Issues in index-site.php - Fixed Issues - Inspection of "CIL-621 Move "function" definitions out of top-lev..." - cilogon/service - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 5a053e...8eeafe )

by Terrence

created 2019-11-18 22:39 UTC

index-site.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// error_reporting(E_ALL); ini_set('display_errors',1);

require_once __DIR__ . '/vendor/autoload.php';

use CILogon\Service\Util;
use CILogon\Service\Content;
use CILogon\Service\ShibError;
use CILogon\Service\Loggit;

Util::startPHPSession();

// Util::startTiming();
// Util::$timeit->printTime('MAIN Program START...');

// Check for a Shibboleth error and handle it
$shiberror = new ShibError();

// Check the csrf cookie against either a hidden <form> element or a
// PHP session variable, and get the value of the 'submit' element.
// Note: replace CR/LF with space for 'Show/Hide Help' buttons.
$retchars = array("\r\n","\n","\r");
$submit = str_replace(
    $retchars,
    " ",
    Util::getCsrf()->verifyCookieAndGetSubmit()
);
Util::unsetSessionVar('submit');

$log = new Loggit();
$log->info('submit="' . $submit . '"');

// Depending on the value of the clicked 'submit' button or the
// equivalent PHP session variable, take action or print out HTML.
switch ($submit) {
    case 'Log On': // Check for OpenID or InCommon usage.
    case 'Continue': // For OOI
        Content::handleLogOnButtonClicked();
        break; // End case 'Log On'

    case 'Log Off':   // Click the 'Log Off' button
        printLogonPage(true);
        break; // End case 'Log Off'

    case 'gotuser': // Return from the getuser script
        Content::handleGotUser();
        break; // End case 'gotuser'

    case 'Go Back': // Return to the Main page
    case 'Proceed': // Proceed after 'User Changed' or Error page
    case 'Done with Two-Factor':
        Util::verifySessionAndCall('printMainPage');
        break; // End case 'Go Back' / 'Proceed'

    case 'Cancel': // Cancel button on WAYF page - go to Google
        header('Location: https://www.google.com/');
        exit; // No further processing necessary
        break;

    case 'Get New Certificate':
        if (Util::verifySessionAndCall(
            'CILogon\\Service\\Content::generateP12'
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        )) {
            printMainPage();
        }
        break; // End case 'Get New Certificate'

    case 'Manage Two-Factor':
        Util::verifySessionAndCall(
            'CILogon\\Service\\Content::printTwoFactorPage'
        );
        break; // End case 'Manage Two-Factor'

    case 'Enable':   // Enable / Disable two-factor authentication
    case 'Disable':
    case 'Verify':   // Log in with Google Authenticator
    case 'Disable Two-Factor':
        $enable = !preg_match('/^Disable/', $submit);
        Util::verifySessionAndCall(
            'CILogon\\Service\\Content::handleEnableDisableTwoFactor',
            array($enable)
        );
        break; // End case 'Enable' / 'Disable'

    case 'I Lost My Phone':
        Util::verifySessionAndCall(
            'CILogon\\Service\\Content::handleILostMyPhone'
        );
        break; // End case 'I Lost My Phone'

    case 'Enter': // Verify Google Authenticator one time password
        Util::verifySessionAndCall(
            'CILogon\\Service\\Content::handleGoogleAuthenticatorLogin'
        );
        break; // End case 'Enter'

    case 'EnterDuo': // Verify Duo Security login
        Util::verifySessionAndCall(
            'CILogon\\Service\\Content::handleDuoSecurityLogin'
        );
        break; // End case 'EnterDuo'

    case 'Show  Help ': // Toggle showing of help text on and off
    case 'Hide  Help ':
        Content::handleHelpButtonClicked();
        break; // End case 'Show Help' / 'Hide Help'

    default: // No submit button clicked nor PHP session submit variable set
        Content::handleNoSubmitButtonClicked();
        break; // End default case
} // End switch($submit)


/**
 * printLogonPage
 *
 * This function prints out the HTML for the main cilogon.org page.
 * Explanatory text is shown as well as a button to log in to an IdP
 * and get rerouted to the Shibboleth protected service script, or the
 * OpenID script.
 *
 * @param bool $clearcookies True if the Shibboleth cookies and session
 *        variables  should be cleared out before displaying the page.
 *        Defaults to false.
 */
function printLogonPage($clearcookies = false)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    if ($clearcookies) {
        Util::removeShibCookies();
        Util::unsetAllUserSessionVars();
        Util::getSkin()->init(true);  // Clear cilogon_skin var; check for forced skin
    }

    $log = new Loggit();
    $log->info('Welcome page hit.');

    Util::setSessionVar('stage', 'logon'); // For Show/Hide Help button clicks

    Content::printHeader('Welcome To The CILogon Service');

    echo '
    <div class="boxed">
    ';

