Skip to content

GitLab

S
switch-wayf
Commit af942389 authored by Geoffroy ARNOUD's avatar Geoffroy ARNOUD
Browse files
Options

Added support for sorting even when there are accents #K7

parent 8c20009f
Hide whitespace changes
Inline Side-by-side
Showing with 967 additions and 871 deletions
lib/functions.php
View file @ af942389
......@@ -7,394 +7,406 @@ This file contains common functions of the SWITCHwayf
*/
// Initilizes default configuration options if they were not set already
function initConfigOptions(){
global $defaultLanguage;
global $commonDomain;
global $cookieNamePrefix;
global $redirectCookieName;
global $redirectStateCookieName;
global $SAMLDomainCookieName;
global $SPCookieName;
global $cookieSecurity;
global $cookieValidity;
global $showPermanentSetting;
global $useImprovedDropDownList;
global $disableRemoteLogos;
global $useSAML2Metadata;
global $SAML2MetaOverLocalConf;
global $includeLocalConfEntries;
global $enableDSReturnParamCheck;
global $useACURLsForReturnParamCheck;
global $useKerberos;
global $useReverseDNSLookup;
global $useEmbeddedWAYF;
global $useEmbeddedWAYFPrivacyProtection;
global $useEmbeddedWAYFRefererForPrivacyProtection;
global $useLogging;
global $exportPreselectedIdP;
global $federationName;
global $supportContactEmail;
global $federationURL;
global $organizationURL;
global $faqURL;
global $helpURL;
global $privacyURL;
global $imageURL;
global $javascriptURL;
global $cssURL;
global $logoURL;
global $smallLogoURL;
global $organizationLogoURL;
global $customStrings;
global $IDPConfigFile;
global $backupIDPConfigFile;
global $metadataFile;
global $metadataIDPFile;
global $metadataSPFile;
global $metadataLockFile;
global $WAYFLogFile;
global $kerberosRedirectURL;
global $instanceIdentifier;
global $developmentMode;
global $topLevelDir;
// Set independet default configuration options
$defaults = array();
$defaults['instanceIdentifier'] = 'SWITCHwayf';
$defaults['defaultLanguage'] = 'en';
$defaults['commonDomain'] = getTopLevelDomain($_SERVER['SERVER_NAME']);
$defaults['cookieNamePrefix'] = '';
$defaults['cookieSecurity'] = false;
$defaults['cookieValidity'] = 100;
$defaults['showPermanentSetting'] = false;
$defaults['useImprovedDropDownList'] = true;
$defaults['disableRemoteLogos'] = false;
$defaults['useSAML2Metadata'] = false;
$defaults['SAML2MetaOverLocalConf'] = false;
$defaults['includeLocalConfEntries'] = true;
$defaults['enableDSReturnParamCheck'] = true;
$defaults['useACURLsForReturnParamCheck'] = false;
$defaults['useKerberos'] = false;
$defaults['useReverseDNSLookup'] = false;
$defaults['useEmbeddedWAYF'] = false;
$defaults['useEmbeddedWAYFPrivacyProtection'] = false;
$defaults['useEmbeddedWAYFRefererForPrivacyProtection'] = false;
$defaults['useLogging'] = true;
$defaults['exportPreselectedIdP'] = false;
$defaults['federationName'] = 'Identity Federation';
$defaults['organizationURL'] = 'http://www.'.$defaults['commonDomain'];
$defaults['federationURL'] = $defaults['organizationURL'].'/aai';
$defaults['faqURL'] = $defaults['federationURL'].'/faq';
$defaults['helpURL'] = $defaults['federationURL'].'/help';
$defaults['privacyURL'] = $defaults['federationURL'].'/privacy';
$defaults['supportContactEmail'] = 'support-contact@'.$defaults['commonDomain'];
$defaults['imageURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/images';
$defaults['javascriptURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/js';
$defaults['cssURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/css';
$defaults['IDPConfigFile'] = 'IDProvider.conf.php';
$defaults['backupIDPConfigFile'] = 'IDProvider.conf.php';
$defaults['metadataFile'] = '/etc/shibboleth/metadata.switchaai.xml';
$defaults['metadataIDPFile'] = 'IDProvider.metadata.php';
$defaults['metadataSPFile'] = 'SProvider.metadata.php';
$lockFileName = preg_replace('/[^-_\.a-zA-Z]/', '', $defaults['instanceIdentifier']);
