            $retval .= '<tr><td><script>markers=\''.$marker.'\'; jmarkers = \''.$jMarker.'\';</script></td><td></td><td></td></tr>';
         }
         \core\common\Entity::outOfThePotatoes();
         return $retval;
@@ -240,11 +240,11 @@ 
         \core\common\Entity::intoThePotatoes();
         $idpoptions = $myInst->getAttributes();
         $retval = "<div class='infobox'>
-        <h2>" . sprintf(_("General %s details"), $this->nomenclatureInst) . "</h2>
+        <h2>" . sprintf(_("General %s details"), $this->nomenclatureInst)."</h2>
         <table>
             <tr>
                 <td>
-                    " . _("Country:") . "
+                    " . _("Country:")."
                 </td>
                 <td>
                 </td>
@@ -254,16 +254,16 @@ 
         $retval .= $myFed->name;
         $retval .= "</strong>
                 </td>
-            </tr>" . $this->infoblock($idpoptions, "general", "IdP") . "
+            </tr>" . $this->infoblock($idpoptions, "general", "IdP")."
         </table>
     </div>";
 
         $blocks = [["support", _("Global Helpdesk Details")], ["media", _("Media Properties")]];
         foreach ($blocks as $block) {
             $retval .= "<div class='infobox'>
-            <h2>" . $block[1] . "</h2>
+            <h2>" . $block[1]."</h2>
             <table>" .
-                    $this->infoblock($idpoptions, $block[0], "IdP") .
+                    $this->infoblock($idpoptions, $block[0], "IdP").
                     "</table>
         </div>";
         }
@@ -278,12 +278,12 @@ 
      */
     private function displaySize(int $number) {
         if ($number > 1024 * 1024) {
-            return round($number / 1024 / 1024, 2) . " MiB";
+            return round($number / 1024 / 1024, 2)." MiB";
         }
         if ($number > 1024) {
-            return round($number / 1024, 2) . " KiB";
+            return round($number / 1024, 2)." KiB";
         }
-        return $number . " B";
+        return $number." B";
     }
 
     /**
@@ -337,7 +337,7 @@ 
         $ref = $validator->databaseReference($cAReference);
         $rawResult = UIElements::getBlobFromDB($ref['table'], $ref['rowindex'], FALSE);
         if (is_bool($rawResult)) { // we didn't actually get a CA!
-            $retval = "<div class='ca-summary'>" . _("There was an error while retrieving the certificate from the database!") . "</div>";
+            $retval = "<div class='ca-summary'>"._("There was an error while retrieving the certificate from the database!")."</div>";
             \core\common\Entity::outOfThePotatoes();
             return $retval;
         }
@@ -353,13 +353,13 @@ 
 
