Subversion Repositories portal2

Rev

Rev 688 | Blame | Compare with Previous | Last modification | View Log | RSS feed

<?php
/*  emg - Energy Monitoring & Graphing
*  Copyright (C) 2006-2012 Romain Lievin
*
*  This program is free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 3 of the License, or
*  (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software Foundation,
*  Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/

?>

<?php
include_once('auth_check.php');
?>

<?php

$form_token = md5(uniqid('auth', true));
$_SESSION['form_token'] = $form_token;

$error = new Error();

if(isset($_POST['form_submit_delete'])){
        // request file deletion
        $iterator = new DirectoryIterator($_SESSION['root_folder']['ssl']['']);
        foreach($iterator as $fileinfo){
                if($fileinfo->isFile()){
                        $filename = $fileinfo->getFilename();

                        if($filename == '.' || $filename == '..')
                        continue;

                        $filename = $fileinfo->getFilename();
                        $path     = $_SESSION['root_folder']['ssl'][''] . '/' . $filename;
                        unlink($path);
                }
        }

        $error->push(_('Certificates have been removed successfully.'));
}

if(isset($_POST['form_submit_load'])){
        $ok = false;

        if(!isset( $_POST['MAX_FILE_SIZE'], $_POST['form_data'], $_POST['form_submit_load'],
                        $_POST['form_token'], $_FILES['form_certs_ssl_crt']['name'],
                        $_FILES['form_certs_ssl_key']['name'], $_FILES['form_certs_ssl_ca']['name'])){
                $error->push(_('One or more fields are missing.'));
        }

        elseif(strstr($_FILES['form_certs_ssl_crt']['name'], '.crt') === false){
                $error->push(_('Filename (*.crt) of client certificate is invalid.'));
        }

        elseif(strstr($_FILES['form_certs_ssl_key']['name'], '.key') === false){
                $error->push(_('Filename (*.key) of client key is invalid.'));
        }

        elseif(strcmp($_FILES['form_certs_ssl_ca']['name'], 'ca.crt')){
                $error->push(_('Filename (ca.crt) of CA certificate is invalid.'));
        }

        elseif(strcmp($_POST['form_data'], 'upload')){
                $error->push(_('Internal error: invalid form token.'));
        }

        else
        {
                if($_FILES['form_certs_ssl_crt']['error'] > 0 && $_FILES['form_certs_ssl_key']['error'] > 0 && $_FILES['form_certs_ssl_ca']['error'] > 0){
                        $error->push(_('Certificates upload error.'));
                        $ok = false;
                }
                else
                if($_FILES['form_certs_ssl_crt']['size'] > 10000 && $_FILES['form_certs_ssl_key']['size'] > 10000 && $_FILES['form_certs_ssl_ca']['size'] > 10000){
                        $error->push(_('Certificate size too big.'));
                        $ok = false;
                }

                // check file extension and / or file contents

                else
                {
                        // move files

                        $ret1 = move_uploaded_file($_FILES['form_certs_ssl_crt']['tmp_name'], $_SESSION['root_folder']['ssl'][''] . '/' . $_FILES['form_certs_ssl_crt']['name']);
                        $ret2 = move_uploaded_file($_FILES['form_certs_ssl_key']['tmp_name'], $_SESSION['root_folder']['ssl'][''] . '/' . $_FILES['form_certs_ssl_key']['name']);
                        $ret3 = move_uploaded_file($_FILES['form_certs_ssl_ca']['tmp_name'], $_SESSION['root_folder']['ssl'][''] . '/' . $_FILES['form_certs_ssl_ca']['name']);

                        if($ret1 === false || $ret2 === false || $ret3 === false){
                                $error->push(_('Move of certificates failed.'));
                                $ok = false;
                        }

                        // set perms
                        /*
                        chmod($_SESSION['root_folder']['ssl'] . '/' . $_FILES['form_certs_ssl_crt']['name'][''], 0440);
                        chmod($_SESSION['root_folder']['ssl'] . '/' . $_FILES['form_certs_ssl_key']['name'][''], 0400); // must be read only for user only
                        chmod($_SESSION['root_folder']['ssl'] . '/' . $_FILES['form_certs_ssl_ca']['name'][''], 0440);
                        */


                        $ok = true;
                }

                if($ok){
                        $error->push(_('Certificates successfully installed.'));
                }
                else
                {
                        $error->push(_('Certificates installation error.'));
                }
        }
}
?>

<div id="page_form_certs">
        <h1>
                <?php echo _('Certificates'); ?>
        </h1>

        <?php

        $id = link_get_id_from_filename("form_certs.php");
        echo "<form action=\"index.php?id_page=$id\" method=\"post\">";
        ?>
        <fieldset>
                <legend>
                        <?php echo _('Certificates installed'); ?>
                </legend>

                <?php
                $output   = '<ul id="ssl_nav"> ';

                $i        = 0;
                $iterator = new DirectoryIterator($_SESSION['root_folder']['ssl']['']);
                foreach($iterator as $fileinfo){
                        if($fileinfo->isFile()){
                                $filename = $fileinfo->getFilename();

                                if($filename == '.' || $filename == '..'){
                                        continue;
                                }

                                $filename = $fileinfo->getFilename();
                                $output .= "  <li> $filename </li>";
                                $output .= "\r\n";

                                $i++;
                        }
                }

                $output .= '</ul>';

                if($i == 0){
                        $output = 'No certificates found. <br/>If you need them, please contact emgbox.org for billing information.';
                }

                echo $output;
                ?>

                <hr/>
                <div class="buttons">
                        <input type="hidden" name="form_data" value="delete" />
                        <input type="hidden" name="form_token" value="<?php echo $form_token; ?>" />
                        <input type="submit" value=<?php echo _('Delete'); ?> id="form_submit_delete" name="form_submit_delete" alt="delete" />
                </div>

        </fieldset>
        </form>

        <?php

        $id = link_get_id_from_filename("form_certs.php");
        echo "<form action=\"index.php?id_page=$id\" method=\"post\" enctype=\"multipart/form-data\" id=\"form_certs_ssl\" >";
        ?>

        <fieldset>
                <legend>
                        <?php echo _('Certificates to install'); ?>
                </legend>
               
                <label for="form_certs_ssl_ca">
                        <?php echo _('CA certificate'); ?>:
                </label>
                <input type="file" id="form_certs_ssl_ca" name="form_certs_ssl_ca" value="" title="Browse for any *.crt file here." />
                <br/>

                <label for="form_certs_ssl_crt">
                        <?php echo _('Client certificate'); ?>:
                </label>
                <input type="file" id="form_certs_ssl_crt" name="form_certs_ssl_crt" value="" title="Browse for any *.crt file here." />
                <br/>

                <label for="form_certs_ssl_key">
                        <?php echo _('Client key'); ?>:
                </label>
                <input type="file" id="form_certs_ssl_key" name="form_certs_ssl_key" value="" title="Browse for any *.key file here." />
                <br/>

                <hr/>
                <div class="buttons2">
                        <input type="hidden" name="MAX_FILE_SIZE" value="10000" />
                        <input type="hidden" name="form_token" value="<?php echo $form_token; ?>" />
                        <input type="hidden" name="form_data" value="upload" />
                        <input type="submit" value=<?php echo _('Upload'); ?> id="form_submit_load" name="form_submit_load" alt="upload" />
                </div>

        </fieldset>
        </form>

        <?php echo $error->display(); ?>

</div>

<script type="text/javascript" src="auth_changepwd.js">
</script>