| /trunk/plugins/viathinksoft/adminPages/110_system_config/OIDplusPageAdminSystemConfig.class.php |
|---|
| 26,39 → 26,48 |
| class OIDplusPageAdminSystemConfig extends OIDplusPagePluginAdmin { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'config_update') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| private function action_Update(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| _CheckParamExists($params, 'name'); |
| _CheckParamExists($params, 'value'); |
| _CheckParamExists($params, 'name'); |
| _CheckParamExists($params, 'value'); |
| $name = $params['name']; |
| $value = $params['value']; |
| $name = $params['name']; |
| $value = $params['value']; |
| $res = OIDplus::db()->query("select protected, visible from ###config where name = ?", array($name)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('Setting does not exist')); |
| } |
| $row = $res->fetch_array(); |
| if (($row['protected'] == 1) || ($row['visible'] == 0)) { |
| throw new OIDplusException(_L("Setting %1 is read-only",$name)); |
| } |
| $res = OIDplus::db()->query("select protected, visible from ###config where name = ?", array($name)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('Setting does not exist')); |
| } |
| $row = $res->fetch_array(); |
| if (($row['protected'] == 1) || ($row['visible'] == 0)) { |
| throw new OIDplusException(_L("Setting %1 is read-only",$name)); |
| } |
| $old_value = OIDplus::config()->getValue($name, ''); |
| OIDplus::config()->setValue($name, $value); |
| if ($old_value != $value) { |
| OIDplus::logger()->log("V2:[OK/INFO]A", "Changed system config setting '%1' from '%2' to '%3'", $name, $old_value, $value); |
| } |
| $old_value = OIDplus::config()->getValue($name, ''); |
| OIDplus::config()->setValue($name, $value); |
| if ($old_value != $value) { |
| OIDplus::logger()->log("V2:[OK/INFO]A", "Changed system config setting '%1' from '%2' to '%3'", $name, $old_value, $value); |
| } |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'config_update') { |
| return $this->action_Update($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/adminPages/120_registration/OIDplusPageAdminRegistration.class.php |
|---|
| 58,28 → 58,36 |
| } |
| /** |
| * @param string $actionID |
| * This action is called by the ViaThinkSoft server in order to verify that the system is in the ownership of the correct private key |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'verify_pubkey') { |
| // This action is called by the ViaThinkSoft server in order to verify that the system is in the ownership of the correct private key |
| private function action_VerifyPubKey(array $params): array { |
| _CheckParamExists($params, 'challenge'); |
| _CheckParamExists($params, 'challenge'); |
| $payload = 'oidplus-verify-pubkey:'.sha3_512($params['challenge']); |
| $payload = 'oidplus-verify-pubkey:'.sha3_512($params['challenge']); |
| $signature = ''; |
| if (!OIDplus::getPkiStatus() || !@openssl_sign($payload, $signature, OIDplus::getSystemPrivateKey())) { |
| throw new OIDplusException(_L('Signature failed')); |
| } |
| $signature = ''; |
| if (!OIDplus::getPkiStatus() || !@openssl_sign($payload, $signature, OIDplus::getSystemPrivateKey())) { |
| throw new OIDplusException(_L('Signature failed')); |
| } |
| return array( |
| "status" => 0, |
| "response" => base64_encode($signature) |
| ); |
| } |
| return array( |
| "status" => 0, |
| "response" => base64_encode($signature) |
| ); |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'verify_pubkey') { |
| return $this->action_VerifyPubKey($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/adminPages/130_create_ra/OIDplusPageAdminCreateRa.class.php |
|---|
| 25,50 → 25,60 |
| class OIDplusPageAdminCreateRa extends OIDplusPagePluginAdmin { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'create_ra') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| private function action_Create(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| $email = $params['email']; |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $email = $params['email']; |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('eMail address is invalid.')); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('eMail address is invalid.')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); // TODO: this should be a static function in the RA class |
| if ($res->any()) { |
| throw new OIDplusException(_L('RA does already exist')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); // TODO: this should be a static function in the RA class |
| if ($res->any()) { |
| throw new OIDplusException(_L('RA does already exist')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| OIDplus::logger()->log("V2:[INFO]RA(%1)+[OK/INFO]A", "RA '%1' was created by the admin, without email address verification or invitation", $email); |
| OIDplus::logger()->log("V2:[INFO]RA(%1)+[OK/INFO]A", "RA '%1' was created by the admin, without email address verification or invitation", $email); |
| $ra = new OIDplusRA($email); |
| $ra->register_ra($password1); |
| $ra = new OIDplusRA($email); |
| $ra->register_ra($password1); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'create_ra') { |
| return $this->action_Create($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/adminPages/400_oidinfo_export/OIDplusPageAdminOIDInfoExport.class.php |
|---|
| 38,129 → 38,146 |
| /*private*/ const QUERY_GET_OIDINFO_DATA_V1 = '1.3.6.1.4.1.37476.2.5.2.1.6.1'; |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| private function action_ImportXml(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null,401); |
| } |
| if ($actionID == 'import_xml_file') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null,401); |
| } |
| if (!isset($_FILES['userfile'])) { |
| throw new OIDplusException(_L('Please choose a file.')); |
| } |
| if (!isset($_FILES['userfile'])) { |
| throw new OIDplusException(_L('Please choose a file.')); |
| } |
| $xml_contents = file_get_contents($_FILES['userfile']['tmp_name']); |
| $xml_contents = file_get_contents($_FILES['userfile']['tmp_name']); |
| $errors = array(); |
| list($count_imported_oids, $count_already_existing, $count_errors, $count_warnings) = $this->oidinfoImportXML($xml_contents, $errors, $replaceExistingOIDs=false, $orphan_mode=self::ORPHAN_AUTO_DEORPHAN); |
| if (count($errors) > 0) { |
| // Note: These "errors" can also be warnings (partial success) |
| // TODO: since the output can be very long, should we really show it in a JavaScript alert() ?! |
| return array( |
| "status" => -1, |
| "count_imported_oids" => $count_imported_oids, |
| "count_already_existing" => $count_already_existing, |
| "count_errors" => $count_errors, |
| "count_warnings" => $count_warnings, |
| "error" => implode("\n",$errors) |
| ); |
| } else { |
| return array( |
| "status" => 0, |
| "count_imported_oids" => $count_imported_oids, |
| "count_already_existing" => $count_already_existing, |
| "count_errors" => $count_errors, |
| "count_warnings" => $count_warnings |
| ); |
| } |
| } |
| $errors = array(); |
| list($count_imported_oids, $count_already_existing, $count_errors, $count_warnings) = $this->oidinfoImportXML($xml_contents, $errors, $replaceExistingOIDs=false, $orphan_mode=self::ORPHAN_AUTO_DEORPHAN); |
| if (count($errors) > 0) { |
| // Note: These "errors" can also be warnings (partial success) |
| // TODO: since the output can be very long, should we really show it in a JavaScript alert() ?! |
| return array( |
| "status" => -1, |
| "count_imported_oids" => $count_imported_oids, |
| "count_already_existing" => $count_already_existing, |
| "count_errors" => $count_errors, |
| "count_warnings" => $count_warnings, |
| "error" => implode("\n",$errors) |
| ); |
| } else { |
| return array( |
| "status" => 0, |
| "count_imported_oids" => $count_imported_oids, |
| "count_already_existing" => $count_already_existing, |
| "count_errors" => $count_errors, |
| "count_warnings" => $count_warnings |
| ); |
| } |
| } else if ($actionID == 'import_oidinfo_oid') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_ImportOidInfo(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| _CheckParamExists($params, 'oid'); |
| _CheckParamExists($params, 'oid'); |
| $oid = $params['oid']; |
| $oid = $params['oid']; |
| $query = self::QUERY_GET_OIDINFO_DATA_V1; |
| $query = self::QUERY_GET_OIDINFO_DATA_V1; |
| $payload = array( |
| "query" => $query, // we must repeat the query because we want to sign it |
| "system_id" => OIDplus::getSystemId(false), |
| "oid" => $oid |
| ); |
| $payload = array( |
| "query" => $query, // we must repeat the query because we want to sign it |
| "system_id" => OIDplus::getSystemId(false), |
| "oid" => $oid |
| ); |
| $signature = ''; |
| if (!OIDplus::getPkiStatus() || !@openssl_sign(json_encode($payload), $signature, OIDplus::getSystemPrivateKey())) { |
| if (!OIDplus::getPkiStatus()) { |
| throw new OIDplusException(_L('Error: Your system could not generate a private/public key pair. (OpenSSL is probably missing on your system). Therefore, you cannot register/unregister your OIDplus instance.')); |
| } else { |
| throw new OIDplusException(_L('Signature failed')); |
| } |
| $signature = ''; |
| if (!OIDplus::getPkiStatus() || !@openssl_sign(json_encode($payload), $signature, OIDplus::getSystemPrivateKey())) { |
| if (!OIDplus::getPkiStatus()) { |
| throw new OIDplusException(_L('Error: Your system could not generate a private/public key pair. (OpenSSL is probably missing on your system). Therefore, you cannot register/unregister your OIDplus instance.')); |
| } else { |
| throw new OIDplusException(_L('Signature failed')); |
| } |
| } |
| $data = array( |
| "payload" => $payload, |
| "signature" => base64_encode($signature) |
| ); |
| $data = array( |
| "payload" => $payload, |
| "signature" => base64_encode($signature) |
| ); |
| if (OIDplus::getEditionInfo()['vendor'] != 'ViaThinkSoft') { |
| // The oid-info.com import functionality is a confidential API between ViaThinkSoft and oid-info.com and cannot be used in forks of OIDplus |
| throw new OIDplusException(_L('This feature is only available in the ViaThinkSoft edition of OIDplus')); |
| } |
| if (OIDplus::getEditionInfo()['vendor'] != 'ViaThinkSoft') { |
| // The oid-info.com import functionality is a confidential API between ViaThinkSoft and oid-info.com and cannot be used in forks of OIDplus |
| throw new OIDplusException(_L('This feature is only available in the ViaThinkSoft edition of OIDplus')); |
| } |
| if (function_exists('gzdeflate')) { |
| $compressed = "1"; |
| $data2 = gzdeflate(json_encode($data)); |
| } else { |
| $compressed = "0"; |
| $data2 = json_encode($data); |
| } |
| if (function_exists('gzdeflate')) { |
| $compressed = "1"; |
| $data2 = gzdeflate(json_encode($data)); |
| } else { |
| $compressed = "0"; |
| $data2 = json_encode($data); |
| } |
| $res_curl = url_post_contents( |
| 'https://oidplus.viathinksoft.com/reg2/query.php', |
| array( |
| "query" => $query, |
| "compressed" => $compressed, |
| "data" => base64_encode($data2) |
| ) |
| ); |
| $res_curl = url_post_contents( |
| 'https://oidplus.viathinksoft.com/reg2/query.php', |
| array( |
| "query" => $query, |
| "compressed" => $compressed, |
| "data" => base64_encode($data2) |
| ) |
| ); |
| if ($res_curl === false) { |
| throw new OIDplusException(_L('Communication with %1 server failed', 'ViaThinkSoft')); |
| } |
| if ($res_curl === false) { |
