initial setup of framework code

enabled features
* login
* crt login
* top / left menu
* logging
* db layer

manager/.buildpath

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<buildpath>
+	<buildpathentry kind="src" path=""/>
+	<buildpathentry kind="con" path="org.zend.php.framework.CONTAINER"/>
+	<buildpathentry kind="con" path="org.eclipse.php.core.LANGUAGE"/>
+</buildpath>

manager/.project

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>ca-mgr (mawaunix)</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.jsdt.core.javascriptValidator</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.dltk.core.scriptbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.zend.php.framework.ZendFrameworkNature</nature>
+		<nature>org.eclipse.php.core.PHPNature</nature>
+		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
+	</natures>
+</projectDescription>

manager/.settings/.jsdtscope

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.WebProject">
+		<attributes>
+			<attribute name="hide" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.wst.jsdt.launching.baseBrowserLibrary"/>
+	<classpathentry kind="output" path=""/>
+</classpath>

manager/.settings/org.eclipse.php.core.prefs

@@ -0,0 +1,5 @@
+#Wed Mar 31 11:13:35 CEST 2010
+eclipse.preferences.version=1
+include_path=0;/ca-mgr (mawaunix)\u00055;org.zend.php.framework.CONTAINER
+phpVersion=php5
+use_asp_tags_as_php=false

manager/.settings/org.eclipse.wst.jsdt.ui.superType.container

@@ -0,0 +1 @@
+org.eclipse.wst.jsdt.launching.baseBrowserLibrary

manager/.settings/org.eclipse.wst.jsdt.ui.superType.name

@@ -0,0 +1 @@
+Window

manager/application/Bootstrap.php

@@ -0,0 +1,154 @@
+<?php
+require_once('plugins/plugin.charsetheader.php');
+require_once('plugins/plugin.forceauth.php');
+require_once('plugins/plugin.loginlogout.php');
+require_once('plugins/plugin.buildmenu.php');
+require_once('config/Config.php');
+require_once('log/Log.php');
+require_once('l10n/L10n.php');
+require_once('i18n/I18n.php');
+
+class Bootstrap extends Zend_Application_Bootstrap_Bootstrap {
+	protected function _initAutoload() {
+        $autoloader = new Zend_Application_Module_Autoloader(array(
+            'namespace' => 'Default_',
+            'basePath'  => dirname(__FILE__)
+        ));
+        return $autoloader;
+    }
+
+	protected function _initPlugins() {
+		$this->bootstrap('session');
+
+		$fc = Zend_Controller_Front::getInstance();
+
+		$charset_header = new CharsetHeader();
+		$fc->registerPlugin($charset_header);
+
+		$force_auth = new ForceAuth();
+		$fc->registerPlugin($force_auth);
+
+		$buildmenu = new BuildMenu();
+		$fc->registerPlugin($buildmenu);
+
+		$loginlogout = new LoginLogout();
+		$fc->registerPlugin($loginlogout);
+	}
+
+	protected function _initDoctype() {
+		$this->bootstrap('view');
+		$this->bootstrap('log');
+		$this->bootstrap('I18n');
+		$this->bootstrap('session');
+
+		$view = $this->getResource('view');
+		Zend_Registry::set('view', $view);
+		$view->doctype('XHTML1_STRICT');
+		$view->addHelperPath(APPLICATION_PATH . '/views/helpers/');
+		$view->headTitle = I18n::_('CACert Test Manager');
+	}
+
+	/**
+	 * @todo expireSessionCookie()
+	 * @todo rememberMe(xx)
+	 * @todo forgetMe()
+	 * @see Zend_Registry::get('session');
+	 * @return Zend_Session_Namespace
+	 */
+	protected function _initSession() {
+		$options = $this->getOption('ca_mgr');
+
+		$db = Zend_Db::factory($options['db']['session']['pdo'], $options['db']['session']);
+
+		/**
+		 * automatically clean up expired session entries from session cache
+		 * use the modified and lifetime stamps to calculate expire time
+		 */
+		if ($options['db']['session']['autocleanup'] == '1') {
+			$stmt = $db->query('delete from front_session where (modified + lifetime * 2) < unix_timestamp()');
+			# $stmt->execute();
+		}
+
+		//you can either set the Zend_Db_Table default adapter
+		//or you can pass the db connection straight to the save handler $config
+		// @see lifetimeColumn / lifetime / overrideLifetime, lifetime defaults to php.ini: session.gc_maxlifetime
+		Zend_Db_Table_Abstract::setDefaultAdapter($db);
+		$config = array(
+		    'name'           => 'front_session',
+		    'primary'        => 'id',
+		    'modifiedColumn' => 'modified',
+		    'dataColumn'     => 'data',
+		    'lifetimeColumn' => 'lifetime'
+		);
+
+		//create your Zend_Session_SaveHandler_DbTable and
+		//set the save handler for Zend_Session
+		Zend_Session::setSaveHandler(new Zend_Session_SaveHandler_DbTable($config));
+
+		// Zend_Session::rememberMe(7200);
+
+		//start your session!
+		Zend_Session::start();
+
+		$session = new Zend_Session_Namespace();
+		if (!isset($session->started))
+			$session->started = time();
+		if (!isset($session->authdata))
+			$session->authdata = array('authed' => false);
+
+		Zend_Registry::set('session', $session);
+		return $session;
+	}
+
+	/**
+	 * get the basic system config from database, store the config object in the bootstrap registry
+	 * @see Zend_Registry::get('config');
+	 * @return Config
+	 */
+	protected function _initConfig() {
+		$options = $this->getOption('ca_mgr');
+		$db = Zend_Db::factory($options['db']['config']['pdo'], $options['db']['config']);
+		$config = Config::getInstance(SYSTEM_CONFIG, $db);
+
+		Zend_Registry::set('config', $config);
+		Zend_Registry::set('config_dbc', $db);
+
+		return $config;
+	}
+
+	/**
+	 * make singleton system logger
+	 * @see Zend_Registry::get('log');
+	 * @return Log
+	 */
+	public function _initLog() {
+		$this->bootstrap('Config');
+
+		$op = $this->getOption('log');
+		$log = Log::getInstance(SYSTEM_LOG, $op['application']);
+
+		Zend_Registry::set('log', $log);
+		return $log;
+	}
+
+	/**
+	 * make singleton I18n (internationalization) object (translation)
+	 */
+	public function _initI18n() {
+		$this->bootstrap('Config');
+		// need existing L10n object for initialization
+		$this->bootstrap('L10n');
+
+		$I18n = I18n::getInstance(L10n::getInstance()->getLanguage());
+	}
+
+	/**
+	 * make singleton L10n (localization) object (set locale, convert date and
+	 * number formats)
+	 */
+	public function _initL10n() {
+		$this->bootstrap('Config');
+
+		$L10n = L10n::getInstance();
+	}
+}

manager/application/configs/application.ini

@@ -0,0 +1,56 @@
+[production]
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1
+includePaths.library = LIBRARY_PATH
+bootstrap.path = APPLICATION_PATH "/Bootstrap.php"
+bootstrap.class = "Bootstrap"
+resources.frontController.controllerDirectory = APPLICATION_PATH "/controllers"
+resources.frontController.noViewRenderer = 0
+resources.frontController.noErrorHandler = 0
+resources.frontController.useDefaultControllerAlways = 0
+resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts"
+resources.view[] =
+
+; Database settings for Session DB
+ca_mgr.db.session.pdo				= "Pdo_Mysql"
+ca_mgr.db.session.autocleanup		= 1
+ca_mgr.db.session.host				= "localhost"
+ca_mgr.db.session.username			= "front_session"
+ca_mgr.db.session.password			= "laskdsfzrwethv45"
+ca_mgr.db.session.dbname			= "ca_mgr"
+
+; Database settings for Auth DB (CACert User Table)
+ca_mgr.db.auth.pdo					= "Pdo_Mysql"
+ca_mgr.db.auth.host					= "localhost"
+ca_mgr.db.auth.username				= "ca_mgr"
+ca_mgr.db.auth.password				= "jsdfhsd47534hsdf7"
+ca_mgr.db.auth.dbname				= "cacert"
+ca_mgr.db.auth.tablename			= "users"
+
+; Database settings for Auth DB (Manager User Table)
+ca_mgr.db.auth2.pdo					= "Pdo_Mysql"
+ca_mgr.db.auth2.host				= "localhost"
+ca_mgr.db.auth2.username			= "ca_mgr"
+ca_mgr.db.auth2.password			= "jsdfhsd47534hsdf7"
+ca_mgr.db.auth2.dbname				= "ca_mgr"
+ca_mgr.db.auth2.tablename			= "system_user"
+
+; Database settings for Config DB (access to system_config and dnssecme data tables)
+ca_mgr.db.config.pdo				= "Pdo_Mysql"
+ca_mgr.db.config.host				= "localhost"
+ca_mgr.db.config.username			= "ca_mgr"
+ca_mgr.db.config.password			= "jsdfhsd47534hsdf7"
+ca_mgr.db.config.dbname				= "ca_mgr"
+
+; Application name for logger
+log.application						= "web"
+
+[staging : production]
+
+[testing : production]
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1
+
+[development : production]
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1

manager/application/controllers/ErrorController.php

@@ -0,0 +1,35 @@
+<?php
+
+class ErrorController extends Zend_Controller_Action
+{
+
+    public function errorAction()
+    {
+        $errors = $this->_getParam('error_handler');
+
+        switch ($errors->type) {
+            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_CONTROLLER:
+            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION:
+
+                // 404 error -- controller or action not found
+                $this->getResponse()->setHttpResponseCode(404);
+                $this->view->message = 'Page not found';
+                break;
+            default:
+                // application error
+                $this->getResponse()->setHttpResponseCode(500);
+                $this->view->message = 'Application error';
+                break;
+        }
+
+        $this->view->exception = $errors->exception;
+        $this->view->request   = $errors->request;
+
+        Log::Log()->emerg($errors->exception);
+    }
+
+	public function permissiondeniedAction() {
+
+	}
+}
+

manager/application/controllers/IndexController.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * @author markus
+ * $Id: IndexController.php 6 2009-11-18 14:52:50Z markus $
+ */
+
+class IndexController extends Zend_Controller_Action
+{
+
+    public function init()
+    {
+        /* Initialize action controller here */
+    	/**
+    	 * get bootstrap, get resource from bootstrap
+    	 * resources are created when an bootstrap _init method returns an object
+    	$bootstrap = $this->getInvokeArg('bootstrap');
+        $view = $bootstrap->getResource('view');
+        */
+    }
+
+    public function indexAction()
+    {
+        // action body
+    }
+
+
+}
+

