Browse code

Codingstyle PSR12 + array syntax

Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
... ...
@@ -103,7 +103,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
103 103
             $role = find_role($uid, '', true);
104 104
             setup_session($role, $uid);
105 105
             DEBUG("Set Cookie!");
106
-            setcookie('CLIENTCERT_AUTOLOGIN', '1', array('expires'=>strtotime("+ 1 year"), 'path'=>'/', 'secure'=>true, 'httponly'=>true, 'samesite'=>'Lax'));
106
+            setcookie('CLIENTCERT_AUTOLOGIN', '1', ['expires'=>strtotime("+ 1 year"), 'path'=>'/', 'secure'=>true, 'httponly'=>true, 'samesite'=>'Lax']);
107 107
             $destination = 'go/index/index';
108 108
             if (check_path($ret[0]['startpage'])) {
109 109
                 $destination = $ret[0]['startpage'];
Browse code

use samesite flag for clientcert cookie

Hanno Böck authored on 22/04/2020 07:44:27
Showing 1 changed files
... ...
@@ -103,7 +103,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
103 103
             $role = find_role($uid, '', true);
104 104
             setup_session($role, $uid);
105 105
             DEBUG("Set Cookie!");
106
-            setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
106
+            setcookie('CLIENTCERT_AUTOLOGIN', '1', array('expires'=>strtotime("+ 1 year"), 'path'=>'/', 'secure'=>true, 'httponly'=>true, 'samesite'=>'Lax'));
107 107
             $destination = 'go/index/index';
108 108
             if (check_path($ret[0]['startpage'])) {
109 109
                 $destination = $ret[0]['startpage'];
Browse code

Bug gefixed, durch den beim Certlogin ein / vor der URL hinzugefügt wurde

Bernd Wurst authored on 20/08/2018 12:51:01
Showing 1 changed files
... ...
@@ -81,14 +81,14 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
81 81
             if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) {
82 82
                 $destination = $_REQUEST['destination'];
83 83
             }
84
-            header('Location: ../'.$destination);
84
+            header('Location: ../'.ltrim($destination, '/'));
85 85
             die();
86 86
         }
87 87
     }
88 88
     system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
89 89
 } elseif ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['destination']) && $_REQUEST['destination'] != '') {
90 90
     # User hat sich grade eingeloggt
91
-    header('Location: ../'.$destination);
91
+    header('Location: ../'.ltrim($destination, '/'));
92 92
 } else {
93 93
     if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) &&
94 94
       isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' &&
... ...
@@ -111,7 +111,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
111 111
             if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) {
112 112
                 $destination = $_REQUEST['destination'];
113 113
             }
114
-            header('Location: ../'.$destination);
114
+            header('Location: ../'.ltrim($destination, '/'));
115 115
             die();
116 116
         }
117 117
         output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p>
Browse code

Warning beim Certlogin vermeiden

Bernd Wurst authored on 30/07/2018 11:25:33
Showing 1 changed files
... ...
@@ -86,7 +86,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
86 86
         }
87 87
     }
88 88
     system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
89
-} elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
89
+} elseif ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['destination']) && $_REQUEST['destination'] != '') {
90 90
     # User hat sich grade eingeloggt
91 91
     header('Location: ../'.$destination);
92 92
 } else {
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -37,111 +37,106 @@ DEBUG($_SERVER);
37 37
 
38 38
 $redirect = "";
39 39
 if (! isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) {
40
-  $redirect = "REDIRECT_";
40
+    $redirect = "REDIRECT_";
41 41
 }
42 42
 
43
-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
44
-{
45
-  DEBUG('recording client-cert');
46
-  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && 
43
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto'])) {
44
+    DEBUG('recording client-cert');
45
+    if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) &&
47 46
       isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) &&
48 47
       isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END'])
49
-      )
50
-  {
51
-    $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
52
-    $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
53
-    $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
54
-    $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
55
-    $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
56
-    $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
57
-    $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
58
-    $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
59
-    header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
60
-    die();
61
-  }
62
-  else
63
-  {
64
-    warning('Ihr Browser hat kein Client-Zertifikat gesendet');
65
-    header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
66
-    die();
67
-  }
68
-}
69
-elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
70
-  if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) 
71
-    system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
48
+      ) {
49
+        $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
50
+        $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
51
+        $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
52
+        $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
53
+        $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
54
+        $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
55
+        $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
56
+        $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
57
+        header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
58
+        die();
59
+    } else {
60
+        warning('Ihr Browser hat kein Client-Zertifikat gesendet');
61
+        header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
62
+        die();
63
+    }
64
+} elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
65
+    if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) {
66
+        system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
67
+    }
72 68
 