| throw new OIDplusException(_L('Communication with %1 server failed', 'ViaThinkSoft')); |
| } |
| $json = @json_decode($res_curl, true); |
| $json = @json_decode($res_curl, true); |
| if (!$json) { |
| return array( |
| "status" => -1, |
| "error" => _L('JSON reply from ViaThinkSoft decoding error: %1',$res_curl) |
| ); |
| } |
| if (!$json) { |
| return array( |
| "status" => -1, |
| "error" => _L('JSON reply from ViaThinkSoft decoding error: %1',$res_curl) |
| ); |
| } |
| if (isset($json['error']) || ($json['status'] < 0)) { |
| return array( |
| "status" => -1, |
| "error" => $json['error'] ?? _L('Received error status code: %1', $json['status']) |
| ); |
| } |
| if (isset($json['error']) || ($json['status'] < 0)) { |
| return array( |
| "status" => -1, |
| "error" => $json['error'] ?? _L('Received error status code: %1', $json['status']) |
| ); |
| } |
| $errors = array(); |
| list($count_imported_oids, $count_already_existing, $count_errors, $count_warnings) = $this->oidinfoImportXML('<oid-database>'.$json['xml'].'</oid-database>', $errors, $replaceExistingOIDs=false, $orphan_mode=self::ORPHAN_DISALLOW_ORPHANS); |
| if (count($errors) > 0) { |
| return array("status" => -1, "error" => implode("\n",$errors)); |
| } else if ($count_imported_oids <> 1) { |
| return array("status" => -1, "error" => _L('Imported %1, but expected to import 1',$count_imported_oids)); |
| } else { |
| return array("status" => 0); |
| } |
| $errors = array(); |
| list($count_imported_oids, $count_already_existing, $count_errors, $count_warnings) = $this->oidinfoImportXML('<oid-database>'.$json['xml'].'</oid-database>', $errors, $replaceExistingOIDs=false, $orphan_mode=self::ORPHAN_DISALLOW_ORPHANS); |
| if (count($errors) > 0) { |
| return array("status" => -1, "error" => implode("\n",$errors)); |
| } else if ($count_imported_oids <> 1) { |
| return array("status" => -1, "error" => _L('Imported %1, but expected to import 1',$count_imported_oids)); |
| } else { |
| return array("status" => 0); |
| } |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'import_xml_file') { |
| return $this->action_ImportXml($params); |
| } else if ($actionID == 'import_oidinfo_oid') { |
| return $this->action_ImportOidInfo($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| } |
| /trunk/plugins/viathinksoft/adminPages/700_colors/OIDplusPageAdminColors.class.php |
|---|
| 65,32 → 65,41 |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'color_update') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| private function action_Update(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| _CheckParamExists($params, 'hue_shift'); |
| _CheckParamExists($params, 'sat_shift'); |
| _CheckParamExists($params, 'val_shift'); |
| _CheckParamExists($params, 'invcolors'); |
| _CheckParamExists($params, 'theme'); |
| _CheckParamExists($params, 'hue_shift'); |
| _CheckParamExists($params, 'sat_shift'); |
| _CheckParamExists($params, 'val_shift'); |
| _CheckParamExists($params, 'invcolors'); |
| _CheckParamExists($params, 'theme'); |
| OIDplus::config()->setValue('color_hue_shift', $params['hue_shift']); |
| OIDplus::config()->setValue('color_sat_shift', $params['sat_shift']); |
| OIDplus::config()->setValue('color_val_shift', $params['val_shift']); |
| OIDplus::config()->setValue('color_invert', $params['invcolors']); |
| OIDplus::config()->setValue('design', $params['theme']); |
| OIDplus::config()->setValue('color_hue_shift', $params['hue_shift']); |
| OIDplus::config()->setValue('color_sat_shift', $params['sat_shift']); |
| OIDplus::config()->setValue('color_val_shift', $params['val_shift']); |
| OIDplus::config()->setValue('color_invert', $params['invcolors']); |
| OIDplus::config()->setValue('design', $params['theme']); |
| OIDplus::logger()->log("V2:[OK/INFO]A", "Changed system color theme"); |
| OIDplus::logger()->log("V2:[OK/INFO]A", "Changed system color theme"); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'color_update') { |
| return $this->action_Update($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/adminPages/900_software_update/OIDplusPageAdminSoftwareUpdate.class.php |
|---|
| 49,130 → 49,139 |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'update_now') { |
| @set_time_limit(0); |
| private function action_Update(array $params): array { |
| @set_time_limit(0); |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| if (OIDplus::getInstallType() === 'git-wc') { |
| $cmd = $this->getGitCommand().' 2>&1'; |
| if (OIDplus::getInstallType() === 'git-wc') { |
| $cmd = $this->getGitCommand().' 2>&1'; |
| $ec = -1; |
| $out = array(); |
| exec($cmd, $out, $ec); |
| $ec = -1; |
| $out = array(); |
| exec($cmd, $out, $ec); |
| $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
| if ($ec === 0) { |
| $rev = 'HEAD'; // do not translate |
| return array("status" => 0, "content" => $res, "rev" => $rev); |
| } else { |
| return array("status" => -1, "error" => $res, "content" => ""); |
| } |
| $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
| if ($ec === 0) { |
| $rev = 'HEAD'; // do not translate |
| return array("status" => 0, "content" => $res, "rev" => $rev); |
| } else { |
| return array("status" => -1, "error" => $res, "content" => ""); |
| } |
| else if (OIDplus::getInstallType() === 'svn-wc') { |
| $cmd = $this->getSvnCommand().' 2>&1'; |
| } |
| else if (OIDplus::getInstallType() === 'svn-wc') { |
| $cmd = $this->getSvnCommand().' 2>&1'; |
| $ec = -1; |
| $out = array(); |
| exec($cmd, $out, $ec); |
| $ec = -1; |
| $out = array(); |
| exec($cmd, $out, $ec); |
| $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
| if ($ec === 0) { |
| $rev = 'HEAD'; // do not translate |
| return array("status" => 0, "content" => $res, "rev" => $rev); |
| } else { |
| return array("status" => -1, "error" => $res, "content" => ""); |
| } |
| $res = _L('Execute command:').' '.$cmd."\n\n".trim(implode("\n",$out)); |
| if ($ec === 0) { |
| $rev = 'HEAD'; // do not translate |
| return array("status" => 0, "content" => $res, "rev" => $rev); |
| } else { |
| return array("status" => -1, "error" => $res, "content" => ""); |
| } |
| else if (OIDplus::getInstallType() === 'svn-snapshot') { |
| } |
| else if (OIDplus::getInstallType() === 'svn-snapshot') { |
| $rev = $params['rev']; |
| $rev = $params['rev']; |
| $update_version = $params['update_version'] ?? 1; |
| if (($update_version != 1) && ($update_version != 2)) { |
| throw new OIDplusException(_L('Unknown update version')); |
| } |
| $update_version = $params['update_version'] ?? 1; |
| if (($update_version != 1) && ($update_version != 2)) { |
| throw new OIDplusException(_L('Unknown update version')); |
| } |
| // Download and unzip |
| // Download and unzip |
| $cont = false; |
| for ($retry=1; $retry<=3; $retry++) { |
| if (function_exists('gzdecode')) { |
| $url = sprintf(OIDplus::getEditionInfo()['update_package_gz'], $rev-1, $rev); |
| $cont = url_get_contents($url); |
| if ($cont !== false) $cont = @gzdecode($cont); |
| } else { |
| $url = sprintf(OIDplus::getEditionInfo()['update_package'], $rev-1, $rev); |
| $cont = url_get_contents($url); |
| } |
| if ($cont !== false) { |
| break; |
| } else { |
| sleep(1); |
| } |
| $cont = false; |
| for ($retry=1; $retry<=3; $retry++) { |
| if (function_exists('gzdecode')) { |
| $url = sprintf(OIDplus::getEditionInfo()['update_package_gz'], $rev-1, $rev); |
| $cont = url_get_contents($url); |
| if ($cont !== false) $cont = @gzdecode($cont); |
| } else { |
| $url = sprintf(OIDplus::getEditionInfo()['update_package'], $rev-1, $rev); |
| $cont = url_get_contents($url); |
| } |
| if ($cont === false) throw new OIDplusException(_L("Update %1 could not be downloaded from ViaThinkSoft server. Please try again later.",$rev)); |
| if ($cont !== false) { |
| break; |
| } else { |
| sleep(1); |
| } |
| } |
| if ($cont === false) throw new OIDplusException(_L("Update %1 could not be downloaded from ViaThinkSoft server. Please try again later.",$rev)); |
| // Check signature... |
| // Check signature... |
| if (function_exists('openssl_verify')) { |
| if (function_exists('openssl_verify')) { |
| $m = array(); |
| if (!preg_match('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', $cont, $m)) { |
| throw new OIDplusException(_L("Update package file of revision %1 not digitally signed",$rev)); |
| } |
| $signature = base64_decode($m[1]); |
| $m = array(); |
| if (!preg_match('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', $cont, $m)) { |
| throw new OIDplusException(_L("Update package file of revision %1 not digitally signed",$rev)); |
| } |
| $signature = base64_decode($m[1]); |
| $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
| $hash = hash("sha256", $naked."update_".($rev-1)."_to_".($rev).".txt"); |
| $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
| $hash = hash("sha256", $naked."update_".($rev-1)."_to_".($rev).".txt"); |
| $public_key = file_get_contents(__DIR__.'/public.pem'); |
| if (!openssl_verify($hash, $signature, $public_key, OPENSSL_ALGO_SHA256)) { |
| throw new OIDplusException(_L("Update package file of revision %1: Signature invalid",$rev)); |
| } |
| $public_key = file_get_contents(__DIR__.'/public.pem'); |
| if (!openssl_verify($hash, $signature, $public_key, OPENSSL_ALGO_SHA256)) { |
| throw new OIDplusException(_L("Update package file of revision %1: Signature invalid",$rev)); |
| } |
| // All OK! Now write the file |
| } |
| $tmp_filename = 'update_'.generateRandomString(10).'.tmp.php'; |
| $local_file = OIDplus::localpath().$tmp_filename; |
| // All OK! Now write the file |
| @file_put_contents($local_file, $cont); |
| $tmp_filename = 'update_'.generateRandomString(10).'.tmp.php'; |
| $local_file = OIDplus::localpath().$tmp_filename; |
| if (!file_exists($local_file) || (@file_get_contents($local_file) !== $cont)) { |
| throw new OIDplusException(_L('Update file could not written. Probably there are no write-permissions to the root folder.')); |
| } |
| @file_put_contents($local_file, $cont); |
| if ($update_version == 1) { |
| // Now call the written file |
| // Note: we may not use eval($cont) because the script uses die(), |
| // and things in the script might collide with currently (un)loaded source code files, shutdown procedues, etc. |
| $web_file = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE).$tmp_filename; // NOT canonical URL! This might fail with reverse proxies which can only be executed from outside |
| $res = url_get_contents($web_file); |
| if ($res === false) { |
| throw new OIDplusException(_L('Update-script %1 could not be executed',$web_file)); |
| } |
| return array("status" => 0, "content" => $res, "rev" => $rev); |
| } else if ($update_version == 2) { |
| // In this version, the client will call the web-update file. |
| // This has the advantage that it will also work if the system is htpasswd protected |
| return array("status" => 0, "update_file" => $tmp_filename, "rev" => $rev); |
| } else { |
| throw new OIDplusException(_L("Unexpected update version")); |
| if (!file_exists($local_file) || (@file_get_contents($local_file) !== $cont)) { |
| throw new OIDplusException(_L('Update file could not written. Probably there are no write-permissions to the root folder.')); |
| } |
| if ($update_version == 1) { |
| // Now call the written file |
| // Note: we may not use eval($cont) because the script uses die(), |
| // and things in the script might collide with currently (un)loaded source code files, shutdown procedues, etc. |