    Content::printHelpButton();
    Content::printWAYF();

    echo '
    </div> <!-- End boxed -->
    ';
    Content::printFooter();
}

/**
 * printMainPage
 *
 * This function prints out the HTML for the main page where the user
 * can download a certificate.
 */
function printMainPage()
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    $log = new Loggit();
    $log->info('Get And Use Certificate page hit.');

    Util::setSessionVar('stage', 'main'); // For Show/Hide Help button clicks

    Content::printHeader('Get Your Certificate');

    // CIL-626 Allow browser 'reload page' by adding CSRF to the PHP session
    Util::setSessionVar('submit', 'Proceed');
    Util::getCsrf()->setTheSession();

    echo '
    <div class="boxed">
    ';

    Content::printHelpButton();
    printCertInfo();
    printGetCertificate();
    Content::printTwoFactorBox();
    printLogOff();

    echo '
    </div> <!-- boxed -->
    ';
    Content::printFooter();
}

/**
 * printCertInfo
 *
 * This function prints the certificate information table at the top
 * of the main page.
 */
function printCertInfo()
{
    $dn = Util::getSessionVar('dn');
    $dn = Content::reformatDN(preg_replace('/\s+email=.+$/', '', $dn));

    echo '
    <table class="certinfo">
      <tr>
        <th>Certificate&nbsp;Subject:</th>
        <td>' , Util::htmlent($dn) , '</td>
      </tr>
      <tr>
        <th>Identity&nbsp;Provider:</th>
        <td>' , Util::getSessionVar('idpname') , '</td>
      </tr>
      <tr>
        <th><a target="_blank"
        href="http://ca.cilogon.org/loa">Level&nbsp;of&nbsp;Assurance:</a></th>
        <td>
    ';

    $loa = Util::getSessionVar('loa');
    if ($loa == 'openid') {
        echo '<a href="http://ca.cilogon.org/policy/openid"
              target="_blank">OpenID</a>';
    } elseif ($loa == 'http://incommonfederation.org/assurance/silver') {
        echo '<a href="http://ca.cilogon.org/policy/silver"
              target="_blank">Silver</a>';
    } else {
        echo '<a href="http://ca.cilogon.org/policy/basic"
              target="_blank">Basic</a>';
    }
    echo '
        </td>
      </tr>
    </table>
    ';
}

/**
 * printGetCertificate
 *
 * This function prints the 'Get New Certificate' box on the main page.
 * If the 'p12' PHP session variable is valid, it is read and a link for the
 * usercred.p12 file is presented to the user.
 */
function printGetCertificate()
{
    // Check if PKCS12 downloading is disabled. If so, print out message.
    $skin = Util::getSkin();
    $disabled = $skin->getConfigOption('pkcs12', 'disabled');
    if ((!is_null($disabled)) && ((int)$disabled == 1)) {
        $disabledmsg = $skin->getConfigOption(
            'pkcs12',
            'disabledmessage'
        );
        if (!is_null($disabledmsg)) {
            $disabledmsg = trim(html_entity_decode($disabledmsg));
        }
        if (strlen($disabledmsg) == 0) {
            $disabledmsg = "Downloading PKCS12 certificates is " .
                "restricted. Please try another method or log on " .
                "with a different Identity Provider.";
        }

        echo '<div class="p12actionbox"><p>
             ', $disabledmsg , '
             </p></div> <!-- p12actionbox -->';
    } else { // PKCS12 downloading is okay
        $downloadcerttext = "Clicking this button will generate a link " .
            "to a new certificate, which you can download to your local " .
            "computer. The certificate is valid for up to 13 months.";
        $p12linktext = "Left-click this link to import the certificate " .
            "into your broswer / operating system. (Firefox users see " .
            "the FAQ.) Right-click this link and select 'Save As...' to " .
            "save the certificate to your desktop.";
        $passwordtext1 = 'Enter a password of at least 12 characters to " .
            "protect your certificate.';
        $passwordtext2 = 'Re-enter your password to verify.';

        validateP12();
        $p12expire = '';
        $p12link = '';
        $p12 = Util::getSessionVar('p12');
        if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) {
            $p12expire = $match[1];
            $p12link = $match[2];
        }

        if ((strlen($p12link) > 0) && (strlen($p12expire) > 0)) {
            $p12link = '<a href="' . $p12link .
                '">&raquo; Click Here To Download Your Certificate &laquo;</a>';
        }
        if ((strlen($p12expire) > 0) && ($p12expire > 0)) {
            $expire = $p12expire - time();
            $minutes = floor($expire % 3600 / 60);
            $seconds = $expire % 60;
            $p12expire = 'Link Expires: ' .
                sprintf("%02dm:%02ds", $minutes, $seconds);
        } else {
            $p12expire = '';
        }

