Skip to content
Snippets Groups Projects
Commit 0acdf49e authored by Martin van Es's avatar Martin van Es
Browse files

WIP

parent db4065e0
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 1689 additions and 85 deletions
application/classes/phpmailer.php
+ 15
8
View file @ 0acdf49e
......@@ -13,20 +13,26 @@ class custom_phpmailer {
$mail = new PHPMailer;
$mail->CharSet = "UTF-8";
$mail->isSMTP();
//$mail->SMTPDebug = 2; // 0 = off (for production use) - 1 = client messages - 2 = client and server messages
$mail->Host = "xxx"; // use $mail->Host = gethostbyname('smtp.gmail.com'); // if your network does not support SMTP over IPv6
$mail->Port = 465; // TLS only
$mail->SMTPSecure = 'ssl'; // ssl is depracated
$mail->SMTPDebug = 0; // 0 = off (for production use) - 1 = client messages - 2 = client and server messages
//$mail->Host = "smtp.gmail.com"; // use $mail->Host = gethostbyname('smtp.gmail.com'); // if your network does not support SMTP over IPv6
$mail->Host = "in-v3.mailjet.com";
//$mail->Port = 465; // TLS only
$mail->Port = 587; // TLS only
//$mail->SMTPSecure = 'ssl'; // ssl is deprecated
$mail->SMTPAuth = true;
$mail->Username = 'xxx@xxx';
$mail->Password = 'xxx';
$mail->setFrom('noreply@xxx', 'Test IDP portal');
//$mail->Username = 'geant.incubator@gmail.com';
$mail->Username = 'eaa84e1afc080e61cdf87e021b2b3f8e';
//$mail->Password = '=xtJEq&>+]TS&qu7-719}B{E[4';
$mail->Password = 'f444618af6955a1aba1c29f219fe6746';
//$mail->setFrom('noreply@testidp.incubator.geant.org', 'Test IDP portal');
$mail->setFrom('tikrasseo@gmail.com', 'Test IDP portal');
if (security::check_request_data($to_name)) {
$mail->addAddress($to, $to_name);
} else {
$mail->addAddress($to);
}
$mail->Subject = $subject;
/*
$from_ip = '';
if(filter_var('', FILTER_VALIDATE_IP)) {
$from_ip = @$_SERVER['HTTP_CLIENT_IP'];
......@@ -36,6 +42,7 @@ class custom_phpmailer {
$from_ip = @$_SERVER['REMOTE_ADDR'];
}
$message .= '<br />Sent from IP: '.$from_ip;
*/
$mail->msgHTML($message); //$mail->msgHTML(file_get_contents('contents.html'), __DIR__); //Read an HTML message body from an external file, convert referenced images to embedded,
$mail->AltBody = strip_tags(str_replace('<br />', "\n\r", $message));
if(!$mail->send()){
......@@ -45,4 +52,4 @@ class custom_phpmailer {
}
}
}
?>
\ No newline at end of file
?>
application/components/header.php
+ 0
2
View file @ 0acdf49e
<section id="header">
<a href="<?php echo WEB_BASE_URL; ?>" id="logo"><img src="<?php echo MEDIA_URL; ?>/images/logo.png" /></a>
<center>
<p>GÉANT Test IdP is a SAML 2.0 SP testing service based on SimpleSAMLPHP and focused on the needs of R&E.<br />
Please register for the service by uploading your SP metadata which will then be validated.</p>
<p>Once registered you can login to your Test IdP instance and select a user test profile.<br />
User test profiles check different success and error scenarios for your SP and may be edited.</p>
<p>Then login to your SP as usual and any issues resulting from the test will be indicated.<br />
Detailed logs are availble to assitst further investigation of any issues.</p>
</center>
</section>
\ No newline at end of file
application/components/login.php 0 → 100644
+ 262
0
View file @ 0acdf49e
<?php
// if (isset($_GET['logout'])) {
// $user = new user();
// $user::logOut();
// }
if (isset($_GET['login_token']) || (isset($_POST['login']) && isset($_POST['login_token']))) {
if (isset($_GET['login_token'])) {
$token = $_GET['login_token'];
} else {
$token = $_POST['login_token'];
}
$mysql = new mysql();
$request_array[':token'] = $token;
if ($res = $mysql->select('SELECT * FROM `accounts` WHERE `token`= :token AND `status`= \'initiated\'',$request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$found = 'yes';
$entity = $ftc;
}
}