manager/application/controllers/LoginController.php

@@ -0,0 +1,260 @@
+<?php
+/**
+ * @author markus
+ * $Id: LoginController.php 75 2010-02-25 14:40:10Z markus $
+ */
+
+require_once('helpers/GetEnv.php');
+require_once('config/Config.php');
+
+class LoginController extends Zend_Controller_Action
+{
+
+    public function init() {
+        /* Initialize action controller here */
+    }
+
+    public function indexAction() {
+		$this->view->form = $this->getForm();
+		$this->render('index');
+    }
+
+    public function loginAction() {
+    	$form = $this->getForm();
+    	if ($form->isValid($_POST)) {
+	    	$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+
+	    	$db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
+			Zend_Registry::set('auth_dbc', $db);
+	    	$db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
+			Zend_Registry::set('auth2_dbc', $db2);
+
+	    	$auth = new Zend_Auth_Adapter_DbTable($db);
+
+	    	$auth->setTableName($config->ca_mgr->db->auth->tablename)
+	    		 ->setIdentityColumn('email')
+	    		 ->setCredentialColumn('password');
+
+	    	$auth->setIdentity( $this->getRequest()->getParam('login_name'))
+	    	     ->setCredential( sha1($this->getRequest()->getParam('login_password')))
+	    	     ->setCredentialTreatment('?');
+
+	        $result = $auth->authenticate();
+
+	        $code = $result->getCode();
+	    	switch ($code) {
+	    		case Zend_Auth_Result::FAILURE:
+    				Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE) to log in ' . $this->getRequest()->getParam('login_name'));
+	    			throw new Exception(__METHOD__ . ': unknown error');
+	    		case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
+    				Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND) to log in ' . $this->getRequest()->getParam('login_name'));
+	    			throw new Exception(__METHOD__ . ': ID unknown');
+	    		case Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS:
+    				Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS) to log in ' . $this->getRequest()->getParam('login_name'));
+	    			throw new Exception(__METHOD__ . ': ID not unique');
+	    		case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
+    				Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID) to log in ' . $this->getRequest()->getParam('login_name'));
+	    			throw new Exception(__METHOD__ . ': ID unknown');	// to prevent brute force password attachs
+	    		case Zend_Auth_Result::FAILURE_UNCATEGORIZED:
+    				Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_UNCATEGORIZED) to log in ' . $this->getRequest()->getParam('login_name'));
+	    			throw new Exception(__METHOD__ . ': unknown error');
+	    	}
+
+			$this->getAuthDetailsIntoSession($auth, false);
+
+			Log::Log()->info(__METHOD__ . ' user logged in ' . $this->view->session->authdata['authed_username'] .
+				' (' . $this->getRequest()->getParam('login_name') . ')');
+
+	    	#$this->_forward('index', 'index');  // only "soft" forward, we need to change the url in browser
+			$this->_redirect($this->view->url(array('controller' => 'index', 'action' => 'index'), 'default', true));
+
+	    	/*
+	    	$viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
+	    	$viewRenderer->setRender('loginresult');
+	    	$this->view->request = $this->getRequest();
+	    	*/
+    	}
+	   	else {
+			$this->view->form = $form;
+            return $this->render('index');
+    	}
+    }
+
+    public function crtAction() {
+    	$ssl_client_s_dn = GetEnv::getEnvVar('SSL_CLIENT_S_DN');
+		$ssl_client_i_dn = GetEnv::getEnvVar('SSL_CLIENT_I_DN');
+
+    	$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+
+    	$db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
+		Zend_Registry::set('auth_dbc', $db);
+	   	$db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
+		Zend_Registry::set('auth2_dbc', $db2);
+
+    	$auth = new Zend_Auth_Adapter_DbTable($db);
+
+    	$auth->setTableName($config->ca_mgr->db->auth->tablename)
+    		 ->setIdentityColumn('user_client_crt_s_dn_i_dn')
+    		 ->setCredentialColumn('user_client_crt_s_dn_i_dn');
+
+    	$auth->setIdentity( $ssl_client_s_dn . '//' . $ssl_client_i_dn)
+    	     ->setCredential($ssl_client_s_dn . '//' . $ssl_client_i_dn)
+    	     ->setCredentialTreatment('?');
+
+    	$result = $auth->authenticate();
+
+    	$code = $result->getCode();
+    	switch ($code) {
+    		case Zend_Auth_Result::FAILURE:
+    			Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+    			throw new Exception(__METHOD__ . ': unknown error');
+    		case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
+    			Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+    			throw new Exception(__METHOD__ . ': ID unknown');
+    		case Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS:
+    			Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+    			throw new Exception(__METHOD__ . ': ID not unique');
+    		case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
+    			Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+    			throw new Exception(__METHOD__ . ': ID unknown');	// to prevent brute force password attachs
+    		case Zend_Auth_Result::FAILURE_UNCATEGORIZED:
+    			Log::Log()->info(__METHOD__ . ' user failed (Zend_Auth_Result::FAILURE_UNCATEGORIZED) to log in ' . $ssl_client_s_dn . '//' . $ssl_client_i_dn);
+    			throw new Exception(__METHOD__ . ': unknown error');
+    	}
+
+		$this->getAuthDetailsIntoSession($auth, true);
+
+    	/*
+    	$viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
+	    $viewRenderer->setRender('loginresult');
+		*/
+
+		Log::Log()->info(__METHOD__ . ' user logged in ' . $this->view->session->authdata['authed_username'] .
+			' (' . $ssl_client_s_dn . '//' . $ssl_client_i_dn . ')');
+
+    	#$this->_forward('index', 'index'); // only "soft" forward, we need to change the url in browser
+    	$this->_redirect($this->view->url(array('controller' => 'index', 'action' => 'index'), 'default', true));
+    }
+
+    /**
+     * get user data from Zend_Auth result and store data in session
+     * @param Zend_Auth_Result $auth
+     */
+   	protected function getAuthDetailsIntoSession($auth, $crt) {
+   		$session = Zend_Registry::get('session');
+
+   		/**
+   		 * non existent in our case, look up a 2nd table (ca_mgr.system_user by login name (email)) and
+   		 * get id from there, defaulting to User (1) when no db entry exists
+   		 */
+    	$auth_res = $auth->getResultRowObject();
+		$system_roles_id = 1;
+
+   		$session->authdata['authed'] = true;
+    	$session->authdata['authed_id'] = $auth_res->id;
+    	$session->authdata['authed_username'] = $auth_res->email;
+    	$session->authdata['authed_fname'] = $auth_res->fname;
+    	$session->authdata['authed_lname'] = $auth_res->lname;
+		$session->authdata['authed_by_crt'] = $crt;
+		$session->authdata['authed_by_cli'] = true;
+
+    	$db = Zend_Registry::get('auth2_dbc');
+		$res = $db->query('select * from system_role where id=?', array($system_roles_id));
+		$res_ar = $res->fetch();
+    	$session->authdata['authed_role'] = $res_ar['role'];
+
+    	$acl = $this->makeAcl($db);
+
+    	$session->authdata['authed_permissions'] = $acl;
+
+    	/* test cases
+    	Log::Log()->debug(($acl->isAllowed('User', 'Administration', 'view') == true)?'true':'false');
+    	Log::Log()->debug(($acl->isAllowed('User', 'Administration', 'edit') == true)?'true':'false');
+    	Log::Log()->debug(($acl->isAllowed('User', 'Account', 'view') == true)?'true':'false');
+    	Log::Log()->debug(($acl->isAllowed('User', 'Account', 'edit') == true)?'true':'false');
+		Log::Log()->debug(($acl->isAllowed('Admin', 'Administration', 'view') == true)?'true':'false');
+		Log::Log()->debug(($acl->isAllowed('Admin', 'Account', 'view') == true)?'true':'false');
+		*/
+
+    	$this->view->session = $session;
+   	}
+
+    /**
+     * build login form and return to requesting method
+     * @return Zend_Form
+     */
+    protected function getForm() {
+    	$form = new Zend_Form();
+    	$form->setAction('/login/login')
+			 ->setMethod('post');
+		#$form->setAttrib('id', 'loginform');
+		$al = new Zend_Validate_Alnum();
+		$al->setDefaultTranslator(I18n::getTranslate());
+		$al->setDisableTranslator(false);
+		$username = new Zend_Form_Element_Text('login_name');
+		$username->addValidator(new Zend_Validate_StringLength(2,20))
+				 ->setRequired(true)
+				 ->addFilter('StringToLower')
+				 ->setLabel(I18n::_('User Name'));
+		$password = new Zend_Form_Element_Password('login_password');
+		$password->addValidator(new Zend_Validate_Alnum())
+				 ->addValidator(new Zend_Validate_StringLength(8,20))
+				 ->setRequired(true)
+				 ->setLabel(I18n::_('Password'));
+		$submit = new Zend_Form_Element_Submit('submit');
+		$submit->setLabel(I18n::_('Login'));
+		$form->addElement($username)
+			 ->addElement($password)
+			 ->addElement($submit);
+
+		return $form;
+    }
+
+    /**
+     * get roles and resources from db, build Zend_Acl structure and add permissions
+     * @param Zend_Db $db
+     */
+    protected function makeAcl($db) {
+		$acl = new Zend_Acl();
+
+    	$res = $db->fetchAll('select * from system_role');
+		foreach ($res as $obj) {
+			if ($obj['inherit_role'] != '') {
+				if ($acl->hasRole($obj['inherit_role'])) {
+					$acl->addRole(new Zend_Acl_Role($obj['role']), $obj['inherit_role']);
+				}
+				else {
+					/**
+					 * @todo very simply system to order roles, add role before inherited role
+					 */
+					$res[] = $obj;
+					continue;
+				}
+			}
+			else {
+				$acl->addRole(new Zend_Acl_Role($obj['role']));
+			}
+		}
+
+		$res = $db->fetchAll('select * from system_resource');
+		foreach ($res as $obj) {
+			$acl->addResource(new Zend_Acl_Resource($obj['resource']));
+		}
+
+		$res = $db->fetchAll('select r.role as role, rs.resource as resource, permission, privilege '.
+			'from system_role as r join system_role_has_system_resource as m on ' .
+			'(r.id = m.system_role_id) join system_resource as rs on (m.system_resource_id = rs.id)');
+
+		foreach ($res as $obj) {
+			$privilege = explode(',', $obj['privilege']);
+			if ($obj['permission'] == 'allow') {
+				$acl->allow($obj['role'], $obj['resource'], $privilege);
+			}
+			else {
+				$acl->deny($obj['role'], $obj['resource'], $privilege);
+			}
+		}
+
+		return $acl;
+    }
+}