| $web_file = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE).$tmp_filename; // NOT canonical URL! This might fail with reverse proxies which can only be executed from outside |
| $res = url_get_contents($web_file); |
| if ($res === false) { |
| throw new OIDplusException(_L('Update-script %1 could not be executed',$web_file)); |
| } |
| return array("status" => 0, "content" => $res, "rev" => $rev); |
| } else if ($update_version == 2) { |
| // In this version, the client will call the web-update file. |
| // This has the advantage that it will also work if the system is htpasswd protected |
| return array("status" => 0, "update_file" => $tmp_filename, "rev" => $rev); |
| } else { |
| throw new OIDplusException(_L("Unexpected update version")); |
| } |
| else { |
| throw new OIDplusException(_L('Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!')); |
| } |
| } |
| else { |
| throw new OIDplusException(_L('Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!')); |
| } |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'update_now') { |
| return $this->action_Update($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/adminPages/910_automated_ajax_calls/OIDplusPageAdminAutomatedAJAXCalls.class.php |
|---|
| 29,27 → 29,36 |
| class OIDplusPageAdminAutomatedAJAXCalls extends OIDplusPagePluginAdmin { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| private function action_Blacklist(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_ADMIN', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_ADMIN')); |
| } |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_ADMIN', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_ADMIN')); |
| } |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
| $sub = 'admin'; |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
| $sub = 'admin'; |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| return $this->action_Blacklist($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/adminPages/911_rest_api/OIDplusPageAdminRestApi.class.php |
|---|
| 29,27 → 29,36 |
| class OIDplusPageAdminRestApi extends OIDplusPagePluginAdmin { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| private function action_Blacklist(array $params): array { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')), null, 401); |
| } |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_REST_ADMIN', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_REST_ADMIN')); |
| } |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_REST_ADMIN', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_REST_ADMIN')); |
| } |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_REST; |
| $sub = 'admin'; |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_REST; |
| $sub = 'admin'; |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| return $this->action_Blacklist($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/captcha/vts_challenge/OIDplusCaptchaPluginVtsClientChallenge.class.php |
|---|
| 49,6 → 49,37 |
| } |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_GetChallenge(array $params): array { |
| $offset = 0; // doesn't matter |
| $min = $offset; |
| $max = $offset + OIDplus::baseConfig()->getValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
| if ($max > mt_getrandmax()) $max = mt_getrandmax(); |
| $starttime = time(); |
| $random = mt_rand($min,$max); |
| $ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; |
| $challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret! |
| $challenge_integrity = OIDplus::authUtils()->makeAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge]); |
| $send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity); |
| $open_trans_file = self::getOpenTransFileName($ip_target, $random); |
| if (@file_put_contents($open_trans_file, '') === false) { |
| throw new OIDplusException(_L('Cannot write file %1', $open_trans_file)); |
| } |
| return array( |
| "status" => 0, |
| "challenge" => $send_to_client, |
| // Autosolve on=calculate result on page load; off=calculate result on form submit |
| "autosolve" => OIDplus::baseConfig()->getValue('VTS_CAPTCHA_AUTOSOLVE', true) |
| ); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| 56,29 → 87,7 |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'get_challenge') { |
| $offset = 0; // doesn't matter |
| $min = $offset; |
| $max = $offset + OIDplus::baseConfig()->getValue('VTS_CAPTCHA_COMPLEXITY', 50000); |
| if ($max > mt_getrandmax()) $max = mt_getrandmax(); |
| $starttime = time(); |
| $random = mt_rand($min,$max); |
| $ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; |
| $challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret! |
| $challenge_integrity = OIDplus::authUtils()->makeAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge]); |
| $send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity); |
| $open_trans_file = self::getOpenTransFileName($ip_target, $random); |
| if (@file_put_contents($open_trans_file, '') === false) { |
| throw new OIDplusException(_L('Cannot write file %1', $open_trans_file)); |
| } |
| return array( |
| "status" => 0, |
| "challenge" => $send_to_client, |
| // Autosolve on=calculate result on page load; off=calculate result on form submit |
| "autosolve" => OIDplus::baseConfig()->getValue('VTS_CAPTCHA_AUTOSOLVE', true) |
| ); |
| return $this->action_GetChallenge($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/objectTypes/mac/OIDplusObjectTypePluginMac.class.php |
|---|
| 35,39 → 35,48 |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'generate_aai') { |
| _CheckParamExists($params, 'aai_bits'); |
| _CheckParamExists($params, 'aai_multicast'); |
| private function action_GenerateAAI(array $params): array { |
| _CheckParamExists($params, 'aai_bits'); |
| _CheckParamExists($params, 'aai_multicast'); |
| if (($params['aai_bits'] != '48') && ($params['aai_bits'] != '64')) { |
| throw new OIDplusException(_L("Invalid bit amount")); |
| } |
| if (($params['aai_bits'] != '48') && ($params['aai_bits'] != '64')) { |
| throw new OIDplusException(_L("Invalid bit amount")); |
| } |
| $aai = ''; |
| for ($i=0; $i<$params['aai_bits']/4; $i++) { |
| try { |
| $aai .= dechex(random_int(0, 15)); |
| } catch (\Exception $e) { |
| $aai .= dechex(mt_rand(0, 15)); |
| } |
| $aai = ''; |
| for ($i=0; $i<$params['aai_bits']/4; $i++) { |
| try { |
| $aai .= dechex(random_int(0, 15)); |
| } catch (\Exception $e) { |
| $aai .= dechex(mt_rand(0, 15)); |
| } |
| } |
| if ($params['aai_multicast'] == 'true') { |
| $aai[1] = '3'; |
| } else { |
| $aai[1] = '2'; |
| } |
| if ($params['aai_multicast'] == 'true') { |
| $aai[1] = '3'; |
| } else { |
| $aai[1] = '2'; |
| } |
| $aai = strtoupper($aai); |
| $aai = rtrim(chunk_split($aai, 2, '-'), '-'); |
| $aai = strtoupper($aai); |
| $aai = rtrim(chunk_split($aai, 2, '-'), '-'); |
| return array("status" => 0, "aai" => $aai); |
| return array("status" => 0, "aai" => $aai); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'generate_aai') { |
| return $this->action_GenerateAAI($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/publicPages/001_ra_base/OIDplusPagePublicRaBaseUtils.class.php |
|---|
| 27,44 → 27,47 |
| class OIDplusPagePublicRaBaseUtils extends OIDplusPagePluginPublic { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @param array $params email |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| private function action_Delete(array $params): array { |
| _CheckParamExists($params, 'email'); |
| // Action: delete_ra |
| // Method: POST |
| // Parameters: email |
| // Outputs: Text |
| if ($actionID == 'delete_ra') { |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| $email = $params['email']; |
| $ra_logged_in = OIDplus::authUtils()->isRaLoggedIn($email); |
| $ra_logged_in = OIDplus::authUtils()->isRaLoggedIn($email); |
| if (!OIDplus::authUtils()->isAdminLoggedIn() && !$ra_logged_in) { |
| throw new OIDplusException(_L('Authentication error. Please log in.'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn() && !$ra_logged_in) { |
| throw new OIDplusException(_L('Authentication error. Please log in.'), null, 401); |
| } |
| if ($ra_logged_in) OIDplus::authUtils()->raLogout($email); |
| if ($ra_logged_in) OIDplus::authUtils()->raLogout($email); |
| $ra = new OIDplusRA($email); |
| if (!$ra->existing()) { |
| throw new OIDplusException(_L('RA "%1" does not exist.',$email)); |
| } |
| $ra->delete(); |
| $ra = null; |
| $ra = new OIDplusRA($email); |
| if (!$ra->existing()) { |
| throw new OIDplusException(_L('RA "%1" does not exist.',$email)); |
| } |
| $ra->delete(); |
| $ra = null; |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "RA '%1' deleted", $email); |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "RA '%1' deleted", $email); |
| return array("status" => 0); |
| } |
| return array("status" => 0); |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'delete_ra') { |
| return $this->action_Delete($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| } |
| /** |
| /trunk/plugins/viathinksoft/publicPages/090_login/OIDplusPagePublicLogin.class.php |
|---|
| 26,90 → 26,116 |
| class OIDplusPagePublicLogin extends OIDplusPagePluginPublic { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| // === RA LOGIN/LOGOUT === |
| private function action_RaLogin(array $params): array { |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| if ($actionID == 'ra_login') { |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'password'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'password'); |
| $email = $params['email']; |
| $ra = new OIDplusRA($email); |
| $email = $params['email']; |
| $ra = new OIDplusRA($email); |
| if (empty($email)) { |
| throw new OIDplusException(_L('Please enter a valid email address')); |
| } |
| if (empty($email)) { |
| throw new OIDplusException(_L('Please enter a valid email address')); |
| } |
| if ($ra->checkPassword($params['password'])) { |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| OIDplus::authUtils()->raLoginEx($email, $remember_me, 'Regular login'); |
| if ($ra->checkPassword($params['password'])) { |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| OIDplus::authUtils()->raLoginEx($email, $remember_me, 'Regular login'); |
| $authInfo = OIDplus::authUtils()->raGeneratePassword($params['password']); |
| $authInfo = OIDplus::authUtils()->raGeneratePassword($params['password']); |
| // Rehash, so that we always have the latest default auth plugin and params |
| // Note that we do it every time (unlike PHPs recommended password_needs_rehash), |
| // because we are not sure which auth plugin created the hash (there might be multiple |
| // auth plugins that can verify this hash). So we just rehash on every login! |
| $new_authkey = $authInfo->getAuthKey(); |
| // Rehash, so that we always have the latest default auth plugin and params |
| // Note that we do it every time (unlike PHPs recommended password_needs_rehash), |
| // because we are not sure which auth plugin created the hash (there might be multiple |
| // auth plugins that can verify this hash). So we just rehash on every login! |
| $new_authkey = $authInfo->getAuthKey(); |
| OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate().", authkey = ? where email = ?", array($new_authkey, $email)); |
| OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate().", authkey = ? where email = ?", array($new_authkey, $email)); |
| return array("status" => 0); |
| } else { |
