 cilogon    /
                    service
                      cilogon    /
                    service
                
                            These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
| 1 | <?php | ||
| 2 | |||
| 3 | /** | ||
| 4 | * This file contains functions called by index-site.php. The index-site.php | ||
| 5 | * file should include this file with the following statement at the top: | ||
| 6 | * | ||
| 7 | * require_once __DIR__ . '/index-functions.php'; | ||
| 8 | */ | ||
| 9 | |||
| 10 | use CILogon\Service\Util; | ||
| 11 | use CILogon\Service\Content; | ||
| 12 | use CILogon\Service\Loggit; | ||
| 13 | |||
| 14 | /** | ||
| 15 | * printLogonPage | ||
| 16 | * | ||
| 17 | * This function prints out the HTML for the main cilogon.org page. | ||
| 18 | * Explanatory text is shown as well as a button to log in to an IdP | ||
| 19 | * and get rerouted to the Shibboleth protected service script, or the | ||
| 20 | * OpenID script. | ||
| 21 | * | ||
| 22 | * @param bool $clearcookies True if the Shibboleth cookies and session | ||
| 23 | * variables should be cleared out before displaying the page. | ||
| 24 | * Defaults to false. | ||
| 25 | */ | ||
| 26 | function printLogonPage($clearcookies = false) | ||
| 0 ignored issues–
                            show | |||
| 27 | { | ||
| 28 |     if ($clearcookies) { | ||
| 29 | Util::removeShibCookies(); | ||
| 30 | Util::unsetAllUserSessionVars(); | ||
| 31 | Util::getSkin()->init(true); // Clear cilogon_skin var; check for forced skin | ||
| 32 | } | ||
| 33 | |||
| 34 | $log = new Loggit(); | ||
| 35 |     $log->info('Welcome page hit.'); | ||
| 36 | |||
| 37 |     Util::setSessionVar('stage', 'logon'); // For Show/Hide Help button clicks | ||
| 38 | |||
| 39 |     Content::printHeader('Welcome To The CILogon Service'); | ||
| 40 | |||
| 41 | echo ' | ||
| 42 | <div class="boxed"> | ||
| 43 | '; | ||
| 44 | |||
| 45 | Content::printHelpButton(); | ||
| 46 | Content::printWAYF(); | ||
| 47 | |||
| 48 | echo ' | ||
| 49 | </div> <!-- End boxed --> | ||
| 50 | '; | ||
| 51 | Content::printFooter(); | ||
| 52 | } | ||
| 53 | |||
| 54 | /** | ||
| 55 | * printMainPage | ||
| 56 | * | ||
| 57 | * This function prints out the HTML for the main page where the user | ||
| 58 | * can download a certificate. | ||
| 59 | */ | ||
| 60 | function printMainPage() | ||
| 0 ignored issues–
                            show The function  printMainPage()has been defined more than once; this definition is ignored, only the first definition inauthorize/index-functions.php(L189-286) is considered.This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the  /**
 * @ignore
 */
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.  Loading history... | |||
| 61 | { | ||
| 62 | $log = new Loggit(); | ||
| 63 |     $log->info('Get And Use Certificate page hit.'); | ||
| 64 | |||
| 65 |     Util::setSessionVar('stage', 'main'); // For Show/Hide Help button clicks | ||
| 66 | |||
| 67 |     Content::printHeader('Get Your Certificate'); | ||
| 68 | |||
| 69 | // CIL-626 Allow browser 'reload page' by adding CSRF to the PHP session | ||
| 70 |     Util::setSessionVar('submit', 'Proceed'); | ||
| 71 | Util::getCsrf()->setTheSession(); | ||
| 72 | |||
| 73 | echo ' | ||
| 74 | <div class="boxed"> | ||
| 75 | '; | ||
| 76 | |||
| 77 | Content::printHelpButton(); | ||
| 78 | Content::printCertInfo(); | ||
| 0 ignored issues–
                            show The method  printCertInfo()does not seem to exist onobject<CILogon\Service\Content>.This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed.  Loading history... | |||