$defaults['metadataLockFile'] = (substr($_SERVER['PATH'],0,1) == '/') ? '/tmp/wayf_metadata-'.$lockFileName.'.lock' : 'C:\windows\TEMP\wayf_metadata-'.$lockFileName.'.lock';
$defaults['WAYFLogFile'] = '/var/log/apache2/wayf.log';
$defaults['kerberosRedirectURL'] = dirname($_SERVER['SCRIPT_NAME']).'kerberosRedirect.php';
$defaults['developmentMode'] = false;
$defaults['customStrings'] = array();
// Initialize independent defaults
foreach($defaults as $key => $value){
if (!isset($$key)){
$$key = $value;
}
}
// Set dependent default configuration options
$defaults = array();
$defaults['redirectCookieName'] = $cookieNamePrefix.'_redirect_user_idp';
$defaults['redirectStateCookieName'] = $cookieNamePrefix.'_redirection_state';
$defaults['SAMLDomainCookieName'] = $cookieNamePrefix.'_saml_idp';
$defaults['SPCookieName'] = $cookieNamePrefix.'_saml_sp';
$defaults['logoURL'] = $imageURL.'/federation-logo.png';
$defaults['smallLogoURL'] = $imageURL.'/small-federation-logo.png';
$defaults['organizationLogoURL'] = $imageURL.'/organization-logo.png';
// Initialize dependent defaults
foreach($defaults as $key => $value){
if (!isset($$key)){
$$key = $value;
}
}
// Turn relatives paths into absolute ones
$files = array(
'IDPConfigFile', 'backupIDPConfigFile', 'metadataFile',
'metadataIDPFile', 'metadataSPFile', 'metadataLockFile'
);
foreach($files as $file) {
if (substr($$file, 0, 1) != '/') {
$$file = $topLevelDir . '/etc/' . $$file;
}
}
function initConfigOptions()
{
global $defaultLanguage;
global $commonDomain;
global $cookieNamePrefix;
global $redirectCookieName;
global $redirectStateCookieName;
global $SAMLDomainCookieName;
global $SPCookieName;
global $cookieSecurity;
global $cookieValidity;
global $showPermanentSetting;
global $useImprovedDropDownList;
global $disableRemoteLogos;
global $useSAML2Metadata;
global $SAML2MetaOverLocalConf;
global $includeLocalConfEntries;
global $enableDSReturnParamCheck;
global $useACURLsForReturnParamCheck;
global $useKerberos;
global $useReverseDNSLookup;
global $useEmbeddedWAYF;
global $useEmbeddedWAYFPrivacyProtection;
global $useEmbeddedWAYFRefererForPrivacyProtection;
global $useLogging;
global $exportPreselectedIdP;
global $federationName;
global $supportContactEmail;
global $federationURL;
global $organizationURL;
global $faqURL;
global $helpURL;
global $privacyURL;
global $imageURL;
global $javascriptURL;
global $cssURL;
global $logoURL;
global $smallLogoURL;
global $organizationLogoURL;
global $customStrings;
global $IDPConfigFile;
global $backupIDPConfigFile;
global $metadataFile;
global $metadataIDPFile;
global $metadataSPFile;
global $metadataLockFile;
global $WAYFLogFile;
global $kerberosRedirectURL;
global $instanceIdentifier;
global $developmentMode;
global $topLevelDir;
// Set independet default configuration options
$defaults = array();
$defaults['instanceIdentifier'] = 'SWITCHwayf';
$defaults['defaultLanguage'] = 'en';
$defaults['commonDomain'] = getTopLevelDomain($_SERVER['SERVER_NAME']);
$defaults['cookieNamePrefix'] = '';
$defaults['cookieSecurity'] = false;
$defaults['cookieValidity'] = 100;
$defaults['showPermanentSetting'] = false;
$defaults['useImprovedDropDownList'] = true;
$defaults['disableRemoteLogos'] = false;
$defaults['useSAML2Metadata'] = false;
$defaults['SAML2MetaOverLocalConf'] = false;
$defaults['includeLocalConfEntries'] = true;
$defaults['enableDSReturnParamCheck'] = true;
$defaults['useACURLsForReturnParamCheck'] = false;
$defaults['useKerberos'] = false;
$defaults['useReverseDNSLookup'] = false;
$defaults['useEmbeddedWAYF'] = false;
$defaults['useEmbeddedWAYFPrivacyProtection'] = false;
$defaults['useEmbeddedWAYFRefererForPrivacyProtection'] = false;
$defaults['useLogging'] = true;
$defaults['exportPreselectedIdP'] = false;
$defaults['federationName'] = 'Identity Federation';
$defaults['organizationURL'] = 'http://www.'.$defaults['commonDomain'];
$defaults['federationURL'] = $defaults['organizationURL'].'/aai';