73
-  $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
74
-  DEBUG($ret);
75
-  foreach ($ret as $account) {
76
-    DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/    /'.$account['username'].'/'.$_REQUEST['username'].'/    =>');
77
-    if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) {
78
-      $uid = $account['username'];
79
-      $role = find_role($uid, '', True);
80
-      setup_session($role, $uid);
81
-      $destination = 'go/index/index';
82
-      if (check_path($account['startpage']))
83
-        $destination = $account['startpage'];
84
-      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
85
-        $destination = $_REQUEST['destination'];
86
-      header('Location: ../'.$destination);
87
-      die();
69
+    $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
70
+    DEBUG($ret);
71
+    foreach ($ret as $account) {
72
+        DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/    /'.$account['username'].'/'.$_REQUEST['username'].'/    =>');
73
+        if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) {
74
+            $uid = $account['username'];
75
+            $role = find_role($uid, '', true);
76
+            setup_session($role, $uid);
77
+            $destination = 'go/index/index';
78
+            if (check_path($account['startpage'])) {
79
+                $destination = $account['startpage'];
80
+            }
81
+            if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) {
82
+                $destination = $_REQUEST['destination'];
83
+            }
84
+            header('Location: ../'.$destination);
85
+            die();
86
+        }
88 87
     }
89
-  }
90
-  system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
91
-}
92
-elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
93
-  # User hat sich grade eingeloggt
94
-  header('Location: ../'.$destination);
95
-}
96
-else
97
-{
98
-  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && 
99
-      isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && 
88
+    system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
89
+} elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
90
+    # User hat sich grade eingeloggt
91
+    header('Location: ../'.$destination);
92
+} else {
93
+    if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) &&
94
+      isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' &&
100 95
       isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '' &&
101 96
       isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) && $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'] != '') {
102
-    $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
103
-    if ($ret === NULL) {
104
-      login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
105
-    }
106
-    if (count($ret) == 1) {
107
-      $uid = $ret[0]['username'];
108
-      $role = find_role($uid, '', True);
109
-      setup_session($role, $uid);
110
-      DEBUG("Set Cookie!");
111
-      setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
112
-      $destination = 'go/index/index';
113
-      if (check_path($ret[0]['startpage']))
114
-        $destination = $ret[0]['startpage'];
115
-      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
116
-        $destination = $_REQUEST['destination'];
117
-      header('Location: ../'.$destination);
118
-      die();
119
-    }
120
-    output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p>
97
+        $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
98
+        if ($ret === null) {
99
+            login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
100
+        }
101
+        if (count($ret) == 1) {
102
+            $uid = $ret[0]['username'];
103
+            $role = find_role($uid, '', true);
104
+            setup_session($role, $uid);
105
+            DEBUG("Set Cookie!");
106
+            setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
107
+            $destination = 'go/index/index';
108
+            if (check_path($ret[0]['startpage'])) {
109
+                $destination = $ret[0]['startpage'];
110
+            }
111
+            if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) {
112
+                $destination = $_REQUEST['destination'];
113
+            }
114
+            header('Location: ../'.$destination);
115
+            die();
116
+        }
117
+        output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p>
121 118
       <ul>');
122
-    foreach ($ret as $account) {
123
-      $type = 'System-Account';
124
-      if ($account['type'] == 'email') {
125
-        $type = 'E-Mail-Konto';
126
-      }
127
-      elseif ($account['type'] == 'subuser') {
128
-        $type = 'Unter-Nutzer';
129
-      }
130
-      elseif ($account['type'] == 'customer') {
131
-        $type = 'Kundenaccount';
132
-      }
133
-      $destination = 'go/index/index';
134
-      if ($account['startpage'] && check_path($account['startpage']))
135
-        $destination = $account['startpage'];
136
-      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
119
+        foreach ($ret as $account) {
120
+            $type = 'System-Account';
121
+            if ($account['type'] == 'email') {
122
+                $type = 'E-Mail-Konto';
123
+            } elseif ($account['type'] == 'subuser') {
124
+                $type = 'Unter-Nutzer';
125
+            } elseif ($account['type'] == 'customer') {
126
+                $type = 'Kundenaccount';
127
+            }
128
+            $destination = 'go/index/index';
129
+            if ($account['startpage'] && check_path($account['startpage'])) {
130
+                $destination = $account['startpage'];
131
+            }
132
+            output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
133
+        }
134
+        output('</ul>');
135
+    } else {
136
+        warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
137
+        redirect('/');
138
+        die();
137 139
     }
138
-    output('</ul>');
139
-  } else {
140
-    warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
141
-    redirect('/');
142
-    die();
143
-  }
144 140
 }
145 141
 