if ($res = $mysql->select('SELECT * FROM `accounts` WHERE `token`= :token AND `status`= \'registered\'',$request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$found_reg = 'yes';
$entity = $ftc;
}
}
if (!$found || $found!='yes') {
if ($found_reg && $found_reg=='yes') {
$_SESSION['user_id'] = $entity['entity_id'];
$_SESSION['user_name'] = $entity['email'];
echo '<p>You are now logged in as '.$_SESSION['user_id'].' ('.$_SESSION['user_name'].')';
echo '<script type="text/javascript">window.location.href="'.WEB_BASE_URL.'"</script>';
} else {
echo 'User with current token not found or the account has already been approved.';
}
} elseif ($found && $found=='yes') {
$a = "1234567890abcdefghijklmnopqrstuvwxyz"; $host = "";
for ($i=0; $i<31; $i+=4) $host .= $a[hexdec(substr(md5($entity['entity_id']), $i, 4)) % strlen($a)];
echo '<p>Your account has been successfully registered!</p>';
echo '<b>Entity ID:</b> '.$entity['entity_id'].'<br />';
echo '<b>Host:</b> <a href="https://'.$host.'.testidp.incubator.geant.org" target=_blank>https://'.$host.'.testidp.incubator.geant.org</a><br />';
echo '<b>E-mail:</b> '.$entity['email'].'<br />';
echo '<b>Metadata:</b><pre>'.htmlspecialchars($entity['metadata']).'</pre>';
$request_array[':token'] = $token;
$mysql->update('UPDATE `accounts` SET `status`= \'registered\' WHERE `token`= :token', $request_array);
$_SESSION['user_id'] = $entity['entity_id'];
$_SESSION['user_name'] = $entity['email'];
$mysql->query('INSERT INTO `idps` SET
`host`= \''.$host.'\',
`comment`= \''.$entity['entity_id'].'\',
`sp_metadata`= \''.addslashes($entity['metadata']).'\'');
$last_id = $mysql->selectLastEntryId('idps', '', '', 'idp_id');
//for ($i=1; $i<=15; $i++) {
// $mysql->query('INSERT INTO `config` SET
// `idp_id`= \''.$last_id.'\',
// `option_id`= \''.$i.'\'');
//}
}
} else {
if (isset($_POST['register']) && isset($_POST['metadata'])) {
$metadata = $_POST['metadata'];
if (strlen($metadata)<1) {
$message = '<span style="color:red;">XML not provided.</span>';
$allok = 'no';
if (isset($_FILES)) {
if ($_FILES['xml_file']['type']=='text/xml') {
if ($_FILES['xml_file']['size']>0) {
$metadata = file_get_contents($_FILES['xml_file']['tmp_name']);
$xml = new XMLReader();
if (!$xml->xml($metadata, NULL, LIBXML_DTDVALID)) {
$message .= "XML not valid: load error.<br />";
$message_color = '#ff0000';
$allok = 'no';
}
libxml_use_internal_errors(TRUE);
$xml_array = xml2assoc($xml);
$arErrors = libxml_get_errors();
$xml_errors = "";
foreach ($arErrors as $xmlError) {
if ($xmlError->message != 'Validation failed: no DTD found !') {
$xml_errors .= $xmlError->message.'<br />';
}
$allok = 'no';
}
if ($xml_errors != "") {
$message .= "XML not valid: ".$xml_errors;
$message_color = '#ff0000';
$allok = 'no';
} else {
$message = 'Your XML looks fine.<br />';
$message_color = '#00aa00';
$allok = 'yes';
if (preg_match_all('/\<md\:EmailAddress\>(.*)\<\/md\:EmailAddress\>/', $metadata, $email_matches)) {
foreach ($email_matches[1] as $k=>$v) {
$emails .= $v.', ';
}
if (preg_match_all('/entityID\=\"(.*)\"/', $metadata, $entity_id_matches)) {
$entity_id = $entity_id_matches[1][0];
$timestamp = time();
$emails = substr($emails, 0, -2);
$allok = 'yes';
$email_clean = str_replace('mailto:', '', $email_matches[1][0]);
$token = md5($_SERVER['REMOTE_ADDR'].$email_clean.$timestamp);
$message .= 'We have found '.count($email_matches[1]).' e-mail addresses provided in your metadata: '.$emails.'.<br />We have sent an account activation e-mail to the first e-mail address <b>'.$email_clean.'</b>.<br />'.'If you didn\'t receive any e-mails, please contact our administrator and provide your token <b>'.$token.'</b>.';
$mysql = new mysql();
$request_array[':email'] = $email_clean;
$request_array[':entity_id'] = $entity_id;
//echo '<pre>'; print_r($request_array); echo '</pre>';
