Issues in index-functions.php - All Issues - Inspection of "CIL-614 Remove CILogon 2FA capability (i.e., local..." - cilogon/service - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8eeafe...eaa09a )

by Terrence

created 2019-11-19 16:47 UTC

index-functions.php (2 issues)

Labels

Best Practice 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This file contains functions called by index-site.php. The index-site.php
 * file should include this file with the following statement at the top:
 *
 * require_once __DIR__ . '/index-functions.php';
 */

use CILogon\Service\Util;
use CILogon\Service\Content;
use CILogon\Service\Loggit;

/**
 * printLogonPage
 *
 * This function prints out the HTML for the main cilogon.org page.
 * Explanatory text is shown as well as a button to log in to an IdP
 * and get rerouted to the Shibboleth protected service script, or the
 * OpenID script.
 *
 * @param bool $clearcookies True if the Shibboleth cookies and session
 *        variables  should be cleared out before displaying the page.
 *        Defaults to false.
 */
function printLogonPage($clearcookies = false)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    if ($clearcookies) {
        Util::removeShibCookies();
        Util::unsetAllUserSessionVars();
        Util::getSkin()->init(true);  // Clear cilogon_skin var; check for forced skin
    }

    $log = new Loggit();
    $log->info('Welcome page hit.');

    Util::setSessionVar('stage', 'logon'); // For Show/Hide Help button clicks

    Content::printHeader('Welcome To The CILogon Service');

    echo '
    <div class="boxed">
    ';

    Content::printHelpButton();
    Content::printWAYF();

    echo '
    </div> <!-- End boxed -->
    ';
    Content::printFooter();
}

/**
 * printMainPage
 *
 * This function prints out the HTML for the main page where the user
 * can download a certificate.
 */
function printMainPage()
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    $log = new Loggit();
    $log->info('Get And Use Certificate page hit.');

    Util::setSessionVar('stage', 'main'); // For Show/Hide Help button clicks

    Content::printHeader('Get Your Certificate');

    // CIL-626 Allow browser 'reload page' by adding CSRF to the PHP session
    Util::setSessionVar('submit', 'Proceed');
    Util::getCsrf()->setTheSession();

    echo '
    <div class="boxed">
    ';

    Content::printHelpButton();
    printCertInfo();
    printGetCertificate();
    printLogOff();

    echo '
    </div> <!-- boxed -->
    ';
    Content::printFooter();
}

/**
 * printCertInfo
 *
 * This function prints the certificate information table at the top
 * of the main page.
 */
function printCertInfo()
{
    $dn = Util::getSessionVar('dn');
    $dn = Content::reformatDN(preg_replace('/\s+email=.+$/', '', $dn));

    echo '
    <table class="certinfo">
      <tr>
        <th>Certificate&nbsp;Subject:</th>
        <td>' , Util::htmlent($dn) , '</td>
      </tr>
      <tr>
        <th>Identity&nbsp;Provider:</th>
        <td>' , Util::getSessionVar('idpname') , '</td>
      </tr>
      <tr>
        <th><a target="_blank"
        href="http://ca.cilogon.org/loa">Level&nbsp;of&nbsp;Assurance:</a></th>
        <td>
    ';

    $loa = Util::getSessionVar('loa');
    if ($loa == 'openid') {
        echo '<a href="http://ca.cilogon.org/policy/openid"
              target="_blank">OpenID</a>';
    } elseif ($loa == 'http://incommonfederation.org/assurance/silver') {
        echo '<a href="http://ca.cilogon.org/policy/silver"
              target="_blank">Silver</a>';
    } else {
        echo '<a href="http://ca.cilogon.org/policy/basic"
              target="_blank">Basic</a>';
    }
    echo '
        </td>
      </tr>
    </table>
    ';
}