$defaults['faqURL'] = $defaults['federationURL'].'/faq';
$defaults['helpURL'] = $defaults['federationURL'].'/help';
$defaults['privacyURL'] = $defaults['federationURL'].'/privacy';
$defaults['supportContactEmail'] = 'support-contact@'.$defaults['commonDomain'];
$defaults['imageURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/images';
$defaults['javascriptURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/js';
$defaults['cssURL'] = 'https://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/css';
$defaults['IDPConfigFile'] = 'IDProvider.conf.php';
$defaults['backupIDPConfigFile'] = 'IDProvider.conf.php';
$defaults['metadataFile'] = '/etc/shibboleth/metadata.switchaai.xml';
$defaults['metadataIDPFile'] = 'IDProvider.metadata.php';
$defaults['metadataSPFile'] = 'SProvider.metadata.php';
$lockFileName = preg_replace('/[^-_\.a-zA-Z]/', '', $defaults['instanceIdentifier']);
$defaults['metadataLockFile'] = (substr($_SERVER['PATH'], 0, 1) == '/') ? '/tmp/wayf_metadata-'.$lockFileName.'.lock' : 'C:\windows\TEMP\wayf_metadata-'.$lockFileName.'.lock';
$defaults['WAYFLogFile'] = '/var/log/apache2/wayf.log';
$defaults['kerberosRedirectURL'] = dirname($_SERVER['SCRIPT_NAME']).'kerberosRedirect.php';
$defaults['developmentMode'] = false;
$defaults['customStrings'] = array();
// Initialize independent defaults
foreach ($defaults as $key => $value) {
if (!isset($$key)) {
$$key = $value;
}
}
// Set dependent default configuration options
$defaults = array();
$defaults['redirectCookieName'] = $cookieNamePrefix.'_redirect_user_idp';
$defaults['redirectStateCookieName'] = $cookieNamePrefix.'_redirection_state';
$defaults['SAMLDomainCookieName'] = $cookieNamePrefix.'_saml_idp';
$defaults['SPCookieName'] = $cookieNamePrefix.'_saml_sp';
$defaults['logoURL'] = $imageURL.'/federation-logo.png';
$defaults['smallLogoURL'] = $imageURL.'/small-federation-logo.png';
$defaults['organizationLogoURL'] = $imageURL.'/organization-logo.png';
// Initialize dependent defaults
foreach ($defaults as $key => $value) {
if (!isset($$key)) {
$$key = $value;
}
}
// Turn relatives paths into absolute ones
$files = array(
'IDPConfigFile', 'backupIDPConfigFile', 'metadataFile',
'metadataIDPFile', 'metadataSPFile', 'metadataLockFile'
);
foreach ($files as $file) {
if (substr($$file, 0, 1) != '/') {
$$file = $topLevelDir . '/etc/' . $$file;
}
}
}
/******************************************************************************/
// Generates an array of IDPs using the cookie value
function getIdPArrayFromValue($value){
function getIdPArrayFromValue($value)
{
// Decodes and splits cookie value
$CookieArray = preg_split('/ /', $value);
$CookieArray = array_map('base64_decode', $CookieArray);
// Decodes and splits cookie value
$CookieArray = preg_split('/ /', $value);
$CookieArray = array_map('base64_decode', $CookieArray);
return $CookieArray;
return $CookieArray;
}
/******************************************************************************/
// Generate the value that is stored in the cookie using the list of IDPs
function getValueFromIdPArray($CookieArray){
function getValueFromIdPArray($CookieArray)
{
// Merges cookie content and encodes it
$CookieArray = array_map('base64_encode', $CookieArray);
$value = implode(' ', $CookieArray);
return $value;
// Merges cookie content and encodes it
$CookieArray = array_map('base64_encode', $CookieArray);
$value = implode(' ', $CookieArray);
return $value;
}
/******************************************************************************/
// Append a value to the array of IDPs, ensure no more than 5
// Append a value to the array of IDPs, ensure no more than 5
// entries are in array
function appendValueToIdPArray($value, $CookieArray){
// Remove value if it already existed in array
foreach (array_keys($CookieArray) as $i){
if ($CookieArray[$i] == $value){
unset($CookieArray[$i]);
}
}
