Subversion Repositories oidplus

Compare Revisions

Regard whitespace Rev 1282 → Rev 1283

/trunk/plugins/frdl/publicPages/1276945_rdap/OIDplusRDAP.class.php
81,7 → 81,7
$cacheFile = $this->rdapCacheDir. 'rdap_'
.sha1(\get_current_user()
. $this->rdapBaseUri.__FILE__.$query
.OIDplus::authUtils()->makeSecret('cee75760-f4f8-11ed-b67e-3c4a92df8582')
.OIDplus::authUtils()->makeSecret(['cee75760-f4f8-11ed-b67e-3c4a92df8582'])
)
.'.'
.strlen( $this->rdapBaseUri.$query )
/trunk/plugins/viathinksoft/adminPages/901_vnag_version_check/OIDplusPageAdminVNagVersionCheck.class.php
142,7 → 142,7
* @throws OIDplusException
*/
public static function vnag_password(): string {
return OIDplus::authUtils()->makeSecret('65d9f488-f4eb-11ed-b67e-3c4a92df8582');
return OIDplus::authUtils()->makeSecret(['65d9f488-f4eb-11ed-b67e-3c4a92df8582']);
}
 
}
/trunk/plugins/viathinksoft/captcha/vts_challenge/OIDplusCaptchaPluginVtsClientChallenge.class.php
65,7 → 65,7
$random = mt_rand($min,$max);
$ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret!
$challenge_integrity = OIDplus::authUtils()->makeAuthKey('797bfc34-f4fa-11ed-86ca-3c4a92df8582:'.$challenge);
$challenge_integrity = OIDplus::authUtils()->makeAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge]);
$send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity);
 
$open_trans_file = self::getOpenTransFileName($ip_target, $random);
102,7 → 102,7
@unlink($file);
}
 
return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret('461f4a9e-f4fa-11ed-86ca-3c4a92df8582:'.$ip_target.'/'.$random).'.tmp';
return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret(['461f4a9e-f4fa-11ed-86ca-3c4a92df8582',$ip_target,$random]).'.tmp';
}
 
/**
149,10 → 149,10
$current_ip = ($_SERVER['REMOTE_ADDR'] ?? 'unknown');
if ($ip_target != $current_ip) {
throw new OIDplusException(_L('IP address has changed. Please try again. (current IP %1, expected %2)', $current_ip, $ip_target));
} else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/)) {
throw new OIDplusException(_L('Challenge expired. Please try again.'));
} else if (!OIDplus::authUtils()->validateAuthKey('797bfc34-f4fa-11ed-86ca-3c4a92df8582:'.$challenge, $challenge_integrity)) {
throw new OIDplusException(_L('Challenge integrity failed'));
//} else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/)) {
// throw new OIDplusException(_L('Challenge expired. Please try again.'));
} else if (!OIDplus::authUtils()->validateAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge],$challenge_integrity,OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/))) {
throw new OIDplusException(_L('Invalid or expired authentication key'));
} else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) {
throw new OIDplusException(_L('Wrong answer'));
} else if (!file_exists($open_trans_file)) {
/trunk/plugins/viathinksoft/language/dede/messages.xml
382,14 → 382,6
</message>
<message>
<source><![CDATA[
Activation link expired!
]]></source>
<target><![CDATA[
Aktivierungs-Link ist abgelaufen!
]]></target>
</message>
<message>
<source><![CDATA[
Add a file attachment
]]></source>
<target><![CDATA[
1158,22 → 1150,6
</message>
<message>
<source><![CDATA[
Challenge expired. Please try again.
]]></source>
<target><![CDATA[
Challenge abgelaufen. Bitte noch einmal versuchen.
]]></target>
</message>
<message>
<source><![CDATA[
Challenge integrity failed
]]></source>
<target><![CDATA[
Challenge ist möglicherweise manipuliert worden
]]></target>
</message>
<message>
<source><![CDATA[
Challenge response is invalid
]]></source>
<target><![CDATA[
3438,14 → 3414,6
</message>
<message>
<source><![CDATA[
Invalid auth key
]]></source>
<target><![CDATA[
Ungültiger Authentifizierungs-Schlüssel
]]></target>
</message>
<message>
<source><![CDATA[
Invalid auth plugin name. It is usually the folder name, without path, e.g. "%1"
]]></source>
<target><![CDATA[
3518,6 → 3486,14
</message>
<message>
<source><![CDATA[
Invalid or expired authentication key
]]></source>
<target><![CDATA[
Ungültiger oder abgelaufener Sicherheitsschlüssel
]]></target>
</message>
<message>
<source><![CDATA[
Invalid protection flag, use OIDplusConfig::PROTECTION_* constants
]]></source>
<target><![CDATA[
3550,14 → 3526,6
</message>
<message>
<source><![CDATA[
Invitation expired!
]]></source>
<target><![CDATA[
Einladung abgelaufen!
]]></target>
</message>
<message>
<source><![CDATA[
Invitations are disabled by the administrator.
]]></source>
<target><![CDATA[
/trunk/plugins/viathinksoft/publicPages/091_forgot_password/OIDplusPagePublicForgotPassword.class.php
45,8 → 45,7
 