/**
 * printGetCertificate
 *
 * This function prints the 'Get New Certificate' box on the main page.
 * If the 'p12' PHP session variable is valid, it is read and a link for the
 * usercred.p12 file is presented to the user.
 */
function printGetCertificate()
{
    // Check if PKCS12 downloading is disabled. If so, print out message.
    $skin = Util::getSkin();
    $disabled = $skin->getConfigOption('pkcs12', 'disabled');
    if ((!is_null($disabled)) && ((int)$disabled == 1)) {
        $disabledmsg = $skin->getConfigOption(
            'pkcs12',
            'disabledmessage'
        );
        if (!is_null($disabledmsg)) {
            $disabledmsg = trim(html_entity_decode($disabledmsg));
        }
        if (strlen($disabledmsg) == 0) {
            $disabledmsg = "Downloading PKCS12 certificates is " .
                "restricted. Please try another method or log on " .
                "with a different Identity Provider.";
        }

        echo '<div class="p12actionbox"><p>
             ', $disabledmsg , '
             </p></div> <!-- p12actionbox -->';
    } else { // PKCS12 downloading is okay
        $downloadcerttext = "Clicking this button will generate a link " .
            "to a new certificate, which you can download to your local " .
            "computer. The certificate is valid for up to 13 months.";
        $p12linktext = "Left-click this link to import the certificate " .
            "into your broswer / operating system. (Firefox users see " .
            "the FAQ.) Right-click this link and select 'Save As...' to " .
            "save the certificate to your desktop.";
        $passwordtext1 = 'Enter a password of at least 12 characters to " .
            "protect your certificate.';
        $passwordtext2 = 'Re-enter your password to verify.';

        validateP12();
        $p12expire = '';
        $p12link = '';
        $p12 = Util::getSessionVar('p12');
        if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) {
            $p12expire = $match[1];
            $p12link = $match[2];
        }

        if ((strlen($p12link) > 0) && (strlen($p12expire) > 0)) {
            $p12link = '<a href="' . $p12link .
                '">&raquo; Click Here To Download Your Certificate &laquo;</a>';
        }
        if ((strlen($p12expire) > 0) && ($p12expire > 0)) {
            $expire = $p12expire - time();
            $minutes = floor($expire % 3600 / 60);
            $seconds = $expire % 60;
            $p12expire = 'Link Expires: ' .
                sprintf("%02dm:%02ds", $minutes, $seconds);
        } else {
            $p12expire = '';
        }

        $p12lifetime = Util::getSessionVar('p12lifetime');
        if ((strlen($p12lifetime) == 0) || ($p12lifetime == 0)) {
            $p12lifetime = Util::getCookieVar('p12lifetime');
        }
        $p12multiplier = Util::getSessionVar('p12multiplier');
        if ((strlen($p12multiplier) == 0) || ($p12multiplier == 0)) {
            $p12multiplier = Util::getCookieVar('p12multiplier');
        }

        // Try to read the skin's intiallifetime if not yet set
        if ((strlen($p12lifetime) == 0) || ($p12lifetime <= 0)) {
            // See if the skin specified an initial value
            $skinlife = $skin->getConfigOption('pkcs12', 'initiallifetime', 'number');
            $skinmult = $skin->getConfigOption('pkcs12', 'initiallifetime', 'multiplier');
            if (
                (!is_null($skinlife)) && (!is_null($skinmult)) &&
                ((int)$skinlife > 0) && ((int)$skinmult > 0)
            ) {
                $p12lifetime = (int)$skinlife;
                $p12multiplier = (int)$skinmult;
            } else {
                $p12lifetime = 13;      // Default to 13 months
                $p12multiplier = 732;
            }
        }
        if ((strlen($p12multiplier) == 0) || ($p12multiplier <= 0)) {
            $p12multiplier = 732;   // Default to months
            if ($p12lifetime > 13) {
                $p12lifetime = 13;
            }
        }

        // Make sure lifetime is within [minlifetime,maxlifetime]
        list($minlifetime, $maxlifetime) =
            Content::getMinMaxLifetimes('pkcs12', 9516);
        if (($p12lifetime * $p12multiplier) < $minlifetime) {
            $p12lifetime = $minlifetime;
            $p12multiplier = 1; // In hours
        } elseif (($p12lifetime * $p12multiplier) > $maxlifetime) {
            $p12lifetime = $maxlifetime;
            $p12multiplier = 1; // In hours
        }

        $lifetimetext = "Specify the certificate lifetime. Acceptable range " .
                        "is between $minlifetime and $maxlifetime hours" .
                        (($maxlifetime > 732) ?
                            " ( = " . round(($maxlifetime / 732), 2) . " months)." :
                            "."
                        );

        echo '
        <div class="p12actionbox"';

        if (Util::getSessionVar('showhelp') == 'on') {
            echo ' style="width:92%;"';
        }

        echo '>
        <table class="helptable">
        <tr>
        <td class="actioncell">
        ';

        Content::printFormHead();

        echo '
          <fieldset>
          ';