146 142
 show_page('certlogin');
147
-?>
Browse code

Entferne Javascript-Konstrukt für den automatischen Certlogin, das kann man auch voll transparent über PHP machen.

Bernd Wurst authored on 13/02/2018 12:31:52
Showing 1 changed files
... ...
@@ -107,7 +107,8 @@ else
107 107
       $uid = $ret[0]['username'];
108 108
       $role = find_role($uid, '', True);
109 109
       setup_session($role, $uid);
110
-      setcookie('CLIENTCERT_AUTOLOGIN', '1', time()+3600*24*365, '/');
110
+      DEBUG("Set Cookie!");
111
+      setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
111 112
       $destination = 'go/index/index';
112 113
       if (check_path($ret[0]['startpage']))
113 114
         $destination = $ret[0]['startpage'];
Browse code

Copyright year update

Bernd Wurst authored on 13/01/2018 06:07:05
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

changes to cert login stuff

schokokeks.org web services authored on 01/12/2017 14:00:04
Showing 1 changed files
... ...
@@ -29,22 +29,9 @@ require_once('inc/base.php');
29 29
 require_once('inc/debug.php');
30 30
 require_once('inc/error.php');
31 31
 require_once('inc/theme.php');
32
+require_once('modules/index/include/x509.php');
32 33
 
33 34
 
34
-function get_logins_by_cert($cert) 
35
-{
36
-	$result = db_query("SELECT type,username,startpage FROM system.clientcert WHERE cert=? ORDER BY type,username", array($cert));
37
-	if ($result->rowCount() < 1)
38
-		return NULL;
39
-	else {
40
-		$ret = array();
41
-		while ($row = $result->fetch()) {
42
-			$ret[] = $row;
43
-		}
44
-		return $ret;
45
-	}
46
-}
47
-
48 35
 DEBUG('$_SERVER:');
49 36
 DEBUG($_SERVER);
50 37
 
Browse code

Bei fehlenden Clientcert wieder auf die normale Startseite leiten

Bernd Wurst authored on 21/03/2017 07:19:38
Showing 1 changed files
... ...
@@ -149,7 +149,9 @@ else
149 149
     }
150 150
     output('</ul>');
151 151
   } else {
152
-    login_screen('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
152
+    warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
153
+    redirect('/');
154
+    die();
153 155
   }
154 156
 }
155 157
 
Browse code

Speichere und zeige Start- und Enddatum von Client-Zertifikaten

Bernd Wurst authored on 07/04/2016 06:07:38
Showing 1 changed files
... ...
@@ -57,12 +57,18 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
57 57
 {
58 58
   DEBUG('recording client-cert');
59 59
   if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && 
60
-      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']))
60
+      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) &&
61
+      isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END'])
62
+      )
61 63
   {
62 64
     $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
63 65
     $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
64 66
     $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
65 67
     $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
68
+    $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
69
+    $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
70
+    $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
71
+    $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
66 72
     header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
67 73
     die();
68 74
   }
Browse code

Speichere und zeige Seriennummer von Client-Zertifikaten

Bernd Wurst authored on 07/04/2016 05:37:36
Showing 1 changed files
... ...
@@ -31,15 +31,8 @@ require_once('inc/error.php');
31 31
 require_once('inc/theme.php');
32 32
 