| 79 | printGetCertificate(); | ||
| 80 | printLogOff(); | ||
| 81 | |||
| 82 | echo ' | ||
| 83 | </div> <!-- boxed --> | ||
| 84 | '; | ||
| 85 | Content::printFooter(); | ||
| 86 | } | ||
| 87 | |||
| 88 | /** | ||
| 89 | * printGetCertificate | ||
| 90 | * | ||
| 91 | * This function prints the 'Get New Certificate' box on the main page. | ||
| 92 | * If the 'p12' PHP session variable is valid, it is read and a link for the | ||
| 93 | * usercred.p12 file is presented to the user. | ||
| 94 | */ | ||
| 95 | function printGetCertificate() | ||
| 96 | { | ||
| 97 | // Check if PKCS12 downloading is disabled. If so, print out message. | ||
| 98 | $skin = Util::getSkin(); | ||
| 99 |     $pkcs12disabled = $skin->getConfigOption('pkcs12', 'disabled'); | ||
| 100 | $disabledbyskin = ((!is_null($pkcs12disabled)) && ((int)$pkcs12disabled == 1)); | ||
| 101 |     $disabledbyconf = ((!defined('MYPROXY_LOGON')) || (empty(MYPROXY_LOGON))); | ||
| 102 |     if ($disabledbyskin || $disabledbyconf) { | ||
| 103 | $disabledmsg = 'Downloading PKCS12 certificates is disabled.'; | ||
| 104 |         if ($disabledbyskin) { | ||
| 105 |             $disabledmsg = $skin->getConfigOption('pkcs12', 'disabledmessage'); | ||
| 106 |             if (!is_null($disabledmsg)) { | ||
| 107 | $disabledmsg = trim(html_entity_decode($disabledmsg)); | ||
| 108 | } | ||
| 109 |             if (strlen($disabledmsg) == 0) { | ||
| 110 | $disabledmsg = 'Downloading PKCS12 certificates is ' . | ||
| 111 | 'restricted. Please try another method or log on ' . | ||
| 112 | 'with a different Identity Provider.'; | ||
| 113 | } | ||
| 114 | } | ||
| 115 | |||
| 116 | echo '<div class="p12actionbox"><p> | ||
| 117 | ', $disabledmsg , ' | ||
| 118 | </p></div> <!-- p12actionbox -->'; | ||
| 119 |     } else { // PKCS12 downloading is okay | ||
| 120 | $downloadcerttext = "Clicking this button will generate a link " . | ||
| 121 | "to a new certificate, which you can download to your local " . | ||
| 122 | "computer. The certificate is valid for up to 13 months."; | ||
| 123 | $p12linktext = "Left-click this link to import the certificate " . | ||
| 124 | "into your broswer / operating system. (Firefox users see " . | ||
| 125 | "the FAQ.) Right-click this link and select 'Save As...' to " . | ||
| 126 | "save the certificate to your desktop."; | ||
| 127 | $passwordtext1 = 'Enter a password of at least 12 characters to " . | ||
| 128 | "protect your certificate.'; | ||
| 129 | $passwordtext2 = 'Re-enter your password to verify.'; | ||
| 130 | |||
| 131 | validateP12(); | ||
| 132 | $p12expire = ''; | ||
| 133 | $p12link = ''; | ||
| 134 |         $p12 = Util::getSessionVar('p12'); | ||
| 135 |         if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) { | ||
| 136 | $p12expire = $match[1]; | ||
| 137 | $p12link = $match[2]; | ||
| 138 | } | ||
| 139 | |||
| 140 |         if ((strlen($p12link) > 0) && (strlen($p12expire) > 0)) { | ||
| 141 | $p12link = '<a href="' . $p12link . | ||
| 142 | '">» Click Here To Download Your Certificate «</a>'; | ||
| 143 | } | ||
| 144 |         if ((strlen($p12expire) > 0) && ($p12expire > 0)) { | ||
| 145 | $expire = $p12expire - time(); | ||
| 146 | $minutes = floor($expire % 3600 / 60); | ||
| 147 | $seconds = $expire % 60; | ||
| 148 | $p12expire = 'Link Expires: ' . | ||
| 149 |                 sprintf("%02dm:%02ds", $minutes, $seconds); | ||
| 150 |         } else { | ||
| 151 | $p12expire = ''; | ||
| 152 | } | ||
| 153 | |||
| 154 |         $p12lifetime = Util::getSessionVar('p12lifetime'); | ||