manager/application/controllers/LogoutController.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * @author markus
+ * $Id: LogoutController.php 12 2009-11-24 13:35:16Z markus $
+ */
+
+require_once('helpers/GetEnv.php');
+require_once('config/Config.php');
+
+class LogoutController extends Zend_Controller_Action
+{
+
+    public function init() {
+        /* Initialize action controller here */
+    }
+
+    public function indexAction() {
+    	$session = Zend_Registry::get('session');
+
+    	Log::Log()->info(__METHOD__ . ' user logged out ' . $this->view->session->authdata['authed_username']);
+
+    	unset($session->authdata);
+    	$session->authdata['authed'] = false;
+
+    	Zend_Session::destroy();
+    }
+}

manager/application/layouts/scripts/layout.phtml

@@ -0,0 +1,32 @@
+<?php
+// application/layouts/scripts/layout.phtml
+
+print $this->doctype(); ?>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title><?php print $this->headTitle; ?></title>
+  <?php print $this->headLink()->prependStylesheet('/css/global.css'); ?>
+  <?php print $this->headScript()->appendFile('/js/positionUserInfo.js'); // ->appendFile('/js/center.js'); ?>
+</head>
+<body>
+	<div id="center">
+		<div id="header">
+		    <div id="header-logo">
+		        <img src="/img/cacert4.png" border="0" alt="CACert Logo" width="100px" height="30px">
+		    </div>
+		    <div id="header-navigation">
+		    	<?php print $this->topNav(); ?>
+		    </div>
+		</div>
+
+		<div id="left-navigation">
+			<?php print $this->leftNav(); ?>
+		</div>
+		<div id="content">
+			<?php print $this->layout()->content; ?>
+		</div>
+	</div>
+	<? print $this->userInfo(); ?>
+</body>
+</html>

manager/application/views/helpers/LeftNav.php

@@ -0,0 +1,96 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category   Zend
+ * @package    Zend_View
+ * @subpackage Helper
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version    $Id: LeftNav.php 8 2009-11-24 10:32:47Z markus $
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+
+/** Zend_View_Helper_Placeholder_Container_Standalone */
+require_once 'Zend/View/Helper/Placeholder/Container/Standalone.php';
+
+/**
+ * Helper for building an applications top navigation bar
+ *
+ * @uses       Zend_View_Helper_Placeholder_Container_Standalone
+ * @package    Zend_View
+ * @subpackage Helper
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+class Zend_View_Helper_LeftNav extends Zend_View_Helper_Placeholder_Container_Standalone
+{
+    /**
+     * Registry key for placeholder
+     * @var string
+     */
+    protected $_regKey = 'Zend_View_Helper_LeftNav';
+
+    protected $items = array();
+
+    /**
+     * Retrieve placeholder for navigation element and optionally set state
+     *
+     * Single Link elements to be made with $this->url(array('controller'=>'<controller>'), 'default', true);
+     *
+     * @param  string $link
+     * @param  string $setType
+     * @param  string $setPos
+     * @return Zend_View_Helper_LeftNav
+     */
+    public function leftNav($link = null, $setType = Zend_View_Helper_Placeholder_Container_Abstract::APPEND, $setPos = 0)
+    {
+    	$link = (string) $link;
+        if ($link !== '') {
+            if ($setType == Zend_View_Helper_Placeholder_Container_Abstract::SET) {
+                if ($setPos != 0)
+                	$this->items[$setPos] = $link;
+                else
+                	$this->items[] = $link;
+            } elseif ($setType == Zend_View_Helper_Placeholder_Container_Abstract::PREPEND) {
+                $this->items = array_merge(array($link), $this->items);
+            } else {
+                $this->items[] = $link;
+            }
+        }
+
+        return $this;
+    }
+
+    /**
+     * Turn helper into string
+     *
+     * @param  string|null $indent
+     * @param  string|null $locale
+     * @return string
+     */
+    public function __toString($indent = null, $locale = null)
+    {
+		$output = '';
+    	$indent = (null !== $indent)
+                ? $this->getWhitespace($indent)
+                : $this->getIndent();
+
+        $output .= $indent . "<ul>\n";
+        foreach ($this->items as $item) {
+                $output .= $indent . "<li>" . $item . "</li>\n";
+ 		}
+		$output .= $indent . "</ul>\n";
+
+        return $output;
+    }
+}

manager/application/views/helpers/TopNav.php

@@ -0,0 +1,99 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category   Zend
+ * @package    Zend_View
+ * @subpackage Helper
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version    $Id: TopNav.php 20 2009-12-01 14:26:22Z markus $
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+
+/** Zend_View_Helper_Placeholder_Container_Standalone */
+require_once 'Zend/View/Helper/Placeholder/Container/Standalone.php';
+
+/**
+ * Helper for building an applications top navigation bar
+ *
+ * @uses       Zend_View_Helper_Placeholder_Container_Standalone
+ * @package    Zend_View
+ * @subpackage Helper
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+class Zend_View_Helper_TopNav extends Zend_View_Helper_Placeholder_Container_Standalone
+{
+    /**
+     * Registry key for placeholder
+     * @var string
+     */
+    protected $_regKey = 'Zend_View_Helper_TopNav';
+
+    protected $items = array();
+
+    /**
+     * Retrieve placeholder for navigation element and optionally set state
+     *
+     * Single Link elements to be made with $this->url(array('controller'=>'<controller>'), 'default', true);
+     *
+     * @param  string $link
+     * @param  string $setType
+     * @param  string $setPos
+     * @return Zend_View_Helper_TopNav
+     */
+    public function topNav($link = null, $setType = Zend_View_Helper_Placeholder_Container_Abstract::APPEND, $setPos = 0)
+    {
+    	$link = (string) $link;
+        if ($link !== '') {
+            if ($setType == Zend_View_Helper_Placeholder_Container_Abstract::SET) {
+                if ($setPos != 0)
+                	$this->items[$setPos] = $link;
+                else
+                	$this->items[] = $link;
+            } elseif ($setType == Zend_View_Helper_Placeholder_Container_Abstract::PREPEND) {
+                $this->items = array_merge(array($link), $this->items);
+            } else {
+                $this->items[] = $link;
+            }
+        }
+
+        return $this;
+    }
+
+    /**
+     * Turn helper into string
+     *
+     * @param  string|null $indent
+     * @param  string|null $locale
+     * @return string
+     */
+    public function __toString($indent = null, $locale = null)
+    {
+		$output = '';
+    	$indent = (null !== $indent)
+                ? $this->getWhitespace($indent)
+                : $this->getIndent();
+
+        ksort($this->items);
+
+        $output .= $indent . "<ul>\n";
+
+        foreach ($this->items as $item) {
+                $output .= $indent . "<li>" . $item . "</li>\n";
+ 		}
+		$output .= $indent . "</ul>\n";
+
+        return $output;
+    }
+}

manager/application/views/helpers/UserInfo.php

@@ -0,0 +1,95 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category   Zend
+ * @package    Zend_View
+ * @subpackage Helper
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version    $Id: UserInfo.php 33 2009-12-10 15:08:38Z markus $
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+
+/** Zend_View_Helper_Placeholder_Container_Standalone */
+require_once 'Zend/View/Helper/Placeholder/Container/Standalone.php';
+
+/**
+ * Helper for displaying an user info div somewhere
+ *
+ * @uses       Zend_View_Helper_Placeholder_Container_Standalone
+ * @package    Zend_View
+ * @subpackage Helper
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+class Zend_View_Helper_UserInfo extends Zend_View_Helper_Placeholder_Container_Standalone
+{
+    /**
+     * Registry key for placeholder
+     * @var string
+     */
+    protected $_regKey = 'Zend_View_Helper_UserInfo';
+
+    private $items = array();
+
+    /**
+     * Retrieve placeholder for navigation element and optionally set state
+     *
+     * Single Link elements to be made with $this->url(array('controller'=>'<controller>'), 'default', true);
+     *
+     * @param  array $data
+     * @return Zend_View_Helper_UserData
+     */
+    public function UserInfo($ar = null, $setType = Zend_View_Helper_Placeholder_Container_Abstract::APPEND, $setPos = 0)
+    {
+    	if ($ar !== null && is_array($ar)) {
+    		$this->items = $ar;
+    	}
+    	return $this;
+    }
+
+    /**
+     * Turn helper into string
+     *
+     * @param  string|null $indent
+     * @param  string|null $locale
+     * @return string
+     */
+    public function __toString($indent = null, $locale = null)
+    {
+    	$session = Zend_Registry::get('session');
+		$this->items = $session->authdata;
+
+    	$output = '';
+
+    	if ($session->authdata['authed'] !== true)
+			return $output;
+
+#    	$indent = (null !== $indent)
+#                ? $this->getWhitespace($indent)
+#                : $this->getIndent();
+		$indent = '';
+
+        $output .= $indent . "<div id=\"userinfo\">\n";
+		$output .= $indent . "\tUser: " . $this->items['authed_username'] . "<br>\n";
+		$output .= $indent . "\tName: " . $this->items['authed_fname'] . ' ' . $this->items['authed_lname'] . "<br>\n";
+		$output .= $indent . "\tRole: " . $this->items['authed_role'] . "<br>\n";
+		if ($this->items['authed_by_crt'] === true)
+			$output .= $indent . "\tLoginmethod: CRT<br>\n";
+		else
+			$output .= $indent . "\tLoginmethod: PASSWD<br>\n";
+		$output .= $indent . "</div>\n";
+
+        return $output;
+    }
+}

manager/application/views/scripts/error/error.phtml

@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>Zend Framework Default Application</title>
+</head>
+<body>
+  <h1>An error occurred</h1>
+  <h2><?php echo $this->message ?></h2>
+
+  <?php if ('development' == APPLICATION_ENV): ?>
+
+  <h3>Exception information:</h3>
+  <p>
+      <b>Message:</b> <?php echo $this->exception->getMessage() ?>
+  </p>
+
+  <h3>Stack trace:</h3>
+  <pre><?php echo $this->exception->getTraceAsString() ?>
+  </pre>
+
+  <h3>Request Parameters:</h3>
+  <pre><?php echo var_export($this->request->getParams(), true) ?>
+  </pre>
+  <?php endif ?>
+
+</body>
+</html>

manager/application/views/scripts/error/permissiondenied.phtml

@@ -0,0 +1,8 @@
+<?php
+/**
+ * @author markus
+ * $Id: loginresult.phtml 7 2009-11-19 15:03:59Z markus $
+ */
+?>
+<H1><?php print I18n::_('Permission Denied')?></H1>
+<?php print I18n::_('You do not have the permission to perform the requested action'); ?>

manager/application/views/scripts/index/index.phtml

@@ -0,0 +1,7 @@
+<?php
+/**
+ * @author markus
+ * $Id: index.phtml 25 2009-12-02 15:43:21Z markus $
+ */
+?>
+<H1><?php print I18n::_('Dashboard'); ?></H1>