        $p12lifetime = Util::getSessionVar('p12lifetime');
        if ((strlen($p12lifetime) == 0) || ($p12lifetime == 0)) {
            $p12lifetime = Util::getCookieVar('p12lifetime');
        }
        $p12multiplier = Util::getSessionVar('p12multiplier');
        if ((strlen($p12multiplier) == 0) || ($p12multiplier == 0)) {
            $p12multiplier = Util::getCookieVar('p12multiplier');
        }

        // Try to read the skin's intiallifetime if not yet set
        if ((strlen($p12lifetime) == 0) || ($p12lifetime <= 0)) {
            // See if the skin specified an initial value
            $skinlife = $skin->getConfigOption('pkcs12', 'initiallifetime', 'number');
            $skinmult = $skin->getConfigOption('pkcs12', 'initiallifetime', 'multiplier');
            if ((!is_null($skinlife)) && (!is_null($skinmult)) &&
                ((int)$skinlife > 0) && ((int)$skinmult > 0)) {
                $p12lifetime = (int)$skinlife;
                $p12multiplier = (int)$skinmult;
            } else {
                $p12lifetime = 13;      // Default to 13 months
                $p12multiplier = 732;
            }
        }
        if ((strlen($p12multiplier) == 0) || ($p12multiplier <= 0)) {
            $p12multiplier = 732;   // Default to months
            if ($p12lifetime > 13) {
                $p12lifetime = 13;
            }
        }

        // Make sure lifetime is within [minlifetime,maxlifetime]
        list($minlifetime, $maxlifetime) =
            Content::getMinMaxLifetimes('pkcs12', 9516);
        if (($p12lifetime * $p12multiplier) < $minlifetime) {
            $p12lifetime = $minlifetime;
            $p12multiplier = 1; // In hours
        } elseif (($p12lifetime * $p12multiplier) > $maxlifetime) {
            $p12lifetime = $maxlifetime;
            $p12multiplier = 1; // In hours
        }

        $lifetimetext = "Specify the certificate lifetime. Acceptable range " .
                        "is between $minlifetime and $maxlifetime hours" .
                        (($maxlifetime > 732) ?
                            " ( = " . round(($maxlifetime / 732), 2) . " months)." :
                            "."
                        );

        echo '
        <div class="p12actionbox"';

        if (Util::getSessionVar('showhelp') == 'on') {
            echo ' style="width:92%;"';
        }

        echo '>
        <table class="helptable">
        <tr>
        <td class="actioncell">
        ';

        Content::printFormHead();

        echo '
          <fieldset>
          ';

        $p12error = Util::getSessionVar('p12error');
        if (strlen($p12error) > 0) {
            echo "<p class=\"logonerror\">$p12error</p>";
            Util::unsetSessionVar('p12error');
        }

        echo '
          <p>
          Password Protect Your New Certificate:
          </p>

          <p>
          <label for="password1" class="helpcursor" title="' ,
          $passwordtext1 , '">Enter A Password:</label>
          <input type="password" name="password1" id="password1"
          size="22" title="' , $passwordtext1 , '" onkeyup="checkPassword()"/>
          <img src="/images/blankIcon.png" width="14" height="14" alt=""
          id="pw1icon"/>
          </p>

          <p>
          <label for="password2" class="helpcursor" title="' ,
          $passwordtext2 , '">Confirm Password:</label>
          <input type="password" name="password2" id="password2"
          size="22" title="' , $passwordtext2 , '" onkeyup="checkPassword()"/>
          <img src="/images/blankIcon.png" width="14" height="14" alt=""
          id="pw2icon"/>
          </p>

          <p class="p12certificatelifetime">
          <label for="p12lifetime" title="' , $lifetimetext ,
          '" class="helpcursor">Certificate Lifetime:</label>
          <input type="text" name="p12lifetime" id="p12lifetime"
          title="', $lifetimetext ,
          '" class="helpcursor" value="' , $p12lifetime ,
          '" size="8" maxlength="8"/>
          <select title="' , $lifetimetext ,
          '" class="helpcursor" id="p12multiplier" name="p12multiplier">
          <option value="1"' ,
              (($p12multiplier == 1) ? ' selected="selected"' : '') ,
              '>hours</option>
          <option value="24"' ,
              (($p12multiplier == 24) ? ' selected="selected"' : '') ,
              '>days</option>
          <option value="732"' ,
              (($p12multiplier == 732) ? ' selected="selected"' : '') ,
              '>months</option>
          </select>
          <img src="/images/blankIcon.png" width="14" height="14" alt=""/>
          </p>

          <p>
          <input type="submit" name="submit" class="submit helpcursor"
          title="' , $downloadcerttext , '" value="Get New Certificate"
          onclick="showHourglass(\'p12\')"/>
          <img src="/images/hourglass.gif" width="32" height="32" alt=""
          class="hourglass" id="p12hourglass"/>
          </p>