        $p12error = Util::getSessionVar('p12error');
        if (strlen($p12error) > 0) {
            echo "<p class=\"logonerror\">$p12error</p>";
            Util::unsetSessionVar('p12error');
        }

        echo '
          <p>
          Password Protect Your New Certificate:
          </p>

          <p>
          <label for="password1" class="helpcursor" title="' ,
          $passwordtext1 , '">Enter A Password:</label>
          <input type="password" name="password1" id="password1"
          size="22" title="' , $passwordtext1 , '" onkeyup="checkPassword()"/>
          <img src="/images/blankIcon.png" width="14" height="14" alt=""
          id="pw1icon"/>
          </p>

          <p>
          <label for="password2" class="helpcursor" title="' ,
          $passwordtext2 , '">Confirm Password:</label>
          <input type="password" name="password2" id="password2"
          size="22" title="' , $passwordtext2 , '" onkeyup="checkPassword()"/>
          <img src="/images/blankIcon.png" width="14" height="14" alt=""
          id="pw2icon"/>
          </p>

          <p class="p12certificatelifetime">
          <label for="p12lifetime" title="' , $lifetimetext ,
          '" class="helpcursor">Certificate Lifetime:</label>
          <input type="text" name="p12lifetime" id="p12lifetime"
          title="', $lifetimetext ,
          '" class="helpcursor" value="' , $p12lifetime ,
          '" size="8" maxlength="8"/>
          <select title="' , $lifetimetext ,
          '" class="helpcursor" id="p12multiplier" name="p12multiplier">
          <option value="1"' ,
              (($p12multiplier == 1) ? ' selected="selected"' : '') ,
              '>hours</option>
          <option value="24"' ,
              (($p12multiplier == 24) ? ' selected="selected"' : '') ,
              '>days</option>
          <option value="732"' ,
              (($p12multiplier == 732) ? ' selected="selected"' : '') ,
              '>months</option>
          </select>
          <img src="/images/blankIcon.png" width="14" height="14" alt=""/>
          </p>

          <p>
          <input type="submit" name="submit" class="submit helpcursor"
          title="' , $downloadcerttext , '" value="Get New Certificate"
          onclick="showHourglass(\'p12\')"/>
          <img src="/images/hourglass.gif" width="32" height="32" alt=""
          class="hourglass" id="p12hourglass"/>
          </p>

          <p id="p12value" class="helpcursor" title="' ,
              $p12linktext , '">' , $p12link , '</p>
          <p id="p12expire">' , $p12expire , '</p>

          </fieldset>
          </form>
        </td>
        ';

        if (Util::getSessionVar('showhelp') == 'on') {
            echo '
            <td class="helpcell">
            <div>
            <p>
            In order to get a new certificate, please enter a password of at
            least 12 characters in length.  This password protects the private
            key of the certificate and is different from your identity provider
            password.  You must enter the password twice for verification.
            </p>
            <p>
            After entering a password, click the "Get New Certificate" button to
            generate a new link.  Right-click on this link to download the
            certificate to your computer.  The certificate is valid for up to 13
            months.
            </p>
            </div>
            </td>
            ';
        }

        echo '
        </tr>
        </table>
        </div> <!-- p12actionbox -->
        ';
    }
}

/**
 * printLogOff
 *
 * This function prints the Log Off boxes at the bottom of the main page.
 */
function printLogOff()
{
    $logofftext = 'End your CILogon session and return to the welcome page. ' .
                  'Note that this will not log you out at ' .
                  Util::getSessionVar('idpname') . '.';

    $showhelp = Util::getSessionVar('showhelp');

    echo '
    <div class="logoffactionbox"';

    if ($showhelp == 'on') {
        echo ' style="width:92%;"';
    }

    echo '>
    <table class="helptable">
    <tr>
    <td class="actioncell">
    ';