manager/application/views/scripts/login/index.phtml

@@ -0,0 +1,16 @@
+<?php
+/**
+ * @author markus
+ * $Id: index.phtml 36 2009-12-15 15:49:57Z markus $
+ */
+
+// $this->headScript()->appendFile('js/1st.js');
+// $this->headScript()->appendFile('js/2nd.js');
+$this->headLink()->appendStylesheet('/css/login.css');
+
+$this->headLink()->appendStylesheet('/css/form_dl.css');
+?>
+
+<H1><?php print I18n::_('Please log in'); ?></H1>
+<?php print $this->form;?>
+<a href='/login/crt'><?php print I18n::_('Client Cert Login'); ?></a>

manager/application/views/scripts/login/loginresult.phtml

@@ -0,0 +1,16 @@
+<?php
+/**
+ * @author markus
+ * $Id: loginresult.phtml 7 2009-11-19 15:03:59Z markus $
+ */
+
+if ($this->session->authdata['authed']) {
+?>
+<H1>Willkommen im Club, <?php  print $this->session->authdata['authed_username']; ?></H1>
+<?php
+}
+else {
+?>
+<H1>Bitte loggen Sie sich ein.</H1>
+<?php
+}

manager/application/views/scripts/logout/index.phtml

@@ -0,0 +1,7 @@
+<?php
+/**
+ * @author markus
+ * $Id: index.phtml 7 2009-11-19 15:03:59Z markus $
+ */
+?>
+<H1><?php print I18n::_('You have successfully been logged out'); ?></H1>

manager/library/actions/ActionIndex.php

@@ -0,0 +1,53 @@
+<?php
+
+require_once (FWACTIONS_PATH . '/FWAction.php');
+
+class Index extends FWAction {
+	/**
+	 * get a list of required permissions that are needed to access this action
+	 * @return array
+	 */
+	public static function getRequiredPermissions() {
+		return array();
+	}
+
+	/**
+	 * get a role that is required for accessing that action
+	 * @return string
+	 */
+	public static function getRequiredRole() {
+		return 'User';
+	}
+
+	/**
+	 * sort order for top navigation
+	 * @return integer
+	 */
+	public static function getTopNavPrio() {
+		return 1;
+	}
+
+	/**
+	 * controller to invoke
+	 * @return string
+	 */
+	public static function getController() {
+		return 'index';
+	}
+
+	/**
+	 * action to invoke
+	 * @return string
+	 */
+	public static function getAction() {
+		return 'index';
+	}
+
+	/**
+	 * get text for menu, caller is responsible for translating
+	 * @return string
+	 */
+	public static function getMenuText() {
+		return 'Dashboard';
+	}
+}

manager/library/actions/FWAction.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * @author markus
+ */
+abstract class FWAction {
+
+}

manager/library/config/Config.php

@@ -0,0 +1,104 @@
+<?php
+
+require_once('config/Config_Db.php');
+
+class Config {
+	/**
+	 * static pointer to instances
+	 * @var array(Config)
+	 */
+	private static $instances = array();
+
+	/**
+	 * can handle several instances, distinct by instance name string
+	 * @var string
+	 */
+	private $instanceName = '';
+
+	/**
+	 * config object
+	 * @var Config_Db
+	 */
+	private $config = null;
+
+	/**
+	 * make a new Config_Db
+	 *
+	 * by using the $where statement you can limit the data that is fetched from db, i.e. only get config for zone $id
+	 *
+	 * @param string $instanceName
+	 * @param Zend_Db_Adapter $db
+	 * @param string $where
+	 */
+	protected function __construct($instanceName = null, $db = null, $where = null) {
+    	if ($instanceName === null)
+    		throw new Exception(__METHOD__ . ': expected an instance name, got none');
+
+		$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+		$this->instanceName = $instanceName;
+
+		if ($db === null)
+    		$db = Zend_Db::factory($config->dnssecme->db->config->pdo, $config->dnssecme->db->config);
+
+		$this->config = new Config_Db($db, $instanceName, $where, true);
+	}
+
+	/**
+	 * get already existing instance, make new instance or throw an exception
+	 * @param string $instanceName
+	 * @param Zend_Db_Adapter $db
+	 * @param string $where
+	 */
+	public static function getInstance($instanceName, $db = null, $where = null) {
+    	if ($instanceName === null)
+    		throw new Exception(__METHOD__ . ': expected an instance name, got none');
+
+    	// no caching if presumeably volatile data is requested
+    	if ($db !== null && $where !== null) {
+    		return new Config($instanceName, $db, $where);
+    	}
+
+		if (!array_key_exists($instanceName, self::$instances)) {
+			self::$instances[$instanceName] = new Config($instanceName, $db, $where);
+		}
+
+		return self::$instances[$instanceName];
+	}
+
+	/**
+	 * magic method that dispatches all unrecognized method calls to the config object
+	 *
+	 * @param string $param
+	 */
+	public function __get($param) {
+		return $this->config->$param;
+	}
+
+	/**
+	 * magic method that handles isset inquiries to attributes
+	 *
+	 * @param string $param
+	 */
+	public function __isset($param) {
+		return isset($this->config->$param);
+	}
+
+	/**
+	 * magic method that dispatches all unrecognized method calls to the config object
+	 *
+	 * @param string $param
+	 * @param string $value
+	 */
+	public function __set($param, $value) {
+		$this->config->$param = $value;
+	}
+
+	/**
+	 * get the config object
+	 * @return Zend_Config_*
+	 */
+	public function getConfig() {
+		return $this->config;
+	}
+}
+?>

manager/library/config/Config_Db.php

@@ -0,0 +1,339 @@
+<?php
+/**
+ * Add database driven configuration to the framework, source based on Zend_Config_Ini
+ *
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category   Zend
+ * @package    Zend_Config
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ * @version    $Id: Config_Db.php 27 2009-12-03 13:00:29Z markus $
+ */
+
+
+/**
+ * @see Zend_Config
+ */
+require_once 'Zend/Config.php';
+
+
+/**
+ * @category   Zend
+ * @package    Zend_Config
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+class Config_Db extends Zend_Config
+{
+	/**
+     * String that separates nesting levels of configuration data identifiers
+     *
+     * @var string
+     */
+    protected $_nestSeparator = '.';
+
+    /**
+     * String that separates the parent section name
+     *
+     * @var string
+     */
+    protected $_sectionSeparator = ':';
+
+    /**
+     * Wether to skip extends or not
+     *
+     * @var boolean
+     */
+    protected $_skipExtends = false;
+
+    /**
+     * Loads the section $section from the config file $filename for
+     * access facilitated by nested object properties.
+     *
+     * If the section name contains a ":" then the section name to the right
+     * is loaded and included into the properties. Note that the keys in
+     * this $section will override any keys of the same
+     * name in the sections that have been included via ":".
+     *
+     * If the $section is null, then all sections in the ini file are loaded.
+     *
+     * If any key includes a ".", then this will act as a separator to
+     * create a sub-property.
+     *
+     * example ini file:
+     *      [all]
+     *      db.connection = database
+     *      hostname = live
+     *
+     *      [staging : all]
+     *      hostname = staging
+     *
+     * after calling $data = new Zend_Config_Ini($file, 'staging'); then
+     *      $data->hostname === "staging"
+     *      $data->db->connection === "database"
+     *
+     * The $options parameter may be provided as either a boolean or an array.
+     * If provided as a boolean, this sets the $allowModifications option of
+     * Zend_Config. If provided as an array, there are two configuration
+     * directives that may be set. For example:
+     *
+     * $options = array(
+     *     'allowModifications' => false,
+     *     'nestSeparator'      => '->'
+     *      );
+     *
+     * @param  Zend_Db       $dbc
+     * @param  string	     $db_table
+     * @param  string|null   $section
+     * @param  boolean|array $options
+     * @throws Zend_Config_Exception
+     * @return void
+     */
+    public function __construct($dbc, $db_table, $section = null, $options = false)
+    {
+        if (empty($dbc)) {
+            /**
+             * @see Zend_Config_Exception
+             */
+            require_once 'Zend/Config/Exception.php';
+            throw new Zend_Config_Exception('Database connection is not set');
+        }
+
+        if (empty($db_table)) {
+            /**
+             * @see Zend_Config_Exception
+             */
+            require_once 'Zend/Config/Exception.php';
+            throw new Zend_Config_Exception('Database table is not set');
+        }
+
+        $allowModifications = false;
+        if (is_bool($options)) {
+            $allowModifications = $options;
+        } elseif (is_array($options)) {
+            if (isset($options['allowModifications'])) {
+                $allowModifications = (bool) $options['allowModifications'];
+            }
+            if (isset($options['nestSeparator'])) {
+                $this->_nestSeparator = (string) $options['nestSeparator'];
+            }
+            if (isset($options['skipExtends'])) {
+                $this->_skipExtends = (bool) $options['skipExtends'];
+            }
+        }
+
+        $iniArray = $this->_loadIniFile($dbc, $db_table, $section);
+		$section = null;
+
+        if (null === $section) {
+            // Load entire file
+            $dataArray = array();
+            foreach ($iniArray as $sectionName => $sectionData) {
+                if(!is_array($sectionData)) {
+                    $dataArray = array_merge_recursive($dataArray, $this->_processKey(array(), $sectionName, $sectionData));
+                } else {
+                    $dataArray[$sectionName] = $this->_processSection($iniArray, $sectionName);
+                }
+            }
+            parent::__construct($dataArray, $allowModifications);
+        } else {
+            // Load one or more sections
+            if (!is_array($section)) {
+                $section = array($section);
+            }
+            $dataArray = array();
+            foreach ($section as $sectionName) {
+                if (!isset($iniArray[$sectionName])) {
+                    /**
+                     * @see Zend_Config_Exception
+                     */
+                    require_once 'Zend/Config/Exception.php';
+                    throw new Zend_Config_Exception("Section '$sectionName' cannot be found");
+                }
+                $dataArray = array_merge($this->_processSection($iniArray, $sectionName), $dataArray);
+
+            }
+            parent::__construct($dataArray, $allowModifications);
+        }
+
+        $this->_loadedSection = $section;
+    }
+
+    /**
+     * Load data from database and preprocess the section separator (':' in the
+     * section name (that is used for section extension) so that the resultant
+     * array has the correct section names and the extension information is
+     * stored in a sub-key called ';extends'. We use ';extends' as this can
+     * never be a valid key name in an INI file that has been loaded using
+     * parse_ini_file().
+     *
+     * @param Zend_Db $dbc
+     * @param string $db_table
+     * @throws Zend_Config_Exception
+     * @return array
+     */
+    protected function _loadIniFile($dbc, $db_table, $section = null)
+    {
+        set_error_handler(array($this, '_loadFileErrorHandler'));
+        $loaded = $this->_parse_ini_db($dbc, $db_table, $section); // Warnings and errors are suppressed
+        restore_error_handler();
+        // Check if there was a error while loading file
+        if ($this->_loadFileErrorStr !== null) {
+            /**
+             * @see Zend_Config_Exception
+             */
+            require_once 'Zend/Config/Exception.php';
+            throw new Zend_Config_Exception($this->_loadFileErrorStr);
+        }
+
+        $iniArray = array();
+        foreach ($loaded as $key => $data)
+        {
+            $pieces = explode($this->_sectionSeparator, $key);
+            $thisSection = trim($pieces[0]);
+            switch (count($pieces)) {
+                case 1:
+                    $iniArray[$thisSection] = $data;
+                    break;
+
+                case 2:
+                    $extendedSection = trim($pieces[1]);
+                    $iniArray[$thisSection] = array_merge(array(';extends'=>$extendedSection), $data);
+                    break;
+
+                default:
+                    /**
+                     * @see Zend_Config_Exception
+                     */
+                    require_once 'Zend/Config/Exception.php';
+                    throw new Zend_Config_Exception("Section '$thisSection' may not extend multiple sections");
+            }
+        }
+
+        return $iniArray;
+    }
+
+    /**
+     * read config from (current db in $dbc).$db_table
+     *
+     * @param Zend_Db $dbc
+     * @param string $db_table
+     * @param string $section
+     * @return array
+     */
+    protected function _parse_ini_db($dbc, $db_table, $section) {
+    	$sql = 'select * from ' . $db_table;
+		if ($section !== null) {
+			$sql .= ' where ' . $section;
+		}
+
+    	$db_config = $dbc->query($sql);
+
+    	$config = array();
+
+    	while (($row = $db_config->fetch()) !== false) {
+    		$key = explode('.', $row['config_key']);
+    		$depth = count($key);
+    		$ci = &$config;
+    		for ($cnt = 0; $cnt < $depth; $cnt++) {
+    			if ($cnt == ($depth - 1))
+    				$ci[$key[$cnt]] = $row['config_value'];
+    			elseif (!isset($ci[$key[$cnt]]))
+    				$ci[$key[$cnt]] = array();
+    			$ci = &$ci[$key[$cnt]];
+    		}
+    	}
+    	return $config;
+    }
+
+    /**
+     * Process each element in the section and handle the ";extends" inheritance
+     * key. Passes control to _processKey() to handle the nest separator
+     * sub-property syntax that may be used within the key name.
+     *
+     * @param  array  $iniArray
+     * @param  string $section
+     * @param  array  $config
+     * @throws Zend_Config_Exception
+     * @return array
+     */
+    protected function _processSection($iniArray, $section, $config = array())
+    {
+        $thisSection = $iniArray[$section];
+
+        foreach ($thisSection as $key => $value) {
+            if (strtolower($key) == ';extends') {
+                if (isset($iniArray[$value])) {
+                    $this->_assertValidExtend($section, $value);
+
+                    if (!$this->_skipExtends) {
+                        $config = $this->_processSection($iniArray, $value, $config);
+                    }
+                } else {
+                    /**
+                     * @see Zend_Config_Exception
+                     */
+                    require_once 'Zend/Config/Exception.php';
+                    throw new Zend_Config_Exception("Parent section '$section' cannot be found");
+                }
+            } else {
+                $config = $this->_processKey($config, $key, $value);
+            }
+        }
+        return $config;
+    }
+
+    /**
+     * Assign the key's value to the property list. Handles the
+     * nest separator for sub-properties.
+     *
+     * @param  array  $config
+     * @param  string $key
+     * @param  string $value
+     * @throws Zend_Config_Exception
+     * @return array
+     */
+    protected function _processKey($config, $key, $value)
+    {
+        if (strpos($key, $this->_nestSeparator) !== false) {
+            $pieces = explode($this->_nestSeparator, $key, 2);
+            if (strlen($pieces[0]) && strlen($pieces[1])) {
+                if (!isset($config[$pieces[0]])) {
+                    if ($pieces[0] === '0' && !empty($config)) {
+                        // convert the current values in $config into an array
+                        $config = array($pieces[0] => $config);
+                    } else {
+                        $config[$pieces[0]] = array();
+                    }
+                } elseif (!is_array($config[$pieces[0]])) {
+                    /**
+                     * @see Zend_Config_Exception
+                     */
+                    require_once 'Zend/Config/Exception.php';
+                    throw new Zend_Config_Exception("Cannot create sub-key for '{$pieces[0]}' as key already exists");
+                }
+                $config[$pieces[0]] = $this->_processKey($config[$pieces[0]], $pieces[1], $value);
+            } else {
+                /**
+                 * @see Zend_Config_Exception
+                 */
+                require_once 'Zend/Config/Exception.php';
+                throw new Zend_Config_Exception("Invalid key '$key'");
+            }
+        } else {
+            $config[$key] = $value;
+        }
+        return $config;
+    }
+}

