Completed
Push — master ( eaa09a...3dd348 )
by Terrence
13:15
created

index-functions.php ➔ validateP12()   B

Complexity

Conditions 6
Paths 4

Size

Total Lines 20

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 6
nc 4
nop 0
dl 0
loc 20
rs 8.9777
c 0
b 0
f 0
1
<?php
2
3
/**
4
 * This file contains functions called by index-site.php. The index-site.php
5
 * file should include this file with the following statement at the top:
6
 *
7
 * require_once __DIR__ . '/index-functions.php';
8
 */
9
10
use CILogon\Service\Util;
11
use CILogon\Service\Content;
12
use CILogon\Service\Loggit;
13
14
/**
15
 * printLogonPage
16
 *
17
 * This function prints out the HTML for the main cilogon.org page.
18
 * Explanatory text is shown as well as a button to log in to an IdP
19
 * and get rerouted to the Shibboleth protected service script, or the
20
 * OpenID script.
21
 *
22
 * @param bool $clearcookies True if the Shibboleth cookies and session
23
 *        variables  should be cleared out before displaying the page.
24
 *        Defaults to false.
25
 */
26
function printLogonPage($clearcookies = false)
0 ignored issues
show
Best Practice introduced by
The function printLogonPage() has been defined more than once; this definition is ignored, only the first definition in authorize/index-functions.php (L25-121) is considered.

This check looks for functions that have already been defined in other files.

Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the @ignore annotation.

/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}

See also the PhpDoc documentation for @ignore.

Loading history...
27
{
28
    if ($clearcookies) {
29
        Util::removeShibCookies();
30
        Util::unsetAllUserSessionVars();
31
        Util::getSkin()->init(true);  // Clear cilogon_skin var; check for forced skin
32
    }
33
34
    $log = new Loggit();
35
    $log->info('Welcome page hit.');
36
37
    Util::setSessionVar('stage', 'logon'); // For Show/Hide Help button clicks
38
39
    Content::printHeader('Welcome To The CILogon Service');
40
41
    echo '
42
    <div class="boxed">
43
    ';
44
45
    Content::printHelpButton();
46
    Content::printWAYF();
47
48
    echo '
49
    </div> <!-- End boxed -->
50
    ';
51
    Content::printFooter();
52
}
53
54
/**
55
 * printMainPage
56
 *
57
 * This function prints out the HTML for the main page where the user
58
 * can download a certificate.
59
 */
60
function printMainPage()
0 ignored issues
show
Best Practice introduced by
The function printMainPage() has been defined more than once; this definition is ignored, only the first definition in authorize/index-functions.php (L192-289) is considered.

This check looks for functions that have already been defined in other files.

Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the @ignore annotation.

/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}

See also the PhpDoc documentation for @ignore.