// Add value to end of array
$CookieArray[] = $value;
// Shorten array from beginning as latest entry should
// be at end according to SAML spec
while (count($CookieArray) > 5){
array_shift($CookieArray);
}
return $CookieArray;
function appendValueToIdPArray($value, $CookieArray)
{
// Remove value if it already existed in array
foreach (array_keys($CookieArray) as $i) {
if ($CookieArray[$i] == $value) {
unset($CookieArray[$i]);
}
}
// Add value to end of array
$CookieArray[] = $value;
// Shorten array from beginning as latest entry should
// be at end according to SAML spec
while (count($CookieArray) > 5) {
array_shift($CookieArray);
}
return $CookieArray;
}
/******************************************************************************/
// Checks if the configuration file has changed. If it has, check the file
// and change its timestamp.
function checkConfig($IDPConfigFile, $backupIDPConfigFile){
// Do files have the same modification time
if (filemtime($IDPConfigFile) == filemtime($backupIDPConfigFile))
return true;
// Availability check
if (!file_exists($IDPConfigFile))
return false;
// Readability check
if (!is_readable($IDPConfigFile))
return false;
// Size check
if (filesize($IDPConfigFile) < 200)
return false;
// Make modification time the same
// If that doesnt work we won't notice it
touch ($IDPConfigFile, filemtime($backupIDPConfigFile));
return true;
function checkConfig($IDPConfigFile, $backupIDPConfigFile)
{
// Do files have the same modification time
if (filemtime($IDPConfigFile) == filemtime($backupIDPConfigFile)) {
return true;
}
// Availability check
if (!file_exists($IDPConfigFile)) {
return false;
}
// Readability check
if (!is_readable($IDPConfigFile)) {
return false;
}
// Size check
if (filesize($IDPConfigFile) < 200) {
return false;
}
// Make modification time the same
// If that doesnt work we won't notice it
touch($IDPConfigFile, filemtime($backupIDPConfigFile));
return true;
}
/******************************************************************************/
// Checks if an IDP exists and returns true if it does, false otherwise
function checkIDP($IDP){
global $IDProviders;
if (isset($IDProviders[$IDP])){
return true;
} else {
return false;
}
function checkIDP($IDP)
{
global $IDProviders;
if (isset($IDProviders[$IDP])) {
return true;
} else {
return false;
}
}
/******************************************************************************/
// Checks if an IDP exists and returns true if it exists and prints an error
// Checks if an IDP exists and returns true if it exists and prints an error
// if it doesnt
function checkIDPAndShowErrors($IDP){
global $IDProviders;
if (checkIDP($IDP)){
return true;
}
// Otherwise show an error
$message = sprintf(getLocalString('invalid_user_idp'), htmlentities($IDP))."</p><p>\n<code>";
foreach ($IDProviders as $key => $value){
if (isset($value['SSO'])){
$message .= $key."<br>\n";
}
}
$message .= "</code>\n";
printError($message);
exit;
function checkIDPAndShowErrors($IDP)
{
global $IDProviders;
if (checkIDP($IDP)) {
return true;
}
// Otherwise show an error
$message = sprintf(getLocalString('invalid_user_idp'), htmlentities($IDP))."</p><p>\n<code>";
foreach ($IDProviders as $key => $value) {
if (isset($value['SSO'])) {
$message .= $key."<br>\n";
}
}
$message .= "</code>\n";
printError($message);
exit;
}
/******************************************************************************/
// Validates the URL and returns it if it is valid or false otherwise
function getSanitizedURL($url){
$components = parse_url($url);
if ($components){
return $url;
} else {
return false;
}
// Validates the URL and returns it if it is valid or false otherwise
function getSanitizedURL($url)
{
$components = parse_url($url);
if ($components) {
return $url;
} else {
return false;
}
}
/******************************************************************************/
// Parses the hostname out of a string and returns it