| if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
| if ($ra->existing()) { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' (wrong password)", $email); |
| } else { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' (RA not existing)", $email); |
| } |
| return array("status" => 0); |
| } else { |
| if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
| if ($ra->existing()) { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' (wrong password)", $email); |
| } else { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' (RA not existing)", $email); |
| } |
| throw new OIDplusException(_L('Wrong password or user not registered')); |
| } |
| throw new OIDplusException(_L('Wrong password or user not registered')); |
| } |
| } |
| } else if ($actionID == 'ra_logout') { |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_RaLogout(array $params): array { |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| $email = $params['email']; |
| OIDplus::authUtils()->raLogoutEx($email); |
| OIDplus::authUtils()->raLogoutEx($email); |
| return array("status" => 0); |
| } |
| return array("status" => 0); |
| } |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_AdminLogin(array $params): array { |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| // === ADMIN LOGIN/LOGOUT === |
| _CheckParamExists($params, 'password'); |
| if (OIDplus::authUtils()->adminCheckPassword($params['password'])) { |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| OIDplus::authUtils()->adminLoginEx($remember_me, 'Regular login'); |
| else if ($actionID == 'admin_login') { |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| // TODO: Write a "last login" entry in config table? |
| _CheckParamExists($params, 'password'); |
| if (OIDplus::authUtils()->adminCheckPassword($params['password'])) { |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| OIDplus::authUtils()->adminLoginEx($remember_me, 'Regular login'); |
| // TODO: Write a "last login" entry in config table? |
| return array("status" => 0); |
| } else { |
| if (OIDplus::config()->getValue('log_failed_admin_logins', false)) { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to admin account"); |
| } |
| throw new OIDplusException(_L('Wrong password')); |
| return array("status" => 0); |
| } else { |
| if (OIDplus::config()->getValue('log_failed_admin_logins', false)) { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to admin account"); |
| } |
| throw new OIDplusException(_L('Wrong password')); |
| } |
| else if ($actionID == 'admin_logout') { |
| OIDplus::authUtils()->adminLogoutEx(); |
| } |
| return array("status" => 0); |
| } |
| else { |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_AdminLogout(array $params): array { |
| OIDplus::authUtils()->adminLogoutEx(); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'ra_login') { |
| return $this->action_RaLogin($params); |
| } else if ($actionID == 'ra_logout') { |
| return $this->action_RaLogout($params); |
| } else if ($actionID == 'admin_login') { |
| return $this->action_AdminLogin($params); |
| } else if ($actionID == 'admin_logout') { |
| return $this->action_AdminLogout($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| } |
| /trunk/plugins/viathinksoft/publicPages/091_forgot_password/OIDplusPagePublicForgotPassword.class.php |
|---|
| 26,65 → 26,83 |
| class OIDplusPagePublicForgotPassword extends OIDplusPagePluginPublic { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'forgot_password') { |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| private function action_Request(array $params): array { |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('Invalid email address')); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('Invalid email address')); |
| } |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| OIDplus::logger()->log("V2:[WARN]RA(%1)", "A new password for '%1' was requested (forgot password)", $email); |
| OIDplus::logger()->log("V2:[WARN]RA(%1)", "A new password for '%1' was requested (forgot password)", $email); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email])); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email])); |
| $message = $this->getForgotPasswordText($params['email']); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| $message = $this->getForgotPasswordText($params['email']); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Password reset request', $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Password reset request', $message); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| } else if ($actionID == 'reset_password') { |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| private function action_Activate(array $params): array { |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'auth'); |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'auth'); |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $email = $params['email']; |
| $auth = $params['auth']; |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $email = $params['email']; |
| $auth = $params['auth']; |
| if (!OIDplus::authUtils()->validateAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_pwd_reset_time',-1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| if (!OIDplus::authUtils()->validateAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_pwd_reset_time',-1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has reset his password (forgot passwort)", $email); |
| OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has reset his password (forgot passwort)", $email); |
| $ra = new OIDplusRA($email); |
| $ra->change_password($password1); |
| $ra = new OIDplusRA($email); |
| $ra->change_password($password1); |
| return array("status" => 0); |
| } |
| return array("status" => 0); |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'forgot_password') { |
| return $this->action_Request($params); |
| } else if ($actionID == 'reset_password') { |
| return $this->action_Activate($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/publicPages/095_attachments/OIDplusPagePublicAttachments.class.php |
|---|
| 174,130 → 174,123 |
| return OIDplus::config()->getValue('attachments_allow_ra_upload', 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| private function action_Delete(array $params): array { |
| _CheckParamExists($params, 'id'); |
| $id = $params['id']; |
| $obj = OIDplusObject::parse($id); |
| if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| if (!$obj->userHasWriteRights()) throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA of "%1" to upload an attachment.',$id), null, 401); |
| if ($actionID == 'deleteAttachment') { |
| _CheckParamExists($params, 'id'); |
| $id = $params['id']; |
| $obj = OIDplusObject::parse($id); |
| if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| if (!$obj->userHasWriteRights()) throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA of "%1" to upload an attachment.',$id), null, 401); |
| if (!OIDplus::authUtils()->isAdminLoggedIn() && !$this->raMayDelete()) { |
| throw new OIDplusException(_L('The administrator has disabled deleting attachments by RAs.')); |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn() && !$this->raMayDelete()) { |
| throw new OIDplusException(_L('The administrator has disabled deleting attachments by RAs.')); |
| } |
| _CheckParamExists($params, 'filename'); |
| $req_filename = $params['filename']; |
| if (strpos($req_filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
| _CheckParamExists($params, 'filename'); |
| $req_filename = $params['filename']; |
| if (strpos($req_filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
| $uploaddir = self::getUploadDir($id); |
| $uploadfile = $uploaddir . DIRECTORY_SEPARATOR . basename($req_filename); |
| $uploaddir = self::getUploadDir($id); |
| $uploadfile = $uploaddir . DIRECTORY_SEPARATOR . basename($req_filename); |
| if (!file_exists($uploadfile)) throw new OIDplusException(_L('File does not exist')); |
| @unlink($uploadfile); |
| if (file_exists($uploadfile)) { |
| OIDplus::logger()->log("V2:[ERR]OID(%1)+[ERR]A", "Attachment file '%2' could not be deleted from object '%1' (problem with permissions?)", $id, basename($uploadfile)); |
| $msg = _L('Attachment file "%1" could not be deleted from object "%2" (problem with permissions?)',basename($uploadfile),$id); |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException($msg); |
| } else { |
| throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
| } |
| if (!file_exists($uploadfile)) throw new OIDplusException(_L('File does not exist')); |
| @unlink($uploadfile); |
| if (file_exists($uploadfile)) { |
| OIDplus::logger()->log("V2:[ERR]OID(%1)+[ERR]A", "Attachment file '%2' could not be deleted from object '%1' (problem with permissions?)", $id, basename($uploadfile)); |
| $msg = _L('Attachment file "%1" could not be deleted from object "%2" (problem with permissions?)',basename($uploadfile),$id); |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException($msg); |
| } else { |
| // If it was the last file, delete the empty directory |
| $ary = @glob($uploaddir . DIRECTORY_SEPARATOR . '*'); |
| if (is_array($ary) && (count($ary) == 0)) @rmdir($uploaddir); |
| throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
| } |
| } else { |
| // If it was the last file, delete the empty directory |
| $ary = @glob($uploaddir . DIRECTORY_SEPARATOR . '*'); |
| if (is_array($ary) && (count($ary) == 0)) @rmdir($uploaddir); |
| } |
| OIDplus::logger()->log("V2:[OK]OID(%1)+[OK/INFO]OIDRA(%1)+[OK/INFO]A", "Deleted attachment '%2' from object '%1'", $id, basename($uploadfile)); |
| OIDplus::logger()->log("V2:[OK]OID(%1)+[OK/INFO]OIDRA(%1)+[OK/INFO]A", "Deleted attachment '%2' from object '%1'", $id, basename($uploadfile)); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| } else if ($actionID == 'uploadAttachment') { |
| _CheckParamExists($params, 'id'); |
| $id = $params['id']; |
| $obj = OIDplusObject::parse($id); |
| if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| if (!$obj->userHasWriteRights()) throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA of "%1" to upload an attachment.',$id), null, 401); |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_Upload(array $params): array { |
| _CheckParamExists($params, 'id'); |
| $id = $params['id']; |
| $obj = OIDplusObject::parse($id); |
| if (!$obj) throw new OIDplusException(_L('Invalid object "%1"',$id)); |
| if (!$obj->userHasWriteRights()) throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA of "%1" to upload an attachment.',$id), null, 401); |
| if (!OIDplus::authUtils()->isAdminLoggedIn() && !$this->raMayUpload()) { |
| throw new OIDplusException(_L('The administrator has disabled uploading attachments by RAs.')); |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn() && !$this->raMayUpload()) { |
| throw new OIDplusException(_L('The administrator has disabled uploading attachments by RAs.')); |
| } |
| if (!isset($_FILES['userfile'])) { |
| throw new OIDplusException(_L('Please choose a file.')); |
| } |
| if (!isset($_FILES['userfile'])) { |
| throw new OIDplusException(_L('Please choose a file.')); |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| $fname = basename($_FILES['userfile']['name']); |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| $fname = basename($_FILES['userfile']['name']); |
| // 1. If something is on the blacklist, we always block it, even if it is on the whitelist, too |