if ($res = $mysql->select('SELECT * FROM `accounts` WHERE `email`= :email AND `entity_id`= :entity_id',$request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$found_similar_entity = 'yes';
}
}
if ($found_similar_entity) {
$message = 'This IdP has already been created.<br /><a href=".">Register a new IdP</a>';
} else {
$mysql->query('INSERT INTO `accounts` SET
`token`= \''.$token.'\',
`email`= \''.$email_clean.'\',
`entity_id`= \''.$entity_id.'\',
`timestamp`= \''.$timestamp.'\',
`ip`= \''.$_SERVER['REMOTE_ADDR'].'\',
`metadata`= \''.$metadata.'\',
`status`= \'initiated\'');
require_once(APP_BASE_DIR.'/classes/phpmailer.php');
$mailer = new custom_phpmailer();
$email_message = 'You have been approved to login to the Test IDP portal. Please follow <a href="'.WEB_BASE_URL.'/en/?login_token='.$token.'">THIS LINK</a> to login.';
$mailer::send_email($email_clean, '', $subject='Message from Test IDP portal', $email_message, 'Your message has been sent');
}
} else {
$message .= '<span style="color:red;">We could not find an entity id in your metadata. In order to proceed, please input a metadata that contains an entity id.</span><br />';
$allok = 'no';
}
} else {
$message .= '<span style="color:red;">We could not find any e-mails in your metadata. In order to proceed, please input a metadata that contains at least one contact e-mail address.</span><br />';
$allok = 'no';
}
}
} else {
$message = '<span style="color:red;">Your provided file is empty.</span>';
$allok = 'no';
}
} else {
$message = '<span style="color:red;">Please, provide a file in XML format.</span>';
$allok = 'no';
}
}
} else {
$xml = new XMLReader();
if (!$xml->xml($metadata, NULL, LIBXML_DTDVALID)) {
$message .= "XML not valid: load error.<br />";
$message_color = '#ff0000';
$allok = 'no';
}
libxml_use_internal_errors(TRUE);
$xml_array = xml2assoc($xml);
$arErrors = libxml_get_errors();
$xml_errors = "";
foreach ($arErrors as $xmlError) {
if ($xmlError->message != 'Validation failed: no DTD found !') {
$xml_errors .= $xmlError->message.'<br />';
}
$allok = 'no';
}
if ($xml_errors != "") {
$message .= "XML not valid: ".$xml_errors;
$message_color = '#ff0000';
$allok = 'no';
} else {
$message = 'Your XML looks fine.<br />';
$message_color = '#00aa00';
$allok = 'yes';
if (preg_match_all('/\<md\:EmailAddress\>(.*)\<\/md\:EmailAddress\>/', $metadata, $email_matches)) {
foreach ($email_matches[1] as $k=>$v) {
$emails .= $v.', ';
}
if (preg_match_all('/entityID\=\"(.*)\"/', $metadata, $entity_id_matches)) {
$entity_id = $entity_id_matches[1][0];
$timestamp = time();
$emails = substr($emails, 0, -2);
$allok = 'yes';
$email_clean = str_replace('mailto:', '', $email_matches[1][0]);
$token = md5($_SERVER['REMOTE_ADDR'].$email_clean.$timestamp);
$message .= 'We have found '.count($email_matches[1]).' e-mail addresses provided in your metadata: '.$emails.'.<br />We have sent an account activation e-mail to the first e-mail address <b>'.$email_clean.'</b>.<br />'.'If you didn\'t receive any e-mails, please contact our administrator and provide your token <b>'.$token.'</b>.';
$mysql = new mysql();
$request_array[':email'] = $email_clean;
$request_array[':entity_id'] = $entity_id;
if ($res = $mysql->select('SELECT * FROM `accounts` WHERE `email`= :email AND `entity_id`= :entity_id',$request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$found_similar_entity = 'yes';
}
}
if ($found_similar_entity) {
$message = 'This IdP has already been created.<br /><a href=".">Register a new IdP</a>';
} else {
$query = 'INSERT INTO `accounts` SET
`token`= \''.$token.'\',
`email`= \''.$email_clean.'\',
`entity_id`= \''.$entity_id.'\',
`timestamp`= \''.$timestamp.'\',
`ip`= \''.$_SERVER['REMOTE_ADDR'].'\',
`metadata`= \''.addslashes($metadata).'\',
`status`= \'initiated\'';
$mysql->query($query);
require_once(APP_BASE_DIR.'/classes/phpmailer.php');