    Content::printFormHead();

    echo '
      <p>
      <input type="submit" name="submit" class="submit helpcursor"
      title="' , $logofftext , '" value="Log Off" />
      </p>
    </form>
    </td>
    ';

    if ($showhelp == 'on') {
        echo '
        <td class="helpcell">
        <div>
        <p>
        This button will log you off of the CILogon Service. In order to log
        out from your identity provider, you must either quit your browser
        or manually clear your browser\'s cookies.
        </p>
        </div>
        </td>
        ';
    }

    echo '
    </tr>
    </table>
    </div> <!-- logoffactionbox -->

    <div class="logofftextbox"';

    if ($showhelp == 'on') {
        echo ' style="width:92%;"';
    }

    echo '>
    <table class="helptable">
    <tr>
    <td class="actioncell">
      <p>To log off, please quit your browser.<p>
    </td>
    ';

    if ($showhelp == 'on') {
        echo '
        <td class="helpcell">
        <div>
        <p>
        Quitting your browser clears all session cookies which logs you out
        from your identity provider.  Alternatively, you can manually clear
        your browser\'s cookies.
        </p>
        </div>
        </td>
        ';
    }

    echo '
    </tr>
    </table>
    </div> <!-- logofftextbox -->
    ';
}

/**
 * validateP12
 *
 * This function is called just before the 'Download your certificate'
 * link is printed out to HTML. It checks to see if the p12 is still
 * valid time-wise. If not, then it unsets the PHP session variable
 * 'p12'.
 */
function validateP12()
{
    $p12link = '';
    $p12expire = '';
    $p12 = Util::getSessionVar('p12');
    if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) {
        $p12expire = $match[1];
        $p12link = $match[2];
    }

    // Verify that the p12expire and p12link values are valid.
    if (
        (strlen($p12expire) == 0) ||
        ($p12expire == 0) ||
        (time() > $p12expire) ||
        (strlen($p12link) == 0)
    ) {
        Util::unsetSessionVar('p12');
    }
}