          <p id="p12value" class="helpcursor" title="' ,
              $p12linktext , '">' , $p12link , '</p>
          <p id="p12expire">' , $p12expire , '</p>

          </fieldset>
          </form>
        </td>
        ';

        if (Util::getSessionVar('showhelp') == 'on') {
            echo '
            <td class="helpcell">
            <div>
            <p>
            In order to get a new certificate, please enter a password of at
            least 12 characters in length.  This password protects the private
            key of the certificate and is different from your identity provider
            password.  You must enter the password twice for verification.
            </p>
            <p>
            After entering a password, click the "Get New Certificate" button to
            generate a new link.  Right-click on this link to download the
            certificate to your computer.  The certificate is valid for up to 13
            months.
            </p>
            </div>
            </td>
            ';
        }

        echo '
        </tr>
        </table>
        </div> <!-- p12actionbox -->
        ';
    }
}

/**
 * printLogOff
 *
 * This function prints the Log Off boxes at the bottom of the main page.
 */
function printLogOff()
{
    $logofftext = 'End your CILogon session and return to the welcome page. ' .
                  'Note that this will not log you out at ' .
                  Util::getSessionVar('idpname') . '.';

    $showhelp = Util::getSessionVar('showhelp');

    echo '
    <div class="logoffactionbox"';

    if ($showhelp == 'on') {
        echo ' style="width:92%;"';
    }

    echo '>
    <table class="helptable">
    <tr>
    <td class="actioncell">
    ';

    Content::printFormHead();

    echo '
      <p>
      <input type="submit" name="submit" class="submit helpcursor"
      title="' , $logofftext , '" value="Log Off" />
      </p>
    </form>
    </td>
    ';

    if ($showhelp == 'on') {
        echo '
        <td class="helpcell">
        <div>
        <p>
        This button will log you off of the CILogon Service. In order to log
        out from your identity provider, you must either quit your browser
        or manually clear your browser\'s cookies.
        </p>
        </div>
        </td>
        ';
    }

    echo '
    </tr>
    </table>
    </div> <!-- logoffactionbox -->

    <div class="logofftextbox"';

    if ($showhelp == 'on') {
        echo ' style="width:92%;"';
    }

    echo '>
    <table class="helptable">
    <tr>
    <td class="actioncell">
      <p>To log off, please quit your browser.<p>
    </td>
    ';

    if ($showhelp == 'on') {
        echo '
        <td class="helpcell">
        <div>
        <p>
        Quitting your browser clears all session cookies which logs you out
        from your identity provider.  Alternatively, you can manually clear
        your browser\'s cookies.
        </p>
        </div>
        </td>
        ';
    }

    echo '
    </tr>
    </table>
    </div> <!-- logofftextbox -->
    ';
}

/**
 * validateP12
 *
 * This function is called just before the 'Download your certificate'
 * link is printed out to HTML. It checks to see if the p12 is still
 * valid time-wise. If not, then it unsets the PHP session variable
 * 'p12'.
 */
function validateP12()
{
    $p12link = '';
    $p12expire = '';
    $p12 = Util::getSessionVar('p12');
    if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) {
        $p12expire = $match[1];
        $p12link = $match[2];
    }

    // Verify that the p12expire and p12link values are valid.
    if ((strlen($p12expire) == 0) ||
        ($p12expire == 0) ||
        (time() > $p12expire) ||
        (strlen($p12link) == 0)) {
        Util::unsetSessionVar('p12');
    }
}

// Util::$timeit->printTime('MAIN Program END...  ');