33 33
 
34
-function prepare_cert($cert)
35
-{
36
-	return str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert);
37
-}
38
-
39
-
40 34
 function get_logins_by_cert($cert) 
41 35
 {
42
-	$cert = prepare_cert($cert);
43 36
 	$result = db_query("SELECT type,username,startpage FROM system.clientcert WHERE cert=? ORDER BY type,username", array($cert));
44 37
 	if ($result->rowCount() < 1)
45 38
 		return NULL;
... ...
@@ -63,11 +56,13 @@ if (! isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_
63 56
 if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
64 57
 {
65 58
   DEBUG('recording client-cert');
66
-  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']))
59
+  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && 
60
+      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']))
67 61
   {
68
-    $_SESSION['clientcert_cert'] = prepare_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
62
+    $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
69 63
     $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
70 64
     $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
65
+    $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
71 66
     header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
72 67
     die();
73 68
   }
... ...
@@ -109,7 +104,8 @@ else
109 104
 {
110 105
   if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && 
111 106
       isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && 
112
-      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '') {
107
+      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '' &&
108
+      isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) && $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'] != '') {
113 109
     $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
114 110
     if ($ret === NULL) {
115 111
       login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
Browse code

verstehe Umgebungsvariablen für Client-Cert mit oder ohne "REDRIECT_"-Prefix

Bernd Wurst authored on 14/12/2015 15:33:20
Showing 1 changed files
... ...
@@ -55,15 +55,19 @@ function get_logins_by_cert($cert)
55 55
 DEBUG('$_SERVER:');
56 56
 DEBUG($_SERVER);
57 57
 
58
+$redirect = "";
59
+if (! isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) {
60
+  $redirect = "REDIRECT_";
61
+}
58 62
 
59 63
 if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
60 64
 {
61 65
   DEBUG('recording client-cert');
62
-  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_S_DN']) && isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN']))
66
+  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']))
63 67
   {
64
-    $_SESSION['clientcert_cert'] = prepare_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
65
-    $_SESSION['clientcert_dn'] = $_SERVER['REDIRECT_SSL_CLIENT_S_DN'];
66
-    $_SESSION['clientcert_issuer'] = $_SERVER['REDIRECT_SSL_CLIENT_I_DN'];
68
+    $_SESSION['clientcert_cert'] = prepare_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
69
+    $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
70
+    $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
67 71
     header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
68 72
     die();
69 73
   }
... ...
@@ -75,10 +79,10 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
75 79
   }
76 80
 }
77 81
 elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
78
-  if (!isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) 
82
+  if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) 
79 83
     system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
80 84
 
81
-  $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
85
+  $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
82 86
   DEBUG($ret);
83 87
   foreach ($ret as $account) {
84 88
     DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/    /'.$account['username'].'/'.$_REQUEST['username'].'/    =>');
... ...
@@ -103,10 +107,10 @@ elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
103 107
 }
104 108
 else
105 109
 {
106
-  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && 
107
-      isset($_SERVER['REDIRECT_SSL_CLIENT_S_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && 
108
-      isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '') {
109
-    $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
110
+  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && 
111
+      isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && 
112
+      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '') {
113
+    $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
110 114
     if ($ret === NULL) {
111 115
       login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
112 116
     }
Browse code

Sortiere Cert-Logins alphabetisch Typo repariert $startpage soll NULL sein, kein leerer String

Bernd Wurst authored on 26/04/2014 08:21:36
Showing 1 changed files
... ...
@@ -40,7 +40,7 @@ function prepare_cert($cert)
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42 42
 	$cert = prepare_cert($cert);
43
-	$result = db_query("SELECT type,username,startpage FROM system.clientcert WHERE cert=?", array($cert));
43
+	$result = db_query("SELECT type,username,startpage FROM system.clientcert WHERE cert=? ORDER BY type,username", array($cert));
44 44
 	if ($result->rowCount() < 1)
45 45
 		return NULL;
46 46
 	else {
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on 08/02/2014 05:45:07
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

String 'NULL' eliminiert

Bernd Wurst authored on 07/02/2014 14:21:11
Showing 1 changed files
... ...
@@ -114,6 +114,7 @@ else
114 114
       $uid = $ret[0]['username'];
115 115
       $role = find_role($uid, '', True);
116 116
       setup_session($role, $uid);
117
+      setcookie('CLIENTCERT_AUTOLOGIN', '1', time()+3600*24*365, '/');
117 118
       $destination = 'go/index/index';
118 119
       if (check_path($ret[0]['startpage']))
119 120
         $destination = $ret[0]['startpage'];
Browse code

Weitere Prepared-Statements

Bernd Wurst authored on 04/02/2014 14:37:35
Showing 1 changed files
... ...
@@ -39,9 +39,8 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = db_escape_string(prepare_cert($cert));
43
-	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44
-	$result = db_query($query);
42
+	$cert = prepare_cert($cert);
43
+	$result = db_query("SELECT type,username,startpage FROM system.clientcert WHERE cert=?", array($cert));
45 44
 	if ($result->rowCount() < 1)
46 45
 		return NULL;
47 46
 	else {
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on 01/02/2014 18:38:23
Showing 1 changed files
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
Browse code

Zeige eine Warnung und kein Login-Feld an, wenn beim Einrichten eines Client-Cert keines gesendet wird

Bernd Wurst authored on 31/12/2013 08:03:51
Showing 1 changed files
... ...
@@ -70,7 +70,9 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
70 70
   }
71 71
   else
72 72
   {
73
-    login_screen('Ihr Browser hat kein Client-Zertifikat gesendet');
73
+    warning('Ihr Browser hat kein Client-Zertifikat gesendet');
74
+    header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
75
+    die();
74 76
   }
75 77
 }
76 78
 elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
Browse code

Leite nach dem Login auf die Startseite

Bernd Wurst authored on 12/12/2013 05:33:33
Showing 1 changed files
... ...
@@ -96,6 +96,10 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
96 96
   }
97 97
   system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
98 98
 }
99
+elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
100
+  # User hat sich grade eingeloggt
101
+  header('Location: ../'.$destination);
102
+}
99 103
 else
100 104
 {
101 105
   if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && 
Browse code

Wenn CErt-Login fehlschlägt, wird das normale Login-Formular angezeigt

Bernd Wurst authored on 12/12/2013 05:25:19
Showing 1 changed files
... ...
@@ -70,7 +70,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
70 70
   }
71 71
   else
72 72
   {
73
-    system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
73
+    login_screen('Ihr Browser hat kein Client-Zertifikat gesendet');
74 74
   }
75 75
 }
76 76
 elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
... ...
@@ -103,7 +103,7 @@ else
103 103
       isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '') {
104 104
     $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
105 105
     if ($ret === NULL) {
106
-      system_failure('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Gehen Sie bitte zurück und melden Sie sich bitte per Benutzername und Passwort an.');
106
+      login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
107 107
     }
108 108
     if (count($ret) == 1) {
109 109
       $uid = $ret[0]['username'];
... ...
@@ -137,9 +137,7 @@ else
137 137
     }
138 138
     output('</ul>');
139 139
   } else {
140
-    title('Kein Client-Zertifikat');
141
-    output('<p>Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.</p>');
142
-    output('<p>Bitte verwenden Sie <a href="/">die reguläre Anmeldung mit Benutzername und Passwort</a>.</p>');
140
+    login_screen('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
143 141
   }
144 142
 }
145 143
 
Browse code

jQuery-based Certlogin, so entfällt ein Mausklick

Bernd Wurst authored on 23/01/2013 10:36:54
Showing 1 changed files
... ...
@@ -14,6 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
+// Setze das Arbeitsverzeichnis auf das Stammverzeichnis, damit die Voraussetzungen gleich sind wie bei allen anderen Requests
17 18
 chdir('..');
18 19
 
19 20
 require_once('config.php');
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on 19/01/2013 10:49:50
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on 11/03/2012 15:40:04
Showing 1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 chdir('..');
4 18
 
Browse code

Ermögliche Client-Cert-Login auch für VMail-Accounts

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2217 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 05/03/2012 06:19:25
Showing 1 changed files
... ...
@@ -63,8 +63,10 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
63 63
     system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
64 64
 
65 65
   $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
66
+  DEBUG($ret);
66 67
   foreach ($ret as $account) {
67
-    if (($account['type'] == $_REQUEST['type']) && ($account['username'] == $_REQUEST['username'])) {
68
+    DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/    /'.$account['username'].'/'.$_REQUEST['username'].'/    =>');
69
+    if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) {
68 70
       $uid = $account['username'];
69 71
       $role = find_role($uid, '', True);
70 72
       setup_session($role, $uid);
... ...
@@ -114,7 +116,7 @@ else
114 116
         $type = 'Kundenaccount';
115 117
       }
116 118
       $destination = 'go/index/index';
117
-      if (check_path($account['startpage']))
119
+      if ($account['startpage'] && check_path($account['startpage']))
118 120
         $destination = $account['startpage'];
119 121
       output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
120 122
     }
Browse code