$mailer = new custom_phpmailer();
$email_message = 'You have been approved to login to the Test IDP portal. Please follow <a href="'.WEB_BASE_URL.'/en/?login_token='.$token.'">THIS LINK</a> to login.';
$mailer::send_email($email_clean, '', $subject='Message from Test IDP portal', $email_message, 'Your message has been sent');
}
} else {
$message .= '<span style="color:red;">We could not find an entity id in your metadata. In order to proceed, please input a metadata that contains an entity id.</span><br />';
$allok = 'no';
}
} else {
$message .= '<span style="color:red;">We could not find any e-mails in your metadata. In order to proceed, please input a metadata that contains at least one contact e-mail address.</span><br />';
$allok = 'no';
}
}
}
//echo '<pre>'; print_r($xml_array); echo '</pre>';
} ?>
<?php
/*
if (isset($_POST['login']) && isset($_POST['login_token'])) {
$message_login = '<span style="color:red;">Token not found.</span>';
}
*/
?>
<section id="forms_wrapper">
<section id="forms_content">
<div id="form_register">
<?php if (!isset($allok) || $allok=='no') { ?>
<h2>Register a new IdP</h2>
<form method="post" enctype="multipart/form-data">
<p>Paste your SP metadata into the text field below.</p>
<textarea rows="5" name="metadata" /><?php echo $_POST['metadata']; ?></textarea>
<p>Or upload your SP metadata xml file.</p>
<label for="xml_file" id="xml_file_label">
Select a file
</label>
<input type="file" name="xml_file" id="xml_file" onchange="upload_xml_file(this);" />
<input type="submit" class="button post_menu_button_2 login" name="register" value="Register" />
</form>
<?php } ?>
<p class="message" style="color:<?php echo $message_color; ?>;"><?php echo $message; ?></p>
<br class="cb" />
</div>
<div id="form_login">
<?php if (!isset($allok) || $allok=='no') { ?>
<h2>Edit your IdP</h2>
<form method="post">
<p>Login to your account via Token</p>
<input type="text" name="login_token" />
<input type="submit" class="button post_menu_button_2 login" name="login" value="Login" />
</form>
<?php } ?>
<p class="message_login" style="color:<?php echo $message_login_color; ?>;"><?php echo $message_login; ?></p>
<br class="cb" />
</div>
</section>
</section>
<?php } ?>
application/config.php
+ 9
9
View file @ 0acdf49e
......@@ -2,10 +2,10 @@
//Basic web data (one time domain settings)
define('WEB_BASE_PRO', 'https');
define('WEB_BASE_URL', WEB_BASE_PRO.'://projects.andy.lt/GEANT/test-idp'); //Without trailing slash
define('WEB_BASE_DIR', '/home/sc2forum/domains/projects.andy.lt/public_html/GEANT/test-idp'); //Without trailing slash
define('APP_BASE_DIR', WEB_BASE_DIR.'/application'); //Without trailing slash
define('UPL_BASE_URL', WEB_BASE_URL.'/application/uploads'); //Without trailing slash
define('WEB_BASE_URL', WEB_BASE_PRO.'://admin.testidp.incubator.geant.org'); //Without trailing slash
define('WEB_BASE_DIR', '/var/www/test-idp-admin/public_html'); //Without trailing slash
define('APP_BASE_DIR', '/var/www/test-idp-admin/application'); //Without trailing slash
define('UPL_BASE_URL', WEB_BASE_URL.'/uploads'); //Without trailing slash
define('UPL_BASE_DIR', APP_BASE_DIR.'/uploads'); //Without trailing slash
//Pages links (for easier bulk links change)
......@@ -13,9 +13,9 @@ define('USER_HOME', WEB_BASE_URL.'/');
//MySQL connection data
define('MYSQL_HOST', 'localhost');
define('MYSQL_USER', 'xxx');
define('MYSQL_PASS', 'xxx');
define('MYSQL_DB', 'xxx');
define('MYSQL_USER', 'admin');
define('MYSQL_PASS', '1YdThVDLQ4jP');
define('MYSQL_DB', 'testidp');
//Security data
define('SEC_SALT', 'flYs8dfp35dsotq'); //Possible values: any
......@@ -24,7 +24,7 @@ define('SEC_CAPTCHA', true); //Possible values: true / false
//Status data (turn the system and debug mode on or off)
//When STATUS_ACTIVE is set to false, the system will display maintenance mode page.