| 155 |         if ((strlen($p12lifetime) == 0) || ($p12lifetime == 0)) { | ||
| 156 |             $p12lifetime = Util::getCookieVar('p12lifetime'); | ||
| 157 | } | ||
| 158 |         $p12multiplier = Util::getSessionVar('p12multiplier'); | ||
| 159 |         if ((strlen($p12multiplier) == 0) || ($p12multiplier == 0)) { | ||
| 160 |             $p12multiplier = Util::getCookieVar('p12multiplier'); | ||
| 161 | } | ||
| 162 | |||
| 163 | // Try to read the skin's intiallifetime if not yet set | ||
| 164 |         if ((strlen($p12lifetime) == 0) || ($p12lifetime <= 0)) { | ||
| 165 | // See if the skin specified an initial value | ||
| 166 |             $skinlife = $skin->getConfigOption('pkcs12', 'initiallifetime', 'number'); | ||
| 167 |             $skinmult = $skin->getConfigOption('pkcs12', 'initiallifetime', 'multiplier'); | ||
| 168 | if ( | ||
| 169 | (!is_null($skinlife)) && (!is_null($skinmult)) && | ||
| 170 | ((int)$skinlife > 0) && ((int)$skinmult > 0) | ||
| 171 |             ) { | ||
| 172 | $p12lifetime = (int)$skinlife; | ||
| 173 | $p12multiplier = (int)$skinmult; | ||
| 174 |             } else { | ||
| 175 | $p12lifetime = 13; // Default to 13 months | ||
| 176 | $p12multiplier = 732; | ||
| 177 | } | ||
| 178 | } | ||
| 179 |         if ((strlen($p12multiplier) == 0) || ($p12multiplier <= 0)) { | ||
| 180 | $p12multiplier = 732; // Default to months | ||
| 181 |             if ($p12lifetime > 13) { | ||
| 182 | $p12lifetime = 13; | ||
| 183 | } | ||
| 184 | } | ||
| 185 | |||
| 186 | // Make sure lifetime is within [minlifetime,maxlifetime] | ||
| 187 | list($minlifetime, $maxlifetime) = | ||
| 188 |             Content::getMinMaxLifetimes('pkcs12', 9516); | ||
| 189 |         if (($p12lifetime * $p12multiplier) < $minlifetime) { | ||
| 190 | $p12lifetime = $minlifetime; | ||
| 191 | $p12multiplier = 1; // In hours | ||
| 192 |         } elseif (($p12lifetime * $p12multiplier) > $maxlifetime) { | ||
| 193 | $p12lifetime = $maxlifetime; | ||
| 194 | $p12multiplier = 1; // In hours | ||
| 195 | } | ||
| 196 | |||
| 197 | $lifetimetext = "Specify the certificate lifetime. Acceptable range " . | ||
| 198 | "is between $minlifetime and $maxlifetime hours" . | ||
| 199 | (($maxlifetime > 732) ? | ||
| 200 | " ( = " . round(($maxlifetime / 732), 2) . " months)." : | ||
| 201 | "." | ||
| 202 | ); | ||
| 203 | |||
| 204 | echo ' | ||
| 205 | <div class="p12actionbox"'; | ||
| 206 | |||
| 207 |         if (Util::getSessionVar('showhelp') == 'on') { | ||
| 208 | echo ' style="width:92%;"'; | ||
| 209 | } | ||
| 210 | |||
| 211 | echo '> | ||
| 212 | <table class="helptable"> | ||
| 213 | <tr> | ||
| 214 | <td class="actioncell"> | ||
| 215 | '; | ||
| 216 | |||
| 217 | Content::printFormHead(); | ||
| 218 | |||
| 219 | echo ' | ||
| 220 | <fieldset> | ||
| 221 | '; | ||
| 222 | |||
| 223 |         $p12error = Util::getSessionVar('p12error'); | ||
| 224 |         if (strlen($p12error) > 0) { | ||
| 225 | echo "<p class=\"logonerror\">$p12error</p>"; | ||
| 226 |             Util::unsetSessionVar('p12error'); | ||
| 227 | } | ||
| 228 | |||
| 229 | echo ' | ||
| 230 | <p> | ||
| 231 | Password Protect Your New Certificate: | ||
| 232 | </p> | ||
| 233 | |||
| 234 | <p> | ||
| 235 | <label for="password1" class="helpcursor" title="' , | ||
| 236 | $passwordtext1 , '">Enter A Password:</label> | ||
| 237 | <input type="password" name="password1" id="password1" | ||
| 238 | size="22" title="' , $passwordtext1 , '" onkeyup="checkPassword()"/> | ||
| 239 | <img src="/images/blankIcon.png" width="14" height="14" alt="" | ||