| $banned = explode(',', OIDplus::config()->getValue('attachments_block_extensions', '')); |
| foreach ($banned as $ext) { |
| $ext = trim($ext); |
| if ($ext == '') continue; |
| if (strtolower(substr($fname, -strlen($ext)-1)) == strtolower('.'.$ext)) { |
| throw new OIDplusException(_L('The file extension "%1" is banned by the administrator (it can be uploaded by the administrator though)',$ext)); |
| } |
| // 1. If something is on the blacklist, we always block it, even if it is on the whitelist, too |
| $banned = explode(',', OIDplus::config()->getValue('attachments_block_extensions', '')); |
| foreach ($banned as $ext) { |
| $ext = trim($ext); |
| if ($ext == '') continue; |
| if (strtolower(substr($fname, -strlen($ext)-1)) == strtolower('.'.$ext)) { |
| throw new OIDplusException(_L('The file extension "%1" is banned by the administrator (it can be uploaded by the administrator though)',$ext)); |
| } |
| } |
| // 2. Something on the whitelist is always OK |
| $allowed = explode(',', OIDplus::config()->getValue('attachments_allow_extensions', '')); |
| $is_whitelisted = false; |
| foreach ($allowed as $ext) { |
| $ext = trim($ext); |
| if ($ext == '') continue; |
| if (strtolower(substr($fname, -strlen($ext)-1)) == strtolower('.'.$ext)) { |
| $is_whitelisted = true; |
| break; |
| } |
| // 2. Something on the whitelist is always OK |
| $allowed = explode(',', OIDplus::config()->getValue('attachments_allow_extensions', '')); |
| $is_whitelisted = false; |
| foreach ($allowed as $ext) { |
| $ext = trim($ext); |
| if ($ext == '') continue; |
| if (strtolower(substr($fname, -strlen($ext)-1)) == strtolower('.'.$ext)) { |
| $is_whitelisted = true; |
| break; |
| } |
| } |
| // 3. For everything that is neither whitelisted, nor blacklisted, the admin can decide if these grey zone is allowed or blocked |
| if (!$is_whitelisted) { |
| if (!OIDplus::config()->getValue('attachments_allow_grey_extensions', '1')) { |
| $tmp = explode('.', $fname); |
| $ext = array_pop($tmp); |
| throw new OIDplusException(_L('The file extension "%1" is not on the whitelist (it can be uploaded by the administrator though)',$ext)); |
| } |
| // 3. For everything that is neither whitelisted, nor blacklisted, the admin can decide if these grey zone is allowed or blocked |
| if (!$is_whitelisted) { |
| if (!OIDplus::config()->getValue('attachments_allow_grey_extensions', '1')) { |
| $tmp = explode('.', $fname); |
| $ext = array_pop($tmp); |
| throw new OIDplusException(_L('The file extension "%1" is not on the whitelist (it can be uploaded by the administrator though)',$ext)); |
| } |
| } |
| } |
| $req_filename = $_FILES['userfile']['name']; |
| if (strpos($req_filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
| $req_filename = $_FILES['userfile']['name']; |
| if (strpos($req_filename, '/') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '\\') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, '..') !== false) throw new OIDplusException(_L('Illegal file name')); |
| if (strpos($req_filename, chr(0)) !== false) throw new OIDplusException(_L('Illegal file name')); |
| $uploaddir = self::getUploadDir($id); |
| $uploadfile = $uploaddir . DIRECTORY_SEPARATOR . basename($req_filename); |
| $uploaddir = self::getUploadDir($id); |
| $uploadfile = $uploaddir . DIRECTORY_SEPARATOR . basename($req_filename); |
| if (!is_dir($uploaddir)) { |
| @mkdir($uploaddir, 0777, true); |
| if (!is_dir($uploaddir)) { |
| @mkdir($uploaddir, 0777, true); |
| if (!is_dir($uploaddir)) { |
| OIDplus::logger()->log("V2:[ERR]OID(%1)+[ERR]A", "Upload attachment '%2' to object '%1' failed: Cannot create directory '%3' (problem with permissions?)", $id, basename($uploadfile), basename($uploaddir)); |
| $msg = _L('Upload attachment "%1" to object "%2" failed',basename($uploadfile),$id).': '._L('Cannot create directory "%1" (problem with permissions?)',basename($uploaddir)); |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException($msg); |
| } else { |
| throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
| } |
| } |
| } |
| if (!@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { |
| OIDplus::logger()->log("V2:[ERR]OID(%1)+[ERR]A", "Upload attachment '%2' to object '%1' failed: Cannot move uploaded file into directory (problem with permissions?)", $id, basename($uploadfile)); |
| $msg = _L('Upload attachment "%1" to object "%2" failed',basename($uploadfile),$id).': '._L('Cannot move uploaded file into directory (problem with permissions?)'); |
| OIDplus::logger()->log("V2:[ERR]OID(%1)+[ERR]A", "Upload attachment '%2' to object '%1' failed: Cannot create directory '%3' (problem with permissions?)", $id, basename($uploadfile), basename($uploaddir)); |
| $msg = _L('Upload attachment "%1" to object "%2" failed',basename($uploadfile),$id).': '._L('Cannot create directory "%1" (problem with permissions?)',basename($uploaddir)); |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException($msg); |
| } else { |
| 304,10 → 297,34 |
| throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
| } |
| } |
| } |
| OIDplus::logger()->log("V2:[OK]OID(%1)+[OK/INFO]OIDRA(%1)+[OK/INFO]A", "Uploaded attachment '%2' to object '%1'", $id, basename($uploadfile)); |
| if (!@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { |
| OIDplus::logger()->log("V2:[ERR]OID(%1)+[ERR]A", "Upload attachment '%2' to object '%1' failed: Cannot move uploaded file into directory (problem with permissions?)", $id, basename($uploadfile)); |
| $msg = _L('Upload attachment "%1" to object "%2" failed',basename($uploadfile),$id).': '._L('Cannot move uploaded file into directory (problem with permissions?)'); |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException($msg); |
| } else { |
| throw new OIDplusException($msg.'. '._L('Please contact the system administrator.')); |
| } |
| } |
| return array("status" => 0); |
| OIDplus::logger()->log("V2:[OK]OID(%1)+[OK/INFO]OIDRA(%1)+[OK/INFO]A", "Uploaded attachment '%2' to object '%1'", $id, basename($uploadfile)); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'deleteAttachment') { |
| return $this->action_Delete($params); |
| } else if ($actionID == 'uploadAttachment') { |
| return $this->action_Upload($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/publicPages/200_viathinksoft_freeoid/OIDplusPagePublicFreeOID.class.php |
|---|
| 55,148 → 55,169 |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| private function action_Request(array $params): array { |
| if (empty(self::getFreeRootOid(false))) throw new OIDplusException(_L('FreeOID service not available. Please ask your administrator.')); |
| if ($actionID == 'request_freeoid') { |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| if ($already_registered_oid = $this->alreadyHasFreeOid($email, true)) { |
| throw new OIDplusHtmlException(_L('This email address already has a FreeOID registered (%1)', '<a '.OIDplus::gui()->link($already_registered_oid).'>'.htmlentities($already_registered_oid).'</a>')); |
| } |
| if ($already_registered_oid = $this->alreadyHasFreeOid($email, true)) { |
| throw new OIDplusHtmlException(_L('This email address already has a FreeOID registered (%1)', '<a '.OIDplus::gui()->link($already_registered_oid).'>'.htmlentities($already_registered_oid).'</a>')); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('Invalid email address')); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('Invalid email address')); |
| } |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| $root_oid = self::getFreeRootOid(false); |
| OIDplus::logger()->log("V2:[INFO]OID(oid:%1)+RA(%2)", "Requested a free OID for email '%2' to be placed into root '%1'", $root_oid, $email); |
| $root_oid = self::getFreeRootOid(false); |
| OIDplus::logger()->log("V2:[INFO]OID(oid:%1)+RA(%2)", "Requested a free OID for email '%2' to be placed into root '%1'", $root_oid, $email); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:com.viathinksoft.freeoid.activate_freeoid$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email])); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:com.viathinksoft.freeoid.activate_freeoid$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email])); |
| $message = file_get_contents(__DIR__ . '/request_msg.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| $message = file_get_contents(__DIR__ . '/request_msg.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Free OID request', $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Free OID request', $message); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| } else if ($actionID == 'activate_freeoid') { |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'auth'); |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| private function action_Activate(array $params): array { |
| if (empty(self::getFreeRootOid(false))) throw new OIDplusException(_L('FreeOID service not available. Please ask your administrator.')); |
| $email = $params['email']; |
| $auth = $params['auth']; |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'auth'); |
| if (!OIDplus::authUtils()->validateAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time', -1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| $email = $params['email']; |
| $auth = $params['auth']; |
| // 1. step: Check entered data and add the RA to the database |
| if (!OIDplus::authUtils()->validateAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time', -1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| $ra = new OIDplusRA($email); |
| if (!$ra->existing()) { |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'ra_name'); |
| // 1. step: Check entered data and add the RA to the database |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $ra_name = $params['ra_name']; |
| $ra = new OIDplusRA($email); |
| if (!$ra->existing()) { |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'ra_name'); |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $ra_name = $params['ra_name']; |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if (empty($ra_name)) { |
| throw new OIDplusException(_L('Please enter your personal name or the name of your group.')); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| $ra->register_ra($password1); |
| $ra->setRaName($ra_name); |
| } else { |
| // RA already exists (e.g. was logged in using Google OAuth) |
| $ra_name = $ra->raName(); |
| if (empty($ra_name)) { |
| throw new OIDplusException(_L('Please enter your personal name or the name of your group.')); |
| } |
| // 2. step: Add the new OID to the database |
| $ra->register_ra($password1); |
| $ra->setRaName($ra_name); |
| } else { |
| // RA already exists (e.g. was logged in using Google OAuth) |
| $ra_name = $ra->raName(); |
| } |
| $url = $params['url'] ?? ''; |
| $title = $params['title'] ?? ''; |
| // 2. step: Add the new OID to the database |
| $root_oid = self::getFreeRootOid(false); |
| $new_oid = OIDplusOid::parse('oid:'.$root_oid)->appendArcs($this->freeoid_max_id()+1)->nodeId(false); |
| $url = $params['url'] ?? ''; |
| $title = $params['title'] ?? ''; |
| OIDplus::logger()->log("V2:[INFO]OID(oid:%2)+OIDRA(oid:%2)", "Child OID '%1' added automatically by '%3' (RA Name: '%4')", $new_oid, $root_oid, $email, $ra_name); |
| OIDplus::logger()->log("V2:[INFO]OID(oid:%1)+[OK]RA(%3)", "Free OID '%1' activated (RA Name: '%4')", $new_oid, $root_oid, $email, $ra_name); |
| $root_oid = self::getFreeRootOid(false); |