Freundlichere Fehlermeldung wenn /certlogin kein Zertifikat erhalten hat.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2073 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 23/11/2011 18:13:03
Showing 1 changed files
... ...
@@ -81,7 +81,9 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
81 81
 }
82 82
 else
83 83
 {
84
-  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '') {
84
+  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && 
85
+      isset($_SERVER['REDIRECT_SSL_CLIENT_S_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && 
86
+      isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '') {
85 87
     $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
86 88
     if ($ret === NULL) {
87 89
       system_failure('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Gehen Sie bitte zurück und melden Sie sich bitte per Benutzername und Passwort an.');
... ...
@@ -118,7 +120,9 @@ else
118 120
     }
119 121
     output('</ul>');
120 122
   } else {
121
-    system_failure('Ihr Browser hat kein Client-Zertifikat gesendet.');
123
+    title('Kein Client-Zertifikat');
124
+    output('<p>Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.</p>');
125
+    output('<p>Bitte verwenden Sie <a href="/">die reguläre Anmeldung mit Benutzername und Passwort</a>.</p>');
122 126
   }
123 127
 }
124 128
 
Browse code

Cert-Login geht jetztauch mit sub-usern

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1823 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 01/10/2010 10:45:35
Showing 1 changed files
... ...
@@ -45,7 +45,7 @@ DEBUG($_SERVER);
45 45
 if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
46 46
 {
47 47
   DEBUG('recording client-cert');
48
-  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '')
48
+  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_S_DN']) && isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN']))
49 49
   {
50 50
     $_SESSION['clientcert_cert'] = prepare_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
51 51
     $_SESSION['clientcert_dn'] = $_SERVER['REDIRECT_SSL_CLIENT_S_DN'];
... ...
@@ -105,6 +105,9 @@ else
105 105
       if ($account['type'] == 'email') {
106 106
         $type = 'E-Mail-Konto';
107 107
       }
108
+      elseif ($account['type'] == 'subuser') {
109
+        $type = 'Unter-Nutzer';
110
+      }
108 111
       elseif ($account['type'] == 'customer') {
109 112
         $type = 'Kundenaccount';
110 113
       }
Browse code

Umstellung auf Theme-Support (Frei nach phptemplate)

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1811 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 18/09/2010 13:35:10
Showing 1 changed files
... ...
@@ -1,6 +1,8 @@
1 1
 <?php
2 2
 
3
-require_once('../config.php');
3
+chdir('..');
4
+
5
+require_once('config.php');
4 6
 global $prefix;
5 7
 $prefix = '../';
6 8
 
... ...
@@ -11,6 +13,7 @@ require_once('session/start.php');
11 13
 require_once('inc/base.php');
12 14
 require_once('inc/debug.php');
13 15
 require_once('inc/error.php');
16
+require_once('inc/theme.php');
14 17
 
15 18
 
16 19
 function prepare_cert($cert)
... ...
@@ -116,8 +119,5 @@ else
116 119
   }
117 120
 }
118 121
 
119
-include('../inc/top.php');
120
-print $output;
121
-include('../inc/bottom.php');
122
-
122
+show_page('certlogin');
123 123
 ?>
Browse code

PHP 5.3: es gibt kein $_ENV mehr

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1526 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 05/12/2009 16:26:51
Showing 1 changed files
... ...
@@ -35,16 +35,18 @@ function get_logins_by_cert($cert)
35 35
 	}
36 36
 }
37 37
 