| 240 | id="pw1icon"/> | ||
| 241 | </p> | ||
| 242 | |||
| 243 | <p> | ||
| 244 | <label for="password2" class="helpcursor" title="' , | ||
| 245 | $passwordtext2 , '">Confirm Password:</label> | ||
| 246 | <input type="password" name="password2" id="password2" | ||
| 247 | size="22" title="' , $passwordtext2 , '" onkeyup="checkPassword()"/> | ||
| 248 | <img src="/images/blankIcon.png" width="14" height="14" alt="" | ||
| 249 | id="pw2icon"/> | ||
| 250 | </p> | ||
| 251 | |||
| 252 | <p class="p12certificatelifetime"> | ||
| 253 | <label for="p12lifetime" title="' , $lifetimetext , | ||
| 254 | '" class="helpcursor">Certificate Lifetime:</label> | ||
| 255 | <input type="text" name="p12lifetime" id="p12lifetime" | ||
| 256 | title="', $lifetimetext , | ||
| 257 | '" class="helpcursor" value="' , $p12lifetime , | ||
| 258 | '" size="8" maxlength="8"/> | ||
| 259 | <select title="' , $lifetimetext , | ||
| 260 | '" class="helpcursor" id="p12multiplier" name="p12multiplier"> | ||
| 261 | <option value="1"' , | ||
| 262 | (($p12multiplier == 1) ? ' selected="selected"' : '') , | ||
| 263 | '>hours</option> | ||
| 264 | <option value="24"' , | ||
| 265 | (($p12multiplier == 24) ? ' selected="selected"' : '') , | ||
| 266 | '>days</option> | ||
| 267 | <option value="732"' , | ||
| 268 | (($p12multiplier == 732) ? ' selected="selected"' : '') , | ||
| 269 | '>months</option> | ||
| 270 | </select> | ||
| 271 | <img src="/images/blankIcon.png" width="14" height="14" alt=""/> | ||
| 272 | </p> | ||
| 273 | |||
| 274 | <p> | ||
| 275 | <input type="submit" name="submit" class="submit helpcursor" | ||
| 276 | title="' , $downloadcerttext , '" value="Get New Certificate" | ||
| 277 | onclick="showHourglass(\'p12\')"/> | ||
| 278 | <img src="/images/hourglass.gif" width="32" height="32" alt="" | ||
| 279 | class="hourglass" id="p12hourglass"/> | ||
| 280 | </p> | ||
| 281 | |||
| 282 | <p id="p12value" class="helpcursor" title="' , | ||
| 283 | $p12linktext , '">' , $p12link , '</p> | ||
| 284 | <p id="p12expire">' , $p12expire , '</p> | ||
| 285 | |||
| 286 | </fieldset> | ||
| 287 | </form> | ||
| 288 | </td> | ||
| 289 | '; | ||
| 290 | |||
| 291 |         if (Util::getSessionVar('showhelp') == 'on') { | ||
| 292 | echo ' | ||
| 293 | <td class="helpcell"> | ||
| 294 | <div> | ||
| 295 | <p> | ||
| 296 | In order to get a new certificate, please enter a password of at | ||
| 297 | least 12 characters in length. This password protects the private | ||
| 298 | key of the certificate and is different from your identity provider | ||
| 299 | password. You must enter the password twice for verification. | ||
| 300 | </p> | ||
| 301 | <p> | ||
| 302 | After entering a password, click the "Get New Certificate" button to | ||
| 303 | generate a new link. Right-click on this link to download the | ||
| 304 | certificate to your computer. The certificate is valid for up to 13 | ||
| 305 | months. | ||
| 306 | </p> | ||
| 307 | </div> | ||
| 308 | </td> | ||
| 309 | '; | ||
| 310 | } | ||
| 311 | |||
| 312 | echo ' | ||
| 313 | </tr> | ||
| 314 | </table> | ||
| 315 | </div> <!-- p12actionbox --> | ||
| 316 | '; | ||
| 317 | } | ||
| 318 | } | ||
| 319 | |||
| 320 | /** | ||
| 321 | * printLogOff | ||
| 322 | * | ||
| 323 | * This function prints the Log Off boxes at the bottom of the main page. | ||
| 324 | */ | ||
| 325 | function printLogOff() | ||
| 326 | { | ||
| 327 | $logofftext = 'End your CILogon session and return to the welcome page. ' . | ||
| 328 | 'Note that this will not log you out at ' . | ||