manager/library/config/Config_Writer_Db.php

@@ -0,0 +1,217 @@
+<?php
+/**
+ * Zend Framework
+ *
+ * LICENSE
+ *
+ * This source file is subject to the new BSD license that is bundled
+ * with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://framework.zend.com/license/new-bsd
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@zend.com so we can send you a copy immediately.
+ *
+ * @category   Zend
+ * @package    Zend_Config
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ * @version    $Id: Config_Writer_Db.php 43 2009-12-21 14:12:34Z markus $
+ */
+
+/**
+ * Usage:
+ * require_once(LIBRARY_PATH . '/config/Config_Writer_Db.php');
+ * $writer = new Config_Writer_Db();
+ * $writer->setTableName('system_config');
+ * $writer->write(Zend_Registry::get('config_dbc'), Zend_Registry::get('config'));
+ *
+ * $writer = new Config_Writer_Db();
+ * $writer->setTableName('dnssec_org_param');
+ * $writer->write(Zend_Registry::get('config_dbc'), dnssec_org_conf, 'dnssec_org_id="2"');
+ */
+
+/**
+ * @see Zend_Config_Writer
+ */
+require_once 'Zend/Config/Writer.php';
+
+/**
+ * @category   Zend
+ * @package    Zend_Config
+ * @copyright  Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license    http://framework.zend.com/license/new-bsd     New BSD License
+ */
+class Config_Writer_Db extends Zend_Config_Writer
+{
+    /**
+     * String that separates nesting levels of configuration data identifiers
+     *
+     * @var string
+     */
+    protected $_nestSeparator = '.';
+
+    protected $_set = null;
+
+    protected $_tableName = null;
+
+    /**
+     * Set the nest separator
+     *
+     * @param  string $filename
+     * @return Zend_Config_Writer_Ini
+     */
+    public function setNestSeparator($separator)
+    {
+        $this->_nestSeparator = $separator;
+
+        return $this;
+    }
+
+    public function setTableName($name)
+    {
+        $this->_tableName = $name;
+
+        return $this;
+    }
+
+    /**
+     * Defined by Zend_Config_Writer
+     *
+     * use set to limit impact when a shared config file is used (i.e. config per item using foreign keys)
+     *
+     * @param  string $filename
+     * @param  Config_Db $config
+     * @param  string $set
+     * @return void
+     */
+    public function write($db = null, $config = null, $set = null) {
+    	$this->_set = $set;
+
+    	// this method is specialized for writing back Config objects (which hold config_db objects)
+        if ($config !== null) {
+        	if ($config instanceof Config)
+            	$this->setConfig($config->getConfig());
+            else {
+            	$this->setConfig($config);
+            }
+        }
+
+        if ($this->_config === null) {
+            require_once 'Zend/Config/Exception.php';
+            throw new Zend_Config_Exception('No config was set');
+        }
+
+        if ($db === null) {
+            require_once 'Zend/Config/Exception.php';
+            throw new Zend_Config_Exception('No db was set');
+        }
+
+        $sql = array();
+
+        $string = 'delete from ' . $this->_tableName;
+        if ($this->_set !== null) {
+			$string .= ' where ' . $this->_set;
+        }
+
+		$sql[] = $string;
+
+        $iniString   = '';
+        $extends     = $this->_config->getExtends();
+        $sectionName = $this->_config->getSectionName();
+
+        foreach ($this->_config as $key => $data) {
+     		$sql= array_merge($sql, $this->addEntry($sectionName, $key, $data));
+	    }
+
+	    try {
+	    	$db->beginTransaction();
+    		foreach ($sql as $command) {
+    			#Log::Log()->debug($command);
+	    		$db->query($command);
+			}
+			$db->commit();
+	    } catch (Exception $e) {
+			$db->rollBack();
+			Log::Log()->err($e);
+			throw $e;
+	    }
+	}
+
+	/**
+	 * build key value pairs, key is created by recursively adding section names, delimited by "."
+	 * @param string $prefix
+	 * @param string $key
+	 * @param mixed $data
+	 */
+    protected function addEntry($prefix, $key, $data) {
+    	$sql = array();
+
+    	if ($data instanceof Zend_Config) {
+			if ($prefix != '')
+    			$prefix .= '.';
+    		$prefix .= $key;
+    		foreach ($data as $k => $v) {
+    			$sql = array_merge($sql, $this->addEntry($prefix, $k, $v));
+    		}
+    	}
+    	else {
+    		$string = 'insert into ' . $this->_tableName . ' set ';
+    		$pkey = $prefix;
+    		if ($pkey != '')
+    			$pkey .= '.';
+    		$pkey .= $key;
+    		$string .= 'config_key=' . $this->_prepareValue($pkey) . ', ';
+    		$string .= 'config_value=' . $this->_prepareValue($data);
+    		if ($this->_set !== null)
+    			$string .= ', ' . $this->_set;
+
+    		$sql[] = $string;
+    	}
+
+    	return $sql;
+	}
+
+    /**
+     * Add a branch to an INI string recursively
+     *
+     * @param  Zend_Config $config
+     * @return void
+     */
+    protected function _addBranch(Zend_Config $config, $parents = array())
+    {
+        $iniString = '';
+
+        foreach ($config as $key => $value) {
+            $group = array_merge($parents, array($key));
+
+            if ($value instanceof Zend_Config) {
+                $iniString .= $this->_addBranch($value, $group);
+            } else {
+                $iniString .= implode($this->_nestSeparator, $group)
+                           .  ' = '
+                           .  $this->_prepareValue($value)
+                           .  "\n";
+            }
+        }
+
+        return $iniString;
+    }
+
+    /**
+     * Prepare a value for INI
+     *
+     * @param  mixed $value
+     * @return string
+     */
+    protected function _prepareValue($value)
+    {
+        if (is_integer($value) || is_float($value)) {
+            return $value;
+        } elseif (is_bool($value)) {
+            return ($value ? 'true' : 'false');
+        } else {
+            return '"' . addslashes($value) .  '"';
+        }
+    }
+}