1			<?php
2
3			// error_reporting(E_ALL); ini_set('display_errors',1);
4
5			require_once __DIR__ . '/vendor/autoload.php';
6
7			use CILogon\Service\Util;
8			use CILogon\Service\Content;
9			use CILogon\Service\ShibError;
10			use CILogon\Service\Loggit;
11
12			Util::startPHPSession();
13
14			// Util::startTiming();
15			// Util::$timeit->printTime('MAIN Program START...');
16
17			// Check for a Shibboleth error and handle it
18			$shiberror = new ShibError();
19
20			// Check the csrf cookie against either a hidden <form> element or a
21			// PHP session variable, and get the value of the 'submit' element.
22			// Note: replace CR/LF with space for 'Show/Hide Help' buttons.
23			$retchars = array("\r\n","\n","\r");
24			$submit = str_replace(
25			$retchars,
26			" ",
27			Util::getCsrf()->verifyCookieAndGetSubmit()
28			);
29			Util::unsetSessionVar('submit');
30
31			$log = new Loggit();
32			$log->info('submit="' . $submit . '"');
33
34			// Depending on the value of the clicked 'submit' button or the
35			// equivalent PHP session variable, take action or print out HTML.
36			switch ($submit) {
37			case 'Log On': // Check for OpenID or InCommon usage.
38			case 'Continue': // For OOI
39			Content::handleLogOnButtonClicked();
40			break; // End case 'Log On'
41
42			case 'Log Off': // Click the 'Log Off' button
43			printLogonPage(true);
44			break; // End case 'Log Off'
45
46			case 'gotuser': // Return from the getuser script
47			Content::handleGotUser();
48			break; // End case 'gotuser'
49
50			case 'Go Back': // Return to the Main page
51			case 'Proceed': // Proceed after 'User Changed' or Error page
52			case 'Done with Two-Factor':
53			Util::verifySessionAndCall('printMainPage');
54			break; // End case 'Go Back' / 'Proceed'
55
56			case 'Cancel': // Cancel button on WAYF page - go to Google
57			header('Location: https://www.google.com/');
58			exit; // No further processing necessary
59			break;
60
61			case 'Get New Certificate':
62			if (Util::verifySessionAndCall(
63			'CILogon\\Service\\Content::generateP12'
			0 ignored issues – show Documentation introduced 2017-04-05 19:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this `'CILogon\\Service\\Content::generateP12'` is of type `string`, but the function expects a `object<CILogon\Service\function>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
64			)) {
65			printMainPage();
66			}
67			break; // End case 'Get New Certificate'
68
69			case 'Manage Two-Factor':
70			Util::verifySessionAndCall(
71			'CILogon\\Service\\Content::printTwoFactorPage'
72			);
73			break; // End case 'Manage Two-Factor'
74
75			case 'Enable': // Enable / Disable two-factor authentication
76			case 'Disable':
77			case 'Verify': // Log in with Google Authenticator
78			case 'Disable Two-Factor':
79			$enable = !preg_match('/^Disable/', $submit);
80			Util::verifySessionAndCall(
81			'CILogon\\Service\\Content::handleEnableDisableTwoFactor',
82			array($enable)
83			);
84			break; // End case 'Enable' / 'Disable'
85
86			case 'I Lost My Phone':
87			Util::verifySessionAndCall(
88			'CILogon\\Service\\Content::handleILostMyPhone'
89			);
90			break; // End case 'I Lost My Phone'
91
92			case 'Enter': // Verify Google Authenticator one time password
93			Util::verifySessionAndCall(
94			'CILogon\\Service\\Content::handleGoogleAuthenticatorLogin'
95			);
96			break; // End case 'Enter'
97
98			case 'EnterDuo': // Verify Duo Security login
99			Util::verifySessionAndCall(
100			'CILogon\\Service\\Content::handleDuoSecurityLogin'
101			);
102			break; // End case 'EnterDuo'
103
104			case 'Show Help ': // Toggle showing of help text on and off
105			case 'Hide Help ':
106			Content::handleHelpButtonClicked();
107			break; // End case 'Show Help' / 'Hide Help'
108
109			default: // No submit button clicked nor PHP session submit variable set
110			Content::handleNoSubmitButtonClicked();
111			break; // End default case
112			} // End switch($submit)
113
114
115			/**
116			* printLogonPage
117			*
118			* This function prints out the HTML for the main cilogon.org page.
119			* Explanatory text is shown as well as a button to log in to an IdP
120			* and get rerouted to the Shibboleth protected service script, or the
121			* OpenID script.
122			*
123			* @param bool $clearcookies True if the Shibboleth cookies and session
124			* variables should be cleared out before displaying the page.
125			* Defaults to false.
126			*/
127			function printLogonPage($clearcookies = false)
			0 ignored issues – show Best Practice introduced 2017-04-05 19:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `printLogonPage()` has been defined more than once; this definition is ignored, only the first definition in `authorize/index-site.php` (L143-235) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