         $details['name'] = preg_replace('/(.)\/(.)/', "$1<br/>$2", $details['name']);
         $details['name'] = preg_replace('/\//', "", $details['name']);
-        $certstatus = ( $details['root'] == 1 ? "R" : "I");
+        $certstatus = ($details['root'] == 1 ? "R" : "I");
         if ($details['ca'] == 0 && $details['root'] != 1) {
-            $retval = "<div class='ca-summary' style='background-color:red'><div style='position:absolute; right: 0px; width:20px; height:20px; background-color:maroon;  border-radius:10px; text-align: center;'><div style='padding-top:3px; font-weight:bold; color:#ffffff;'>S</div></div>" . _("This is a <strong>SERVER</strong> certificate!") . "<br/>" . $details['name'] . "</div>";
+            $retval = "<div class='ca-summary' style='background-color:red'><div style='position:absolute; right: 0px; width:20px; height:20px; background-color:maroon;  border-radius:10px; text-align: center;'><div style='padding-top:3px; font-weight:bold; color:#ffffff;'>S</div></div>"._("This is a <strong>SERVER</strong> certificate!")."<br/>".$details['name']."</div>";
             \core\common\Entity::outOfThePotatoes();
             return $retval;
         }
-        $retval = "<div class='ca-summary'                                ><div style='position:absolute; right: 0px; width:20px; height:20px; background-color:#0000ff; border-radius:10px; text-align: center;'><div style='padding-top:3px; font-weight:bold; color:#ffffff;'>$certstatus</div></div>" . $details['name'] . "</div>";
+        $retval = "<div class='ca-summary'                                ><div style='position:absolute; right: 0px; width:20px; height:20px; background-color:#0000ff; border-radius:10px; text-align: center;'><div style='padding-top:3px; font-weight:bold; color:#ffffff;'>$certstatus</div></div>".$details['name']."</div>";
         \core\common\Entity::outOfThePotatoes();
         return $retval;
     }
@@ -372,7 +372,7 @@ 
      */
     public function previewImageinHTML($imageReference) {
         \core\common\Entity::intoThePotatoes();
-        $retval = "<img style='max-width:150px' src='inc/filepreview.php?id=" . $imageReference . "' alt='" . _("Preview of logo file") . "'/>";
+        $retval = "<img style='max-width:150px' src='inc/filepreview.php?id=".$imageReference."' alt='"._("Preview of logo file")."'/>";
         \core\common\Entity::outOfThePotatoes();
         return $retval;
     }
@@ -389,13 +389,13 @@ 
         $ref = $validator->databaseReference($fileReference);
         $fileBlob = UIElements::getBlobFromDB($ref['table'], $ref['rowindex'], FALSE);
         if (is_bool($fileBlob)) { // we didn't actually get a file!
-            $retval = "<div class='ca-summary'>" . _("There was an error while retrieving the file from the database!") . "</div>";
+            $retval = "<div class='ca-summary'>"._("There was an error while retrieving the file from the database!")."</div>";
             \core\common\Entity::outOfThePotatoes();
             return $retval;
         }
         $decodedFileBlob = base64_decode($fileBlob);
         $fileinfo = new \finfo();
-        $retval = "<div class='ca-summary'>" . _("File exists") . " (" . $fileinfo->buffer($decodedFileBlob, FILEINFO_MIME_TYPE) . ", " . $this->displaySize(strlen($decodedFileBlob)) . ")<br/><a href='inc/filepreview.php?id=$fileReference'>" . _("Preview") . "</a></div>";
+        $retval = "<div class='ca-summary'>"._("File exists")." (".$fileinfo->buffer($decodedFileBlob, FILEINFO_MIME_TYPE).", ".$this->displaySize(strlen($decodedFileBlob)).")<br/><a href='inc/filepreview.php?id=$fileReference'>"._("Preview")."</a></div>";
         \core\common\Entity::outOfThePotatoes();
         return $retval;
     }
@@ -423,7 +423,7 @@ 
             $retval .= "<tr><td>";
         }
         $finalCaption = ($caption !== NULL ? $caption : $uiMessages[$level]['text']);
-        $retval .= "<img class='icon' src='" . $uiMessages[$level]['icon'] . "' alt='" . $finalCaption . "' title='" . $finalCaption . "'/>";
+        $retval .= "<img class='icon' src='".$uiMessages[$level]['icon']."' alt='".$finalCaption."' title='".$finalCaption."'/>";
         if (!$omittabletags) {
             $retval .= "</td><td>";
         }
@@ -505,8 +505,8 @@ 
             return "";
         }
 
-        $loggerInstance->debug(4, "Consortium logo is at: " . ROOT . "/web/resources/images/consortium_logo_large.png");
-        $logogd = imagecreatefrompng(ROOT . "/web/resources/images/consortium_logo_large.png");
+        $loggerInstance->debug(4, "Consortium logo is at: ".ROOT."/web/resources/images/consortium_logo_large.png");
+        $logogd = imagecreatefrompng(ROOT."/web/resources/images/consortium_logo_large.png");
         if ($logogd === FALSE) { // consortium logo is bogus; don't do anything
             return "";
         }
@@ -532,7 +532,7 @@ 
         imagecolorallocate($whiteimage, 255, 255, 255);
         // also make sure the initial placement is a multitude of 12; otherwise "two half" symbols might be affected
         $targetplacementx = (int) ($symbolsize * round(($sizeinput[0] / 2 - ($targetwidth - $symbolsize + 1) / 2) / $symbolsize));
-        $targetplacementy = (int) ($symbolsize * round(($sizeinput[1] / 2 - ($targetheight - $symbolsize + 1 ) / 2) / $symbolsize));
+        $targetplacementy = (int) ($symbolsize * round(($sizeinput[1] / 2 - ($targetheight - $symbolsize + 1) / 2) / $symbolsize));
         imagecopyresized($inputgd, $whiteimage, $targetplacementx - $symbolsize, $targetplacementy - $symbolsize, 0, 0, $targetwidth + 2 * $symbolsize, $targetheight + 2 * $symbolsize, $targetwidth + 2 * $symbolsize, $targetheight + 2 * $symbolsize);
         imagecopyresized($inputgd, $logogd, $targetplacementx, $targetplacementy, 0, 0, $targetwidth, $targetheight, $sizelogo[0], $sizelogo[1]);
         ob_start();
@@ -579,9 +579,9 @@ 
                 $message = "Your configuration appears to be fine.";
                 break;
             default:
-                throw new Exception("The result code level " . $test->test_result['global'] . " is not defined!");
+                throw new Exception("The result code level ".$test->test_result['global']." is not defined!");
         }
-        $out .= $this->boxFlexible($test->test_result['global'], "<br><strong>Test Summary</strong><br>" . $message . "<br>See below for details<br><hr>");
+        $out .= $this->boxFlexible($test->test_result['global'], "<br><strong>Test Summary</strong><br>".$message."<br>See below for details<br><hr>");
         foreach ($test->out as $testValue) {
             foreach ($testValue as $o) {
                 $out .= $this->boxFlexible($o['level'], $o['message']);