define('STATUS_ACTIVE', true); //Possible values: true / false
define('STATUS_DEBUG', false); //Possible values: true / false
define('STATUS_DEBUG', true); //Possible values: true / false
define('STATUS_DEBUG_MODE', E_ALL); //Possible values: E_ALL / E_ERROR / E_WARNING / E_NOTICE / E_NONE
//Misc data
......@@ -53,4 +53,4 @@ define('PAGE_DEFAULT_META_DESCRIPTION', 'Test IDP tool');
//Start the session
session_start();
?>
\ No newline at end of file
?>
application/logs/mysql_error_log.txt
+ 0
57
View file @ 0acdf49e
# CONNECTION ERROR 2021-05-20 12:15:20 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 13:59:11 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:24:57 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:24:58 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:27:28 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:27:28 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:40:29 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:40:30 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:06 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:07 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:13 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
# CONNECTION ERROR 2021-05-20 14:53:14 #
ERROR MESSAGE: SQLSTATE[HY000] [1045] Access denied for user 'gyvuneliailt'@'localhost' (using password: YES)
application/pages/home.php
+ 7
3
View file @ 0acdf49e
......@@ -5,7 +5,9 @@ echo '<p style="color:red;"><i><b>IMPORTANT!</b> For testing purposes, please, u
$mysql = new mysql();
unset($request_array);
$request_array['host'] = $_SESSION['user_id'];
$a = "1234567890abcdefghijklmnopqrstuvwxyz"; $host = "";
for ($i=0; $i<31; $i+=4) $host .= $a[hexdec(substr(md5($_SESSION['user_id']), $i, 4)) % strlen($a)];
$request_array['host'] = $host;
if ($res = $mysql->select('SELECT * FROM `idps` WHERE `host`= :host LIMIT 1', $request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$current_idp = $ftc['idp_id'];
......@@ -16,7 +18,8 @@ if (isset($_POST['update_idp'])) {
for($i=1; $i<=15; $i++) {
unset($request_array);
$request_array[':value'] = $_POST[$i];
$mysql->update('UPDATE `config` SET `value`= :value WHERE `idp_id`= '.$current_idp.' AND `option_id`='.$i, $request_array);
$query = 'REPLACE INTO `config` SET `idp_id`='.$current_idp.', `option_id`='.$i.', `value`=:value';
$mysql->update($query, $request_array);
}
}
......@@ -25,6 +28,7 @@ if (isset($_POST['update_idp'])) {
<h2>Your IDP data</h2>
<?php
echo "Host: <a href=\"https://$host.testidp.incubator.geant.org/\" target=_blank>https://$host.testidp.incubator.geant.org/</a>\n";
unset($request_array);
$request_array['idp_id'] = $current_idp;
if ($res1 = $mysql->select('SELECT * FROM `config` WHERE `idp_id`= :idp_id', $request_array)) {
......@@ -53,4 +57,4 @@ if ($res1 = $mysql->select('SELECT * FROM `config` WHERE `idp_id`= :idp_id', $re
<br /><br /><br />
</form>
<br class="cb" />
\ No newline at end of file
<br class="cb" />
mailtest.php 0 → 100755
+ 9
0
View file @ 0acdf49e
#!/usr/bin/php
<?php
define('APP_BASE_DIR', '/var/www/test-idp-admin/application');
require_once(APP_BASE_DIR.'/classes/security.php');
require_once(APP_BASE_DIR.'/classes/phpmailer.php');
$mailer = new custom_phpmailer();
$email_message = 'Test message';
$email_clean = 'martin.vanes@surf.nl';
$mailer::send_email($email_clean, '', $subject='Message from Test IDP portal', $email_message, 'Your message has been sent');
.htaccess public_html/.htaccess
+ 2
4
View file @ 0acdf49e
......@@ -4,13 +4,11 @@ Order Deny,Allow
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteBase /GEANT/test-idp/
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://projects.andy.lt/GEANT/test-idp/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !favicon.ico
RewriteCond %{REQUEST_FILENAME} !.(ico,css,js,jpg,gif,png)$
RewriteRule ^.*$ index.php [NC,L]
\ No newline at end of file
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
public_html/asha231asdfw/.htaccess 0 → 100644
+ 5
0
View file @ 0acdf49e
#Protect Directory
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /var/www/test-idp-admin/public_html/asha231asdfw/.htpasswd
Require valid-user
\ No newline at end of file
public_html/asha231asdfw/.htpasswd 0 → 100644
+ 1
0
View file @ 0acdf49e
andrej:$2y$10$prgrlRiWdCiufD9enMFHpOFttJBjifiByR.m7ZUfX0pJJ.E5s17Ra
\ No newline at end of file
public_html/asha231asdfw/phpminiadmin.php 0 → 100644
+ 1282
0
View file @ 0acdf49e
This diff is collapsed.