128			{
129			if ($clearcookies) {
130			Util::removeShibCookies();
131			Util::unsetAllUserSessionVars();
132			Util::getSkin()->init(true); // Clear cilogon_skin var; check for forced skin
133			}
134
135			$log = new Loggit();
136			$log->info('Welcome page hit.');
137
138			Util::setSessionVar('stage', 'logon'); // For Show/Hide Help button clicks
139
140			Content::printHeader('Welcome To The CILogon Service');
141
142			echo '
143			<div class="boxed">
144			';
145
146			Content::printHelpButton();
147			Content::printWAYF();
148
149			echo '
150			</div> <!-- End boxed -->
151			';
152			Content::printFooter();
153			}
154
155			/**
156			* printMainPage
157			*
158			* This function prints out the HTML for the main page where the user
159			* can download a certificate.
160			*/
161			function printMainPage()
			0 ignored issues – show Best Practice introduced 2017-04-05 19:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `printMainPage()` has been defined more than once; this definition is ignored, only the first definition in `authorize/index-site.php` (L306-401) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
162			{
163			$log = new Loggit();
164			$log->info('Get And Use Certificate page hit.');
165
166			Util::setSessionVar('stage', 'main'); // For Show/Hide Help button clicks
167
168			Content::printHeader('Get Your Certificate');
169
170			// CIL-626 Allow browser 'reload page' by adding CSRF to the PHP session
171			Util::setSessionVar('submit', 'Proceed');
172			Util::getCsrf()->setTheSession();
173
174			echo '
175			<div class="boxed">
176			';
177
178			Content::printHelpButton();
179			printCertInfo();
180			printGetCertificate();
181			Content::printTwoFactorBox();
182			printLogOff();
183
184			echo '
185			</div> <!-- boxed -->
186			';
187			Content::printFooter();
188			}
189
190			/**
191			* printCertInfo
192			*
193			* This function prints the certificate information table at the top
194			* of the main page.
195			*/
196			function printCertInfo()
197			{
198			$dn = Util::getSessionVar('dn');
199			$dn = Content::reformatDN(preg_replace('/\s+email=.+$/', '', $dn));
200
201			echo '
202			<table class="certinfo">
203			<tr>
204			<th>Certificate Subject:</th>
205			<td>' , Util::htmlent($dn) , '</td>
206			</tr>
207			<tr>
208			<th>Identity Provider:</th>
209			<td>' , Util::getSessionVar('idpname') , '</td>
210			</tr>
211			<tr>
212			<th><a target="_blank"
213			href="http://ca.cilogon.org/loa">Level of Assurance:</a></th>
214			<td>
215			';
216
217			$loa = Util::getSessionVar('loa');
218			if ($loa == 'openid') {
219			echo '<a href="http://ca.cilogon.org/policy/openid"
220			target="_blank">OpenID</a>';
221			} elseif ($loa == 'http://incommonfederation.org/assurance/silver') {
222			echo '<a href="http://ca.cilogon.org/policy/silver"
223			target="_blank">Silver</a>';
224			} else {
225			echo '<a href="http://ca.cilogon.org/policy/basic"
226			target="_blank">Basic</a>';
227			}
228			echo '
229			</td>
230			</tr>
231			</table>
232			';
233			}
234
235			/**
236			* printGetCertificate
237			*
238			* This function prints the 'Get New Certificate' box on the main page.
239			* If the 'p12' PHP session variable is valid, it is read and a link for the
240			* usercred.p12 file is presented to the user.
241			*/
242			function printGetCertificate()
243			{
244			// Check if PKCS12 downloading is disabled. If so, print out message.
245			$skin = Util::getSkin();
246			$disabled = $skin->getConfigOption('pkcs12', 'disabled');
247			if ((!is_null($disabled)) && ((int)$disabled == 1)) {
248			$disabledmsg = $skin->getConfigOption(
249			'pkcs12',
250			'disabledmessage'
251			);
252			if (!is_null($disabledmsg)) {
253			$disabledmsg = trim(html_entity_decode($disabledmsg));
254			}
255			if (strlen($disabledmsg) == 0) {
256			$disabledmsg = "Downloading PKCS12 certificates is " .
257			"restricted. Please try another method or log on " .
258			"with a different Identity Provider.";
259			}
260
261			echo '<div class="p12actionbox"><p>
262			', $disabledmsg , '
263			</p></div> <!-- p12actionbox -->';
264			} else { // PKCS12 downloading is okay
265			$downloadcerttext = "Clicking this button will generate a link " .
266			"to a new certificate, which you can download to your local " .
267			"computer. The certificate is valid for up to 13 months.";
268			$p12linktext = "Left-click this link to import the certificate " .
269			"into your broswer / operating system. (Firefox users see " .
270			"the FAQ.) Right-click this link and select 'Save As...' to " .