Loading history...
61
{
62
    $log = new Loggit();
63
    $log->info('Get And Use Certificate page hit.');
64
65
    Util::setSessionVar('stage', 'main'); // For Show/Hide Help button clicks
66
67
    Content::printHeader('Get Your Certificate');
68
69
    // CIL-626 Allow browser 'reload page' by adding CSRF to the PHP session
70
    Util::setSessionVar('submit', 'Proceed');
71
    Util::getCsrf()->setTheSession();
72
73
    echo '
74
    <div class="boxed">
75
    ';
76
77
    Content::printHelpButton();
78
    printCertInfo();
79
    printGetCertificate();
80
    printLogOff();
81
82
    echo '
83
    </div> <!-- boxed -->
84
    ';
85
    Content::printFooter();
86
}
87
88
/**
89
 * printCertInfo
90
 *
91
 * This function prints the certificate information table at the top
92
 * of the main page.
93
 */
94
function printCertInfo()
95
{
96
    $dn = Util::getSessionVar('dn');
97
    $dn = Content::reformatDN(preg_replace('/\s+email=.+$/', '', $dn));
98
99
    echo '
100
    <table class="certinfo">
101
      <tr>
102
        <th>Certificate&nbsp;Subject:</th>
103
        <td>' , Util::htmlent($dn) , '</td>
104
      </tr>
105
      <tr>
106
        <th>Identity&nbsp;Provider:</th>
107
        <td>' , Util::getSessionVar('idpname') , '</td>
108
      </tr>
109
      <tr>
110
        <th><a target="_blank"
111
        href="http://ca.cilogon.org/loa">Level&nbsp;of&nbsp;Assurance:</a></th>
112
        <td>
113
    ';
114
115
    $loa = Util::getSessionVar('loa');
116
    if ($loa == 'openid') {
117
        echo '<a href="http://ca.cilogon.org/policy/openid"
118
              target="_blank">OpenID</a>';
119
    } elseif ($loa == 'http://incommonfederation.org/assurance/silver') {
120
        echo '<a href="http://ca.cilogon.org/policy/silver"
121
              target="_blank">Silver</a>';
122
    } else {
123
        echo '<a href="http://ca.cilogon.org/policy/basic"
124
              target="_blank">Basic</a>';
125
    }
126
    echo '
127
        </td>
128
      </tr>
129
    </table>
130
    ';
131
}
132
133
/**
134
 * printGetCertificate
135
 *
136
 * This function prints the 'Get New Certificate' box on the main page.
137
 * If the 'p12' PHP session variable is valid, it is read and a link for the
138
 * usercred.p12 file is presented to the user.
139
 */
140
function printGetCertificate()
141
{
142
    // Check if PKCS12 downloading is disabled. If so, print out message.
143
    $skin = Util::getSkin();
144
    $disabled = $skin->getConfigOption('pkcs12', 'disabled');
145
    if ((!is_null($disabled)) && ((int)$disabled == 1)) {
146
        $disabledmsg = $skin->getConfigOption(
147
            'pkcs12',
148
            'disabledmessage'
149
        );
150
        if (!is_null($disabledmsg)) {
151
            $disabledmsg = trim(html_entity_decode($disabledmsg));
152
        }
153
        if (strlen($disabledmsg) == 0) {
154
            $disabledmsg = "Downloading PKCS12 certificates is " .
155
                "restricted. Please try another method or log on " .
156
                "with a different Identity Provider.";
157
        }
158
159
        echo '<div class="p12actionbox"><p>
160
             ', $disabledmsg , '
161
             </p></div> <!-- p12actionbox -->';
162
    } else { // PKCS12 downloading is okay
163
        $downloadcerttext = "Clicking this button will generate a link " .
164
            "to a new certificate, which you can download to your local " .
165
            "computer. The certificate is valid for up to 13 months.";
166
        $p12linktext = "Left-click this link to import the certificate " .
167
            "into your broswer / operating system. (Firefox users see " .
168
            "the FAQ.) Right-click this link and select 'Save As...' to " .
169
            "save the certificate to your desktop.";
170
        $passwordtext1 = 'Enter a password of at least 12 characters to " .
171
            "protect your certificate.';
172
        $passwordtext2 = 'Re-enter your password to verify.';
173
174
        validateP12();
175
        $p12expire = '';
176
        $p12link = '';
177
        $p12 = Util::getSessionVar('p12');
178
        if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) {
179
            $p12expire = $match[1];
180
            $p12link = $match[2];
181
        }
182
183
        if ((strlen($p12link) > 0) && (strlen($p12expire) > 0)) {
184
            $p12link = '<a href="' . $p12link .
185
                '">&raquo; Click Here To Download Your Certificate &laquo;</a>';
186
        }
187
        if ((strlen($p12expire) > 0) && ($p12expire > 0)) {
188
            $expire = $p12expire - time();
189
            $minutes = floor($expire % 3600 / 60);
190
            $seconds = $expire % 60;
191
            $p12expire = 'Link Expires: ' .
192
                sprintf("%02dm:%02ds", $minutes, $seconds);
193
        } else {
194
            $p12expire = '';
195
        }
196
197