1			<?php
2
3			/**
4			* This file contains functions called by index-site.php. The index-site.php
5			* file should include this file with the following statement at the top:
6			*
7			* require_once __DIR__ . '/index-functions.php';
8			*/
9
10			use CILogon\Service\Util;
11			use CILogon\Service\Content;
12			use CILogon\Service\Loggit;
13
14			/**
15			* printLogonPage
16			*
17			* This function prints out the HTML for the main cilogon.org page.
18			* Explanatory text is shown as well as a button to log in to an IdP
19			* and get rerouted to the Shibboleth protected service script, or the
20			* OpenID script.
21			*
22			* @param bool $clearcookies True if the Shibboleth cookies and session
23			* variables should be cleared out before displaying the page.
24			* Defaults to false.
25			*/
26			function printLogonPage($clearcookies = false)
			0 ignored issues – show Best Practice introduced 2019-11-18 22:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `printLogonPage()` has been defined more than once; this definition is ignored, only the first definition in `authorize/index-functions.php` (L25-121) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
27			{
28			if ($clearcookies) {
29			Util::removeShibCookies();
30			Util::unsetAllUserSessionVars();
31			Util::getSkin()->init(true); // Clear cilogon_skin var; check for forced skin
32			}
33
34			$log = new Loggit();
35			$log->info('Welcome page hit.');
36
37			Util::setSessionVar('stage', 'logon'); // For Show/Hide Help button clicks
38
39			Content::printHeader('Welcome To The CILogon Service');
40
41			echo '
42			<div class="boxed">
43			';
44
45			Content::printHelpButton();
46			Content::printWAYF();
47
48			echo '
49			</div> <!-- End boxed -->
50			';
51			Content::printFooter();
52			}
53
54			/**
55			* printMainPage
56			*
57			* This function prints out the HTML for the main page where the user
58			* can download a certificate.
59			*/
60			function printMainPage()
			0 ignored issues – show Best Practice introduced 2019-11-18 22:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `printMainPage()` has been defined more than once; this definition is ignored, only the first definition in `authorize/index-functions.php` (L192-289) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
61			{
62			$log = new Loggit();
63			$log->info('Get And Use Certificate page hit.');
64
65			Util::setSessionVar('stage', 'main'); // For Show/Hide Help button clicks
66
67			Content::printHeader('Get Your Certificate');
68
69			// CIL-626 Allow browser 'reload page' by adding CSRF to the PHP session
70			Util::setSessionVar('submit', 'Proceed');
71			Util::getCsrf()->setTheSession();
72
73			echo '
74			<div class="boxed">
75			';
76
77			Content::printHelpButton();
78			printCertInfo();
79			printGetCertificate();
80			printLogOff();
81
82			echo '
83			</div> <!-- boxed -->
84			';
85			Content::printFooter();
86			}
87
88			/**
89			* printCertInfo
90			*
91			* This function prints the certificate information table at the top
92			* of the main page.
93			*/
94			function printCertInfo()
95			{
96			$dn = Util::getSessionVar('dn');
97			$dn = Content::reformatDN(preg_replace('/\s+email=.+$/', '', $dn));
98
99			echo '
100			<table class="certinfo">
101			<tr>
102			<th>Certificate Subject:</th>
103			<td>' , Util::htmlent($dn) , '</td>
104			</tr>
105			<tr>
106			<th>Identity Provider:</th>
107			<td>' , Util::getSessionVar('idpname') , '</td>
108			</tr>
109			<tr>
110			<th><a target="_blank"
111			href="http://ca.cilogon.org/loa">Level of Assurance:</a></th>
112			<td>
113			';
114
115			$loa = Util::getSessionVar('loa');
116			if ($loa == 'openid') {
117			echo '<a href="http://ca.cilogon.org/policy/openid"
118			target="_blank">OpenID</a>';
119			} elseif ($loa == 'http://incommonfederation.org/assurance/silver') {
120			echo '<a href="http://ca.cilogon.org/policy/silver"
121			target="_blank">Silver</a>';
122			} else {
123			echo '<a href="http://ca.cilogon.org/policy/basic"
124			target="_blank">Basic</a>';
125			}
126			echo '
127			</td>
128			</tr>
129			</table>
130			';
131			}
132
133			/**
134			* printGetCertificate
135			*
136			* This function prints the 'Get New Certificate' box on the main page.
137			* If the 'p12' PHP session variable is valid, it is read and a link for the
138			* usercred.p12 file is presented to the user.
139			*/
140			function printGetCertificate()
141			{
142			// Check if PKCS12 downloading is disabled. If so, print out message.
143			$skin = Util::getSkin();
144			$disabled = $skin->getConfigOption('pkcs12', 'disabled');
145			if ((!is_null($disabled)) && ((int)$disabled == 1)) {
146			$disabledmsg = $skin->getConfigOption(
147			'pkcs12',
148			'disabledmessage'
149			);
150			if (!is_null($disabledmsg)) {
151			$disabledmsg = trim(html_entity_decode($disabledmsg));
152			}
153			if (strlen($disabledmsg) == 0) {
154			$disabledmsg = "Downloading PKCS12 certificates is " .