271			"save the certificate to your desktop.";
272			$passwordtext1 = 'Enter a password of at least 12 characters to " .
273			"protect your certificate.';
274			$passwordtext2 = 'Re-enter your password to verify.';
275
276			validateP12();
277			$p12expire = '';
278			$p12link = '';
279			$p12 = Util::getSessionVar('p12');
280			if (preg_match('/([^\s])\s(.)/', $p12, $match)) {
281			$p12expire = $match[1];
282			$p12link = $match[2];
283			}
284
285			if ((strlen($p12link) > 0) && (strlen($p12expire) > 0)) {
286			$p12link = '<a href="' . $p12link .
287			'">» Click Here To Download Your Certificate «</a>';
288			}
289			if ((strlen($p12expire) > 0) && ($p12expire > 0)) {
290			$expire = $p12expire - time();
291			$minutes = floor($expire % 3600 / 60);
292			$seconds = $expire % 60;
293			$p12expire = 'Link Expires: ' .
294			sprintf("%02dm:%02ds", $minutes, $seconds);
295			} else {
296			$p12expire = '';
297			}
298
299			$p12lifetime = Util::getSessionVar('p12lifetime');
300			if ((strlen($p12lifetime) == 0) \|\| ($p12lifetime == 0)) {
301			$p12lifetime = Util::getCookieVar('p12lifetime');
302			}
303			$p12multiplier = Util::getSessionVar('p12multiplier');
304			if ((strlen($p12multiplier) == 0) \|\| ($p12multiplier == 0)) {
305			$p12multiplier = Util::getCookieVar('p12multiplier');
306			}
307
308			// Try to read the skin's intiallifetime if not yet set
309			if ((strlen($p12lifetime) == 0) \|\| ($p12lifetime <= 0)) {
310			// See if the skin specified an initial value
311			$skinlife = $skin->getConfigOption('pkcs12', 'initiallifetime', 'number');
312			$skinmult = $skin->getConfigOption('pkcs12', 'initiallifetime', 'multiplier');
313			if ((!is_null($skinlife)) && (!is_null($skinmult)) &&
314			((int)$skinlife > 0) && ((int)$skinmult > 0)) {
315			$p12lifetime = (int)$skinlife;
316			$p12multiplier = (int)$skinmult;
317			} else {
318			$p12lifetime = 13; // Default to 13 months
319			$p12multiplier = 732;
320			}
321			}
322			if ((strlen($p12multiplier) == 0) \|\| ($p12multiplier <= 0)) {
323			$p12multiplier = 732; // Default to months
324			if ($p12lifetime > 13) {
325			$p12lifetime = 13;
326			}
327			}
328
329			// Make sure lifetime is within [minlifetime,maxlifetime]
330			list($minlifetime, $maxlifetime) =
331			Content::getMinMaxLifetimes('pkcs12', 9516);
332			if (($p12lifetime * $p12multiplier) < $minlifetime) {
333			$p12lifetime = $minlifetime;
334			$p12multiplier = 1; // In hours
335			} elseif (($p12lifetime * $p12multiplier) > $maxlifetime) {
336			$p12lifetime = $maxlifetime;
337			$p12multiplier = 1; // In hours
338			}
339
340			$lifetimetext = "Specify the certificate lifetime. Acceptable range " .
341			"is between $minlifetime and $maxlifetime hours" .
342			(($maxlifetime > 732) ?
343			" ( = " . round(($maxlifetime / 732), 2) . " months)." :
344			"."
345			);
346
347			echo '
348			<div class="p12actionbox"';
349
350			if (Util::getSessionVar('showhelp') == 'on') {
351			echo ' style="width:92%;"';
352			}
353
354			echo '>
355			<table class="helptable">
356			<tr>
357			<td class="actioncell">
358			';
359
360			Content::printFormHead();
361
362			echo '
363			<fieldset>
364			';
365
366			$p12error = Util::getSessionVar('p12error');
367			if (strlen($p12error) > 0) {
368			echo "<p class=\"logonerror\">$p12error</p>";
369			Util::unsetSessionVar('p12error');
370			}
371
372			echo '
373			<p>
374			Password Protect Your New Certificate:
375			</p>
376
377			<p>
378			<label for="password1" class="helpcursor" title="' ,
379			$passwordtext1 , '">Enter A Password:</label>
380			<input type="password" name="password1" id="password1"
381			size="22" title="' , $passwordtext1 , '" onkeyup="checkPassword()"/>
382			<img src="/images/blankIcon.png" width="14" height="14" alt=""
383			id="pw1icon"/>
384			</p>
385
386			<p>
387			<label for="password2" class="helpcursor" title="' ,
388			$passwordtext2 , '">Confirm Password:</label>
389			<input type="password" name="password2" id="password2"
390			size="22" title="' , $passwordtext2 , '" onkeyup="checkPassword()"/>
391			<img src="/images/blankIcon.png" width="14" height="14" alt=""
392			id="pw2icon"/>
393			</p>
394
395			<p class="p12certificatelifetime">
396			<label for="p12lifetime" title="' , $lifetimetext ,
397			'" class="helpcursor">Certificate Lifetime:</label>
398			<input type="text" name="p12lifetime" id="p12lifetime"
399			title="', $lifetimetext ,
400			'" class="helpcursor" value="' , $p12lifetime ,
401			'" size="8" maxlength="8"/>
402			<select title="' , $lifetimetext ,
403			'" class="helpcursor" id="p12multiplier" name="p12multiplier">
404			<option value="1"' ,