manager/library/date/HumanReadableTime.php

@@ -0,0 +1,140 @@
+<?php
+
+/**
+ * class that provides methods to convert human readable time / interval length
+ * expressions into other formats
+ *
+ * @author markus
+ * $Id: HumanReadableTime.php 92 2010-03-10 11:43:15Z markus $
+ */
+
+require_once(LIBRARY_PATH . '/date/exception.HumanReadableTimeException.php');
+
+class HumanReadableTime {
+	/**
+	 * normalize an HRT string, convert from HRT to seconds and then convert back to
+	 * HRT
+	 * @param string $hrt
+	 * @param string $maxunit
+	 * @return string
+	 */
+	public static function NormalizeHRT($hrt, $maxunit = 'w') {
+		return self::Seconds2HR(self::HR2Seconds($hrt), $maxunit);
+	}
+
+	/**
+	 * convert string / interger which contains an interval length to
+	 * human readable format (1w2d7h)
+	 *
+	 * if $maxunit is set, it defines the biggest unit in output (i.e. $maxunit = 'h' will
+	 * allow only hms)
+	 *
+	 * @param string|integer $seconds
+	 * @param string $maxunit
+	 * @return string
+	 */
+	public static function Seconds2HR($seconds, $maxunit = 'w') {
+		$maxunit = trim(strtolower($maxunit));
+		$allowed = array('w' => 0, 'd' => 0, 'h' => 0, 'm' => 0, 's' => 0);
+		if (!in_array($maxunit, array_keys($allowed), true))
+			throw new HumanReadableTimeException('illegal value for maxunit: "' . $maxunit . '"');
+		foreach ($allowed as $key => $value) {
+			if ($maxunit == $key)
+				break;
+			unset($allowed[$key]);
+		}
+
+		$seconds = intval($seconds);
+		$hrt = '';
+		foreach ($allowed as $key => $value) {
+			switch ($key) {
+				case 'w':
+					$tmp = intval($seconds / (7*86400));
+					if ($tmp > 0)
+						$seconds %= (7*86400);
+					$allowed[$key] += $tmp;
+					break;
+				case 'd':
+					$tmp = intval($seconds / (86400));
+					if ($tmp > 0)
+						$seconds %= (86400);
+					$allowed[$key] += $tmp;
+					break;
+				case 'h':
+					$tmp = intval($seconds / (3600));
+					if ($tmp > 0)
+						$seconds %= (3600);
+					$allowed[$key] += $tmp;
+					break;
+				case 'm':
+					$tmp = intval($seconds / (60));
+					if ($tmp > 0)
+						$seconds %= (60);
+					$allowed[$key] += $tmp;
+					break;
+				case 's':
+					$allowed[$key] += $seconds;
+					break;
+			}
+		}
+
+		$hrt = '';
+		foreach ($allowed as $key => $value) {
+			if ($value > 0)
+				$hrt .= sprintf('%d%s', $value, $key);
+		}
+		return $hrt;
+	}
+
+	/**
+	 * parse a string of 3h2m7s and return the number of seconds as integer
+	 * add "s" to the end of the number if $addsecond is set to true
+	 * @param string $hr
+	 * @param boolean $addsecond
+	 * @return integer|string
+	 */
+	public static function HR2Seconds($hr, $addsecond = false) {
+		$hr = trim($hr);
+		if ($hr == '') {
+			if ($addsecond === true)
+				return '0s';
+			else
+				return 0;
+		}
+
+		$hr = strtolower($hr);
+
+		$matches = array();
+		if (preg_match_all('/([0-9]*)([wdhms])/', $hr, $matches, PREG_SET_ORDER) > 0) {
+			$interval = 0;
+			for ($i = 0; $i < count($matches); $i++) {
+				switch ($matches[$i][2]) {
+					case 'w':
+						$interval += $matches[$i][1] * 7 * 86400;
+						break;
+					case 'd':
+						$interval += $matches[$i][1] * 86400;
+						break;
+					case 'h':
+						$interval += $matches[$i][1] * 3600;
+						break;
+					case 'm':
+						$interval += $matches[$i][1] * 60;
+						break;
+					case 's':
+						$interval += $matches[$i][1];
+						break;
+				}
+			}
+			if ($addsecond === true)
+				return sprintf('%ds', $interval);
+			else
+				return $interval;
+		}
+
+		if ($addsecond === true)
+			return '0s';
+		else
+			return 0;
+	}
+}

manager/library/date/exception.HumanReadableTimeException.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * @package SLS
+ * @subpackage CONFIG.EXCEPTION
+ */
+
+/**
+ * required files
+ * @ignore
+ */
+require_once(LIBRARY_PATH . '/exception/exception.Base.php');
+
+/**
+ * Exceptions thrown in the DNSSEC library classes
+ *
+ * @package SLS
+ * @subpackage CONFIG.EXCEPTION
+ * @author Markus Warg <mw@it-sls.de>
+ * @since 2009-02-25 13:05
+ * @version $Id: exception.HumanReadableTimeException.php 91 2010-03-10 10:36:25Z markus $
+ */
+class HumanReadableTimeException extends BaseException {
+    /**
+     * make new object
+     *
+	 * @access public
+     * @param string $message
+     * @param int $code
+     * @param string $extra
+     */
+	/*
+    public function __construct($message,$code = 0,$extra = '') {
+        parent::__construct($message,$code, $extra);
+    }
+    */
+}
+?>

manager/library/date/testHumanReadableTime.php

@@ -0,0 +1,16 @@
+<?php
+defined('LIBARARY_PATH')
+    || define('LIBRARY_PATH', realpath(dirname(__FILE__) . '/..'));
+
+require_once('HumanReadableTime.php');
+
+$hrf = HumanReadableTime::HR2Seconds($argv[1], true);
+print 'Seconds: ' . $hrf . "\n";
+
+print 'Default: ' . HumanReadableTime::Seconds2HR($hrf) . "\n";
+print 'Week: ' . HumanReadableTime::Seconds2HR($hrf, 'w') . "\n";
+print 'Day: ' . HumanReadableTime::Seconds2HR($hrf, 'd') . "\n";
+print 'Hour: ' . HumanReadableTime::Seconds2HR($hrf, 'h') . "\n";
+print 'Minute: ' . HumanReadableTime::Seconds2HR($hrf, 'm') . "\n";
+print 'Second: ' . HumanReadableTime::Seconds2HR($hrf, 's') . "\n";
+

manager/library/exception/exception.Base.php

@@ -0,0 +1,98 @@
+<?php
+/**
+ * @package SLS
+ * @subpackage EXCEPTION
+ */
+
+/**
+ * extend PHPs standard exception by some details
+ *
+ * @package SLS
+ * @subpackage EXCEPTION
+ * @author Markus Warg <mw@it-sls.de>
+ * @since 2009-02-23 16:10
+ * @version $Id: exception.Base.php 90 2010-03-09 09:48:27Z markus $
+ */
+class BaseException extends Exception {
+	/**
+	 * additional data / string
+	 * @var string
+	 */
+	protected $extra = '';
+
+	/**
+	 * location of thrower
+	 * @var string
+	 */
+	protected $exception_location = '';
+
+    /**
+     * make new object
+     *
+	 * @access public
+     * @param string $message
+     * @param int $code
+     */
+    public function __construct($message, $code = 0, $extra = '') {
+        $bt = debug_backtrace();
+
+    	$remove_exception = 0;
+    	while( $remove_exception < count($bt) && isset($bt[$remove_exception]['class']) && eregi('exception', $bt[$remove_exception]['class']) ) {
+    		$remove_exception++;
+    	}
+
+		if ($remove_exception > 0)
+			$remove_exception--;
+
+		if ($remove_exception < count($bt)) {
+    		$this->exception_location = $bt[$remove_exception]['file'].':'.$bt[$remove_exception]['line'];
+		}
+
+       	$this->extra = $extra;
+
+        parent::__construct($message,$code);
+    }
+
+    /**
+     * Make a string out of this exception
+	 *
+	 * @access public
+	 * @return string
+     */
+	public function __toString() {
+    	$out = __CLASS__ . '['.$this->code.']:';
+
+    	if ($this->exception_location != '')
+    		$out.= $this->exception_location;
+    	$out .= ':';
+
+    	$out .= " {$this->message}";
+
+    	if (isset($this->extra) && strlen($this->extra) > 0)
+        	$out .= " ({$this->extra})\n";
+
+        return $out;
+    }
+
+	/**
+	 * get the extra info string
+	 *
+	 * @access public
+	 * @return string
+	 */
+	public function getExtraInfo() {
+		return $this->extra;
+	}
+
+	/**
+	 * get the exception location string
+	 *
+	 * @access public
+	 * @return string
+	 */
+	public function getExceptionLocation() {
+		return $this->exception_location;
+	}
+
+}
+?>

manager/library/global/defines.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * @author markus
+ * $Id: defines.php 95 2010-03-19 14:14:39Z markus $
+ */
+
+// Define path to application directory
+defined('APPLICATION_PATH')
+    || define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/../../application'));
+defined('LIBARARY_PATH')
+    || define('LIBRARY_PATH', realpath(dirname(__FILE__) . '/..'));
+defined('FWACTIONS_PATH')
+    || define('FWACTIONS_PATH', LIBRARY_PATH . '/actions');
+defined('LOCALE_PATH')
+    || define('LOCALE_PATH', realpath(dirname(__FILE__) . '/../../locale'));
+
+// Define application environment
+defined('APPLICATION_ENV')
+    || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));
+
+define('SYSTEM_CONFIG', 'system_config');
+define('SYSTEM_LOG', 'log');
+
+// Ensure library/ is on include_path
+set_include_path(implode(PATH_SEPARATOR, array(
+    LIBRARY_PATH,
+    get_include_path(),
+)));

manager/library/helpers/GetEnv.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * @author markus
+ * $Id: GetEnv.php 6 2009-11-18 14:52:50Z markus $
+ */
+class GetEnv {
+    /**
+     * Get an environment variable with all the REDIRECT_ prefixes stripped off
+     */
+    public static function getEnvVar($var)
+    {
+        // Find out how deep the redirect goes
+        reset($_SERVER);
+        $key = key($_SERVER);
+        $redirectLevel = substr_count($key, 'REDIRECT_');
+
+        $result = '';
+        $prefix = '';
+        for ($i = 0; $i < $redirectLevel + 1; $i++) {
+                if (isset($_SERVER[$prefix . $var])) {
+                        $result = $_SERVER[$prefix . $var];
+                }
+                $prefix .= 'REDIRECT_';
+        }
+        return $result;
+    }
+}
+
+?>