utils/ocspweb/index.php

Spacing +7 added lines, -7 removed lines

@@ -97,7 +97,7 @@ 
 exec("openssl ocsp -reqin $derFilePath -req_text", $output, $retval);
 
 if ($retval !== 0) {
-    throw new Exception("openssl ocsp returned a non-zero return code. The DER data is probably bogus. B64 representation of DER data is: " . base64_encode($ocspRequestDer));
+    throw new Exception("openssl ocsp returned a non-zero return code. The DER data is probably bogus. B64 representation of DER data is: ".base64_encode($ocspRequestDer));
 }
 if ($output === NULL) { // this can't really happen, but makes Scrutinizer happier
     $output = [];
@@ -127,14 +127,14 @@ 
  * back (if we have it).
  */
 if (strcasecmp($nameHash, OUR_NAME_HASH) != 0 || strcasecmp($keyHash, OUR_KEY_HASH) != 0) {
-    throw new Exception("The request is about a different Issuer name / public key. Expected vs. actual name hash: " . OUR_NAME_HASH . " / $nameHash, " . OUR_KEY_HASH . " / $keyHash");
+    throw new Exception("The request is about a different Issuer name / public key. Expected vs. actual name hash: ".OUR_NAME_HASH." / $nameHash, ".OUR_KEY_HASH." / $keyHash");
 }
-error_log("base64-encoded request: " . base64_encode($ocspRequestDer));
+error_log("base64-encoded request: ".base64_encode($ocspRequestDer));
 
-$response = fopen(__DIR__ . "/statements/" . $serialHex . ".der", "r");
+$response = fopen(__DIR__."/statements/".$serialHex.".der", "r");
 if ($response === FALSE) { // not found
     // first lets load the unauthorised response, which is the default reply
-    $unauthResponse = fopen(__DIR__ . "/statements/UNAUTHORIZED.der", "r");
+    $unauthResponse = fopen(__DIR__."/statements/UNAUTHORIZED.der", "r");
     if ($unauthResponse === FALSE) {
         throw new Exception("Unable to open our canned UNAUTHORIZED response!");
     }
@@ -176,7 +176,7 @@ 
 
 $responseContent = fread($response, 1000000);
 fclose($response);
-error_log("base64-encoded response: " . base64_encode($responseContent));
+error_log("base64-encoded response: ".base64_encode($responseContent));
 header('Content-Type: application/ocsp-response');
-header('Content-Length: ' . strlen($responseContent));
+header('Content-Length: '.strlen($responseContent));
 echo $responseContent;

web/admin/action_enrollment.php

Switch Indentation +8 added lines, -8 removed lines

@@ -49,14 +49,14 @@
 }
 
 switch ($_GET['token']) {
-    case "SELF-REGISTER":
-        $token = "SELF-REGISTER";
-        $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW;
-        $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration'];
-        break;
-    default:
-        $token = $validator->token(filter_input(INPUT_GET,'token',FILTER_SANITIZE_STRING));
-        $checkval = $usermgmt->checkTokenValidity($token);
+        case "SELF-REGISTER":
+            $token = "SELF-REGISTER";
+            $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW;
+            $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration'];
+            break;
+        default:
+            $token = $validator->token(filter_input(INPUT_GET,'token',FILTER_SANITIZE_STRING));
+            $checkval = $usermgmt->checkTokenValidity($token);
 }
 
 if ($checkval < 0) {

Spacing +10 added lines, -10 removed lines

@@ -30,7 +30,7 @@ 
 ?>
 <?php
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $deco = new \web\lib\admin\PageDecoration();
@@ -41,11 +41,11 @@ 
 $auth->authenticate();
 
 if (!isset($_GET['token'])) {
-    $elements->errorPage(_("Error creating new IdP binding!"),_("This page needs to be called with a valid invitation token!"));
+    $elements->errorPage(_("Error creating new IdP binding!"), _("This page needs to be called with a valid invitation token!"));
 }
 