405			(($p12multiplier == 1) ? ' selected="selected"' : '') ,
406			'>hours</option>
407			<option value="24"' ,
408			(($p12multiplier == 24) ? ' selected="selected"' : '') ,
409			'>days</option>
410			<option value="732"' ,
411			(($p12multiplier == 732) ? ' selected="selected"' : '') ,
412			'>months</option>
413			</select>
414			<img src="/images/blankIcon.png" width="14" height="14" alt=""/>
415			</p>
416
417			<p>
418			<input type="submit" name="submit" class="submit helpcursor"
419			title="' , $downloadcerttext , '" value="Get New Certificate"
420			onclick="showHourglass(\'p12\')"/>
421			<img src="/images/hourglass.gif" width="32" height="32" alt=""
422			class="hourglass" id="p12hourglass"/>
423			</p>
424
425			<p id="p12value" class="helpcursor" title="' ,
426			$p12linktext , '">' , $p12link , '</p>
427			<p id="p12expire">' , $p12expire , '</p>
428
429			</fieldset>
430			</form>
431			</td>
432			';
433
434			if (Util::getSessionVar('showhelp') == 'on') {
435			echo '
436			<td class="helpcell">
437			<div>
438			<p>
439			In order to get a new certificate, please enter a password of at
440			least 12 characters in length. This password protects the private
441			key of the certificate and is different from your identity provider
442			password. You must enter the password twice for verification.
443			</p>
444			<p>
445			After entering a password, click the "Get New Certificate" button to
446			generate a new link. Right-click on this link to download the
447			certificate to your computer. The certificate is valid for up to 13
448			months.
449			</p>
450			</div>
451			</td>
452			';
453			}
454
455			echo '
456			</tr>
457			</table>
458			</div> <!-- p12actionbox -->
459			';
460			}
461			}
462
463			/**
464			* printLogOff
465			*
466			* This function prints the Log Off boxes at the bottom of the main page.
467			*/
468			function printLogOff()
469			{
470			$logofftext = 'End your CILogon session and return to the welcome page. ' .
471			'Note that this will not log you out at ' .
472			Util::getSessionVar('idpname') . '.';
473
474			$showhelp = Util::getSessionVar('showhelp');
475
476			echo '
477			<div class="logoffactionbox"';
478
479			if ($showhelp == 'on') {
480			echo ' style="width:92%;"';
481			}
482
483			echo '>
484			<table class="helptable">
485			<tr>
486			<td class="actioncell">
487			';
488
489			Content::printFormHead();
490
491			echo '
492			<p>
493			<input type="submit" name="submit" class="submit helpcursor"
494			title="' , $logofftext , '" value="Log Off" />
495			</p>
496			</form>
497			</td>
498			';
499
500			if ($showhelp == 'on') {
501			echo '
502			<td class="helpcell">
503			<div>
504			<p>
505			This button will log you off of the CILogon Service. In order to log
506			out from your identity provider, you must either quit your browser
507			or manually clear your browser\'s cookies.
508			</p>
509			</div>
510			</td>
511			';
512			}
513
514			echo '
515			</tr>
516			</table>
517			</div> <!-- logoffactionbox -->
518
519			<div class="logofftextbox"';
520
521			if ($showhelp == 'on') {
522			echo ' style="width:92%;"';
523			}
524
525			echo '>
526			<table class="helptable">
527			<tr>
528			<td class="actioncell">
529			<p>To log off, please quit your browser.<p>
530			</td>
531			';
532
533			if ($showhelp == 'on') {
534			echo '
535			<td class="helpcell">
536			<div>
537			<p>
538			Quitting your browser clears all session cookies which logs you out
539			from your identity provider. Alternatively, you can manually clear
540			your browser\'s cookies.
541			</p>
542			</div>
543			</td>
544			';
545			}
546
547			echo '
548			</tr>
549			</table>
550			</div> <!-- logofftextbox -->
551			';
552			}
553
554			/**
555			* validateP12
556			*
557			* This function is called just before the 'Download your certificate'
558			* link is printed out to HTML. It checks to see if the p12 is still
559			* valid time-wise. If not, then it unsets the PHP session variable
560			* 'p12'.
561			*/
562			function validateP12()
563			{
564			$p12link = '';
565			$p12expire = '';
566			$p12 = Util::getSessionVar('p12');
567			if (preg_match('/([^\s])\s(.)/', $p12, $match)) {
568			$p12expire = $match[1];
569			$p12link = $match[2];
570			}
571
572			// Verify that the p12expire and p12link values are valid.
573			if ((strlen($p12expire) == 0) \|\|
574			($p12expire == 0) \|\|
575			(time() > $p12expire) \|\|
576			(strlen($p12link) == 0)) {
577			Util::unsetSessionVar('p12');
578			}
579			}
580
581			// Util::$timeit->printTime('MAIN Program END... ');
582

cilogon / service

Push — master ( 5a053e...8eeafe )

index-site.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like