| $new_oid = OIDplusOid::parse('oid:'.$root_oid)->appendArcs($this->freeoid_max_id()+1)->nodeId(false); |
| if ((!empty($url)) && (substr($url, 0, 4) != 'http')) $url = 'http://'.$url; |
| OIDplus::logger()->log("V2:[INFO]OID(oid:%2)+OIDRA(oid:%2)", "Child OID '%1' added automatically by '%3' (RA Name: '%4')", $new_oid, $root_oid, $email, $ra_name); |
| OIDplus::logger()->log("V2:[INFO]OID(oid:%1)+[OK]RA(%3)", "Free OID '%1' activated (RA Name: '%4')", $new_oid, $root_oid, $email, $ra_name); |
| $description = ''; // '<p>'.htmlentities($ra_name).'</p>'; |
| if (!empty($url)) { |
| $description .= '<p>'._L('More information at %1','<a href="'.htmlentities($url).'">'.htmlentities($url).'</a>').'</p>'; |
| } |
| if ((!empty($url)) && (substr($url, 0, 4) != 'http')) $url = 'http://'.$url; |
| if (empty($title)) $title = $ra_name; |
| $description = ''; // '<p>'.htmlentities($ra_name).'</p>'; |
| if (!empty($url)) { |
| $description .= '<p>'._L('More information at %1','<a href="'.htmlentities($url).'">'.htmlentities($url).'</a>').'</p>'; |
| } |
| try { |
| $maxlen = OIDplus::baseConfig()->getValue('LIMITS_MAX_ID_LENGTH')-strlen('oid:'); |
| if (strlen($new_oid) > $maxlen) { |
| throw new OIDplusException(_L('The resulting OID %1 is too long (max allowed length: %2)',$new_oid,$maxlen)); |
| } |
| if (empty($title)) $title = $ra_name; |
| OIDplus::db()->query("insert into ###objects (id, ra_email, parent, title, description, confidential, created) values (?, ?, ?, ?, ?, ?, ".OIDplus::db()->sqlDate().")", array('oid:'.$new_oid, $email, self::getFreeRootOid(true), $title, $description, false)); |
| OIDplusObject::resetObjectInformationCache(); |
| } catch (\Exception $e) { |
| $ra->delete(); |
| throw $e; |
| try { |
| $maxlen = OIDplus::baseConfig()->getValue('LIMITS_MAX_ID_LENGTH')-strlen('oid:'); |
| if (strlen($new_oid) > $maxlen) { |
| throw new OIDplusException(_L('The resulting OID %1 is too long (max allowed length: %2)',$new_oid,$maxlen)); |
| } |
| // Send delegation report email to admin |
| OIDplus::db()->query("insert into ###objects (id, ra_email, parent, title, description, confidential, created) values (?, ?, ?, ?, ?, ?, ".OIDplus::db()->sqlDate().")", array('oid:'.$new_oid, $email, self::getFreeRootOid(true), $title, $description, false)); |
| OIDplusObject::resetObjectInformationCache(); |
| } catch (\Exception $e) { |
| $ra->delete(); |
| throw $e; |
| } |
| $message = "OID delegation report\n"; |
| $message .= "\n"; |
| $message .= "OID: ".$new_oid."\n"; |
| $message .= "\n"; |
| $message .= "RA Name: $ra_name\n"; |
| $message .= "RA eMail: $email\n"; |
| $message .= "URL for more information: $url\n"; |
| $message .= "OID Name: $title\n"; |
| $message .= "\n"; |
| $message .= "More details: ".OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL)."?goto=oid%3A$new_oid\n"; |
| // Send delegation report email to admin |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title')." - OID $new_oid registered", $message); |
| $message = "OID delegation report\n"; |
| $message .= "\n"; |
| $message .= "OID: ".$new_oid."\n"; |
| $message .= "\n"; |
| $message .= "RA Name: $ra_name\n"; |
| $message .= "RA eMail: $email\n"; |
| $message .= "URL for more information: $url\n"; |
| $message .= "OID Name: $title\n"; |
| $message .= "\n"; |
| $message .= "More details: ".OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL)."?goto=oid%3A$new_oid\n"; |
| // Send delegation information to user |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title')." - OID $new_oid registered", $message); |
| $message = file_get_contents(__DIR__ . '/allocated_msg.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{NEW_OID}}', $new_oid, $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Free OID allocated', $message); |
| // Send delegation information to user |
| return array( |
| "new_oid" => $new_oid, |
| "status" => 0 |
| ); |
| $message = file_get_contents(__DIR__ . '/allocated_msg.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{NEW_OID}}', $new_oid, $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Free OID allocated', $message); |
| return array( |
| "new_oid" => $new_oid, |
| "status" => 0 |
| ); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'request_freeoid') { |
| return $this->action_Request($params); |
| } else if ($actionID == 'activate_freeoid') { |
| return $this->action_Activate($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/publicPages/300_search/OIDplusPagePublicSearch.class.php |
|---|
| 164,6 → 164,16 |
| } |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| private function action_Search(array $params): array { |
| $ret = $this->doSearch($params); |
| return array("status" => 0, "output" => $ret); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| 170,15 → 180,11 |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'search') { |
| // Search with JavaScript/AJAX |
| $ret = $this->doSearch($params); |
| return array("status" => 0, "output" => $ret); |
| return $this->action_Search($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| } |
| /** |
| /trunk/plugins/viathinksoft/publicPages/800_login_ldap/OIDplusPagePublicLoginLDAP.class.php |
|---|
| 117,113 → 117,123 |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusConfigInitializationException |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'ra_login_ldap') { |
| if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
| throw new OIDplusException(_L('LDAP authentication is disabled on this system.')); |
| } |
| private function action_Login(array $params): array { |
| if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) { |
| throw new OIDplusException(_L('LDAP authentication is disabled on this system.')); |
| } |
| if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP')); |
| if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP')); |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'password'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'password'); |
| $upn = $params['email']; |
| $password = $params['password']; |
| $upn = $params['email']; |
| $password = $params['password']; |
| $domainNumber = $this->getDomainNumber($upn); |
| if ($domainNumber <= 0) { |
| throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)')); |
| } |
| $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber"; |
| $domainNumber = $this->getDomainNumber($upn); |
| if ($domainNumber <= 0) { |
| throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)')); |
| } |
| $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber"; |
| if (empty($upn)) { |
| throw new OIDplusException(_L('Please enter a valid username')); |
| } |
| if (empty($upn)) { |
| throw new OIDplusException(_L('Please enter a valid username')); |
| } |
| $ldap = new \VtsLDAPUtils(); |
| $ldap = new \VtsLDAPUtils(); |
| try { |
| try { |
| $cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix); |
| $cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389); |
| $cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix); |
| $cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix); |
| $cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389); |
| $cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix); |
| // Note: Will throw an Exception if connect fails |
| $ldap->connect($cfg_ldap_server, $cfg_ldap_port); |
| // Note: Will throw an Exception if connect fails |
| $ldap->connect($cfg_ldap_server, $cfg_ldap_port); |
| if (!$ldap->login($upn, $password)) { |
| if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn); |
| } |
| throw new OIDplusException(_L('Wrong password or user not registered')); |
| if (!$ldap->login($upn, $password)) { |
| if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
| OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn); |
| } |
| throw new OIDplusException(_L('Wrong password or user not registered')); |
| } |
| $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn); |
| $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn); |
| if (!$ldap_userinfo) { |
| throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix")); |
| } |
| if (!$ldap_userinfo) { |
| throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix")); |
| } |
| $foundSomething = false; |
| $foundSomething = false; |
| // --- |
| // --- |
| $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,''); |
| if (!empty($cfgAdminGroup)) { |
| $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup); |
| } else { |
| $isAdmin = false; |
| } |
| if ($isAdmin) { |
| $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,''); |
| if (!empty($cfgAdminGroup)) { |
| $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup); |
| } else { |
| $isAdmin = false; |
| } |
| if ($isAdmin) { |
| $foundSomething = true; |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login'); |
| } |
| // --- |
| $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,''); |
| if (!empty($cfgRaGroup)) { |
| $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup); |
| } else { |
| $isRA = true; |
| } |
| if ($isRA) { |
| if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) { |
| $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname'); |
| $foundSomething = true; |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login'); |
| $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
| } |
| // --- |
| $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,''); |
| if (!empty($cfgRaGroup)) { |
| $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup); |
| } else { |
| $isRA = true; |
| } |
| if ($isRA) { |
| if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) { |
| $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname'); |
| if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) { |
| $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail'); |
| foreach ($mails as $mail) { |
| $foundSomething = true; |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
| } |
| if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) { |
| $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail'); |
| foreach ($mails as $mail) { |
| $foundSomething = true; |
| $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| $this->doLoginRA($remember_me, $mail, $ldap_userinfo); |
| } |
| } |
| } |
| } finally { |
| $ldap->disconnect(); |
| $ldap = null; |
| } |
| if (!$foundSomething) { |
| throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration.")); |
| } |
| } finally { |
| $ldap->disconnect(); |
| $ldap = null; |
| } |
| return array("status" => 0); |
| if (!$foundSomething) { |
| throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration.")); |
| } |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusConfigInitializationException |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'ra_login_ldap') { |
| return $this->action_Login($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/raPages/092_invite/OIDplusPageRaInvite.class.php |
|---|
| 26,66 → 26,84 |
| class OIDplusPageRaInvite extends OIDplusPagePluginRa { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'invite_ra') { |
| $email = $params['email']; |
| private function action_Request(array $params): array { |
| $email = $params['email']; |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('Invalid email address')); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($email)) { |
| throw new OIDplusException(_L('Invalid email address')); |
| } |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| $this->inviteSecurityCheck($email); |