OIDplus::logger()->log("V2:[WARN]RA(%1)", "A new password for '%1' was requested (forgot password)", $email);
 
$timestamp = time();
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()->makeAuthKey('93a16dbe-f4fb-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp));
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email]));
 
$message = $this->getForgotPasswordText($params['email']);
$message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);
61,22 → 60,16
_CheckParamExists($params, 'password2');
_CheckParamExists($params, 'email');
_CheckParamExists($params, 'auth');
_CheckParamExists($params, 'timestamp');
 
$password1 = $params['password1'];
$password2 = $params['password2'];
$email = $params['email'];
$auth = $params['auth'];
$timestamp = $params['timestamp'];
 
if (!OIDplus::authUtils()->validateAuthKey('93a16dbe-f4fb-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp, $auth)) {
throw new OIDplusException(_L('Invalid auth key'));
if (!OIDplus::authUtils()->validateAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_pwd_reset_time',-1))) {
throw new OIDplusException(_L('Invalid or expired authentication key'));
}
 
if ((OIDplus::config()->getValue('max_ra_pwd_reset_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_pwd_reset_time'))) {
throw new OIDplusException(_L('Invitation expired!'));
}
 
if ($password1 !== $password2) {
throw new OIDplusException(_L('Passwords do not match'));
}
143,13 → 136,12
$handled = true;
 
$email = explode('$',$id)[1];
$timestamp = explode('$',$id)[2];
$auth = explode('$',$id)[3];
$auth = explode('$',$id)[2];
 
$out['title'] = _L('Reset password');
$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/reset_password_icon.png';
 
if (!OIDplus::authUtils()->validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
if (!OIDplus::authUtils()->validateAuthKey(['93a16dbe-f4fb-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_pwd_reset_time',-1))) {
throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']);
} else {
$out['text'] = '<p>'._L('E-Mail-Address: %1','<b>'.$email.'</b>').'</p>
156,7 → 148,6
 
<form id="resetPasswordForm" action="javascript:void(0);" onsubmit="return OIDplusPagePublicForgotPassword.resetPasswordFormOnSubmit();">
<input type="hidden" id="email" value="'.htmlentities($email).'"/>
<input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>
<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
<div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div>
<div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div>
/trunk/plugins/viathinksoft/publicPages/100_whois/OIDplusPagePublicWhois.class.php
233,6 → 233,6
* @throws OIDplusException
*/
public static function genWhoisAuthToken(string $id): int {
return smallhash(OIDplus::authUtils()->makeSecret('d8f44c7c-f4e9-11ed-86ca-3c4a92df8582:'.$id));
return smallhash(OIDplus::authUtils()->makeSecret(['d8f44c7c-f4e9-11ed-86ca-3c4a92df8582',$id]));
}
}
/trunk/plugins/viathinksoft/publicPages/200_viathinksoft_freeoid/OIDplusPagePublicFreeOID.class.php
81,8 → 81,7
$root_oid = self::getFreeRootOid(false);
OIDplus::logger()->log("V2:[INFO]OID(oid:%1)+RA(%2)", "Requested a free OID for email '%2' to be placed into root '%1'", $root_oid, $email);
 