| 329 |                   Util::getSessionVar('idpname') . '.'; | ||
| 330 | |||
| 331 |     $showhelp = Util::getSessionVar('showhelp'); | ||
| 332 | |||
| 333 | echo ' | ||
| 334 | <div class="logoffactionbox"'; | ||
| 335 | |||
| 336 |     if ($showhelp == 'on') { | ||
| 337 | echo ' style="width:92%;"'; | ||
| 338 | } | ||
| 339 | |||
| 340 | echo '> | ||
| 341 | <table class="helptable"> | ||
| 342 | <tr> | ||
| 343 | <td class="actioncell"> | ||
| 344 | '; | ||
| 345 | |||
| 346 | Content::printFormHead(); | ||
| 347 | |||
| 348 | echo ' | ||
| 349 | <p> | ||
| 350 | <input type="submit" name="submit" class="submit helpcursor" | ||
| 351 | title="' , $logofftext , '" value="Log Off" /> | ||
| 352 | </p> | ||
| 353 | </form> | ||
| 354 | </td> | ||
| 355 | '; | ||
| 356 | |||
| 357 |     if ($showhelp == 'on') { | ||
| 358 | echo ' | ||
| 359 | <td class="helpcell"> | ||
| 360 | <div> | ||
| 361 | <p> | ||
| 362 | This button will log you off of the CILogon Service. In order to log | ||
| 363 | out from your identity provider, you must either quit your browser | ||
| 364 | or manually clear your browser\'s cookies. | ||
| 365 | </p> | ||
| 366 | </div> | ||
| 367 | </td> | ||
| 368 | '; | ||
| 369 | } | ||
| 370 | |||
| 371 | echo ' | ||
| 372 | </tr> | ||
| 373 | </table> | ||
| 374 | </div> <!-- logoffactionbox --> | ||
| 375 | |||
| 376 | <div class="logofftextbox"'; | ||
| 377 | |||
| 378 |     if ($showhelp == 'on') { | ||
| 379 | echo ' style="width:92%;"'; | ||
| 380 | } | ||
| 381 | |||
| 382 | echo '> | ||
| 383 | <table class="helptable"> | ||
| 384 | <tr> | ||
| 385 | <td class="actioncell"> | ||
| 386 | <p>To log off, please quit your browser.<p> | ||
| 387 | </td> | ||
| 388 | '; | ||
| 389 | |||
| 390 |     if ($showhelp == 'on') { | ||
| 391 | echo ' | ||
| 392 | <td class="helpcell"> | ||
| 393 | <div> | ||
| 394 | <p> | ||
| 395 | Quitting your browser clears all session cookies which logs you out | ||
| 396 | from your identity provider. Alternatively, you can manually clear | ||
| 397 | your browser\'s cookies. | ||
| 398 | </p> | ||
| 399 | </div> | ||
| 400 | </td> | ||
| 401 | '; | ||
| 402 | } | ||
| 403 | |||
| 404 | echo ' | ||
| 405 | </tr> | ||
| 406 | </table> | ||
| 407 | </div> <!-- logofftextbox --> | ||
| 408 | '; | ||
| 409 | } | ||
| 410 | |||
| 411 | /** | ||
| 412 | * validateP12 | ||
| 413 | * | ||
| 414 | * This function is called just before the 'Download your certificate' | ||
| 415 | * link is printed out to HTML. It checks to see if the p12 is still | ||
| 416 | * valid time-wise. If not, then it unsets the PHP session variable | ||
| 417 | * 'p12'. | ||
| 418 | */ | ||
| 419 | function validateP12() | ||
| 420 | { | ||
| 421 | $p12link = ''; | ||
| 422 | $p12expire = ''; | ||
| 423 |     $p12 = Util::getSessionVar('p12'); | ||
| 424 |     if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) { | ||
| 425 | $p12expire = $match[1]; | ||
| 426 | $p12link = $match[2]; | ||
| 427 | } | ||
| 428 | |||
| 429 | // Verify that the p12expire and p12link values are valid. | ||
| 430 | if ( | ||
| 431 | (strlen($p12expire) == 0) || | ||
| 432 | ($p12expire == 0) || | ||
| 433 | (time() > $p12expire) || | ||
| 434 | (strlen($p12link) == 0) | ||
| 435 |     ) { | ||
| 436 |         Util::unsetSessionVar('p12'); | ||
| 437 | } | ||
| 438 | } | ||
| 439 | 
 
                                
This check looks for functions that have already been defined in other files.
Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the
@ignoreannotation.See also the PhpDoc documentation for @ignore.