        $p12lifetime = Util::getSessionVar('p12lifetime');
198
        if ((strlen($p12lifetime) == 0) || ($p12lifetime == 0)) {
199
            $p12lifetime = Util::getCookieVar('p12lifetime');
200
        }
201
        $p12multiplier = Util::getSessionVar('p12multiplier');
202
        if ((strlen($p12multiplier) == 0) || ($p12multiplier == 0)) {
203
            $p12multiplier = Util::getCookieVar('p12multiplier');
204
        }
205
206
        // Try to read the skin's intiallifetime if not yet set
207
        if ((strlen($p12lifetime) == 0) || ($p12lifetime <= 0)) {
208
            // See if the skin specified an initial value
209
            $skinlife = $skin->getConfigOption('pkcs12', 'initiallifetime', 'number');
210
            $skinmult = $skin->getConfigOption('pkcs12', 'initiallifetime', 'multiplier');
211
            if (
212
                (!is_null($skinlife)) && (!is_null($skinmult)) &&
213
                ((int)$skinlife > 0) && ((int)$skinmult > 0)
214
            ) {
215
                $p12lifetime = (int)$skinlife;
216
                $p12multiplier = (int)$skinmult;
217
            } else {
218
                $p12lifetime = 13;      // Default to 13 months
219
                $p12multiplier = 732;
220
            }
221
        }
222
        if ((strlen($p12multiplier) == 0) || ($p12multiplier <= 0)) {
223
            $p12multiplier = 732;   // Default to months
224
            if ($p12lifetime > 13) {
225
                $p12lifetime = 13;
226
            }
227
        }
228
229
        // Make sure lifetime is within [minlifetime,maxlifetime]
230
        list($minlifetime, $maxlifetime) =
231
            Content::getMinMaxLifetimes('pkcs12', 9516);
232
        if (($p12lifetime * $p12multiplier) < $minlifetime) {
233
            $p12lifetime = $minlifetime;
234
            $p12multiplier = 1; // In hours
235
        } elseif (($p12lifetime * $p12multiplier) > $maxlifetime) {
236
            $p12lifetime = $maxlifetime;
237
            $p12multiplier = 1; // In hours
238
        }
239
240
        $lifetimetext = "Specify the certificate lifetime. Acceptable range " .
241
                        "is between $minlifetime and $maxlifetime hours" .
242
                        (($maxlifetime > 732) ?
243
                            " ( = " . round(($maxlifetime / 732), 2) . " months)." :
244
                            "."
245
                        );
246
247
        echo '
248
        <div class="p12actionbox"';
249
250
        if (Util::getSessionVar('showhelp') == 'on') {
251
            echo ' style="width:92%;"';
252
        }
253
254
        echo '>
255
        <table class="helptable">
256
        <tr>
257
        <td class="actioncell">
258
        ';
259
260
        Content::printFormHead();
261
262
        echo '
263
          <fieldset>
264
          ';
265
266
        $p12error = Util::getSessionVar('p12error');
267
        if (strlen($p12error) > 0) {
268
            echo "<p class=\"logonerror\">$p12error</p>";
269
            Util::unsetSessionVar('p12error');
270
        }
271
272
        echo '
273
          <p>
274
          Password Protect Your New Certificate:
275
          </p>
276
277
          <p>
278
          <label for="password1" class="helpcursor" title="' ,
279
          $passwordtext1 , '">Enter A Password:</label>
280
          <input type="password" name="password1" id="password1"
281
          size="22" title="' , $passwordtext1 , '" onkeyup="checkPassword()"/>
282
          <img src="/images/blankIcon.png" width="14" height="14" alt=""
283
          id="pw1icon"/>
284
          </p>
285
286
          <p>
287
          <label for="password2" class="helpcursor" title="' ,
288
          $passwordtext2 , '">Confirm Password:</label>
289
          <input type="password" name="password2" id="password2"
290
          size="22" title="' , $passwordtext2 , '" onkeyup="checkPassword()"/>
291
          <img src="/images/blankIcon.png" width="14" height="14" alt=""
292
          id="pw2icon"/>
293
          </p>
294
295
          <p class="p12certificatelifetime">
296
          <label for="p12lifetime" title="' , $lifetimetext ,
297
          '" class="helpcursor">Certificate Lifetime:</label>
298
          <input type="text" name="p12lifetime" id="p12lifetime"
299
          title="', $lifetimetext ,
300
          '" class="helpcursor" value="' , $p12lifetime ,
301
          '" size="8" maxlength="8"/>
302
          <select title="' , $lifetimetext ,
303
          '" class="helpcursor" id="p12multiplier" name="p12multiplier">
304
          <option value="1"' ,
305
              (($p12multiplier == 1) ? ' selected="selected"' : '') ,
306
              '>hours</option>
307
          <option value="24"' ,
308
              (($p12multiplier == 24) ? ' selected="selected"' : '') ,
309
              '>days</option>
310
          <option value="732"' ,
311
              (($p12multiplier == 732) ? ' selected="selected"' : '') ,