38
-DEBUG($_ENV);
38
+DEBUG('$_SERVER:');
39
+DEBUG($_SERVER);
40
+
39 41
 
40 42
 if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
41 43
 {
42 44
   DEBUG('recording client-cert');
43
-  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']) && $_ENV['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_ENV['REDIRECT_SSL_CLIENT_I_DN'] != '')
45
+  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '')
44 46
   {
45
-    $_SESSION['clientcert_cert'] = prepare_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
46
-    $_SESSION['clientcert_dn'] = $_ENV['REDIRECT_SSL_CLIENT_S_DN'];
47
-    $_SESSION['clientcert_issuer'] = $_ENV['REDIRECT_SSL_CLIENT_I_DN'];
47
+    $_SESSION['clientcert_cert'] = prepare_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
48
+    $_SESSION['clientcert_dn'] = $_SERVER['REDIRECT_SSL_CLIENT_S_DN'];
49
+    $_SESSION['clientcert_issuer'] = $_SERVER['REDIRECT_SSL_CLIENT_I_DN'];
48 50
     header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
49 51
     die();
50 52
   }
... ...
@@ -54,10 +56,10 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
54 56
   }
55 57
 }
56 58
 elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
57
-  if (!isset($_ENV['REDIRECT_SSL_CLIENT_CERT'])) 
59
+  if (!isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) 
58 60
     system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
59 61
 
60
-  $ret = get_logins_by_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
62
+  $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
61 63
   foreach ($ret as $account) {
62 64
     if (($account['type'] == $_REQUEST['type']) && ($account['username'] == $_REQUEST['username'])) {
63 65
       $uid = $account['username'];
... ...
@@ -76,8 +78,8 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
76 78
 }
77 79
 else
78 80
 {
79
-  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']) && $_ENV['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_ENV['REDIRECT_SSL_CLIENT_I_DN'] != '') {
80
-    $ret = get_logins_by_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
81
+  if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '') {
82
+    $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']);
81 83
     if ($ret === NULL) {
82 84
       system_failure('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Gehen Sie bitte zurück und melden Sie sich bitte per Benutzername und Passwort an.');
83 85
     }
Browse code

Situation repaiert, wenn ein client-cert für mehrere accounts eingetragen ist.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1495 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 16/10/2009 18:15:50
Showing 1 changed files
... ...
@@ -103,6 +103,9 @@ else
103 103
       elseif ($account['type'] == 'customer') {
104 104
         $type = 'Kundenaccount';
105 105
       }
106
+      $destination = 'go/index/index';
107
+      if (check_path($account['startpage']))
108
+        $destination = $account['startpage'];
106 109
       output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
107 110
     }
108 111
     output('</ul>');
... ...
@@ -111,4 +114,8 @@ else
111 114
   }
112 115
 }
113 116
 
117
+include('../inc/top.php');
118
+print $output;
119
+include('../inc/bottom.php');
120
+
114 121
 ?>
Browse code

Erkenne automatisch vom browser generiertes Zertifikat nicht an

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1396 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 08/06/2009 14:48:24
Showing 1 changed files
... ...
@@ -76,7 +76,7 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
76 76
 }
77 77
 else
78 78
 {
79
-  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT'])) {
79
+  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']) && $_ENV['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_ENV['REDIRECT_SSL_CLIENT_I_DN'] != '') {
80 80
     $ret = get_logins_by_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
81 81
     if ($ret === NULL) {
82 82
       system_failure('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Gehen Sie bitte zurück und melden Sie sich bitte per Benutzername und Passwort an.');
Browse code

Erkenne automatisch vom browser generiertes Zertifikat nicht an

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1395 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 08/06/2009 14:17:40
Showing 1 changed files
... ...
@@ -40,7 +40,7 @@ DEBUG($_ENV);
40 40
 if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
41 41
 {
42 42
   DEBUG('recording client-cert');
43
-  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']))
43
+  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']) && $_ENV['REDIRECT_SSL_CLIENT_S_DN'] != '' && $_ENV['REDIRECT_SSL_CLIENT_I_DN'] != '')
44 44
   {
45 45
     $_SESSION['clientcert_cert'] = prepare_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
46 46
     $_SESSION['clientcert_dn'] = $_ENV['REDIRECT_SSL_CLIENT_S_DN'];
Browse code

Mehr config-optionen und config via Wrapper-Funktion benutzen

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1376 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 23/05/2009 15:24:52
Showing 1 changed files
... ...
@@ -1,7 +1,6 @@
1 1
 <?php
2 2
 
3 3
 require_once('../config.php');
4
-global $config;
5 4
 global $prefix;
6 5
 $prefix = '../';
7 6
 
Browse code

Ermögliche Angabe einer Redirect-URL für den Cert-Login

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1355 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 30/04/2009 19:27:39
Showing 1 changed files
... ...
@@ -38,7 +38,7 @@ function get_logins_by_cert($cert)
38 38
 