| // TODO: should we also log who has invited? |
| OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
| $this->inviteSecurityCheck($email); |
| // TODO: should we also log who has invited? |
| OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email])); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email])); |
| $message = $this->getInvitationText($email); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| $message = $this->getInvitationText($email); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message); |
| OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| } else if ($actionID == 'activate_ra') { |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| private function action_Activate(array $params): array { |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'auth'); |
| _CheckParamExists($params, 'password1'); |
| _CheckParamExists($params, 'password2'); |
| _CheckParamExists($params, 'email'); |
| _CheckParamExists($params, 'auth'); |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $email = $params['email']; |
| $auth = $params['auth']; |
| $password1 = $params['password1']; |
| $password2 = $params['password2']; |
| $email = $params['email']; |
| $auth = $params['auth']; |
| if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen)); |
| } |
| OIDplus::logger()->log("V2:[OK]RA(%1)", "RA '%1' has been registered due to invitation", $email); |
| OIDplus::logger()->log("V2:[OK]RA(%1)", "RA '%1' has been registered due to invitation", $email); |
| $ra = new OIDplusRA($email); |
| $ra->register_ra($password1); |
| $ra = new OIDplusRA($email); |
| $ra->register_ra($password1); |
| return array("status" => 0); |
| } |
| return array("status" => 0); |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'invite_ra') { |
| return $this->action_Request($params); |
| } else if ($actionID == 'activate_ra') { |
| return $this->action_Activate($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/raPages/100_edit_contact_data/OIDplusPageRaEditContactData.class.php |
|---|
| 26,54 → 26,63 |
| class OIDplusPageRaEditContactData extends OIDplusPagePluginRa { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'change_ra_data') { |
| _CheckParamExists($params, 'email'); |
| private function action_Update(array $params): array { |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| $email = $params['email']; |
| if (!OIDplus::authUtils()->isRaLoggedIn($email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its data.'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its data.'), null, 401); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('RA does not exist')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('RA does not exist')); |
| } |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "Changed RA '%1' contact data/details", $email); |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "Changed RA '%1' contact data/details", $email); |
| if (isset($params['ra_name'])) |
| OIDplus::db()->query("UPDATE ###ra SET ra_name = ? WHERE email = ?", array($params['ra_name'], $email)); |
| if (isset($params['organization'])) |
| OIDplus::db()->query("UPDATE ###ra SET organization = ? WHERE email = ?", array($params['organization'], $email)); |
| if (isset($params['office'])) |
| OIDplus::db()->query("UPDATE ###ra SET office = ? WHERE email = ?", array($params['office'], $email)); |
| if (isset($params['personal_name'])) |
| OIDplus::db()->query("UPDATE ###ra SET personal_name = ? WHERE email = ?", array($params['personal_name'], $email)); |
| if (isset($params['privacy'])) |
| OIDplus::db()->query("UPDATE ###ra SET privacy = ? WHERE email = ?", array($params['privacy'] == 'true', $email)); |
| if (isset($params['street'])) |
| OIDplus::db()->query("UPDATE ###ra SET street = ? WHERE email = ?", array($params['street'], $email)); |
| if (isset($params['zip_town'])) |
| OIDplus::db()->query("UPDATE ###ra SET zip_town = ? WHERE email = ?", array($params['zip_town'], $email)); |
| if (isset($params['country'])) |
| OIDplus::db()->query("UPDATE ###ra SET country = ? WHERE email = ?", array($params['country'], $email)); |
| if (isset($params['phone'])) |
| OIDplus::db()->query("UPDATE ###ra SET phone = ? WHERE email = ?", array($params['phone'], $email)); |
| if (isset($params['mobile'])) |
| OIDplus::db()->query("UPDATE ###ra SET mobile = ? WHERE email = ?", array($params['mobile'], $email)); |
| if (isset($params['fax'])) |
| OIDplus::db()->query("UPDATE ###ra SET fax = ? WHERE email = ?", array($params['fax'], $email)); |
| if (isset($params['ra_name'])) |
| OIDplus::db()->query("UPDATE ###ra SET ra_name = ? WHERE email = ?", array($params['ra_name'], $email)); |
| if (isset($params['organization'])) |
| OIDplus::db()->query("UPDATE ###ra SET organization = ? WHERE email = ?", array($params['organization'], $email)); |
| if (isset($params['office'])) |
| OIDplus::db()->query("UPDATE ###ra SET office = ? WHERE email = ?", array($params['office'], $email)); |
| if (isset($params['personal_name'])) |
| OIDplus::db()->query("UPDATE ###ra SET personal_name = ? WHERE email = ?", array($params['personal_name'], $email)); |
| if (isset($params['privacy'])) |
| OIDplus::db()->query("UPDATE ###ra SET privacy = ? WHERE email = ?", array($params['privacy'] == 'true', $email)); |
| if (isset($params['street'])) |
| OIDplus::db()->query("UPDATE ###ra SET street = ? WHERE email = ?", array($params['street'], $email)); |
| if (isset($params['zip_town'])) |
| OIDplus::db()->query("UPDATE ###ra SET zip_town = ? WHERE email = ?", array($params['zip_town'], $email)); |
| if (isset($params['country'])) |
| OIDplus::db()->query("UPDATE ###ra SET country = ? WHERE email = ?", array($params['country'], $email)); |
| if (isset($params['phone'])) |
| OIDplus::db()->query("UPDATE ###ra SET phone = ? WHERE email = ?", array($params['phone'], $email)); |
| if (isset($params['mobile'])) |
| OIDplus::db()->query("UPDATE ###ra SET mobile = ? WHERE email = ?", array($params['mobile'], $email)); |
| if (isset($params['fax'])) |
| OIDplus::db()->query("UPDATE ###ra SET fax = ? WHERE email = ?", array($params['fax'], $email)); |
| OIDplus::db()->query("UPDATE ###ra SET updated = ".OIDplus::db()->sqlDate()." WHERE email = ?", array($email)); |
| OIDplus::db()->query("UPDATE ###ra SET updated = ".OIDplus::db()->sqlDate()." WHERE email = ?", array($email)); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'change_ra_data') { |
| return $this->action_Update($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/raPages/101_change_password/OIDplusPageRaChangePassword.class.php |
|---|
| 26,62 → 26,71 |
| class OIDplusPageRaChangePassword extends OIDplusPagePluginRa { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'change_ra_password') { |
| _CheckParamExists($params, 'email'); |
| private function action_Update(array $params): array { |
| _CheckParamExists($params, 'email'); |
| $email = $params['email']; |
| $email = $params['email']; |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('RA does not exist')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('RA does not exist')); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its data.'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its data.'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| _CheckParamExists($params, 'old_password'); |
| $old_password = $params['old_password']; |
| } else { |
| $old_password = ''; |
| } |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| _CheckParamExists($params, 'old_password'); |
| $old_password = $params['old_password']; |
| } else { |
| $old_password = ''; |
| } |
| _CheckParamExists($params, 'new_password1'); |
| _CheckParamExists($params, 'new_password2'); |
| _CheckParamExists($params, 'new_password1'); |
| _CheckParamExists($params, 'new_password2'); |
| $password1 = $params['new_password1']; |
| $password2 = $params['new_password2']; |
| $password1 = $params['new_password1']; |
| $password2 = $params['new_password2']; |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if ($password1 !== $password2) { |
| throw new OIDplusException(_L('Passwords do not match')); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('New password is too short. Minimum password length: %1',$minlen)); |
| } |
| if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| $minlen = OIDplus::config()->getValue('ra_min_password_length'); |
| throw new OIDplusException(_L('New password is too short. Minimum password length: %1',$minlen)); |
| } |
| $ra = new OIDplusRA($email); |
| if (!$ra->isPasswordLess()) { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| if (!$ra->checkPassword($old_password)) { |
| throw new OIDplusException(_L('Old password incorrect')); |
| } |
| $ra = new OIDplusRA($email); |
| if (!$ra->isPasswordLess()) { |
| if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
| if (!$ra->checkPassword($old_password)) { |
| throw new OIDplusException(_L('Old password incorrect')); |
| } |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "Password of RA '%1' changed", $email); |
| } else { |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "Password of RA '%1' created", $email); |
| } |
| $ra->change_password($password1); |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "Password of RA '%1' changed", $email); |
| } else { |
| OIDplus::logger()->log("V2:[OK/WARN]RA(%1)+[OK/INFO]A", "Password of RA '%1' created", $email); |
| } |
| $ra->change_password($password1); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'change_ra_password') { |
| return $this->action_Update($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/raPages/102_change_email/OIDplusPageRaChangeEMail.class.php |
|---|
| 26,141 → 26,58 |
| class OIDplusPageRaChangeEMail extends OIDplusPagePluginRa { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'change_ra_email') { |
| if (!OIDplus::config()->getValue('allow_ra_email_change') && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('This functionality has been disabled by the administrator.')); |
| } |
| private function action_Request(array $params): array { |
| if (!OIDplus::config()->getValue('allow_ra_email_change') && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('This functionality has been disabled by the administrator.')); |
| } |
| _CheckParamExists($params, 'old_email'); |
| _CheckParamExists($params, 'new_email'); |
| _CheckParamExists($params, 'old_email'); |
| _CheckParamExists($params, 'new_email'); |
| $old_email = $params['old_email']; |
| $new_email = $params['new_email']; |
| $old_email = $params['old_email']; |
| $new_email = $params['new_email']; |
| $ra = new OIDplusRA($old_email); |
| if ($ra->isPasswordLess() && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password')); |
| } |
| $ra = new OIDplusRA($old_email); |
| if ($ra->isPasswordLess() && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password')); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($old_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its email address.'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($old_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('Authentication error. Please log in as admin, or as the RA to update its email address.'), null, 401); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($new_email)) { |
| throw new OIDplusException(_L('eMail address is invalid.')); |
| } |
| if (!OIDplus::mailUtils()->validMailAddress($new_email)) { |