index.php public_html/index.php
+ 2
2
View file @ 0acdf49e
<?php
require_once('application/config.php');
require_once('../application/config.php');
/* ERROR HANDLING : START */
error_reporting(E_NONE);
error_reporting(0);
if (STATUS_DEBUG) {
error_reporting(STATUS_DEBUG_MODE);
}
......
robots.txt public_html/robots.txt
+ 0
0
View file @ 0acdf49e
File moved
templates/default/index.php public_html/templates/default/index.php
+ 95
0
View file @ 0acdf49e
......@@ -71,6 +71,7 @@
<?php if (file_exists(WEB_BASE_DIR.'/templates/'.CURRENT_TEMPLATE.'/scripts/'.$page.'.js')) { ?>
<script src="<?php echo WEB_BASE_URL; ?>/templates/<?php echo CURRENT_TEMPLATE; ?>/scripts/<?php echo $page; ?>.js?<?php echo time(); ?>" type="text/javascript"></script>
<?php } ?>
<script src="<?php echo WEB_BASE_URL; ?>/templates/<?php echo CURRENT_TEMPLATE; ?>/scripts/login.js" type="text/javascript"></script>
</head>
<body>
<?php
......@@ -78,130 +79,11 @@
echo '<section id="main_wrapper">';
require_once(APP_BASE_DIR.'/components/header.php');
echo '<section id="main_content">';
//echo '<pre>'; print_r($_SESSION); echo '</pre>'; die();
if (user::isLogged() || $page!=='home') {
require_once(APP_BASE_DIR.'/pages/'.$page.'.php');
} else { ?>
<?php
if (isset($_GET['login_token'])) {
$token = $_GET['login_token'];
$mysql = new mysql();
$request_array[':token'] = $token;
if ($res = $mysql->select('SELECT * FROM `accounts` WHERE `token`= :token AND `status`= \'initiated\'',$request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$found = 'yes';
$entity = $ftc;
}
}
if ($res = $mysql->select('SELECT * FROM `accounts` WHERE `token`= :token AND `status`= \'registered\'',$request_array)) {
while($ftc = $res->fetch(PDO::FETCH_ASSOC)) {
$found_reg = 'yes';
$entity = $ftc;
}
}
if (!$found || $found!='yes') {
if ($found_reg && $found_reg=='yes') {
$_SESSION['user_id'] = $entity['entity_id'];
$_SESSION['user_name'] = $entity['email'];
echo '<p>You are now logged in as '.$_SESSION['user_id'].' ('.$_SESSION['user_name'].')';
echo '<script type="text/javascript">window.location.href="https://projects.andy.lt/GEANT/test-idp/"</script>';
} else {
echo 'User with current token not found or the account has already been approved.';
}
} elseif ($found && $found=='yes') {
echo '<p>Your account has been successfully registered!</p>';
echo '<b>Entity ID:</b> '.$entity['entity_id'].'<br />';
echo '<b>E-mail:</b> '.$entity['email'].'<br />';
echo '<b>Metadata:</b><pre>'.htmlspecialchars($entity['metadata']).'</pre>';
$request_array[':token'] = $token;
$mysql->update('UPDATE `accounts` SET `status`= \'registered\' WHERE `token`= :token', $request_array);
$_SESSION['user_id'] = $entity['entity_id'];
$_SESSION['user_name'] = $entity['email'];
$mysql->query('INSERT INTO `idps` SET
`host`= \''.$entity['entity_id'].'\',
`comment`= \''.$entity['entity_id'].'\',
`sp_metadata`= \''.$entity['metadata'].'\'');
$last_id = $mysql->selectLastEntryId('idps', '', '', 'idp_id');
for ($i=1; $i<=15; $i++) {
$mysql->query('INSERT INTO `config` SET
`idp_id`= \''.$last_id.'\',
`option_id`= \''.$i.'\'');
}
}
} else {
if (isset($_POST['login']) && isset($_POST['metadata'])) {
$metadata = $_POST['metadata'];
$xml = new XMLReader();
if (!$xml->xml($metadata, NULL, LIBXML_DTDVALID)) {