$timestamp = time();
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:com.viathinksoft.freeoid.activate_freeoid$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()->makeAuthKey('40c87e20-f4fb-11ed-86ca-3c4a92df8582:'.$email.'/'.$timestamp));
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:com.viathinksoft.freeoid.activate_freeoid$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email]));
 
$message = file_get_contents(__DIR__ . '/request_msg.tpl');
$message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message);
97,20 → 96,14
} else if ($actionID == 'activate_freeoid') {
_CheckParamExists($params, 'email');
_CheckParamExists($params, 'auth');
_CheckParamExists($params, 'timestamp');
 
$email = $params['email'];
$auth = $params['auth'];
$timestamp = $params['timestamp'];
 
if (!OIDplus::authUtils()->validateAuthKey('40c87e20-f4fb-11ed-86ca-3c4a92df8582:'.$email.'/'.$timestamp, $auth)) {
throw new OIDplusException(_L('Invalid auth key'));
if (!OIDplus::authUtils()->validateAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time', -1))) {
throw new OIDplusException(_L('Invalid or expired authentication key'));
}
 
if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) {
throw new OIDplusException(_L('Invitation expired!'));
}
 
// 1. step: Check entered data and add the RA to the database
 
$ra = new OIDplusRA($email);
286,8 → 279,7
$handled = true;
 
$email = explode('$',$id)[1];
$timestamp = explode('$',$id)[2];
$auth = explode('$',$id)[3];
$auth = explode('$',$id)[2];
 
$out['title'] = _L('Activate Free OID');
$out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : '';
295,7 → 287,7
if ($already_registered_oid = $this->alreadyHasFreeOid($email, true)) {
throw new OIDplusHtmlException(_L('This email address already has a FreeOID registered (%1)', '<a '.OIDplus::gui()->link($already_registered_oid).'>'.htmlentities($already_registered_oid).'</a>'));
} else {
if (!OIDplus::authUtils()->validateAuthKey('com.viathinksoft.freeoid.activate_freeoid;'.$email.';'.$timestamp, $auth)) {
if (!OIDplus::authUtils()->validateAuthKey(['40c87e20-f4fb-11ed-86ca-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time', -1))) {
throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']);
} else {
$ra = new OIDplusRA($email);
305,7 → 297,6
 
$out['text'] .= ' <form id="activateFreeOIDForm" action="javascript:void(0);" onsubmit="return OIDplusPagePublicFreeOID.activateFreeOIDFormOnSubmit();">';
$out['text'] .= ' <input type="hidden" id="email" value="'.htmlentities($email).'"/>';
$out['text'] .= ' <input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>';
$out['text'] .= ' <input type="hidden" id="auth" value="'.htmlentities($auth).'"/>';
 
if ($ra_existing) {
/trunk/plugins/viathinksoft/raPages/092_invite/OIDplusPageRaInvite.class.php
46,8 → 46,7
// TODO: should we also log who has invited?
OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email);
 
$timestamp = time();
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()->makeAuthKey('ed840c3e-f4fa-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp));
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email]));
 
$message = $this->getInvitationText($email);
$message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);
62,22 → 61,16
_CheckParamExists($params, 'password2');
_CheckParamExists($params, 'email');
_CheckParamExists($params, 'auth');
_CheckParamExists($params, 'timestamp');
 
$password1 = $params['password1'];
$password2 = $params['password2'];
$email = $params['email'];
$auth = $params['auth'];
$timestamp = $params['timestamp'];
 
if (!OIDplus::authUtils()->validateAuthKey('ed840c3e-f4fa-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp, $auth)) {
throw new OIDplusException(_L('Invalid auth key'));
if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) {
throw new OIDplusException(_L('Invalid or expired authentication key'));
}
 
if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) {
throw new OIDplusException(_L('Invitation expired!'));
}
 
if ($password1 !== $password2) {
throw new OIDplusException(_L('Passwords do not match'));
}
161,8 → 154,7
$handled = true;
 
$email = explode('$',$id)[1];
$timestamp = explode('$',$id)[2];
$auth = explode('$',$id)[3];
$auth = explode('$',$id)[2];
 
$out['title'] = _L('Register as Registration Authority');
 