| throw new OIDplusException(_L('eMail address is invalid.')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('eMail address does not exist anymore. It was probably already changed.')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('eMail address does not exist anymore. It was probably already changed.')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($new_email)); |
| if ($res->any()) { |
| throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
| } |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| $ra_was_logged_in = OIDplus::authUtils()->isRaLoggedIn($old_email); |
| $ra = new OIDplusRA($old_email); |
| // Change RA email |
| $ra->change_email($new_email); |
| OIDplus::logger()->log("V2:[WARN]RA(%1)+[INFO]RA(%2)+[OK]A", "Admin changed email address '%1' to '%2'", $old_email, $new_email); |
| // Change objects |
| $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($old_email)); |
| while ($row = $res->fetch_array()) { |
| OIDplus::logger()->log("V2:[INFO]OID(%1)+SUPOID(%1)", "Admin changed email address of RA '%2' (owner of %1) to '%3'", $row['id'], $old_email, $new_email); |
| } |
| OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
| OIDplusObject::resetObjectInformationCache(); |
| // Re-login |
| if ($ra_was_logged_in) { |
| OIDplus::authUtils()->raLogout($old_email); |
| OIDplus::authUtils()->raLogin($new_email); |
| } |
| return array("status" => 0); |
| } else { |
| OIDplus::logger()->log("V2:[INFO]RA(%1)+RA(%2)", "Requested email address change from '%1' to '%2'", $old_email, $new_email); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_new_ra_email$'.$old_email.'$'.$new_email.'$'.OIDplus::authUtils()->makeAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email])); |
| $message = file_get_contents(__DIR__ . '/change_request_email.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{OLD_EMAIL}}', $old_email, $message); |
| $message = str_replace('{{NEW_EMAIL}}', $new_email, $message); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| OIDplus::mailUtils()->sendMail($new_email, OIDplus::config()->getValue('system_title').' - Change email request', $message); |
| return array("status" => 0); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($new_email)); |
| if ($res->any()) { |
| throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
| } |
| else if ($actionID == 'activate_new_ra_email') { |
| if (!OIDplus::config()->getValue('allow_ra_email_change')) { |
| throw new OIDplusException(_L('This functionality has been disabled by the administrator.')); |
| } |
| _CheckParamExists($params, 'old_email'); |
| _CheckParamExists($params, 'new_email'); |
| _CheckParamExists($params, 'password'); |
| _CheckParamExists($params, 'auth'); |
| $old_email = $params['old_email']; |
| $new_email = $params['new_email']; |
| $password = $params['password']; |
| $auth = $params['auth']; |
| if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| $ra_was_logged_in = OIDplus::authUtils()->isRaLoggedIn($old_email); |
| $ra = new OIDplusRA($old_email); |
| if ($ra->isPasswordLess() && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password')); |
| } |
| if (!OIDplus::authUtils()->validateAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email], $auth, OIDplus::config()->getValue('max_ra_email_change_time', -1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('eMail address does not exist anymore. It was probably already changed.')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($new_email)); |
| if ($res->any()) { |
| throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
| } |
| $ra = new OIDplusRA($old_email); |
| if (!$ra->isPasswordLess()) { |
| if (!$ra->checkPassword($password)) { |
| throw new OIDplusException(_L('Wrong password')); |
| } |
| } |
| // Change address of RA |
| // Change RA email |
| $ra->change_email($new_email); |
| OIDplus::logger()->log("V2:[OK]RA(%2)+RA(%1)", "RA '%1' has changed their email address to '%2'", $old_email, $new_email); |
| OIDplus::logger()->log("V2:[WARN]RA(%1)+[INFO]RA(%2)+[OK]A", "Admin changed email address '%1' to '%2'", $old_email, $new_email); |
| // Change objects |
| $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($old_email)); |
| while ($row = $res->fetch_array()) { |
| OIDplus::logger()->log("V2:[INFO]OID(%1)+SUPOID(%1)", "RA '%2' (owner of %1) has changed their email address to '%3'", $row['id'], $old_email, $new_email); |
| OIDplus::logger()->log("V2:[INFO]OID(%1)+SUPOID(%1)", "Admin changed email address of RA '%2' (owner of %1) to '%3'", $row['id'], $old_email, $new_email); |
| } |
| OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
| OIDplusObject::resetObjectInformationCache(); |
| 171,16 → 88,117 |
| OIDplus::authUtils()->raLogin($new_email); |
| } |
| // Send email |
| $message = file_get_contents(__DIR__ . '/email_change_confirmation.tpl'); |
| return array("status" => 0); |
| } else { |
| OIDplus::logger()->log("V2:[INFO]RA(%1)+RA(%2)", "Requested email address change from '%1' to '%2'", $old_email, $new_email); |
| $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_new_ra_email$'.$old_email.'$'.$new_email.'$'.OIDplus::authUtils()->makeAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email])); |
| $message = file_get_contents(__DIR__ . '/change_request_email.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{OLD_EMAIL}}', $old_email, $message); |
| $message = str_replace('{{NEW_EMAIL}}', $new_email, $message); |
| OIDplus::mailUtils()->sendMail($old_email, OIDplus::config()->getValue('system_title').' - eMail address changed', $message); |
| $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| OIDplus::mailUtils()->sendMail($new_email, OIDplus::config()->getValue('system_title').' - Change email request', $message); |
| return array("status" => 0); |
| } |
| } |
| /** |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| private function action_Activate(array $params): array { |
| if (!OIDplus::config()->getValue('allow_ra_email_change')) { |
| throw new OIDplusException(_L('This functionality has been disabled by the administrator.')); |
| } |
| _CheckParamExists($params, 'old_email'); |
| _CheckParamExists($params, 'new_email'); |
| _CheckParamExists($params, 'password'); |
| _CheckParamExists($params, 'auth'); |
| $old_email = $params['old_email']; |
| $new_email = $params['new_email']; |
| $password = $params['password']; |
| $auth = $params['auth']; |
| $ra_was_logged_in = OIDplus::authUtils()->isRaLoggedIn($old_email); |
| $ra = new OIDplusRA($old_email); |
| if ($ra->isPasswordLess() && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password')); |
| } |
| if (!OIDplus::authUtils()->validateAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email], $auth, OIDplus::config()->getValue('max_ra_email_change_time', -1))) { |
| throw new OIDplusException(_L('Invalid or expired authentication key')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email)); |
| if (!$res->any()) { |
| throw new OIDplusException(_L('eMail address does not exist anymore. It was probably already changed.')); |
| } |
| $res = OIDplus::db()->query("select * from ###ra where email = ?", array($new_email)); |
| if ($res->any()) { |
| throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.')); |
| } |
| $ra = new OIDplusRA($old_email); |
| if (!$ra->isPasswordLess()) { |
| if (!$ra->checkPassword($password)) { |
| throw new OIDplusException(_L('Wrong password')); |
| } |
| } |
| // Change address of RA |
| $ra->change_email($new_email); |
| OIDplus::logger()->log("V2:[OK]RA(%2)+RA(%1)", "RA '%1' has changed their email address to '%2'", $old_email, $new_email); |
| // Change objects |
| $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($old_email)); |
| while ($row = $res->fetch_array()) { |
| OIDplus::logger()->log("V2:[INFO]OID(%1)+SUPOID(%1)", "RA '%2' (owner of %1) has changed their email address to '%3'", $row['id'], $old_email, $new_email); |
| } |
| OIDplus::db()->query("update ###objects set ra_email = ? where ra_email = ?", array($new_email, $old_email)); |
| OIDplusObject::resetObjectInformationCache(); |
| // Re-login |
| if ($ra_was_logged_in) { |
| OIDplus::authUtils()->raLogout($old_email); |
| OIDplus::authUtils()->raLogin($new_email); |
| } |
| // Send email |
| $message = file_get_contents(__DIR__ . '/email_change_confirmation.tpl'); |
| $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| $message = str_replace('{{SYSTEM_TITLE}}', OIDplus::config()->getValue('system_title'), $message); |
| $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| $message = str_replace('{{OLD_EMAIL}}', $old_email, $message); |
| $message = str_replace('{{NEW_EMAIL}}', $new_email, $message); |
| OIDplus::mailUtils()->sendMail($old_email, OIDplus::config()->getValue('system_title').' - eMail address changed', $message); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| * @throws OIDplusMailException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'change_ra_email') { |
| return $this->action_Request($params); |
| } else if ($actionID == 'activate_new_ra_email') { |
| return $this->action_Activate($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/raPages/910_automated_ajax_calls/OIDplusPageRaAutomatedAJAXCalls.class.php |
|---|
| 29,30 → 29,39 |
| class OIDplusPageRaAutomatedAJAXCalls extends OIDplusPagePluginRa { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER')); |
| } |
| private function action_Blacklist(array $params): array { |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER')); |
| } |
| _CheckParamExists($params, 'user'); |
| $ra_email = $params['user']; |
| _CheckParamExists($params, 'user'); |
| $ra_email = $params['user']; |
| if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401); |
| } |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
| $sub = $ra_email; |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
| $sub = $ra_email; |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| return $this->action_Blacklist($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |
| /trunk/plugins/viathinksoft/raPages/911_rest_api/OIDplusPageRaRestApi.class.php |
|---|
| 29,30 → 29,39 |
| class OIDplusPageRaRestApi extends OIDplusPagePluginRa { |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_REST_USER', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_REST_USER')); |
| } |
| private function action_Blacklist(array $params): array { |
| if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_REST_USER', true)) { |
| throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_REST_USER')); |
| } |
| _CheckParamExists($params, 'user'); |
| $ra_email = $params['user']; |
| _CheckParamExists($params, 'user'); |
| $ra_email = $params['user']; |
| if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401); |
| } |
| if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401); |
| } |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_REST; |
| $sub = $ra_email; |
| $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_REST; |
| $sub = $ra_email; |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| return array("status" => 0); |
| return array("status" => 0); |
| } |
| /** |
| * @param string $actionID |
| * @param array $params |
| * @return array |
| * @throws OIDplusException |
| */ |
| public function action(string $actionID, array $params): array { |
| if ($actionID == 'blacklistJWT') { |
| return $this->action_Blacklist($params); |
| } else { |
| return parent::action($actionID, $params); |
| } |