155			"restricted. Please try another method or log on " .
156			"with a different Identity Provider.";
157			}
158
159			echo '<div class="p12actionbox"><p>
160			', $disabledmsg , '
161			</p></div> <!-- p12actionbox -->';
162			} else { // PKCS12 downloading is okay
163			$downloadcerttext = "Clicking this button will generate a link " .
164			"to a new certificate, which you can download to your local " .
165			"computer. The certificate is valid for up to 13 months.";
166			$p12linktext = "Left-click this link to import the certificate " .
167			"into your broswer / operating system. (Firefox users see " .
168			"the FAQ.) Right-click this link and select 'Save As...' to " .
169			"save the certificate to your desktop.";
170			$passwordtext1 = 'Enter a password of at least 12 characters to " .
171			"protect your certificate.';
172			$passwordtext2 = 'Re-enter your password to verify.';
173
174			validateP12();
175			$p12expire = '';
176			$p12link = '';
177			$p12 = Util::getSessionVar('p12');
178			if (preg_match('/([^\s])\s(.)/', $p12, $match)) {
179			$p12expire = $match[1];
180			$p12link = $match[2];
181			}
182
183			if ((strlen($p12link) > 0) && (strlen($p12expire) > 0)) {
184			$p12link = '<a href="' . $p12link .
185			'">» Click Here To Download Your Certificate «</a>';
186			}
187			if ((strlen($p12expire) > 0) && ($p12expire > 0)) {
188			$expire = $p12expire - time();
189			$minutes = floor($expire % 3600 / 60);
190			$seconds = $expire % 60;
191			$p12expire = 'Link Expires: ' .
192			sprintf("%02dm:%02ds", $minutes, $seconds);
193			} else {
194			$p12expire = '';
195			}
196
197			$p12lifetime = Util::getSessionVar('p12lifetime');
198			if ((strlen($p12lifetime) == 0) \|\| ($p12lifetime == 0)) {
199			$p12lifetime = Util::getCookieVar('p12lifetime');
200			}
201			$p12multiplier = Util::getSessionVar('p12multiplier');
202			if ((strlen($p12multiplier) == 0) \|\| ($p12multiplier == 0)) {
203			$p12multiplier = Util::getCookieVar('p12multiplier');
204			}
205
206			// Try to read the skin's intiallifetime if not yet set
207			if ((strlen($p12lifetime) == 0) \|\| ($p12lifetime <= 0)) {
208			// See if the skin specified an initial value
209			$skinlife = $skin->getConfigOption('pkcs12', 'initiallifetime', 'number');
210			$skinmult = $skin->getConfigOption('pkcs12', 'initiallifetime', 'multiplier');
211			if (
212			(!is_null($skinlife)) && (!is_null($skinmult)) &&
213			((int)$skinlife > 0) && ((int)$skinmult > 0)
214			) {
215			$p12lifetime = (int)$skinlife;
216			$p12multiplier = (int)$skinmult;
217			} else {
218			$p12lifetime = 13; // Default to 13 months
219			$p12multiplier = 732;
220			}
221			}
222			if ((strlen($p12multiplier) == 0) \|\| ($p12multiplier <= 0)) {
223			$p12multiplier = 732; // Default to months
224			if ($p12lifetime > 13) {
225			$p12lifetime = 13;
226			}
227			}
228
229			// Make sure lifetime is within [minlifetime,maxlifetime]
230			list($minlifetime, $maxlifetime) =
231			Content::getMinMaxLifetimes('pkcs12', 9516);
232			if (($p12lifetime * $p12multiplier) < $minlifetime) {
233			$p12lifetime = $minlifetime;
234			$p12multiplier = 1; // In hours
235			} elseif (($p12lifetime * $p12multiplier) > $maxlifetime) {
236			$p12lifetime = $maxlifetime;
237			$p12multiplier = 1; // In hours
238			}
239
240			$lifetimetext = "Specify the certificate lifetime. Acceptable range " .
241			"is between $minlifetime and $maxlifetime hours" .
242			(($maxlifetime > 732) ?
243			" ( = " . round(($maxlifetime / 732), 2) . " months)." :
244			"."
245			);
246
247			echo '
248			<div class="p12actionbox"';
249
250			if (Util::getSessionVar('showhelp') == 'on') {
251			echo ' style="width:92%;"';
252			}
253
254			echo '>
255			<table class="helptable">
256			<tr>
257			<td class="actioncell">
258			';
259
260			Content::printFormHead();
261
262			echo '
263			<fieldset>
264			';
265
266			$p12error = Util::getSessionVar('p12error');
267			if (strlen($p12error) > 0) {
268			echo "<p class=\"logonerror\">$p12error</p>";
269			Util::unsetSessionVar('p12error');
270			}
271
272			echo '
273			<p>
274			Password Protect Your New Certificate:
275			</p>
276
277			<p>
278			<label for="password1" class="helpcursor" title="' ,
279			$passwordtext1 , '">Enter A Password:</label>
280			<input type="password" name="password1" id="password1"
281			size="22" title="' , $passwordtext1 , '" onkeyup="checkPassword()"/>
282			<img src="/images/blankIcon.png" width="14" height="14" alt=""
283			id="pw1icon"/>
284			</p>
285
286			<p>
287			<label for="password2" class="helpcursor" title="' ,
288			$passwordtext2 , '">Confirm Password:</label>
289			<input type="password" name="password2" id="password2"
290			size="22" title="' , $passwordtext2 , '" onkeyup="checkPassword()"/>
291			<img src="/images/blankIcon.png" width="14" height="14" alt=""
292			id="pw2icon"/>
293			</p>
294
295			<p class="p12certificatelifetime">
296			<label for="p12lifetime" title="' , $lifetimetext ,
297			'" class="helpcursor">Certificate Lifetime:</label>