176,7 → 168,7
if ($res->any()) {
$out['text'] = _L('This RA is already registered and does not need to be invited.');
} else {
if (!OIDplus::authUtils()->validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) {
if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) {
throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']);
} else {
// TODO: like in the FreeOID plugin, we could ask here at least for a name for the RA
184,7 → 176,6
 
<form id="activateRaForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.activateRaFormOnSubmit();">
<input type="hidden" id="email" value="'.htmlentities($email).'"/>
<input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>
<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
<div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div>
<div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div>
/trunk/plugins/viathinksoft/raPages/102_change_email/OIDplusPageRaChangeEMail.class.php
94,8 → 94,7
} else {
OIDplus::logger()->log("V2:[INFO]RA(%1)+RA(%2)", "Requested email address change from '%1' to '%2'", $old_email, $new_email);
 
$timestamp = time();
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_new_ra_email$'.$old_email.'$'.$new_email.'$'.$timestamp.'$'.OIDplus::authUtils()->makeAuthKey('5ef24124-f4fb-11ed-b67e-3c4a92df8582:'.$old_email.'/'.$new_email.'/'.$timestamp));
$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_new_ra_email$'.$old_email.'$'.$new_email.'$'.OIDplus::authUtils()->makeAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email]));
 
$message = file_get_contents(__DIR__ . '/change_request_email.tpl');
$message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message);
119,7 → 118,6
_CheckParamExists($params, 'new_email');
_CheckParamExists($params, 'password');
_CheckParamExists($params, 'auth');
_CheckParamExists($params, 'timestamp');
 
$old_email = $params['old_email'];
$new_email = $params['new_email'];
126,7 → 124,6
$password = $params['password'];
 
$auth = $params['auth'];
$timestamp = $params['timestamp'];
 
$ra_was_logged_in = OIDplus::authUtils()->isRaLoggedIn($old_email);
 
135,14 → 132,10
throw new OIDplusException(_L('E-Mail-Address cannot be changed because this user does not have a password'));
}
 
if (!OIDplus::authUtils()->validateAuthKey('5ef24124-f4fb-11ed-b67e-3c4a92df8582:'.$old_email.'/'.$new_email.'/'.$timestamp, $auth)) {
throw new OIDplusException(_L('Invalid auth key'));
if (!OIDplus::authUtils()->validateAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email], $auth, OIDplus::config()->getValue('max_ra_email_change_time', -1))) {
throw new OIDplusException(_L('Invalid or expired authentication key'));
}
 
if ((OIDplus::config()->getValue('max_ra_email_change_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_email_change_time'))) {
throw new OIDplusException(_L('Activation link expired!'));
}
 
$res = OIDplus::db()->query("select * from ###ra where email = ?", array($old_email));
if (!$res->any()) {
throw new OIDplusException(_L('eMail address does not exist anymore. It was probably already changed.'));
274,8 → 267,7
 
$old_email = explode('$',$id)[1];
$new_email = explode('$',$id)[2];
$timestamp = explode('$',$id)[3];
$auth = explode('$',$id)[4];
$auth = explode('$',$id)[3];
 
$out['title'] = _L('Perform email address change');
$out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : '';
297,7 → 289,7
if ($res->any()) {
throw new OIDplusException(_L('eMail address is already used by another RA. To merge accounts, please contact the superior RA of your objects and request an owner change of your objects.'), $out['title']);
} else {
if (!OIDplus::authUtils()->validateAuthKey('activate_new_ra_email;'.$old_email.';'.$new_email.';'.$timestamp, $auth)) {
if (!OIDplus::authUtils()->validateAuthKey(['5ef24124-f4fb-11ed-b67e-3c4a92df8582',$old_email,$new_email], $auth, OIDplus::config()->getValue('max_ra_email_change_time', -1))) {
throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']);
} else {
$out['text'] = '<p>'._L('Old eMail-Address').': <b>'.$old_email.'</b></p>
306,7 → 298,6
<form id="activateNewRaEmailForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaChangeEMail.activateNewRaEmailFormOnSubmit();">
<input type="hidden" id="old_email" value="'.htmlentities($old_email).'"/>
<input type="hidden" id="new_email" value="'.htmlentities($new_email).'"/>
<input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>
<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
 
<div><label class="padding_label">'._L('Please verify your password').':</label><input type="password" id="password" value=""/></div>