 if (\config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL && $_GET['token'] == "SELF-REGISTER") {
-    $elements->errorPage(_("Error creating new IdP binding!"),_("You tried to register in self-service, but this deployment does not allow self-service!"));
+    $elements->errorPage(_("Error creating new IdP binding!"), _("You tried to register in self-service, but this deployment does not allow self-service!"));
 }
 
 switch ($_GET['token']) {
@@ -55,22 +55,22 @@ 
         $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration'];
         break;
     default:
-        $token = $validator->token(filter_input(INPUT_GET,'token',FILTER_SANITIZE_STRING));
+        $token = $validator->token(filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING));
         $checkval = $usermgmt->checkTokenValidity($token);
 }
 
 if ($checkval < 0) {
     echo $deco->pageheader(_("Error creating new IdP binding!"), "ADMIN-IDP");
-    echo "<h1>" . _("Error creating new IdP binding!") . "</h1>";
+    echo "<h1>"._("Error creating new IdP binding!")."</h1>";
     switch ($checkval) {
         case \core\UserManagement::TOKENSTATUS_FAIL_ALREADYCONSUMED:
-            echo "<p>" . sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureInst) . "</p>";
+            echo "<p>".sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureInst)."</p>";
             break;
         case \core\UserManagement::TOKENSTATUS_FAIL_EXPIRED:
-            echo "<p>" . sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed) . "</p>";
+            echo "<p>".sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed)."</p>";
             break;
         default:
-            echo "<p>" . _("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.") . "</p>";
+            echo "<p>"._("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.")."</p>";
     }
     echo $deco->footer();
     throw new Exception("Terminating because something is wrong with the token we received.");
@@ -85,12 +85,12 @@ 
     case "SELF-REGISTER":
         $fed = new \core\Federation($federation);
         $newidp = new \core\IdP($fed->newIdP(core\IdP::TYPE_IDPSP, $user, "FED", "SELFSERVICE"));
-        $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - selfservice registration");
+        $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - selfservice registration");
         break;
     default:
         $newidp = $usermgmt->createIdPFromToken($token, $user);
         $usermgmt->invalidateToken($token);
-        $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - Token used and invalidated");
+        $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - Token used and invalidated");
         break;
 }
 

web/admin/edit_user_result.php

Spacing +3 added lines, -3 removed lines

@@ -19,7 +19,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 $loggerInstance = new \core\common\Logging();
 $deco = new \web\lib\admin\PageDecoration();
@@ -29,7 +29,7 @@ 
 
 $user = new \core\User($_SESSION['user']);
 if (!isset($_POST['submitbutton']) || $_POST['submitbutton'] != web\lib\common\FormElements::BUTTON_SAVE) { // what are we supposed to do?
-    echo "<p>" . _("The page was called with insufficient data. Please report this as an error.") . "</p>";
+    echo "<p>"._("The page was called with insufficient data. Please report this as an error.")."</p>";
     echo $deco->footer();
     exit(0);
 }
@@ -46,7 +46,7 @@ 
 if (isset($_POST['option'])) {
     foreach ($_POST['option'] as $opt_id => $optname) {
         if ($optname == "user:fedadmin") {
-            echo "Security violation: user tried to make himself " . \config\ConfAssistant::CONSORTIUM['nomenclature_federation'] . " administrator!";
+            echo "Security violation: user tried to make himself ".\config\ConfAssistant::CONSORTIUM['nomenclature_federation']." administrator!";
             exit(1);
         }
     }