39 39
 DEBUG($_ENV);
40 40
 
41
-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']))
41
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
42 42
 {
43 43
   DEBUG('recording client-cert');
44 44
   if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']))
... ...
@@ -67,6 +67,8 @@ elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
67 67
       $destination = 'go/index/index';
68 68
       if (check_path($account['startpage']))
69 69
         $destination = $account['startpage'];
70
+      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
71
+        $destination = $_REQUEST['destination'];
70 72
       header('Location: ../'.$destination);
71 73
       die();
72 74
     }
... ...
@@ -87,6 +89,8 @@ else
87 89
       $destination = 'go/index/index';
88 90
       if (check_path($ret[0]['startpage']))
89 91
         $destination = $ret[0]['startpage'];
92
+      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
93
+        $destination = $_REQUEST['destination'];
90 94
       header('Location: ../'.$destination);
91 95
       die();
92 96
     }
... ...
@@ -100,7 +104,7 @@ else
100 104
       elseif ($account['type'] == 'customer') {
101 105
         $type = 'Kundenaccount';
102 106
       }
103
-      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username'])).'</li>');
107
+      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
104 108
     }
105 109
     output('</ul>');
106 110
   } else {
Browse code

Bug im Client-Zertfikat-Manager gefixed und encode_querystring() verbessert

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1318 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 31/03/2009 10:49:47
Showing 1 changed files
... ...
@@ -46,7 +46,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
46 46
     $_SESSION['clientcert_cert'] = prepare_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
47 47
     $_SESSION['clientcert_dn'] = $_ENV['REDIRECT_SSL_CLIENT_S_DN'];
48 48
     $_SESSION['clientcert_issuer'] = $_ENV['REDIRECT_SSL_CLIENT_I_DN'];
49
-    header('Location: '.$_REQUEST['backto']);
49
+    header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
50 50
     die();
51 51
   }
52 52
   else
Browse code

Login via Client-Zertifikat (userinterface)

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1291 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 05/03/2009 11:13:27
Showing 1 changed files
... ...
@@ -14,11 +14,15 @@ require_once('inc/debug.php');
14 14
 require_once('inc/error.php');
15 15
 
16 16
 
17
+function prepare_cert($cert)
18
+{
19
+	return str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert);
20
+}
17 21
 
18 22
 
19 23
 function get_logins_by_cert($cert) 
20 24
 {
21
-	$cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
25
+	$cert = mysql_real_escape_string(prepare_cert($cert));
22 26
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
23 27
 	$result = db_query($query);
24 28
 	if (mysql_num_rows($result) < 1)
... ...
@@ -32,8 +36,25 @@ function get_logins_by_cert($cert)
32 36
 	}
33 37
 }
34 38
 
39
+DEBUG($_ENV);
35 40
 
36
-if (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
41
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']))
42
+{
43
+  DEBUG('recording client-cert');
44
+  if (isset($_ENV['REDIRECT_SSL_CLIENT_CERT']))
45
+  {
46
+    $_SESSION['clientcert_cert'] = prepare_cert($_ENV['REDIRECT_SSL_CLIENT_CERT']);
47
+    $_SESSION['clientcert_dn'] = $_ENV['REDIRECT_SSL_CLIENT_S_DN'];
48
+    $_SESSION['clientcert_issuer'] = $_ENV['REDIRECT_SSL_CLIENT_I_DN'];
49
+    header('Location: '.$_REQUEST['backto']);
50
+    die();
51
+  }
52
+  else
53
+  {
54
+    system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
55
+  }
56
+}
57
+elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
37 58
   if (!isset($_ENV['REDIRECT_SSL_CLIENT_CERT'])) 
38 59
     system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
39 60
 
Browse code

Login vial Client-Cert über Unterverzeichnis

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1290 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 05/03/2009 09:14:11
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,90 @@
1
+<?php
2
+
3
+require_once('../config.php');
4
+global $config;
5
+global $prefix;
6
+$prefix = '../';
7
+
8
+// Das Parent-Verzeichnis in den Include-Pfad, da wir uns jetzt in einem anderen Verzeichnis befinden.
9
+ini_set('include_path', ini_get('include_path').':../');