manager/library/i18n/I18n.php

@@ -0,0 +1,95 @@
+<?php
+/**
+ * encapsulate Zend_Translate within an singleton class
+ * @author markus
+ * $Id: I18n.php 33 2009-12-10 15:08:38Z markus $
+ */
+
+require_once('l10n/L10n.php');
+
+class I18n {
+	/**
+	 * static pointer to instance
+	 * @var array(I18n)
+	 */
+	private static $instance = null;
+
+	/**
+	 * config object
+	 * @var Zend_Translate
+	 */
+	private $translate = null;
+
+	/**
+	 * make new translate
+	 */
+	protected function __construct() {
+    	$options = array(
+    		'log'				=> Log::Log(),
+    		'logUntranslated'	=> true
+    	);
+
+    	$locale = L10n::getInstance();
+    	$supported = $locale->getBrowser();
+    	arsort($supported, SORT_NUMERIC);
+
+    	$file = '';
+    	foreach ($supported as $loc => $val) {
+    		if (file_exists(LOCALE_PATH . '/' . $loc . '/locale.php')) {
+    			$file = LOCALE_PATH . '/' . $loc . '/locale.php';
+    			$locale->setLocale($loc);
+    			break;
+    		}
+    	}
+
+		if ($file == '' && file_exists(LOCALE_PATH . '/en_US/locale.php')) {
+			$file = LOCALE_PATH . '/en_US/locale.php';
+			$locale->setLocale('en_US');
+		}
+
+    	if ($file != '') {
+    		$this->translate = new Zend_Translate(Zend_Translate::AN_ARRAY, $file, $locale->getLanguage(), $options);
+    		#Log::Log()->debug('locale ' . $locale->getLanguage() . '_' .$locale->getRegion() . ' loaded');
+    	}
+    	else
+    		throw new Exception(__METHOD__ . ': no translation files available');
+	}
+
+	/**
+	 * get already existing instance, make new instance or throw an exception
+	 * @return I18n
+	 */
+	public static function getInstance() {
+		if (self::$instance === null) {
+			self::$instance = new I18n();
+		}
+
+		return self::$instance;
+	}
+
+	/**
+	 * return the Zend_Translate object
+	 * @return Zend_Translate
+	 */
+	public static function getTranslate() {
+		return self::getInstance()->translate;
+	}
+
+	/**
+	 * map _ to translate
+	 * @param unknown_type $text
+	 * @param unknown_type $locale
+	 */
+	public function _($text, $locale = null) {
+		return self::getInstance()->translate->_($text, $locale);
+	}
+
+	/**
+	 * magic __call dispatches all unknown methods to Zend_Translate
+	 * @param unknown_type $method
+	 * @param unknown_type $arguments
+	 */
+	public function __call($method, $arguments) {
+		return call_user_func_array(array($this->translate, $method), $arguments);
+	}
+}

manager/library/l10n/L10n.php

@@ -0,0 +1,47 @@
+<?php
+/**
+ * encapsulate Zend_Locale within an singleton class
+ * @author markus
+ * $Id: L10n.php 13 2009-11-24 14:52:56Z markus $
+ */
+class L10n {
+	/**
+	 * static pointer to instance
+	 * @var L10n
+	 */
+	private static $instance = null;
+
+	/**
+	 * config object
+	 * @var Zend_Locale
+	 */
+	private $locale = null;
+
+	/**
+	 * make new translate
+	 */
+	protected function __construct() {
+		$this->locale = new Zend_Locale();
+	}
+
+	/**
+	 * get already existing instance, make new instance or throw an exception
+	 * @return L10n
+	 */
+	public static function getInstance() {
+		if (self::$instance === null) {
+			self::$instance = new L10n();
+		}
+
+		return self::$instance;
+	}
+
+	/**
+	 * magic __call dispatches all unknown methods to Zend_Locale
+	 * @param unknown_type $method
+	 * @param unknown_type $arguments
+	 */
+	public function __call($method, $arguments) {
+		return call_user_func_array(array($this->locale, $method), $arguments);
+	}
+}

manager/library/log/Log.php

@@ -0,0 +1,105 @@
+<?php
+/**
+ * encapsulate Zend_Log with one or several log writers within an singleton class
+ * @author markus
+ * $Id: Log.php 77 2010-02-26 11:58:34Z markus $
+ */
+class Log {
+	/**
+	 * static pointer to instances
+	 * @var array(Config)
+	 */
+	private static $instances = array();
+
+	/**
+	 * can handle several instances, distinct by instance name string
+	 * @var string
+	 */
+	private $instanceName = '';
+
+	/**
+	 * config object
+	 * @var Zend_Log
+	 */
+	private $log = null;
+
+	/**
+	 * make new logger, configuration is taken from system_config, section $instanceName
+	 * @param string $instanceName
+	 * @param string $application
+	 */
+	protected function __construct($instanceName, $application = null) {
+		if ($instanceName === null)
+    		throw new Exception(__METHOD__ . ': expected an instance name, got none');
+
+    	$config = Config::getInstance(SYSTEM_CONFIG);
+    	$log_config = $config->$instanceName;
+
+		$this->log = new Zend_Log();
+    	if (isset($log_config->file) && intval($log_config->file->enabled) !== 0) {
+    		$file_logger = new Zend_Log_Writer_Stream($log_config->file->name);
+
+    		/**
+    		 *
+    		$format = Zend_Log_Formatter_Simple::DEFAULT_FORMAT;
+    		$formatter = new Zend_Log_Formatter_Simple($format);
+    		$file_logger->setFormatter($formatter);
+    		 */
+    		if (isset($application) && $application != '')
+    			$this->log->setEventItem('application', $application);
+    		$formatter = new Zend_Log_Formatter_Simple('%syslog_time% %application%[%pid%]: %priorityName%: %message%' . PHP_EOL);
+    		$file_logger->setFormatter($formatter);
+			$this->log->addWriter($file_logger);
+    	}
+    	if (isset($log_config->syslog) && intval($log_config->syslog->enabled) !== 0) {
+    		$param = array('facility' => $log_config->syslog->facility);
+    		if (isset($application) && $application != '')
+    			$param['application'] = $application;
+
+    		$sys_logger = new Zend_Log_Writer_Syslog($param);
+    		$formatter = new Zend_Log_Formatter_Simple('%priorityName%: %message%' . PHP_EOL);
+    		$sys_logger->setFormatter($formatter);
+			$this->log->addWriter($sys_logger);
+    	}
+
+    	$filter = new Zend_Log_Filter_Priority(intval($log_config->priority));
+    	$this->log->addFilter($filter);
+	}
+
+	/**
+	 * get already existing instance, make new instance or throw an exception
+	 * @param string $instanceName
+	 * @param string $application
+	 */
+	public static function getInstance($instanceName = null, $application = null) {
+		if ($instanceName === null) {
+			if (count(self::$instances) == 0)
+    			throw new Exception(__METHOD__ . ': expected an instance name, got none');
+    		return self::$instances[0];
+		}
+
+		if (!array_key_exists($instanceName, self::$instances)) {
+			self::$instances[$instanceName] = new Log($instanceName, $application);
+		}
+
+		return self::$instances[$instanceName];
+	}
+
+	/**
+	 * return SYSTEM_LOG for convenience
+	 * @return Zend_Log
+	 */
+	public static function Log() {
+		return self::$instances[SYSTEM_LOG]->getLog();
+	}
+
+	/**
+	 * get the Zend_Log object
+	 * @return Zend_Log
+	 */
+	public function getLog() {
+		$this->log->setEventItem('pid', posix_getpid());
+		$this->log->setEventItem('syslog_time', date('Y-m-d H:i:s'));
+		return $this->log;
+	}
+}

manager/library/plugins/plugin.buildmenu.php

@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * this plugin tries to add modules to the top navigation depending on the user
+ * which is logged in and the required permissions needed (provided by the action modules)
+ *
+ * @author markus
+ * $Id: plugin.buildmenu.php 95 2010-03-19 14:14:39Z markus $
+ */
+class BuildMenu extends Zend_Controller_Plugin_Abstract {
+	public function preDispatch(Zend_Controller_Request_Abstract $request) {
+		$session = Zend_Registry::get('session');
+    	if (!isset($session->authdata) || !isset($session->authdata['authed']) || $session->authdata['authed'] === false)
+    		return;
+
+		$cur_ctrl = $request->getControllerName();
+		$cur_action = $request->getActionName();
+
+    	$view = Zend_Registry::get('view');
+
+		if (is_dir(FWACTIONS_PATH)) {
+			$dir = opendir(FWACTIONS_PATH);
+
+			while (($file = readdir($dir)) !== false) {
+				if ($file == '.' || $file == '..')
+					continue;
+				if (preg_match('/^Action([a-zA-Z0-9_]*)\.php/', $file, $match)) {
+					$path = FWACTIONS_PATH . '/' . $file;
+					require_once($path);
+
+					$r = new ReflectionClass($match[1]);
+
+					if ($r->isSubclassOf('FWAction')) {
+						/**
+						 * match Actions permission with the permissions of the currently logged in user,
+						 * add to menu if user has access to that action
+						 */
+
+						$required = $r->getMethod('getRequiredPermissions')->invoke(null);
+						$menuprio = $r->getMethod('getTopNavPrio')->invoke(null);
+						$ctrl = $r->getMethod('getController')->invoke(null);
+						$action = $r->getMethod('getAction')->invoke(null);
+						$text = $r->getMethod('getMenutext')->invoke(null);
+						$role = $session->authdata['authed_role'];
+
+						if ($cur_ctrl == $ctrl) # && $cur_action == $action)
+							$aclass = ' class="active"';
+						else
+							$aclass = '';
+
+						$acl = $session->authdata['authed_permissions'];
+						if (is_array($required) && count($required) == 0) {
+							$view->topNav('<a href="' .
+					    		$view->url(array('controller' => $ctrl, 'action' => $action), 'default', true) .
+					   		'"' . $aclass . '>' . I18n::_($text) . '</a>', Zend_View_Helper_Placeholder_Container_Abstract::SET, $menuprio);
+						}
+						else {
+							foreach ($required as $rperm) {
+								if ($acl->has($rperm) && $acl->isAllowed($role, $rperm, 'view')) {
+							    	$view->topNav('<a href="' .
+							    		$view->url(array('controller' => $ctrl, 'action' => $action), 'default', true) .
+							   		'"' . $aclass . '>' . I18n::_($text) . '</a>', Zend_View_Helper_Placeholder_Container_Abstract::SET, $menuprio);
+					    		break;	// exit on first match
+								}
+							}
+						}
+					}
+				}
+			}
+
+			closedir($dir);
+		}
+	}
+}