function getHostNameFromURI($string){
// Check if string is URN
if (preg_match('/^urn:mace:/i', $string)){
// Return last component of URN
$components = explode(':', $string);
return end($components);
}
// Apparently we are dealing with something like a URL
if (preg_match('/([a-zA-Z0-9\-\.]+\.[a-zA-Z0-9\-\.]{2,6})/', $string, $matches)){
return $matches[0];
} else {
return '';
}
function getHostNameFromURI($string)
{
// Check if string is URN
if (preg_match('/^urn:mace:/i', $string)) {
// Return last component of URN
$components = explode(':', $string);
return end($components);
}
// Apparently we are dealing with something like a URL
if (preg_match('/([a-zA-Z0-9\-\.]+\.[a-zA-Z0-9\-\.]{2,6})/', $string, $matches)) {
return $matches[0];
} else {
return '';
}
}
/******************************************************************************/
// Parses the domain out of a string and returns it
function getDomainNameFromURI($string){
// Check if string is URN
if (preg_match('/^urn:mace:/i', $string)){
// Return last component of URN
$components = explode(':', $string);
return getTopLevelDomain(end($components));
}
// Apparently we are dealing with something like a URL
if (preg_match('/[a-zA-Z0-9\-\.]+\.([a-zA-Z0-9\-\.]{2,6})/', $string, $matches)){
return getTopLevelDomain($matches[0]);
} else {
return '';
}
function getDomainNameFromURI($string)
{
// Check if string is URN
if (preg_match('/^urn:mace:/i', $string)) {
// Return last component of URN
$components = explode(':', $string);
return getTopLevelDomain(end($components));
}
// Apparently we are dealing with something like a URL
if (preg_match('/[a-zA-Z0-9\-\.]+\.([a-zA-Z0-9\-\.]{2,6})/', $string, $matches)) {
return getTopLevelDomain($matches[0]);
} else {
return '';
}
}
/******************************************************************************/
// Returns top level domain name from a DNS name
function getTopLevelDomain($string){
$hostnameComponents = explode('.', $string);
if (count($hostnameComponents) >= 2){
return $hostnameComponents[count($hostnameComponents)-2].'.'.$hostnameComponents[count($hostnameComponents)-1];
} else {
return $string;
}
function getTopLevelDomain($string)
{
$hostnameComponents = explode('.', $string);
if (count($hostnameComponents) >= 2) {
return $hostnameComponents[count($hostnameComponents)-2].'.'.$hostnameComponents[count($hostnameComponents)-1];
} else {
return $string;
}
}
/******************************************************************************/
// Parses the reverse dns lookup hostname out of a string and returns domain
function getDomainNameFromURIHint(){
global $IDProviders;
$clientHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if ($clientHostname == $_SERVER['REMOTE_ADDR']){
return '-';
}
// Get domain name from client host name
$clientDomainName = getDomainNameFromURI($clientHostname);
if ($clientDomainName == ''){
return '-';
}
// Return first matching IdP entityID that contains the client domain name
foreach ($IDProviders as $key => $value){
if (
preg_match('/^http.+'.$clientDomainName.'/', $key)
|| preg_match('/^urn:.+'.$clientDomainName.'$/', $key)){
return $key;
}
}
// No matching entityID was found
return '-';
function getDomainNameFromURIHint()
{
global $IDProviders;
$clientHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if ($clientHostname == $_SERVER['REMOTE_ADDR']) {
return '-';
}
// Get domain name from client host name
$clientDomainName = getDomainNameFromURI($clientHostname);
if ($clientDomainName == '') {
return '-';
}
// Return first matching IdP entityID that contains the client domain name
foreach ($IDProviders as $key => $value) {
if (
preg_match('/^http.+'.$clientDomainName.'/', $key)
|| preg_match('/^urn:.+'.$clientDomainName.'$/', $key)) {
return $key;
}
}
// No matching entityID was found
return '-';
}
/******************************************************************************/