$message .= "XML not valid: load error.<br />";
$message_color = '#ff0000';
$allok = 'no';
}
libxml_use_internal_errors(TRUE);
$xml_array = xml2assoc($xml);
$arErrors = libxml_get_errors();
$xml_errors = "";
foreach ($arErrors AS $xmlError) {
if ($xmlError->message != 'Validation failed: no DTD found !') {
$xml_errors .= $xmlError->message.'<br />';
}
$allok = 'no';
}
if ($xml_errors != "") {
$message .= "XML not valid: ".$xml_errors;
$message_color = '#ff0000';
$allok = 'no';
} else {
$message = 'Your XML looks fine.<br />';
$message_color = '#00aa00';
$allok = 'yes';
if (preg_match_all('/\<md\:EmailAddress\>(.*)\<\/md\:EmailAddress\>/', $metadata, $email_matches)) {
foreach ($email_matches[1] as $k=>$v) {
$emails .= $v.', ';
}
if (preg_match_all('/entityID\=\"(.*)\"/', $metadata, $entity_id_matches)) {
$entity_id = $entity_id_matches[1][0];
$timestamp = time();
$emails = substr($emails, 0, -2);
$allok = 'yes';
$token = md5($_SERVER['REMOTE_ADDR'].$email_matches[1][0].$timestamp);
$message .= 'We have found '.count($email_matches[1]).' e-mail addresses provided in your metadata: '.$emails.'.<br />We have sent an account activation e-mail to the first e-mail address <b>'.$email_matches[1][0].'</b>.<br />'.'If you didn\'t receive any e-mails, please contact our administrator and provide your token <b>'.$token.'</b>.';
$mysql = new mysql();
$mysql->query('INSERT INTO `accounts` SET
`token`= \''.$token.'\',
`email`= \''.$email_matches[1][0].'\',
`entity_id`= \''.$entity_id.'\',
`timestamp`= \''.$timestamp.'\',
`ip`= \''.$_SERVER['REMOTE_ADDR'].'\',
`metadata`= \''.$metadata.'\',
`status`= \'initiated\'');
require_once(APP_BASE_DIR.'/classes/phpmailer.php');
$mailer = new custom_phpmailer();
$email_message = 'You have been approved to login to the Test IDP portal. Please follow <a href="https://projects.andy.lt/GEANT/test-idp/en/?login_token='.$token.'">THIS LINK</a> to login.';
$mailer::send_email($email_matches[1][0], '', $subject='Message from Test IDP portal', $email_message, 'Your message has been sent');
} else {
$message .= '<span style="color:red;">We could not find an entity id in your metadata. In order to proceed, please input a metadata that contains an entity id.</span><br />';
$allok = 'no';
}
} else {
$message .= '<span style="color:red;">We could not find any e-mails in your metadata. In order to proceed, please input a metadata that contains at least one contact e-mail address.</span><br />';
$allok = 'no';
}
}
//echo '<pre>'; print_r($xml_array); echo '</pre>';
}
?>
<div id="form_login">
<?php if (!isset($allok) || $allok=='no') { ?>
<h2>Login / Register via SP metadata</h2>
<form method="post">
<p>Paste your SP metadata into the text field below.</p>
<textarea rows="10" style="width:100%;" name="metadata" /><?php echo $_POST['metadata']; ?></textarea>
<input type="submit" class="button post_menu_button_2 login" name="login" value="Login / Register" />
</form>
<?php } ?>
<p class="message" style="color:<?php echo $message_color; ?>;"><?php echo $message; ?></p>
</div>
<?php }
} else {
require_once(APP_BASE_DIR.'/components/login.php');
}
echo '</section>';
require_once(APP_BASE_DIR.'/components/footer.php');
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment