View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000782 | Main CAcert Website | my account | public | 2009-10-05 15:15 | 2014-04-09 20:47 |
Reporter | khopesh | Assigned To | NEOatNHNG | ||
Priority | low | Severity | feature | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 2009 Q4 | ||||
Target Version | 2013 Q3 | Fixed in Version | 2013 Q3 | ||
Summary | 0000782: Add "notes" field to certificate information | ||||
Description | I'd love the option to add notes to certificates so as to better identify which certificate is which when listed on the site (e.g. https://www.cacert.org/account.php?id=12#). Currently, I differentiate certs by date, renewing certs for the same CommonName on different days (e.g. wildcard certs, redundant system cets, web client certs), but this is getting annoying. | ||||
Additional Information | Apologies if this is a dupe, Mantis doesn't appear to be allowing me to refine searches. | ||||
Tags | No tags attached. | ||||
Reviewed by | NEOatNHNG, BenBE | ||||
Test Instructions | |||||
duplicate of | 0001106 | closed | INOPIAE | Add new fields to the database |
related to | 0000976 | closed | Uli60 | List of update request for webdb database structure upgrade with tables / fields |
related to | 0000776 | closed | INOPIAE | Let the user add a comment to certificates to distinguish them |
related to | 0000596 | closed | NEOatNHNG | add column serial# in certs overviews (client, server, orgclient, orgserver) |
related to | 0001169 | new | Renewal Information near validity information | |
related to | 0001168 | new | Certificate Lists: Show basic key information | |
related to | 0001105 | closed | INOPIAE | Add a comment field for certificate issuing |
related to | 0001071 | closed | INOPIAE | allow to add short notes for client certificates |
related to | 0000454 | closed | INOPIAE | Please add a description field to the Certificates |
related to | 0000386 | closed | display type of certificates | |
related to | 0001266 | closed | NEOatNHNG | Second-Level SQL Injection in Certificate-related queries |
2009-10-05 23:26
|
|
|
Updated GreaseMonkey script and posted it (with screenshot) to: http://userscripts.org/scripts/show/59256 The new script is FULLY FEATURE COMPLETE except for the whole storing data in a central location for use on multiple clients. At least this lets me manage my certs at work. I don't appear to have the ability to obsolete or delete the previously attached version. Please use the userscripts.org version instead as it is VASTLY superior and may see further updates. |
|
eg view domain certs https://secure.cacert.org/account.php?id=12 view client certs https://secure.cacert.org/account.php?id=5 for adding informations to the user eg on which pc i've created the cert, with which browser? for what purposes ? this is interesting in case of renewal requests, where the private key cannot be found |
|
gpgmodified.php (13,234 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? require_once("../includes/loggedin.php"); $id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0; if($_SESSION['profile']['points'] < 50) { header("location: /account.php"); exit; } loadem("account"); $CSR=""; if(array_key_exists('CSR',$_REQUEST)) $CSR=stripslashes($_REQUEST['CSR']); if($oldid == "0") { if(array_key_exists('process',$_REQUEST) && $_REQUEST['process'] != "" && $CSR == "") { $_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key."); $id = $oldid; $oldid=0; } } $keyid=""; if(0) { if($_SESSION["profile"]["id"] != 5897) { showheader(_("Welcome to CAcert.org")); echo "The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience."; exit(0); } } function verifyName($name) { if($name == "") return 0; if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']) return 1; if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']) return 1; if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1; if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1; return 0; } function verifyEmail($email) { if($email == "") return 0; if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1; return 0; } $ToBeDeleted=array(); $state=0; if($oldid == "0" && $CSR != "") { $debugkey = $gpgkey = clean_gpgcsr($CSR); $tnam = tempnam('/tmp/', '__gpg'); $fp = fopen($tnam, 'w'); fwrite($fp, $gpgkey); fclose($fp); $debugpg = $gpg = trim(`gpg --with-colons --homedir /tmp 2>&1 < $tnam`); unlink($tnam); $lines = ""; $gpgarr = explode("\n", $gpg); foreach($gpgarr as $line) { #echo "Line[]: $line <br/>\n"; if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid") { if($lines != "") $lines .= "\n"; $lines .= $line; } } $gpg = $lines; $expires = 0; $nerr=0; $nok=0; $multiple = 0; $resulttable=_("The following UIDs were found in your key:")."<br/><table border='1'><tr><td>#</td><td>"._("Name")."</td><td>"._("Email")."</td><td>Result</td>"; $i=0; $lastvalidemail=""; $npubs=0; foreach(explode("\n", $gpg) as $line) { $bits = explode(":", $line); $resulttable.="<tr><td>".++$i."</td>"; $name = $comment = ""; if($bits[0] == "pub") { $npubs++; } if($npubs>1) { showheader(_("Welcome to CAcert.org")); echo "<font color='#ff0000'>"._("Please upload only one key at a time.")."</font>"; unset($_REQUEST['process']); $id = $oldid; unset($oldid); exit(); } if($bits[0] == "pub" && (!$keyid || !$when)) { $keyid = $bits[4]; $when = $bits[5]; if($bits[6] != "") $expires = 1; } $name=""; $comm=""; $mail=""; $uidformatwrong=0; if(sizeof($bits)<10) $uidformatwrong=1; if(preg_match("/\@.*\@/",$bits[9])) { showheader(_("Welcome to CAcert.org")); echo "<font color='#ff0000'>"._("Multiple Email Adresses per UID are not allowed.")."</font>"; unset($_REQUEST['process']); $id = $oldid; unset($oldid); exit(); } // Name (Comment) <Email> if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) { $name=trim(hex2bin($matches[1])); $nocomment=0; $comm=trim(hex2bin($matches[2])); $mail=trim(hex2bin($matches[3])); } // Name <EMail> elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) { $name=trim(hex2bin($matches[1])); $nocomment=1; $comm=""; $mail=trim(hex2bin($matches[2])); } // Unrecognized format else { $nocomment=1; $uidformatwrong=1; } $nameok=verifyName($name); $emailok=verifyEmail($mail); if($comm != "") $comment[] = $comm; $resulttable.="<td bgcolor='#".($nameok?"c0ffc0":"ffc0c0")."'>".sanitizeHTML($name)."</td>"; $resulttable.="<td bgcolor='#".($emailok?"c0ffc0":"ffc0c0")."'>".sanitizeHTML($mail)."</td>"; $uidok=0; if($bits[1]=="r") { $rmessage=_("Error: UID is revoked"); } elseif($uidformatwrong==1) { $rmessage=_("The format of the UID was not recognized. Please use 'Name (comment) <email@domain>'"); } elseif($mail=="" and $name=="") { $rmessage=_("Error: Both Name and Email address are empty"); } elseif($emailok and $nameok) { $uidok=1; $rmessage=_("Name and Email OK."); } elseif(!$emailok and !$nameok) { $rmessage=_("Name and Email both cannot be matched with your account."); } elseif($emailok and $name=="") { $uidok=1; $rmessage=_("The email is OK. The name is empty."); } elseif($nameok and $mail=="") { $uidok=1; $rmessage=_("The name is OK. The email is empty."); } elseif(!$emailok) { $rmessage=_("The email address has not been registered and verified in your account. Please add the email address to your account first."); } elseif(!$nameok) { $rmessage=_("The name in the UID does not match the name in your account. Please verify the name."); } else { $rmessage=_("Error"); } if($uidok) { $nok++; $resulttable.="<td>$rmessage</td>"; $lastvalidemail=$mail; } else { $nerr++; //$ToBeDeleted[]=$i; //echo "Adding UID $i\n"; $resulttable.="<td bgcolor='#ffc0c0'>$rmessage</td>"; } $resulttable.="</tr>\n"; if($emailok) $multiple++; if(trim($_REQUEST['description']) == ""){ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $description= ""; } } $resulttable.="</table>"; if($nok==0) { showheader(_("Welcome to CAcert.org")); echo $resulttable; echo "<font color='#ff0000'>"._("No valid UIDs found on your key")."</font>"; unset($_REQUEST['process']); $id = $oldid; unset($oldid); $do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`; exit(); } elseif($nerr) { $resulttable.=_("The unverified UIDs have been removed, the verified UIDs have been signed."); } } if($oldid == "0" && $CSR != "") { $query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."', `email`='".mysql_real_escape_string($lastvalidemail)."', `level`='1', `expires`='".mysql_real_escape_string($expires)."', `multiple`='".mysql_real_escape_string($multiple)."', `keyid`='".mysql_real_escape_string($keyid)."', `description`='".mysql_real_escape_string($description)."'"; mysql_query($query); $id = mysql_insert_id(); $cwd = '/tmp/gpgspace'.$id; mkdir($cwd,0755); $fp = fopen("$cwd/gpg.csr", "w"); fputs($fp, clean_gpgcsr($CSR)); fclose($fp); system("gpg --homedir $cwd --import $cwd/gpg.csr"); $debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`); $lines = ""; $gpgarr = explode("\n", $gpg); foreach($gpgarr as $line) { //echo "Line[]: $line <br/>\n"; if(substr($line, 0, 4) == "uid:") { $name = $comment = ""; $bits = explode(":", $line); $pos = strpos($bits[9], "(") - 1; $nocomment = 0; if($pos < 0) { $nocomment = 1; $pos = strpos($bits[9], "<") - 1; } if($pos < 0) { $pos = strlen($bits[9]); } $name = trim(hex2bin(trim(substr($bits[9], 0, $pos)))); $nameok=verifyName($name); if($nocomment == 0) { $pos += 2; $pos2 = strpos($bits[9], ")"); $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos)))); if($comm != "") $comment[] = $comm; $pos = $pos2 + 3; } else { $pos = strpos($bits[9], "<") + 1; } $mail=""; if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) { //echo "Found: ".$match[1]; $mail = trim(hex2bin($match[1])); } else { //echo "Not found!\n"; } $emailok=verifyEmail($mail); $uidid=$bits[7]; if($bits[1]=="r") { $ToBeDeleted[]=$uidid; } elseif($mail=="" and $name=="") { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } elseif($emailok and $nameok) { } elseif($emailok and $name=="") { } elseif($nameok and $mail=="") { } elseif(!$emailok and !$nameok) { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } elseif(!$emailok) { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } elseif(!$nameok) { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } } } if(count($ToBeDeleted)>0) { $descriptorspec = array( 0 => array("pipe", "r"), // stdin is a pipe that the child will read from 1 => array("pipe", "w"), // stdout is a pipe that the child will write to 2 => array("pipe", "w") // stderr is a file to write to ); $stderr = fopen('php://stderr', 'w'); //echo "Keyid: $keyid\n"; $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes); //echo "Process: $process\n"; //fputs($stderr,"Process: $process\n"); if (is_resource($process)) { //echo("it is a resource\n"); // $pipes now looks like this: // 0 => writeable handle connected to child stdin // 1 => readable handle connected to child stdout // Any error output will be appended to /tmp/error-output.txt while (!feof($pipes[1])) { $buffer = fgets($pipes[1], 4096); //echo $buffer; if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n") { fputs($pipes[0],"yes\n"); } elseif($buffer == "[GNUPG:] GOT_IT\n") { } elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer)) { fputs($pipes[0],"yes\n"); } elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer)) { if(count($ToBeDeleted)>0) { $delthisuid=array_pop($ToBeDeleted); //echo "Deleting an UID $delthisuid\n"; fputs($pipes[0],"uid ".$delthisuid."\n"); } else { //echo "Saving\n"; fputs($pipes[0],$state?"save\n":"deluid\n"); $state++; } } elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n") { } elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer)) { echo "Key expired!\n"; exit; } elseif($buffer == "") { //echo "Empty!\n"; } else { echo "ERROR: UNKNOWN $buffer\n"; } } //echo "Fertig\n"; fclose($pipes[0]); //echo stream_get_contents($pipes[1]); fclose($pipes[1]); // It is important that you close any pipes before calling // proc_close in order to avoid a deadlock $return_value = proc_close($process); //echo "command returned $return_value\n"; } else { echo "Keine ressource!\n"; } } $csrname=generatecertpath("csr","gpg",$id); $do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >$csrname`; mysql_query("update `gpg` set `csr`='$csrname' where `id`='$id'"); waitForResult('gpg', $id); showheader(_("Welcome to CAcert.org")); echo $resulttable; $query = "select * from `gpg` where `id`='$id' and `crt`!=''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n"; echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you."); } else { echo "<pre>"; readfile(generatecertpath("crt","gpg",$id)); echo "</pre>"; } showfooter(); exit; } $id = intval($id); showheader(_("Welcome to CAcert.org")); includeit($id, "gpg"); showfooter(); ?> |
|
accountmodified.php (121,399 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); loadem("account"); $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']); $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']); if(!$_SESSION['mconn']) { echo _("Several CAcert Services are currently unavailable. Please try again later."); exit; } if ($process == _("Cancel")) { // General reset CANCEL process requests $process = ""; } if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46) { $id = 1; $oldid=0; } if($process != "" && $oldid == 1) { $id = 1; csrf_check('addemail'); if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0) { showheader(_("My CAcert.org Account!")); echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."); showfooter(); exit; } if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "") { showheader(_("My CAcert.org Account!")); printf(_("Not a valid email address. Can't continue.")); showfooter(); exit; } $oldid=0; $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))); $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email'])); showfooter(); exit; } $checkemail = checkEmail($_REQUEST['newemail']); if($checkemail != "OK") { showheader(_("My CAcert.org Account!")); if (substr($checkemail, 0, 1) == "4") { echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n"; } else { echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n"; } echo "<p>$checkemail</p>\n"; showfooter(); exit; } $hash = make_hash(); $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $emailid = mysql_insert_id(); $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support"); showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email'])); showfooter(); exit; } if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2) { $id = 2; $emailid = intval($_REQUEST['emailid']); $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("Error!")); echo _("You currently don't have access to the email address you selected, or you haven't verified it yet."); showfooter(); exit; } $row = mysql_fetch_assoc($res); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n"; $body .= _("You are receiving this email because you or someone else")."\n"; $body .= _("has changed the default email on your account.")."\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body, "support@cacert.org", "", "", "CAcert Support"); $_SESSION['profile']['email'] = $row['email']; $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); showheader(_("My CAcert.org Account!")); printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email'])); showfooter(); exit; } if($process != "" && $oldid == 2) { $id = 2; csrf_check("chgdef"); showheader(_("My CAcert.org Account!")); $delcount = 0; if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { foreach($_REQUEST['delid'] as $id) { $id = intval($id); $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and `email`!='".$_SESSION['profile']['email']."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); echo $row['email']."<br>\n"; $query = "select `emailcerts`.`id` from `emaillink`,`emailcerts` where `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 group by `emailcerts`.`id`"; $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); $query = "update `email` set `deleted`=NOW() where `id`='$id'"; mysql_query($query); $delcount++; } } } else { echo _("You did not select any email accounts for removal."); } if($delcount > 0) { echo _("The following accounts have been removed:")."<br>\n"; } else { echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken."); } showfooter(); exit; } if($process != "" && $oldid == 3) { if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1') { showheader(_("My CAcert.org Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']); $_SESSION['_config']['addid'] = $_REQUEST['addid']; if($_SESSION['profile']['points'] >= 50) $_SESSION['_config']['incname'] = intval($_REQUEST['incname']); if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100)) { $_REQUEST['codesign'] = 0; } if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1) { if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4) $_SESSION['_config']['incname'] = 1; } if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100) $_SESSION['_config']['codesign'] = 1; else $_SESSION['_config']['codesign'] = 0; if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1) $_SESSION['_config']['disablelogin'] = 0; else $_SESSION['_config']['disablelogin'] = 1; $_SESSION['_config']['rootcert'] = 1; if($_SESSION['profile']['points'] >= 50) { $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } $csr = ""; if(trim($_REQUEST['optionalCSR']) == "") { $id = 4; } else { $oldid = 4; $_REQUEST['keytype'] = "MS"; $csr = clean_csr($_REQUEST['optionalCSR']); } if(trim($_REQUEST['description']) == ""){ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $_SESSION['_config']['description']= ""; } } if($oldid == 4) { if($_REQUEST['keytype'] == "NS") { $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))); if($spkac=="" || $spkac == "deadbeef") { $id = 4; showheader(_("My CAcert.org Account!")); echo _("I didn't receive a valid Certificate Request, please try a different browser."); showfooter(); exit; } $count = 0; $emails = ""; $addys = array(); $defaultemail=""; if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); if(!$emails) $defaultemail = $row['email']; $emails .= "$count.emailAddress = ".$row['email']."\n"; $count++; $addys[] = intval($row['id']); } } if($count <= 0 && $_SESSION['_config']['SSO'] != 1) { $id = 4; showheader(_("My CAcert.org Account!")); echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request."); showfooter(); exit; } $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); if($_SESSION['_config']['SSO'] == 1) $emails .= "$count.emailAddress = ".$user['uniqueID']."\n"; if(strlen($user['mname']) == 1) $user['mname'] .= '.'; if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) { $emails .= "commonName = CAcert WoT User\n"; } else { if($_SESSION['_config']['incname'] == 1) $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n"; if($_SESSION['_config']['incname'] == 2) $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n"; if($_SESSION['_config']['incname'] == 3) $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n"; if($_SESSION['_config']['incname'] == 4) $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n"; } if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; $emails .= "SPKAC = $spkac"; if (($weakKey = checkWeakKeySPKAC($emails)) !== "") { $id = 4; showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', `memid`='".intval($_SESSION['profile']['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `codesign`='".intval($_SESSION['_config']['codesign'])."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."', `description`='".intval($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname=generatecertpath("csr","client",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); $challenge=$_SESSION['spkac_hash']; $res=`openssl spkac -verify -in $CSRname`; if(!strstr($res,"Challenge String: ".$challenge)) { $id = $oldid; showheader(_("My CAcert.org Account!")); echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."); showfooter(); exit; } mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { if($csr == "") $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n"; if (($weakKey = checkWeakKeyCSR($csr)) !== "") { $id = 4; showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } $tmpfname = tempnam("/tmp", "id4CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); fclose($fp); $addys = array(); $defaultemail = ""; $csrsubject=""; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); if(strlen($user['mname']) == 1) $user['mname'] .= '.'; if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) $csrsubject = "/CN=CAcert WoT User"; if($_SESSION['_config']['incname'] == 1) $csrsubject = "/CN=".$user['fname']." ".$user['lname']; if($_SESSION['_config']['incname'] == 2) $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']; if($_SESSION['_config']['incname'] == 3) $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix']; if($_SESSION['_config']['incname'] == 4) $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']; if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); if($defaultemail == "") $defaultemail = $row['email']; $csrsubject .= "/emailAddress=".$row['email']; $addys[] = $row['id']; } } if($_SESSION['_config']['SSO'] == 1) $csrsubject .= "/emailAddress = ".$user['uniqueID']; $tmpname = tempnam("/tmp", "id4csr"); $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); while($data = fgets($fp, 4096)) $csr .= $data; fclose($fp); @unlink($tmpname); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; if($csr == "") { $id = 4; showheader(_("My CAcert.org Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='".sanitizeHTML($_REQUEST['keytype'])."', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."', `description`='".intval($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'"); $CSRname=generatecertpath("csr","client",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } waitForResult("emailcerts", $emailid, 4); $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $id = 4; showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } else { $id = 6; $cert = $emailid; $_REQUEST['cert']=$emailid; } } if($oldid == 7) { csrf_check("adddomain"); if(strstr($_REQUEST['newdomain'],"\x00")) { showheader(_("My CAcert.org Account!")); echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes."); showfooter(); exit; } list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest while($newdomain['0'] == '-') $newdomain = substr($newdomain, 1); if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0) { showheader(_("My CAcert.org Account!")); echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."); showfooter(); exit; } $newdom = trim(escapeshellarg($newdomain)); $newdomain = mysql_real_escape_string(trim($newdomain)); $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'"); $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0"; $res2 = mysql_query($query); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2)) { $oldid=0; $id = 7; showheader(_("My CAcert.org Account!")); printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain)); showfooter(); exit; } } if($oldid == 7) { $oldid=0; $id = 8; $addy = array(); $adds = array(); if(strtolower(substr($newdom, -4, 3)) != ".jp") $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`)); if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info") { if(is_array($adds)) foreach($adds as $line) { $bits = explode(":", $line, 2); $line = trim($bits[1]); if(!in_array($line, $addy) && $line != "") $addy[] = trim(mysql_real_escape_string(stripslashes($line))); } } else { if(is_array($adds)) foreach($adds as $line) { $line = trim(str_replace("\t", " ", $line)); $line = trim(str_replace("(", "", $line)); $line = trim(str_replace(")", " ", $line)); $line = trim(str_replace(":", " ", $line)); $bits = explode(" ", $line); foreach($bits as $bit) { if(strstr($bit, "@")) $line = $bit; } if(!in_array($line, $addy) && $line != "") $addy[] = trim(mysql_real_escape_string(stripslashes($line))); } } $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain"); foreach($rfc as $sub) if(!in_array($sub, $addy)) $addy[] = $sub; $_SESSION['_config']['addy'] = $addy; $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain); } if($process != "" && $oldid == 8) { csrf_check('ctcinfo'); $oldid=0; $id = 8; $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy']))); if($authaddy == "" || !is_array($_SESSION['_config']['addy'])) { showheader(_("My CAcert.org Account!")); echo _("The address you submitted isn't a valid authority address for the domain."); showfooter(); exit; } if(!in_array($authaddy, $_SESSION['_config']['addy'])) { showheader(_("My CAcert.org Account!")); echo _("The address you submitted isn't a valid authority address for the domain."); showfooter(); exit; } $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { showheader(_("My CAcert.org Account!")); printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain'])); showfooter(); exit; } $checkemail = checkEmail($authaddy); if($checkemail != "OK") { showheader(_("My CAcert.org Account!")); //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n"; if (substr($checkemail, 0, 1) == "4") { echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n"; } else { echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n"; } echo "<p>$checkemail</p>\n"; showfooter(); exit; } $hash = make_hash(); $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."', `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $domainid = mysql_insert_id(); $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support"); showheader(_("My CAcert.org Account!")); printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']); showfooter(); exit; } if($process != "" && $oldid == 9) { $id = 9; showheader(_("My CAcert.org Account!")); if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { echo _("The following domains have been removed:")."<br> ("._("Any valid certificates will be revoked as well").")<br>\n"; foreach($_REQUEST['delid'] as $id) { $id = intval($id); $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); echo $row['domain']."<br>\n"; mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'"); $dres = mysql_query("select * from `domlink` where `domid`='$id'"); while($drow = mysql_fetch_assoc($dres)) mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); } } } else { echo _("You did not select any domains for removal."); } showfooter(); exit; } if($process != "" && $oldid == 10) { $CSR = clean_csr($_REQUEST['CSR']); if(strpos($CSR,"---BEGIN")===FALSE) { // In case the CSR is missing the ---BEGIN lines, add them automatically: $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n"; } if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } if(trim($_REQUEST['description']) == ""){ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $_SESSION['_config']['description']= ""; } $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); fclose($fp); $CSR = $_SESSION['_config']['tmpfname']; $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 11; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My CAcert.org Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $_SESSION['_config']['rootcert'] = 1; if($_SESSION['profile']['points'] >= 50) { $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } } if($process != "" && $oldid == 11) { if(!file_exists($_SESSION['_config']['tmpfname'])) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } if (($weakKey = checkWeakKeyCSR(file_get_contents( $_SESSION['_config']['tmpfname']))) !== "") { showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } $id = 11; if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My CAcert.org Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $subject = ""; $count = 0; $supressSAN=0; if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) { $count++; if($count <= 1) { $subject .= "/CN=$row"; if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; } else { if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; } } if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $row) { if(substr($row, 0, 4) == "DNS:") { $row = substr($row, 4); if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; } } if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', `description`='".intval($_SESSION['_config']['description'])."'"; } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', `description`='".intval($_SESSION['_config']['description'])."'"; } else { showheader(_("My CAcert.org Account!")); echo _("Domain not verified."); showfooter(); exit; } mysql_query($query); $CSRid = mysql_insert_id(); if(is_array($_SESSION['_config']['rowid'])) foreach($_SESSION['_config']['rowid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); $CSRname=generatecertpath("csr","server",$CSRid); rename($_SESSION['_config']['tmpfname'], $CSRname); chmod($CSRname,0644); mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); waitForResult("domaincerts", $CSRid, 11); $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $id = 11; showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } else { $id = 15; $cert = $CSRid; $_REQUEST['cert']=$CSRid; } } if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "") { csrf_check('srvcerchange'); $id = 12; showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { echo _("Now renewing the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); echo _("Processing request")." $id:<br/>"; $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id); continue; } $row = mysql_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."',". //`csr_name`='".$row['csr_name']."', // RACE CONDITION "`created`='".$row['created']."', `modified`=NOW(), `rootcert`='".$row['rootcert']."', `type`='".$row['type']."', `pkhash`='".$row['pkhash']."', `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","server",$newid); copy($row['csr_name'], $newfile); $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); continue; } $subject = ""; $count = 0; if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) { $count++; if($count <= 1) { $subject .= "/CN=$row"; if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; } else { if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; } } if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $row) if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; $subject = mysql_real_escape_string($subject); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n"; waitForResult("domaincerts", $newid,$oldid,0); $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { $drow = mysql_fetch_assoc($res); $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; echo "<pre>\n$cert\n</pre>\n"; } } } else { echo _("You did not select any certificates for renewal."); } showfooter(); exit; } if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "") { csrf_check('srvcerchange'); $id = 12; showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { echo _("Now revoking the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } else { echo _("You did not select any certificates for revocation."); } if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { echo _("Now deleting the following pending requests:")."<br>\n"; foreach($_REQUEST['delid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } mysql_query("delete from `domaincerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); } } showfooter(); exit; } if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "") { showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { echo _("Now renewing the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); $query = "insert into emailcerts set `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."', `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `disablelogin`='".$row['disablelogin']."', `codesign`='".$row['codesign']."', `rootcert`='".$row['rootcert']."', `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","client",$newid); copy($row['csr_name'], $newfile); mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'"); $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'"); while($r2 = mysql_fetch_assoc($res)) { mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."', `emailcertsid`='$newid'"); } waitForResult("emailcerts", $newid,$oldid,0); $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { printf(_("Certificate for '%s' has been renewed."), $row['CN']); echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>". _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n"; } } } else { echo _("You did not select any certificates for renewal.")."<br/>"; } showfooter(); exit; } if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "") { $id = 5; showheader(_("My CAcert.org Account!")); if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid'])) { echo _("Now revoking the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } else { echo _("You did not select any certificates for revocation."); } if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { echo _("Now deleting the following pending requests:")."<br>\n"; foreach($_REQUEST['delid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } mysql_query("delete from `emailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); } } showfooter(); exit; } if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "") { showheader(_("My CAcert.org Account!")); //echo _("Now changing the settings for the following certificates:")."<br>\n"; foreach($_REQUEST as $id => $val) { //echo $id."<br/>"; if(substr($id,0,5)=="cert_") { $id = intval(substr($id,5)); $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1"; //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n"; mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"); //$row = mysql_fetch_assoc($res); } } echo(_("Certificate settings have been changed.")."<br/>\n"); showfooter(); exit; } if($oldid == 13 && $process != "") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4'])))); $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5'])))); $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] || $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] || $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] || $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] || $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] || $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] || $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] || $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] || $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] || $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] || $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] || $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] || $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] || $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] || $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] || $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] || $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5']) { $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n"; $id = $oldid; $oldid=0; } if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" || $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" || $_SESSION['_config']['user']['Q5'] == "") { $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>"; $id = $oldid; $oldid=0; } } if($oldid == 13 && $process != "") { $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $ddres = mysql_query($ddquery); $ddrow = mysql_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; if($_SESSION['profile']['points'] == 0) { $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']); $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']); $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']); if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "") { $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>"; $id = $oldid; $oldid=0; } if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 || $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31) { $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n"; $id = $oldid; $oldid=0; } } } if($oldid == 13 && $process != "") { if($_SESSION['profile']['points'] == 0) { $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."', `mname`='".$_SESSION['_config']['user']['mname']."', `lname`='".$_SESSION['_config']['user']['lname']."', `suffix`='".$_SESSION['_config']['user']['suffix']."', `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', `Q2`='".$_SESSION['_config']['user']['Q2']."', `Q3`='".$_SESSION['_config']['user']['Q3']."', `Q4`='".$_SESSION['_config']['user']['Q4']."', `Q5`='".$_SESSION['_config']['user']['Q5']."', `A1`='".$_SESSION['_config']['user']['A1']."', `A2`='".$_SESSION['_config']['user']['A2']."', `A3`='".$_SESSION['_config']['user']['A3']."', `A4`='".$_SESSION['_config']['user']['A4']."', `A5`='".$_SESSION['_config']['user']['A5']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "") { $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."', `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } $_SESSION['_config']['user']['set'] = 0; $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); $_SESSION['profile']['loggedin'] = 1; $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $ddres = mysql_query($ddquery); $ddrow = mysql_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; $id = 13; showheader(_("My CAcert.org Account!")); echo _("Your details have been updated with the database."); showfooter(); exit; } if($oldid == 14 && $process != "") { $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword']))); $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1']))); $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2']))); $id = 14; csrf_check("pwchange"); showheader(_("My CAcert.org Account!")); if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2']) { echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("New Pass Phrases specified don't match or were blank."); } else { $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']); if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) { $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))"); $rc = mysql_num_rows($match); } else { $rc = 1; } if(strlen($_SESSION['_config']['user']['pword1']) < 6) { echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("The Pass Phrase you submitted was too short."); } else if($score < 3) { echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else if($rc <= 0) { echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n"; echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n"; $body .= _("You are receiving this email because you or someone else")."\n"; $body .= _("has changed the password on your account.")."\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); } } showfooter(); exit; } if($oldid == 16) { $id = 16; $_SESSION['_config']['emails'] = array(); foreach($_REQUEST['emails'] as $val) { $val = mysql_real_escape_string(stripslashes(trim($val))); $bits = explode("@", $val); $count = count($bits); if($count != 2) continue; if(checkownership($bits[1]) == false) continue; if(!is_array($_SESSION['_config']['row'])) continue; else if($_SESSION['_config']['row']['id'] > 0) $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id']; if($val != "") $_SESSION['_config']['emails'][] = $val; } $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name']))); $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); if(trim($_REQUEST['description']) == ""){ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $_SESSION['_config']['description']= ""; } } if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) { $id = 16; showheader(_("My CAcert.org Account!")); echo _("I couldn't match any emails against your organisational account."); showfooter(); exit; } if($oldid == 16 && $process != "") { if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100)) { $_REQUEST['codesign'] = 1; $_SESSION['_config']['codesign'] = 1; } else { $_REQUEST['codesign'] = 0; $_SESSION['_config']['codesign'] = 0; } $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; if(trim($_REQUEST['description']) == ""){ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $_SESSION['_config']['description']= ""; } if(@count($_SESSION['_config']['emails']) > 0) $id = 17; } if($oldid == 17) { $org = $_SESSION['_config']['row']; if($_REQUEST['keytype'] == "NS") { $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))); if($spkac == "" || strlen($spkac) < 128) { $id = 17; showheader(_("My CAcert.org Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $count = 0; $emails = ""; $addys = array(); if(is_array($_SESSION['_config']['emails'])) foreach($_SESSION['_config']['emails'] as $_REQUEST['email']) { if(!$emails) $defaultemail = $_REQUEST['email']; $emails .= "$count.emailAddress = $_REQUEST[email]\n"; $count++; } if($_SESSION['_config']['name'] != "") $emails .= "commonName = ".$_SESSION['_config']['name']."\n"; if($_SESSION['_config']['OU']) $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n"; if($org['O']) $emails .= "organizationName = ".$org['O']."\n"; if($org['L']) $emails .= "localityName = ".$org['L']."\n"; if($org['ST']) $emails .= "stateOrProvinceName = ".$org['ST']."\n"; if($org['C']) $emails .= "countryName = ".$org['C']."\n"; if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; $emails .= "SPKAC = $spkac"; if (($weakKey = checkWeakKeySPKAC($emails)) !== "") { $id = 17; showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='NS', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."', `description`='".intval($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); foreach($_SESSION['_config']['domids'] as $addy) mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname=generatecertpath("csr","orgclient",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); $challenge=$_SESSION['spkac_hash']; $res=`openssl spkac -verify -in $CSRname`; if(!strstr($res,"Challenge String: ".$challenge)) { $id = $oldid; showheader(_("My CAcert.org Account!")); echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."); showfooter(); exit; } mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") { $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n"; if (($weakKey = checkWeakKeyCSR($csr)) !== "") { $id = 17; showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } $tmpfname = tempnam("/tmp", "id17CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); fclose($fp); $addys = array(); $defaultemail = ""; $csrsubject=""; if($_SESSION['_config']['name'] != "") $csrsubject = "/CN=".$_SESSION['_config']['name']; if(is_array($_SESSION['_config']['emails'])) foreach($_SESSION['_config']['emails'] as $_REQUEST['email']) { if($defaultemail == "") $defaultemail = $_REQUEST['email']; $csrsubject .= "/emailAddress=$_REQUEST[email]"; } if($_SESSION['_config']['OU']) $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU']; if($org['O']) $csrsubject .= "/organizationName=".$org['O']; if($org['L']) $csrsubject .= "/localityName=".$org['L']; if($org['ST']) $csrsubject .= "/stateOrProvinceName=".$org['ST']; if($org['C']) $csrsubject .= "/countryName=".$org['C']; $tmpname = tempnam("/tmp", "id17csr"); $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); while($data = fgets($fp, 4096)) $csr .= $data; fclose($fp); @unlink($tmpname); if($csr == "") { showheader(_("My CAcert.org Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='$csrsubject', `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert'].."', `description`='".intval($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); foreach($_SESSION['_config']['domids'] as $addy) mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname=generatecertpath("csr","orgclient",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } waitForResult("orgemailcerts", $emailid,$oldid); $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } else { $id = 19; $cert = $emailid; $_REQUEST['cert']=$emailid; } } if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "") { csrf_check('clicerchange'); showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { $id = 18; echo _("Now renewing the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { echo "Renewing certificate #$id ...\n<br/>"; $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } $query = "insert into `orgemailcerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', `subject`='".$row['subject']."', `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `codesign`='".$row['codesign']."', `rootcert`='".$row['rootcert']."', `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","orgclient",$newid); copy($row['csr_name'], $newfile); mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); waitForResult("orgemailcerts", $newid,$oldid,0); $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { printf(_("Certificate for '%s' has been renewed."), $row['CN']); echo "<a href='account.php?id=19&cert=$newid' target='_new'>". _("Click here")."</a> "._("to install your certificate."); } echo("<br/>"); } } else { echo _("You did not select any certificates for renewal."); } showfooter(); exit; } if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "") { csrf_check('clicerchange'); $id = 18; showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { echo _("Now revoking the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } else { echo _("You did not select any certificates for revocation."); } if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { echo _("Now deleting the following pending requests:")."<br>\n"; foreach($_REQUEST['delid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } mysql_query("delete from `orgemailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); } } showfooter(); exit; } if($process != "" && $oldid == 20) { $CSR = clean_csr($_REQUEST['CSR']); if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { $id = 20; showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } if(trim($_REQUEST['description']) == ""){ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $_SESSION['_config']['description']= ""; } $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); fclose($fp); $CSR = $_SESSION['_config']['tmpfname']; $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 21; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn2(); getalt2(); $query = "select * from `orginfo`,`org`,`orgdomains` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'"; $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query)); $query = "select * from `orginfo`,`org`,`orgdomains` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'"; $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query)); //echo "<pre>"; print_r($_SESSION['_config']); die; if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { $id = 20; showheader(_("My CAcert.org Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } if($process != "" && $oldid == 21) { $id = 21; if(!file_exists($_SESSION['_config']['tmpfname'])) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } if (($weakKey = checkWeakKeyCSR(file_get_contents( $_SESSION['_config']['tmpfname']))) !== "") { showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My CAcert.org Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } if($_SESSION['_config']['rowid']['0'] > 0) { $query = "select * from `org`,`orginfo` where `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; } else { $query = "select * from `org`,`orginfo` where `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; } $org = mysql_fetch_assoc(mysql_query($query)); $csrsubject = ""; if($_SESSION['_config']['OU']) $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU']; if($org['O']) $csrsubject .= "/organizationName=".$org['O']; if($org['L']) $csrsubject .= "/localityName=".$org['L']; if($org['ST']) $csrsubject .= "/stateOrProvinceName=".$org['ST']; if($org['C']) $csrsubject .= "/countryName=".$org['C']; //if($org['contact']) // $csrsubject .= "/emailAddress=".trim($org['contact']); if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) $csrsubject .= "/commonName=$row"; $SAN=""; if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $subalt) { if($SAN != "") $SAN .= ","; $SAN .= "$subalt"; } if($SAN != "") $csrsubject .= "/subjectAltName=".$SAN; $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; if($_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."', `orgid`='".$org['id']."', `created`=NOW(), `subject`='$csrsubject', `rootcert`='".$_SESSION['_config']['rootcert']."', `type`='$type'"; } else { $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."', `orgid`='".$org['id']."', `created`=NOW(), `subject`='$csrsubject', `rootcert`='".$_SESSION['_config']['rootcert']."', `type`='$type', `description`='".intval($_SESSION['_config']['description'])."'"; } mysql_query($query); $CSRid = mysql_insert_id(); $CSRname=generatecertpath("csr","orgserver",$CSRid); rename($_SESSION['_config']['tmpfname'], $CSRname); chmod($CSRname,0644); mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); if(is_array($_SESSION['_config']['rowid'])) foreach($_SESSION['_config']['rowid'] as $id) mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $id) mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); waitForResult("orgdomaincerts", $CSRid,$oldid); $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } else { $id = 23; $cert = $CSRid; $_REQUEST['cert']=$CSRid; } } if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "") { csrf_check('orgsrvcerchange'); showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { echo _("Now renewing the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } $query = "insert into `orgdomaincerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `subject`='".$row['subject']."', `type`='".$row['type']."', `rootcert`='".$row['rootcert']."', `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); //echo "NewID: $newid<br/>\n"; $newfile=generatecertpath("csr","orgserver",$newid); copy($row['csr_name'], $newfile); mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".$row['CN']."<br>\n"; $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'"); while($r2 = mysql_fetch_assoc($res)) mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'"); waitForResult("orgdomaincerts", $newid,$oldid,0); $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { $drow = mysql_fetch_assoc($res); $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; echo "<pre>\n$cert\n</pre>\n"; } } } else { echo _("You did not select any certificates for renewal."); } showfooter(); exit; } if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "") { csrf_check('orgsrvcerchange'); showheader(_("My CAcert.org Account!")); if(is_array($_REQUEST['revokeid'])) { echo _("Now revoking the following certificates:")."<br>\n"; foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); } } else { echo _("You did not select any certificates for revocation."); } if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { echo _("Now deleting the following pending requests:")."<br>\n"; foreach($_REQUEST['delid'] as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']); continue; } mysql_query("delete from `orgdomaincerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']); } } showfooter(); exit; } if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 || $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 || $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) && $_SESSION['profile']['orgadmin'] != 1) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if($oldid == 24 && $process != "") { $id = intval($oldid); $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O']))); $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact']))); $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L']))); $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST']))); $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C']))); $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments']))); if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "") { $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields."); } else { mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."', `contact`='".$_SESSION['_config']['contact']."', `L`='".$_SESSION['_config']['L']."', `ST`='".$_SESSION['_config']['ST']."', `C`='".$_SESSION['_config']['C']."', `comments`='".$_SESSION['_config']['comments']."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O'])); showfooter(); exit; } } if($oldid == 27 && $process != "") { csrf_check('orgdetchange'); $id = intval($oldid); $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O']))); $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact']))); $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L']))); $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST']))); $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C']))); $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments']))); if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "") { $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields."); } else { mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."', `contact`='".$_SESSION['_config']['contact']."', `L`='".$_SESSION['_config']['L']."', `ST`='".$_SESSION['_config']['ST']."', `C`='".$_SESSION['_config']['C']."', `comments`='".$_SESSION['_config']['comments']."' where `id`='".$_SESSION['_config']['orgid']."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O'])); showfooter(); exit; } } if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST)) { $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname']))); $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'"); if(mysql_num_rows($res1) > 0) { $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; $oldid=0; } } if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0) { $oldid=0; $id = 25; } if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"])) { mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain)); echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue."); showfooter(); exit; } if($oldid == 29 && $process != "") { $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname']))); $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'"); $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; $oldid=0; } } if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($domid)."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($domid)."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); } if($oldid == 29 && $process != "") { $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'")); mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain)); echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue."); showfooter(); exit; } if($oldid == 30 && $process != "") { $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'")); $domain = $row['domain']; mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain)); echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue."); showfooter(); exit; } if($oldid == 30) { $id = 26; $orgid = 0; } if($oldid == 31 && $process != "") { $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"; $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($drow['id'])."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'"); mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'"); } $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($drow['id'])."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'"); mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'"); } } mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"); mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"); mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'"); } if($oldid == 31) { $id = 25; $orgid = 0; } if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34) { $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"; $_macc = mysql_num_rows(mysql_query($query)); if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); showfooter(); exit; } } if($id == 35 || $oldid == 35) { $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'"; $is_orguser = mysql_num_rows(mysql_query($query)); if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); showfooter(); exit; } } if($id == 33 && $_SESSION['profile']['orgadmin'] != 1) { $orgid = intval($_SESSION['_config']['orgid']); $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $id = 35; } } if($oldid == 33 && $process != "") { csrf_check('orgadmadd'); if($_SESSION['profile']['orgadmin'] == 1) $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']); else $masteracc = $_SESSION['_config'][masteracc] = 0; $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email']))); $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments']))); $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0"); if(mysql_num_rows($res) <= 0) { $id = $oldid; $oldid=0; $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email'])); } else { $row = mysql_fetch_assoc($res); if ( !is_assurer(intval($row['id'])) ) { $id = $oldid; $oldid=0; $_SESSION['_config']['errmsg'] = _("The user is not an Assurer yet"); } else { mysql_query( "insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."', `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'"); } } } if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1) { $orgid = intval($_SESSION['_config']['orgid']); $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'"); if(mysql_num_rows($res) <= 0) $id = 32; } if($oldid == 34 && $process != "") { $orgid = intval($_SESSION['_config']['orgid']); $memid = intval($_REQUEST['memid']); $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'"; mysql_query($query); } if($oldid == 34 || $oldid == 33) { $oldid=0; $id = 32; $orgid = 0; } if($id == 36) { $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'")); $_REQUEST['general'] = $row['general']; $_REQUEST['country'] = $row['country']; $_REQUEST['regional'] = $row['regional']; $_REQUEST['radius'] = $row['radius']; } if($oldid == 36) { $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'")); if($rc > 0) { $query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."', `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."', `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."', `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."' where `memid`='".intval($_SESSION['profile']['id'])."'"; } else { $query = "insert into `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."', `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."', `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."', `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."', `memid`='".intval($_SESSION['profile']['id'])."'"; } mysql_query($query); $id = $oldid; $oldid=0; } if($oldid == 41 && $_REQUEST['action'] == 'default') { csrf_check("mainlang"); $lang = mysql_real_escape_string($_REQUEST['lang']); foreach(L10n::$translations as $key => $val) { if($key == $lang) { mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'"); $_SESSION['profile']['language'] = $lang; showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); showfooter(); exit; } } showheader(_("My CAcert.org Account!")); echo _("You tried to use an invalid language."); showfooter(); exit; } if($oldid == 41 && $_REQUEST['action'] == 'addsec') { csrf_check("seclang"); $addlang = mysql_real_escape_string($_REQUEST['addlang']); // Does the language exist? mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'"); showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); showfooter(); exit; } if($oldid == 41 && $_REQUEST['action'] == 'dellang') { csrf_check("seclang"); $remove = mysql_real_escape_string($_REQUEST['remove']); mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'"); showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); showfooter(); exit; } if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 || $oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) && $_SESSION['profile']['admin'] != 1) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if(($id == 53 || $id == 54 || $oldid == 53 || $oldid == 54) && $_SESSION['profile']['locadmin'] != 1) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" && $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add")) { $id = 53; $ccid = intval(array_key_exists('ccid',$_REQUEST)?$_REQUEST['ccid']:0); $regid = intval(array_key_exists('regid',$_REQUEST)?$_REQUEST['regid']:0); $newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0); $locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0); $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):""; $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):""; $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):""; $action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:""; if($locid > 0 && $action == "edit") { $query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'"; mysql_query($query); $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($regid > 0 && $action == "edit") { $query = "update `regions` set `name`='$name' where `id`='$regid'"; mysql_query($query); $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); $_REQUEST['ccid'] = $row['ccid']; unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($regid > 0 && $action == "add") { $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'")); $ccid = $row['ccid']; $query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'"; mysql_query($query); unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($ccid > 0 && $action == "add" && $name != "") { $query = "insert into `regions` set `ccid`='$ccid', `name`='$name'"; mysql_query($query); $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($locid > 0 && $action == "delete") { $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; mysql_query("delete from `localias` where `locid`='$locid'"); mysql_query("delete from `locations` where `id`='$locid'"); unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($locid > 0 && $action == "move") { $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); $oldregid = $row['regid']; mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'"); mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'"); $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($regid > 0 && $action == "delete") { $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); $_REQUEST['ccid'] = $row['ccid']; mysql_query("delete from `locations` where `regid`='$regid'"); mysql_query("delete from `regions` where `id`='$regid'"); unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); } else if($locid > 0 && $action == "alias") { $id = 54; $_REQUEST['action'] = "aliases"; $_REQUEST['locid'] = $locid; $name = htmlentities($name); $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'"); } else if($locid > 0 && $action == "delalias") { $id = 54; $_REQUEST['action'] = "aliases"; $_REQUEST['locid'] = $locid; $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'"); } } if($oldid == 42 && $_REQUEST['email'] == "") { $id = $oldid; $oldid=0; } if($oldid == 42) { $id = 43; $oldid=0; } if($oldid == 43 && $_REQUEST['action'] == "updatedob") { $id = 43; $oldid=0; $fname = mysql_real_escape_string($_REQUEST['fname']); $mname = mysql_real_escape_string($_REQUEST['mname']); $lname = mysql_real_escape_string($_REQUEST['lname']); $suffix = mysql_real_escape_string($_REQUEST['suffix']); $day = intval($_REQUEST['day']); $month = intval($_REQUEST['month']); $year = intval($_REQUEST['year']); $userid = intval($_REQUEST['userid']); $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; $details = mysql_fetch_assoc(mysql_query($query)); $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'"; mysql_query($query); $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'"; mysql_query($query); } if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; $oldid=0; } if($oldid == 48) { $id = 49; $oldid=0; } if($id == 44) { if($_REQUEST['userid'] != "") $_REQUEST['userid'] = intval($_REQUEST['userid']); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); if($row['email'] == "") $id = 42; else $_REQUEST['email'] = $row['email']; } if($oldid == 44) { showheader(_("My CAcert.org Account!")); if(intval($_REQUEST['userid']) <= 0) { echo _("No such user found."); } else { mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); $body = sprintf(_("Hi %s,"),$row['fname'])."\n"; $body .= _("You are receiving this email because a CAcert administrator")."\n"; $body .= _("has changed the password on your account.")."\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); } showfooter(); exit; } if($process != "" && $oldid == 45) { $CSR = clean_csr($CSR); $_SESSION['_config']['CSR'] = $CSR; $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`); $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 46; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My CAcert.org Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } } if($process != "" && $oldid == 46) { $CSR = clean_csr($_SESSION['_config']['CSR']); $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`); $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 11; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My CAcert.org Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { showheader(_("My CAcert.org Account!")); echo $weakKey; showfooter(); exit; } $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['0.CN']."', `domid`='".$_SESSION['_config']['row']['id']."', `created`=NOW()"; mysql_query($query); $CSRid = mysql_insert_id(); foreach($_SESSION['_config']['rowid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); $CSRname=generatecertpath("csr","server",$CSRid); $fp = fopen($CSRname, "w"); fputs($fp, $_SESSION['_config']['CSR']); fclose($fp); mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); waitForResult("domaincerts", $CSRid,$oldid); $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("My CAcert.org Account!")); printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); showfooter(); exit; } else { $id = 47; $cert = $CSRid; $_REQUEST['cert']=$CSRid; } } if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['tverify']; mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0) { csrf_check('admsetassuret'); $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['assurer']; mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['assurer_blocked']; mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0) { csrf_check('admactlock'); $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['locked']; mysql_query("update `users` set `locked`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0) { csrf_check('admcodesign'); $memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['codesign']; mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0) { csrf_check('admorgadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['orgadmin']; mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0) { csrf_check('admttpadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['ttpadmin']; mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = $row['adadmin'] + 1; if($ver > 2) $ver = 0; mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['locadmin']; mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0) { csrf_check('admsetadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['admin']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['admin']; mysql_query("update `users` set `admin`='$ver' where `id`='$memid'"); } if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['general']); $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['general']; mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'"); } if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['country']); $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['country']; mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'"); } if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['regional']); $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['regional']; mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'"); } if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0) { $memid = $_REQUEST['userid'] = intval($_REQUEST['radius']); $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['radius']; mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'"); } if($id == 50) { if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "") $_REQUEST['userid'] = intval($_REQUEST['userid']); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); if($row['email'] == "") $id = 42; else $_REQUEST['email'] = $row['email']; } if($oldid == 50) { $id = 43; $_REQUEST['userid'] = intval($_REQUEST['userid']); } if($oldid == 50 && $process != "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"); if(mysql_num_rows($res) > 0) { $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01' WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'"; mysql_query($query); $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'"; mysql_query($query); $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'"; mysql_query($query); $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'"; mysql_query($query); $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'"; mysql_query($query); $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'"; mysql_query($query); } } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if($oldid == 52) { $uid = intval($_REQUEST['uid']); $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; $rc = mysql_num_rows(mysql_query($query)); if($rc <= 0) { showheader(_("My CAcert.org Account!")); echo _("Unable to find a valid tverify request for this ID."); showfooter(); exit; } } if($oldid == 52) { $query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'"; $rc = mysql_num_rows(mysql_query($query)); if($rc > 0) { showheader(_("My CAcert.org Account!")); echo _("You have already voted on this request."); showfooter(); exit; } } if($oldid == 52 && ($_REQUEST['agree'] != "" || $_REQUEST['disagree'] != "")) { $vote = -1; if($_REQUEST['agree'] != "") $vote = 1; $query = "insert into `tverify-vote` set `tverify`='$uid', `memid`='".$_SESSION['profile']['id']."', `when`=NOW(), `vote`='$vote', `comment`='".mysql_real_escape_string($_REQUEST['comment'])."'"; mysql_query($query); $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'")); if($rc >= 8) { mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); $memid = $tverify['memid']; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'")); $points = 0; if($tverify['URL'] != "" && $tverify['photoid'] != "") $points = 150 - intval($tmp['points']); if($tverify['URL'] != "" && $tverify['photoid'] == "") $points = 90 - intval($tmp['points']); if($tverify['URL'] == "" && $tverify['photoid'] == "") $points = 50 - intval($tmp['points']); if($points < 0) $points = 0; if($points > 0) { mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points', `method`='Thawte Points Transfer', `when`=NOW()"); fix_assurer_flag($memid); } $totalpoints = intval($tmp['points']) + $points; $body = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n"; $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"); while($row = mysql_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); } $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'")); if($rc >= 4) { mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); $memid = $tverify['memid']; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); $body = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n"; $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"); while($row = mysql_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n"; $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); } showheader(_("My CAcert.org Account!")); echo _("Your vote has been accepted."); showfooter(); exit; } if(intval($cert) > 0) $_SESSION['_config']['cert'] = intval($cert); if(intval($orgid) > 0) $_SESSION['_config']['orgid'] = intval($orgid); if(intval($memid) > 0) $_SESSION['_config']['memid'] = intval($memid); ?> |
|
3modified.php (7,467 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ include_once("../includes/shutdown.php"); ?> <h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3> <p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> <p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> <p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p> <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("New Client Certificate")?></td> </tr> <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> <? $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { ?> <tr> <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> </tr> <? } if($_SESSION['profile']['points'] >= 50) { $fname = $_SESSION['profile']['fname']; $mname = $_SESSION['profile']['mname']; $lname = $_SESSION['profile']['lname']; $suffix = $_SESSION['profile']['suffix']; ?> <tr> <td class="DataTD" colspan="2" align="left"> <?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80> </td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> </td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br> <? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?> <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?> <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?> <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> </td> </tr> <? } ?> <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <tr> <td class="DataTD" align="left"> <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td> <td class="DataTD" align="left"> <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> </td> </tr> <? } ?> <tr> <td class="DataTD" colspan="2" align="left"> <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br> <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> </td> </tr> <tr name="expertoff" style="display:none"> <td class="DataTD" colspan="2" align="left"> <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?> </td> </tr> <tr name="expert"> <td class="DataTD" colspan="2" align="left"> <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br> <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br> <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> </td> </tr> <tr name="expert"> <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> </tr> <tr name="expert"> <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> </tr> <tr> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> </form> <script language="javascript"> function showExpert(a) { b=document.getElementsByName("expert"); for(i=0;b.length>i;i++) { if(!a) {b[i].setAttribute("style","display:none"); } else {b[i].removeAttribute("style");} } b=document.getElementsByName("expertoff"); for(i=0;b.length>i;i++) { b[i].removeAttribute("style"); } } showExpert(false); </script> |
|
5modified.php (5,090 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Login")?></td> <? $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, `emailcerts`.`expire` as `expires`, `emailcerts`.`revoked` as `revoke`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`, `emailcerts`.`CN`, `emailcerts`.`serial`, emailcerts.disablelogin as `disablelogin`, `emailcerts`.`description` from `emailcerts` where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' "; if($viewall != 1) $query .= " AND `revoked`=0 AND `renewed`=0 "; $query .= " GROUP BY `emailcerts`.`id` "; if($viewall != 1) $query .= " HAVING `timeleft` > 0 "; $query .= " ORDER BY `emailcerts`.`modified` desc"; // echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) $verified = _("Expired"); if($row['expired'] == 0) $verified = _("Pending"); if($row['revoked'] > 0) $verified = _("Revoked"); if($row['revoked'] == 0) $row['revoke'] = _("Not Revoked"); ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=6&cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td> <? } else if($verified != _("Revoked")) { ?> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <? } else { ?> <td class="DataTD"> </td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <? } ?> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"> <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> <input type="hidden" name="cert_<?=$row['id']?>" value="1"/> </td> </tr> <? } ?> <tr> <td class="DataTD" colspan="8"> <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> <tr> <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> </tr> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> <p><?=_("Login").": "._("By allowing certificate login, this certificate can be used to login into your account at https://secure.cacert.org/ .")?></p> |
|
10modified.php (4,044 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ include_once("../includes/shutdown.php"); ?> <h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> <p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> <p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> <p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p> <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p> <form method="post" action="account.php"> <? if($_SESSION['profile']['points'] >= 50) { ?> <input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <? } ?> <p> <?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80></p> <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> <textarea name="CSR" cols="80" rows="15"></textarea><br> <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> </form> |
|
12modified.php (3,989 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> </tr> <? $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, `domaincerts`.`description` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) { $query .= "AND `revoked`=0 AND `renewed`=0 "; $query .= "HAVING `timeleft` > 0 "; } $query .= "ORDER BY `domaincerts`.`modified` desc"; //echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) $verified = _("Expired"); if($row['expired'] == 0) $verified = _("Pending"); if($row['revoked'] > 0) $verified = _("Revoked"); if($row['revoked'] == 0) $row['revoke'] = _("Not Revoked"); ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <? } else if($verified != _("Revoked")) { ?> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> <? } else { ?> <td class="DataTD"> </td> <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> |
|
16modified.php (3,314 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ include_once("../includes/shutdown.php"); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("New Client Certificate")?></td> </tr> <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> <? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) foreach($_SESSION['_config']['emails'] as $val) { ?> <tr> <td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td> </tr> <? } ?> <tr> <td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><input type="text" name="emails[]"></td> </tr> <tr> <td class="DataTD"><?=_("Name")?>:</td> <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td> </tr> <tr> <td class="DataTD"><?=_("Department")?>:</td> <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> </td> </tr> <? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?> <tr> <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="2" align="left"> <?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80> </td> </tr> <tr> <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> <input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> </form> |
|
18modified.php (4,207 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <? $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`, UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, `oemail`.`description` from `orgemailcerts` as `oemail`, `org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`oemail`.`orgid` "; if($viewall != 1) { $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 "; $query .= "HAVING `timeleft` > 0 AND `revoked`=0 "; } $query .= "ORDER BY `oemail`.`modified` desc"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) $verified = _("Expired"); if($row['expired'] == 0) $verified = _("Pending"); if($row['revoked'] > 0) $verified = _("Revoked"); if($row['revoked'] == 0) $row['revoke'] = _("Not Revoked"); ?> <tr> <? if($verified == _("Valid") || $verified == _("Expired")) { ?> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } else if($verified == _("Pending")) { ?> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$row['CN']?></td> <? } else { ?> <td class="DataTD"> </td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } ?> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> |
|
20modified.php (3,366 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ include_once("../includes/shutdown.php"); ?> <h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> <p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> <p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> <p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p> <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> <input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> <p> <?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Paste your CSR below...")?></p> <textarea name="CSR" cols="80" rows="15"></textarea><br> <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> </form> |
|
22modified.php (3,999 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <? $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`serial`, `orgdomaincerts`.`id` as `id`, `orgdomaincerts`.`description` from `orgdomaincerts`,`org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; if($viewall != 1) { $query .= "AND `revoked`=0 AND `renewed`=0 "; $query .= "HAVING `timeleft` > 0 "; } $query .= "ORDER BY `orgdomaincerts`.`modified` desc"; //echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) $verified = _("Expired"); if($row['expired'] == 0) $verified = _("Pending"); if($row['revoked'] > 0) $verified = _("Revoked"); if($row['revoked'] == 0) $row['revoke'] = _("Not Revoked"); ?> <tr> <? if($verified == _("Valid") || $verified == _("Expired")) { ?> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <? } else if($verified == _("Pending")) { ?> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> <? } else { ?> <td class="DataTD"> </td> <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> |
|
gpg0modified.php (1,374 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ include_once("../includes/shutdown.php"); ?> <p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p> <form method="post" action="gpg.php"> <p> <?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80></p> <textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br> <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> </form> |
|
gpg2modified.php (2,686 bytes)
<? /* LibreSSL - CAcert web application Copyright (C) 2004-2008 CAcert Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td> </tr> <tr> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Key ID")?></td> <td class="DataTD"><?=_("Comment")?></td> <? $query = "select UNIX_TIMESTAMP(`issued`) as `issued`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) as `expired`, `expire` as `expires`, `id`, `level`, `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' ORDER BY `issued` desc"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) { if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) $verified = _("Expired"); if($row['expired'] == 0) $verified = _("Pending"); ?> <tr> <? if($verified == _("Valid")) { ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> <? } else if($verified == _("Pending")) { ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$row['email']?></td> <? } else { ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> <? } ?> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> <td class="DataTD"><?=$row['description']?></td> </tr> <? } ?> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>"> </form> |
|
I attached the files which deals with the comment field for certificates. I did the following changes: For the Account area: Changes in pages/account.php.3 added line 55 to 60 Change in pages/account.php 5 added line 29 added line 45 with change in line 44 added line 92 Changes in pages/ account.php.10 added lines 37 and 38 Changes in pages/account.php.12 added line 29 added line 39 with change in line 38 added line 81 Changes in pages/account.php.16 added lines 59 to 64 Changes in pages/account.php.18 added line 29 added line 40 with change in line 39 added line 86 Changes in pages/account.php.20 added lines 32 and 33 Changes in pages/account.php.22 added line 29 added line 41 with change in line 40 added line 83 Change in includes/account.php added lines 242 to 246 added line 331 with change in line 330 added line 430 with change in line 430 added lines 663 to 667 added line 771 with change in line 770 added line 778 with change in line 777 added line 861 with change in line 860 added line 1038 with change in line 1037 added lines 1393 to 1397 added lines 1427 to 1431 added line 1497 with change in line 1496 added line 1588 with change in line 1587 added line 1664 with change in line 1663 added lines 1769 to 1772 added line 1914 with change in line 1915 added line 1991 with change in line 1992 For the gpg: Changes in pages/gpg.php.0 added lines 22 to 23 Changes in pages/gpg.php.2 added line 27 change in line 33 added line 65 Changes in www.gpg.php added lines 252 to 256 added line 290 with change in line 289 |
|
Hi I attached my changed files and listed where I made the changes. |
|
Merge conflict in includes/account.php (resolved on Testserver by hand) |
|
pushed new branch ti git-hub https://github.com/INOPIAE/CAcert/tree/bug-782 |
|
Issued a new certificate, entering a comment. Comment shows up when viewing the list of certificates => OK Changing a comment in the list of certificates does not work. Clicking on "Save comment" takes me back to the home page, the comment is not saved. The same happens when trying to add a comment to a cert that existed before the comment function was added. |
|
Test Case 1: gen Certificates with Filled Comment FieldClient Cert 4K_Class1_no_name => OK Server Cert 4K_Class1_no_name_server => OK GPG 4K_GPG => OK Org Client Cert 2K_by_firefox => OK Org Server Cert 4K_Class1_org_server => OK Test Case 2: edit Comment Field Client Cert 4K_Class1_no_name_edit => OK Server Cert 4K_Class1_no_name_server_edit => OK GPG GPG 4K_GPG_edit => OK Org Client Cert 2K_by_firefox_edit => OK Org Server Cert 4K_Class1_org_server_edit => OK Test Case 3: edit Comment Field with uncheck box Client Cert 4K_Class1_no_name_edit => OK Server Cert 4K_Class1_no_name_server_edit => OK GPG GPG 4K_GPG_edit => OK Org Client Cert 2K_by_firefox_edit => OK Org Server Cert 4K_Class1_org_server_edit => OK |
|
Bestehendes Zertifikat nach Erweiterung mit Kommentar versehen --> OK Das Kommentar geändert --> OK Das Kommentarfeld geleert --> OK Änderungen im Kommentar Feld und Feld NICHT angehakt --> Es kommt immer als Resultat "Zertifikats-Einstellungen wurden geändert." Kontrolle der Meldung und KEINE Änderung wurde durchgeführt. |
|
Created new client certificate with comment -> OK Change comment -> OK Delete comment -> OK add comment -> OK create new ORG client certificate with comment -> OK change comment -> OK create new client certificated without comment -> OK add comment -> OK change comment -> OK create new ORG server certificate with comment -> OK change comment -> OK delete comment -> OK add comment -> OK couldnt test server certificates as adding a new domain failed. double check 'success message'! always same message either if comment changed or not |
|
please review, at least three tester approved the patch. |
|
Second review OK. But we should switch to prepared statements in the near future. Ready to deploy. |
|
The patches have been installed on the production server on July 17, 2013. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2013-07/msg00006.html |
Date Modified | Username | Field | Change |
---|---|---|---|
2009-10-05 15:15 | khopesh | New Issue | |
2009-10-05 23:26 | khopesh | File Added: cacert_-_notes_for_certs.user.js | |
2009-10-06 22:25 | khopesh | Note Added: 0001501 | |
2009-10-06 22:27 | khopesh | Priority | normal => low |
2009-10-06 22:28 | khopesh | Note Edited: 0001501 | |
2009-10-06 22:30 | khopesh | Note Edited: 0001501 | |
2009-10-06 22:31 | khopesh | Note Edited: 0001501 | |
2011-08-31 11:26 | Uli60 | Relationship added | related to 0000976 |
2011-08-31 11:35 | Uli60 | Note Added: 0002382 | |
2011-08-31 11:36 | Uli60 | Assigned To | => Uli60 |
2011-08-31 11:36 | Uli60 | Status | new => needs work |
2011-09-14 23:25 | Uli60 | Relationship added | related to 0000776 |
2011-09-14 23:30 | Uli60 | Relationship added | related to 0000596 |
2012-10-30 23:19 | INOPIAE | Relationship added | duplicate of 0001106 |
2012-10-30 23:53 | INOPIAE | Relationship added | related to 0001105 |
2012-11-10 08:24 | INOPIAE | File Added: gpgmodified.php | |
2012-11-10 08:25 | INOPIAE | File Added: accountmodified.php | |
2012-11-10 08:25 | INOPIAE | File Added: 3modified.php | |
2012-11-10 08:26 | INOPIAE | File Added: 5modified.php | |
2012-11-10 08:26 | INOPIAE | File Added: 10modified.php | |
2012-11-10 08:26 | INOPIAE | File Added: 12modified.php | |
2012-11-10 08:26 | INOPIAE | File Added: 16modified.php | |
2012-11-10 08:27 | INOPIAE | File Added: 18modified.php | |
2012-11-10 08:27 | INOPIAE | File Added: 20modified.php | |
2012-11-10 08:27 | INOPIAE | File Added: 22modified.php | |
2012-11-10 08:28 | INOPIAE | File Added: gpg0modified.php | |
2012-11-10 08:28 | INOPIAE | File Added: gpg2modified.php | |
2012-11-10 08:31 | INOPIAE | Note Added: 0003320 | |
2012-11-10 08:32 | INOPIAE | Note Added: 0003321 | |
2012-11-10 08:32 | INOPIAE | Assigned To | Uli60 => BenBE |
2012-11-10 08:32 | INOPIAE | Status | needs work => fix available |
2012-11-13 22:15 | BenBE | Source_changeset_attached | => cacert-devel testserver 7b79337e |
2012-11-13 22:15 | BenBE | Source_changeset_attached | => cacert-devel testserver 3ecae0b7 |
2012-11-13 22:15 | BenBE | Note Added: 0003333 | |
2012-11-13 22:30 | BenBE | Source_changeset_attached | => cacert-devel testserver d32f58ef |
2012-11-13 22:30 | BenBE | Source_changeset_attached | => cacert-devel testserver a9618db4 |
2012-11-20 21:09 | INOPIAE | Note Added: 0003350 | |
2012-11-20 21:30 | BenBE | Source_changeset_attached | => cacert-devel testserver 10028d96 |
2012-11-20 21:30 | INOPIAE | Source_changeset_attached | => cacert-devel testserver 1f5a3718 |
2012-11-20 21:30 | INOPIAE | Source_changeset_attached | => cacert-devel testserver a9eb4516 |
2012-11-20 21:30 | INOPIAE | Source_changeset_attached | => cacert-devel testserver e6dee64e |
2012-11-20 23:45 | BenBE | Source_changeset_attached | => cacert-devel testserver 3a2d96a4 |
2012-11-20 23:45 | INOPIAE | Source_changeset_attached | => cacert-devel testserver 7fb56753 |
2012-11-20 23:45 | INOPIAE | Source_changeset_attached | => cacert-devel testserver da87734b |
2012-11-21 00:00 | BenBE | Source_changeset_attached | => cacert-devel testserver 1940196b |
2012-11-21 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver ef4fa3cf |
2012-12-08 11:26 | JensK | Note Added: 0003382 | |
2012-12-08 16:03 | INOPIAE | Relationship added | related to 0001071 |
2012-12-12 09:41 | INOPIAE | Relationship added | related to 0000454 |
2012-12-18 08:10 | INOPIAE | Relationship added | related to 0000386 |
2012-12-20 18:29 | Werner Dworak | Relationship added | related to 0000114 |
2013-01-06 21:55 | BenBE | Status | fix available => needs work |
2013-01-10 02:33 | Werner Dworak | Relationship deleted | related to 0000114 |
2013-04-27 21:59 | BenBE | Relationship added | parent of 0001169 |
2013-04-27 22:00 | BenBE | Relationship added | parent of 0001168 |
2013-05-14 21:22 | INOPIAE | Assigned To | BenBE => egal |
2013-05-14 21:22 | INOPIAE | Status | needs work => fix available |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 8afd9df7 |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable b6ce9396 |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable a3dbfe74 |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 58c3707c |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 27ac5abe |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 38d03242 |
2013-06-12 00:00 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable ef67528f |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 5314b051 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 882428da |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 71d6d063 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 45ee2038 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 714d9cd8 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 121f820f |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable b4af4ce4 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 8bfc6bd2 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable a8fa9c12 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 494eb592 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable c5e49e00 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable a8d25bfb |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable c2b222a4 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable b02d5765 |
2013-06-12 00:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable f4838bd3 |
2013-06-15 11:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 7d41a539 |
2013-06-15 11:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 752a538d |
2013-06-15 11:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable eac1f92e |
2013-06-19 20:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 24d9df40 |
2013-06-19 20:55 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable a93fac2b |
2013-06-19 20:55 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 8b5966d9 |
2013-06-19 20:55 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable fd647f30 |
2013-06-19 20:55 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 62aa3b39 |
2013-06-23 20:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable d210dc5c |
2013-06-23 20:10 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 389f8351 |
2013-06-23 20:35 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 79c4714c |
2013-06-23 20:35 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 4c282894 |
2013-06-23 21:00 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 4f99121d |
2013-06-23 21:00 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 8dffbe94 |
2013-06-24 19:15 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable a49337f2 |
2013-06-24 19:15 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 0b8b84f4 |
2013-06-24 20:15 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable bf0fffdf |
2013-06-24 20:15 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 57c0aa93 |
2013-06-25 21:10 | BenBE | Reviewed by | => BenBE |
2013-06-25 21:10 | BenBE | Status | fix available => needs review & testing |
2013-06-25 21:10 | BenBE | Product Version | => 2009 Q4 |
2013-06-25 21:10 | BenBE | Target Version | => 2013 Q3 |
2013-06-30 18:29 | MartinGummi | Note Added: 0004088 | |
2013-06-30 18:29 | MartinGummi | Note Edited: 0004088 | |
2013-06-30 18:30 | MartinGummi | Note Edited: 0004088 | |
2013-06-30 18:30 | MartinGummi | Note Edited: 0004088 | |
2013-07-01 20:30 | aterpotiz | Note Added: 0004089 | |
2013-07-02 19:44 | jbruckner | Note Added: 0004091 | |
2013-07-02 19:45 | jbruckner | Note Edited: 0004091 | |
2013-07-02 20:20 | INOPIAE | Note Added: 0004092 | |
2013-07-02 20:20 | INOPIAE | Assigned To | egal => NEOatNHNG |
2013-07-02 20:20 | INOPIAE | Status | needs review & testing => needs review |
2013-07-09 22:02 | NEOatNHNG | Reviewed by | BenBE => NEOatNHNG, BenBE |
2013-07-09 22:02 | NEOatNHNG | Note Added: 0004108 | |
2013-07-09 22:02 | NEOatNHNG | Status | needs review => ready to deploy |
2013-07-12 20:10 | BenBE | Source_changeset_attached | => cacert-devel release 0f787a6c |
2013-07-17 08:26 | wytze | Note Added: 0004169 | |
2013-07-17 08:26 | wytze | Status | ready to deploy => solved? |
2013-07-17 08:26 | wytze | Fixed in Version | => 2013 Q3 |
2013-07-17 08:26 | wytze | Resolution | open => fixed |
2013-10-15 20:24 | INOPIAE | Relationship deleted | parent of 0001169 |
2013-10-15 20:24 | INOPIAE | Relationship added | related to 0001169 |
2013-10-15 20:25 | INOPIAE | Relationship deleted | parent of 0001168 |
2013-10-15 20:25 | INOPIAE | Relationship added | related to 0001168 |
2013-10-15 20:25 | INOPIAE | Status | solved? => closed |
2014-04-09 20:47 | NEOatNHNG | Relationship added | related to 0001266 |