298			<input type="text" name="p12lifetime" id="p12lifetime"
299			title="', $lifetimetext ,
300			'" class="helpcursor" value="' , $p12lifetime ,
301			'" size="8" maxlength="8"/>
302			<select title="' , $lifetimetext ,
303			'" class="helpcursor" id="p12multiplier" name="p12multiplier">
304			<option value="1"' ,
305			(($p12multiplier == 1) ? ' selected="selected"' : '') ,
306			'>hours</option>
307			<option value="24"' ,
308			(($p12multiplier == 24) ? ' selected="selected"' : '') ,
309			'>days</option>
310			<option value="732"' ,
311			(($p12multiplier == 732) ? ' selected="selected"' : '') ,
312			'>months</option>
313			</select>
314			<img src="/images/blankIcon.png" width="14" height="14" alt=""/>
315			</p>
316
317			<p>
318			<input type="submit" name="submit" class="submit helpcursor"
319			title="' , $downloadcerttext , '" value="Get New Certificate"
320			onclick="showHourglass(\'p12\')"/>
321			<img src="/images/hourglass.gif" width="32" height="32" alt=""
322			class="hourglass" id="p12hourglass"/>
323			</p>
324
325			<p id="p12value" class="helpcursor" title="' ,
326			$p12linktext , '">' , $p12link , '</p>
327			<p id="p12expire">' , $p12expire , '</p>
328
329			</fieldset>
330			</form>
331			</td>
332			';
333
334			if (Util::getSessionVar('showhelp') == 'on') {
335			echo '
336			<td class="helpcell">
337			<div>
338			<p>
339			In order to get a new certificate, please enter a password of at
340			least 12 characters in length. This password protects the private
341			key of the certificate and is different from your identity provider
342			password. You must enter the password twice for verification.
343			</p>
344			<p>
345			After entering a password, click the "Get New Certificate" button to
346			generate a new link. Right-click on this link to download the
347			certificate to your computer. The certificate is valid for up to 13
348			months.
349			</p>
350			</div>
351			</td>
352			';
353			}
354
355			echo '
356			</tr>
357			</table>
358			</div> <!-- p12actionbox -->
359			';
360			}
361			}
362
363			/**
364			* printLogOff
365			*
366			* This function prints the Log Off boxes at the bottom of the main page.
367			*/
368			function printLogOff()
369			{
370			$logofftext = 'End your CILogon session and return to the welcome page. ' .
371			'Note that this will not log you out at ' .
372			Util::getSessionVar('idpname') . '.';
373
374			$showhelp = Util::getSessionVar('showhelp');
375
376			echo '
377			<div class="logoffactionbox"';
378
379			if ($showhelp == 'on') {
380			echo ' style="width:92%;"';
381			}
382
383			echo '>
384			<table class="helptable">
385			<tr>
386			<td class="actioncell">
387			';
388
389			Content::printFormHead();
390
391			echo '
392			<p>
393			<input type="submit" name="submit" class="submit helpcursor"
394			title="' , $logofftext , '" value="Log Off" />
395			</p>
396			</form>
397			</td>
398			';
399
400			if ($showhelp == 'on') {
401			echo '
402			<td class="helpcell">
403			<div>
404			<p>
405			This button will log you off of the CILogon Service. In order to log
406			out from your identity provider, you must either quit your browser
407			or manually clear your browser\'s cookies.
408			</p>
409			</div>
410			</td>
411			';
412			}
413
414			echo '
415			</tr>
416			</table>
417			</div> <!-- logoffactionbox -->
418
419			<div class="logofftextbox"';
420
421			if ($showhelp == 'on') {
422			echo ' style="width:92%;"';
423			}
424
425			echo '>
426			<table class="helptable">
427			<tr>
428			<td class="actioncell">
429			<p>To log off, please quit your browser.<p>
430			</td>
431			';
432
433			if ($showhelp == 'on') {
434			echo '
435			<td class="helpcell">
436			<div>
437			<p>
438			Quitting your browser clears all session cookies which logs you out
439			from your identity provider. Alternatively, you can manually clear
440			your browser\'s cookies.
441			</p>
442			</div>
443			</td>
444			';
445			}
446
447			echo '
448			</tr>
449			</table>
450			</div> <!-- logofftextbox -->
451			';
452			}
453
454			/**
455			* validateP12
456			*
457			* This function is called just before the 'Download your certificate'
458			* link is printed out to HTML. It checks to see if the p12 is still
459			* valid time-wise. If not, then it unsets the PHP session variable
460			* 'p12'.
461			*/
462			function validateP12()
463			{
464			$p12link = '';
465			$p12expire = '';
466			$p12 = Util::getSessionVar('p12');
467			if (preg_match('/([^\s])\s(.)/', $p12, $match)) {
468			$p12expire = $match[1];
469			$p12link = $match[2];
470			}
471
472			// Verify that the p12expire and p12link values are valid.
473			if (
474			(strlen($p12expire) == 0) \|\|
475			($p12expire == 0) \|\|
476			(time() > $p12expire) \|\|
477			(strlen($p12link) == 0)
478			) {
479			Util::unsetSessionVar('p12');
480			}
481			}
482

cilogon / service

Push — master ( 8eeafe...eaa09a )

index-functions.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like