manager/library/plugins/plugin.charsetheader.php

@@ -0,0 +1,13 @@
+<?php
+/**
+ * @author markus
+ * $Id: plugin.charsetheader.php 13 2009-11-24 14:52:56Z markus $
+ */
+class CharsetHeader extends Zend_Controller_Plugin_Abstract {
+	public function preDispatch(Zend_Controller_Request_Abstract $request) {
+		$response = $this->getResponse();
+		if ($response->canSendHeaders() === true) {
+			$response->setHeader('Content-Type', 'text/html; charset=utf-8');
+		}
+	}
+}

manager/library/plugins/plugin.forceauth.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * @author markus
+ * $Id: plugin.forceauth.php 40 2009-12-21 09:40:43Z markus $
+ */
+class ForceAuth extends Zend_Controller_Plugin_Abstract {
+	public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) {
+		$session = Zend_Registry::get('session');
+
+		if (in_array($request->getControllerName(), array('login', 'error', 'js', 'img', 'css')))
+			return;
+
+		if (!isset($session->authdata) || !isset($session->authdata['authed']) || $session->authdata['authed'] === false) {
+			$fc = Zend_Controller_Front::getInstance();
+
+			$response = $fc->getResponse();
+			$response->canSendHeaders(true);
+
+			$response->setHeader('Location', 'login', true);
+			$response->setHeader('Status', '301', true);
+			Log::Log()->debug('redirected to login');
+
+			$request->setModuleName('default')
+        		->setControllerName('login')
+        		->setActionName('index')
+        		->setDispatched(false);
+		}
+	}
+}

manager/library/plugins/plugin.loginlogout.php

@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * this plugin just monitors the authdata section in the current session and adds an login / logout link to the
+ * top navigation bar depending on the value that was found
+ * @author markus
+ * $Id: plugin.loginlogout.php 95 2010-03-19 14:14:39Z markus $
+ */
+class LoginLogout extends Zend_Controller_Plugin_Abstract {
+	public function postDispatch(Zend_Controller_Request_Abstract $request) {
+		$session = Zend_Registry::get('session');
+    	if (!isset($session->authdata) || !isset($session->authdata['authed']) || $session->authdata['authed'] === false) {
+    		$controller		= 'login';
+    		$text			= 'Login';
+    	}
+    	else {
+    		$controller		= 'logout';
+    		$text			= 'Logout';
+    	}
+    	$view = Zend_Registry::get('view');
+    	$view->topNav('<a href="' .
+    		$view->url(array('controller' => $controller), 'default', true) .
+    		'">' . I18n::_($text) . '</a>', Zend_View_Helper_Placeholder_Container_Abstract::SET, 1000);
+	}
+}

manager/locale/en_US/locale.php

@@ -0,0 +1,2 @@
+<?php
+return array();

manager/public/.htaccess

@@ -0,0 +1,10 @@
+php_value session.auto_start 0
+
+SetEnv APPLICATION_ENV development
+
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} -s [OR]
+RewriteCond %{REQUEST_FILENAME} -l [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^.*$ - [NC,L]
+RewriteRule ^.*$ index.php [NC,L]

manager/public/css/form_dl.css

@@ -0,0 +1,23 @@
+@CHARSET "UTF-8";
+
+#content dl.zend_form label.required {
+	color: #000000;
+	font-weight: bold;
+}
+
+#content dl.zend_form {
+	display: block;
+}
+
+#content dl.zend_form dt {
+	display: block;
+	float: left;
+	width: 125px;
+	margin: 10px;
+}
+
+#content dl.zend_form dd {
+	display: block;
+	clear: right;
+	padding: 10px;
+}

manager/public/css/form_dl_wide.css

@@ -0,0 +1,24 @@
+@CHARSET "UTF-8";
+
+#content dl.zend_form label.required {
+	color: #000000;
+	font-weight: bold;
+}
+
+#content dl.zend_form {
+	display: block;
+	font-size: 0.8em;
+}
+
+#content dl.zend_form dt {
+	display: block;
+	float: left;
+	width: 350px;
+	margin: 10px;
+}
+
+#content dl.zend_form dd {
+	display: block;
+	clear: right;
+	padding: 10px;
+}

manager/public/css/global.css

@@ -0,0 +1,123 @@
+@CHARSET "UTF-8";
+
+html {
+	font-family: sans-serif;
+	background-color: #cccccc;
+	color: #333333;
+	overflow: scroll;
+}
+
+#center {
+	position: absolute;
+	width: 1000px;
+	left: 50%;
+	margin-left: -500px;
+}
+
+#header {
+	background-color: #F5F7F7;
+	width: 99%;
+	height: 30px;
+	top: 0px;
+	left: 0px;
+	position: absolute;
+	padding: 3px;
+	margin: 3px;
+}
+
+#header-logo {
+	float: left;
+	color: #FFFFFF;
+}
+
+#header-navigation {
+	float: right;
+}
+
+#header-navigation ul {
+	list-style-type: none;
+	padding: 0px;
+	margin: 0px;
+	font-size: 1.2em;
+}
+
+#header-navigation ul li {
+	padding-left: 5px;
+	margin-left: 5px;
+	display: inline;
+}
+
+#header-navigation ul li a {
+	text-decoration: none;
+	color: #000000;
+}
+
+#header-navigation ul li a:hover {
+	color: #777777;
+}
+
+#header-navigation ul li a.active {
+	color: #505090;
+}
+
+#left-navigation {
+	background-color: #F5F7F7;
+	width: 180px;
+	height: 600px;
+	left: 0px;
+	top: 36px;
+	position: absolute;
+	padding: 3px; 
+	margin: 3px;
+}
+
+#left-navigation ul {
+	list-style-type: none;
+	padding: 0px;
+	margin: 0px;
+	font-size: 1.2em;
+}
+
+#left-navigation ul li {
+	padding-left: 5px;
+	margin-left: 5px;
+	display: block;
+}
+
+#left-navigation ul li a {
+	text-decoration: none;
+	color: #000000;
+}
+
+#left-navigation ul li a:hover {
+	color: #777777;
+}
+
+#left-navigation ul li a.active {
+	color: #770000;
+}
+
+#content {
+	left: 186px;
+	top: 36px;
+	width: 800px;
+	position: absolute;
+	padding: 5px;
+	margin: 3px;
+	background-color: #FFFFFF;
+}
+
+#userinfo {
+	right: 5px;
+	bottom: 5px;
+	position: absolute;
+	padding: 3px;
+	margin: 3px;
+	background-color: #DDDDAA;
+	font-size: 0.8em;
+}
+
+#content .error {
+	color: #F80808;
+	font-weight: bold;
+}

manager/public/css/login.css

@@ -0,0 +1,11 @@
+@CHARSET "UTF-8";
+
+#content a {
+	text-decoration: none;
+	color: #000000;
+	font-size: 1.2em;
+}
+
+#content a:hover {
+	color: #777777;
+}

manager/public/index.php

@@ -0,0 +1,51 @@
+<?php
+/*
+ * @done Zend_Locale (http://framework.zend.com/manual/en/zend.locale.functions.html)
+ * @done Zend_Translate (Buch 381ff, 383) http://framework.zend.com/manual/en/zend.translate.using.html
+ * @done Session Tabelle aufräumen (auto expire eingebaut, Housekeeper fehlt aber)
+ * @todo Zend_Auth (LoginController - Reaktion auf falsche Eingaben fehlt noch)
+ * @todo Zend_Filter_Input - Zeichensätze aus Userinput filtern
+ * @todo Zend_Measure, Zend_Currency
+ * @todo Zend_Date
+ * @todo Daemon / CLI Zend_Console_Getopt (Buch 203ff)
+ * @todo Zend_Mail (Buch 279ff)
+ * @todo Zend_Form(!), Zend_Validate, Zend_Filter
+ * @todo Zend_Log - Formatierung der Texte
+ * @todo Funktionsmodule - jedes Modul prüft die Rechte anhand der Session und Zend_Acl und fügt ggf. einen Link ins Menü ein (TOP / LEFT)
+ * @todo addMessages mit übersetzten Strings (LoginController -> getForm, ...)
+ * @todo favicon
+ * @todo sinnvolle Defaults, wenn system_config leer ist (globale Config BIND)
+ * @todo sinnvolle Defaults, wenn system_config leer ist (Organisationsconfig BIND)
+ * @todo Links zum Löschen für Zonen / Organisationen, Rechtechecks in ActionController (foreign key constraints beachten!)
+ * @todo ConfigBIND left Menu geht nicht aus, wenn man die selektierte Org deaktiviert (init vor Action)
+ * @todo Textausgabe, wenn Attribute aus Defaults initialisiert und NICHT aus der DB geladen wurden
+ */
+
+require_once('../library/global/defines.php');
+
+try {
+	/** Zend Autoloader */
+	require_once 'Zend/Loader/Autoloader.php';
+	Zend_Loader_Autoloader::getInstance();
+
+	// Create application, bootstrap, and run
+	$application = new Zend_Application(
+	    APPLICATION_ENV,
+	    APPLICATION_PATH . '/configs/application.ini'
+	);
+
+	/** override settings from application.ini, if necessary
+	$fc = Zend_Controller_Front::getInstance();
+	$fc->setControllerDirectory(realpath(APPLICATION_PATH . '/controllers'));
+	$fc->setParam('noViewRenderer', false);
+	$fc->throwExceptions(true);
+	$fc->setParam('noErrorHandler', false);
+	*/
+
+	$application->bootstrap()
+	            ->run();
+} catch (Exception $e) {
+	print "Exception: " . $e->getMessage() . "\n";
+	print $e->getTraceAsString() . "\n";
+	Log::Log()->emerg($e);
+}

manager/public/js/center.js

@@ -0,0 +1,10 @@
+function setCSS() {
+	var x = window.innerWidth;
+
+	x = x - 18;	// maybe scroll bar
+	document.getElementById('center').style.width = x + "px";
+	document.getElementById('center').style.marginLeft = "-" + x/2 + "px";
+}
+
+window.onload = setCSS;
+window.onresize = setCSS;

manager/public/js/positionUserInfo.js

@@ -0,0 +1,17 @@
+function setUserInfoPos() {
+	var x = window.innerWidth;
+	var ui;
+	
+	x = x - 18;	// maybe scroll bar
+	
+	ui = document.getElementById('userinfo');
+	if (ui != null) {
+		ui.style.right = "3px";
+//		document.getElementById('userinfo').style.bottom = "3px";
+		ui.style.bottom = 3 - window.pageYOffset + "px";
+	}
+}
+
+window.onload = setUserInfoPos;
+window.onresize = setUserInfoPos;
+window.onscroll = setUserInfoPos;