web/admin/inc/manageAdmins.inc.php

Spacing +10 added lines, -10 removed lines

@@ -20,7 +20,7 @@ 
  */
 ?>
 <?php
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $languageInstance = new \core\common\Language();
@@ -82,7 +82,7 @@ 
                 $ownermgmt = new \core\UserManagement();
                 $ownermgmt->addAdminToIdp($my_inst, $_SESSION['user']);
             } else {
-                echo "Fatal Error: you wanted to take control over an " . \config\ConfAssistant::CONSORTIUM['nomenclature_institution'] . ", but are not a " . \config\ConfAssistant::CONSORTIUM['nomenclature_federation'] . " operator!";
+                echo "Fatal Error: you wanted to take control over an ".\config\ConfAssistant::CONSORTIUM['nomenclature_institution'].", but are not a ".\config\ConfAssistant::CONSORTIUM['nomenclature_federation']." operator!";
                 exit(1);
             }
             break;
@@ -118,7 +118,7 @@ 
                 default:
                     throw new Exception("Error: unknown encryption status of invitation!?!");
             }
-            echo $uiElements->boxRemark(ngettext("The invitation email was sent successfully.", "All invitation emails were sent successfully.", $counter) . " " . $cryptText, _("Sent successfully."));
+            echo $uiElements->boxRemark(ngettext("The invitation email was sent successfully.", "All invitation emails were sent successfully.", $counter)." ".$cryptText, _("Sent successfully."));
             break;
         case "FAILURE":
             echo $uiElements->boxError(_("No invitation email could be sent!"), _("Sending failure!"));
@@ -138,7 +138,7 @@ 
                 default:
                     throw new Exception("Error: unknown encryption status of invitation!?!");
             }
-            echo $uiElements->boxWarning(sprintf(_("Some invitation emails were sent successfully (%s in total), the others failed."), $counter) . " " . $cryptText, _("Partial success."));
+            echo $uiElements->boxWarning(sprintf(_("Some invitation emails were sent successfully (%s in total), the others failed."), $counter)." ".$cryptText, _("Partial success."));
             break;
         case "INVALIDSYNTAX":
             echo $uiElements->boxError(_("The invitation email address was malformed, no invitation was sent!"), _("The invitation email address was malformed, no invitation was sent!"));
@@ -186,9 +186,9 @@ 
 
         echo "</td>
               <td>
-                <form action='inc/manageAdmins.inc.php?inst_id=" . $my_inst->identifier . "' method='post' " . ( $oneowner['ID'] != $_SESSION['user'] ? "onsubmit='popupRedirectWindow(this); return false;'" : "" ) . " accept-charset='UTF-8'>
-                <input type='hidden' name='admin_id' value='" . $oneowner['ID'] . "'></input>
-                <button type='submit' name='submitbutton' class='delete' value='" . web\lib\common\FormElements::BUTTON_DELETE . "'>" . _("Delete Administrator") . "</button>
+                <form action='inc/manageAdmins.inc.php?inst_id=" . $my_inst->identifier."' method='post' ".($oneowner['ID'] != $_SESSION['user'] ? "onsubmit='popupRedirectWindow(this); return false;'" : "")." accept-charset='UTF-8'>
+                <input type='hidden' name='admin_id' value='" . $oneowner['ID']."'></input>
+                <button type='submit' name='submitbutton' class='delete' value='" . web\lib\common\FormElements::BUTTON_DELETE."'>"._("Delete Administrator")."</button>
                 </form>
               </td>
             </tr>";
@@ -202,10 +202,10 @@ 
 $loggerInstance = new \core\common\Logging();
 $loggerInstance->debug(4, "Displaying pending invitations for $my_inst->identifier.\n");
 if (count($pending_invites) > 0) {
-    echo "<strong>" . _("Pending invitations for this IdP") . "</strong>";
+    echo "<strong>"._("Pending invitations for this IdP")."</strong>";
     echo "<table>";
     foreach ($pending_invites as $invitee) {
-        echo "<tr><td>" . $invitee['mail'] . "</td><td>".sprintf(_("(expires %s)"), $invitee['expiry'])."</td></tr>";
+        echo "<tr><td>".$invitee['mail']."</td><td>".sprintf(_("(expires %s)"), $invitee['expiry'])."</td></tr>";
     }
     echo "</table>";
 }
@@ -227,7 +227,7 @@ 
 
     if (!$is_admin_himself) {
         echo "<form action='inc/manageAdmins.inc.php?inst_id=$my_inst->identifier' method='post' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'>
-    <button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_TAKECONTROL . "'>" . sprintf(_("Take control of this %s"), $uiElements->nomenclatureInst) . "</button>
+    <button type='submit' name='submitbutton' value='".web\lib\common\FormElements::BUTTON_TAKECONTROL."'>".sprintf(_("Take control of this %s"), $uiElements->nomenclatureInst)."</button>
 </form>";
     }
 }

web/user/tou.php

Spacing +1 added lines, -1 removed lines

@@ -62,7 +62,7 @@
     they are from the same user group. You are not allowed to share them to an unlimited
     audience (e.g. on a publicly accessible web server).</li>
 <li>If You are an eduroam Identity Provider administrator, you are allowed to download and pass on the Installers to
-your own <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_institution'];?> end users, e.g. on the support web pages of your <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_institution'];?>, on Welcome Package CDs or USB sticks, etc.</li>
+your own <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_institution']; ?> end users, e.g. on the support web pages of your <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_institution']; ?>, on Welcome Package CDs or USB sticks, etc.</li>
 <li>If You are a third-party not affiliated with eduroam, you are only allowed to download and pass on
 the Metadata and/or the Installers after having received written permission by the eduroam Operations team.</li>
 </ul>