312
              '>months</option>
313
          </select>
314
          <img src="/images/blankIcon.png" width="14" height="14" alt=""/>
315
          </p>
316
317
          <p>
318
          <input type="submit" name="submit" class="submit helpcursor"
319
          title="' , $downloadcerttext , '" value="Get New Certificate"
320
          onclick="showHourglass(\'p12\')"/>
321
          <img src="/images/hourglass.gif" width="32" height="32" alt=""
322
          class="hourglass" id="p12hourglass"/>
323
          </p>
324
325
          <p id="p12value" class="helpcursor" title="' ,
326
              $p12linktext , '">' , $p12link , '</p>
327
          <p id="p12expire">' , $p12expire , '</p>
328
329
          </fieldset>
330
          </form>
331
        </td>
332
        ';
333
334
        if (Util::getSessionVar('showhelp') == 'on') {
335
            echo '
336
            <td class="helpcell">
337
            <div>
338
            <p>
339
            In order to get a new certificate, please enter a password of at
340
            least 12 characters in length.  This password protects the private
341
            key of the certificate and is different from your identity provider
342
            password.  You must enter the password twice for verification.
343
            </p>
344
            <p>
345
            After entering a password, click the "Get New Certificate" button to
346
            generate a new link.  Right-click on this link to download the
347
            certificate to your computer.  The certificate is valid for up to 13
348
            months.
349
            </p>
350
            </div>
351
            </td>
352
            ';
353
        }
354
355
        echo '
356
        </tr>
357
        </table>
358
        </div> <!-- p12actionbox -->
359
        ';
360
    }
361
}
362
363
/**
364
 * printLogOff
365
 *
366
 * This function prints the Log Off boxes at the bottom of the main page.
367
 */
368
function printLogOff()
369
{
370
    $logofftext = 'End your CILogon session and return to the welcome page. ' .
371
                  'Note that this will not log you out at ' .
372
                  Util::getSessionVar('idpname') . '.';
373
374
    $showhelp = Util::getSessionVar('showhelp');
375
376
    echo '
377
    <div class="logoffactionbox"';
378
379
    if ($showhelp == 'on') {
380
        echo ' style="width:92%;"';
381
    }
382
383
    echo '>
384
    <table class="helptable">
385
    <tr>
386
    <td class="actioncell">
387
    ';
388
389
    Content::printFormHead();
390
391
    echo '
392
      <p>
393
      <input type="submit" name="submit" class="submit helpcursor"
394
      title="' , $logofftext , '" value="Log Off" />
395
      </p>
396
    </form>
397
    </td>
398
    ';
399
400
    if ($showhelp == 'on') {
401
        echo '
402
        <td class="helpcell">
403
        <div>
404
        <p>
405
        This button will log you off of the CILogon Service. In order to log
406
        out from your identity provider, you must either quit your browser
407
        or manually clear your browser\'s cookies.
408
        </p>
409
        </div>
410
        </td>
411
        ';
412
    }
413
414
    echo '
415
    </tr>
416
    </table>
417
    </div> <!-- logoffactionbox -->
418
419
    <div class="logofftextbox"';
420
421
    if ($showhelp == 'on') {
422
        echo ' style="width:92%;"';
423
    }
424
425
    echo '>
426
    <table class="helptable">
427
    <tr>
428
    <td class="actioncell">
429
      <p>To log off, please quit your browser.<p>
430
    </td>
431
    ';
432
433
    if ($showhelp == 'on') {
434
        echo '
435
        <td class="helpcell">
436
        <div>
437
        <p>
438
        Quitting your browser clears all session cookies which logs you out
439
        from your identity provider.  Alternatively, you can manually clear
440
        your browser\'s cookies.
441
        </p>
442
        </div>
443
        </td>
444
        ';
445
    }
446
447
    echo '
448
    </tr>
449
    </table>
450
    </div> <!-- logofftextbox -->
451
    ';
452
}
453
454
/**
455
 * validateP12
456
 *
457
 * This function is called just before the 'Download your certificate'
458
 * link is printed out to HTML. It checks to see if the p12 is still
459
 * valid time-wise. If not, then it unsets the PHP session variable
460
 * 'p12'.
461
 */
462
function validateP12()
463
{
464
    $p12link = '';
465
    $p12expire = '';
466
    $p12 = Util::getSessionVar('p12');
467
    if (preg_match('/([^\s]*)\s(.*)/', $p12, $match)) {
468
        $p12expire = $match[1];
469
        $p12link = $match[2];
470
    }
471
472
    // Verify that the p12expire and p12link values are valid.
473
    if (
474
        (strlen($p12expire) == 0) ||
475
        ($p12expire == 0) ||
476
        (time() > $p12expire) ||
477
        (strlen($p12link) == 0)
478
    ) {
479
        Util::unsetSessionVar('p12');
480
    }
481
}
482