View Issue Details

IDProjectCategoryView StatusLast Update
0000782Main CAcert Websitemy accountpublic2014-04-09 20:47
Reporterkhopesh Assigned ToNEOatNHNG  
PrioritylowSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version2009 Q4 
Target Version2013 Q3Fixed in Version2013 Q3 
Summary0000782: Add "notes" field to certificate information
DescriptionI'd love the option to add notes to certificates so as to better identify which certificate is which when listed on the site (e.g. https://www.cacert.org/account.php?id=12#). Currently, I differentiate certs by date, renewing certs for the same CommonName on different days (e.g. wildcard certs, redundant system cets, web client certs), but this is getting annoying.
Additional InformationApologies if this is a dupe, Mantis doesn't appear to be allowing me to refine searches.
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructions

Relationships

duplicate of 0001106 closedINOPIAE Add new fields to the database 
related to 0000976 closedUli60 List of update request for webdb database structure upgrade with tables / fields 
related to 0000776 closedINOPIAE Let the user add a comment to certificates to distinguish them 
related to 0000596 closedNEOatNHNG add column serial# in certs overviews (client, server, orgclient, orgserver) 
related to 0001169 new Renewal Information near validity information 
related to 0001168 new Certificate Lists: Show basic key information 
related to 0001105 closedINOPIAE Add a comment field for certificate issuing 
related to 0001071 closedINOPIAE allow to add short notes for client certificates 
related to 0000454 closedINOPIAE Please add a description field to the Certificates 
related to 0000386 closed display type of certificates 
related to 0001266 closedNEOatNHNG Second-Level SQL Injection in Certificate-related queries 

Activities

2009-10-05 23:26

 

khopesh

2009-10-06 22:25

reporter   ~0001501

Last edited: 2009-10-06 22:31

Updated GreaseMonkey script and posted it (with screenshot) to:
http://userscripts.org/scripts/show/59256

The new script is FULLY FEATURE COMPLETE except for the whole storing data in a central location for use on multiple clients. At least this lets me manage my certs at work.

I don't appear to have the ability to obsolete or delete the previously attached version. Please use the userscripts.org version instead as it is VASTLY superior and may see further updates.

Uli60

2011-08-31 11:35

updater   ~0002382

eg view domain certs
 https://secure.cacert.org/account.php?id=12
view client certs
 https://secure.cacert.org/account.php?id=5

for adding informations to the user
eg on which pc i've created the cert, with which browser?
   for what purposes ?
this is interesting in case of renewal requests, where the private key cannot be found

INOPIAE

2012-11-10 08:24

updater  

gpgmodified.php (13,234 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<?
	require_once("../includes/loggedin.php");

        $id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']);
	$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;

	if($_SESSION['profile']['points'] < 50)
	{
		header("location: /account.php");
		exit;
	}

	loadem("account");



	$CSR=""; if(array_key_exists('CSR',$_REQUEST)) $CSR=stripslashes($_REQUEST['CSR']);


	if($oldid == "0")
	{
		if(array_key_exists('process',$_REQUEST) && $_REQUEST['process'] != "" && $CSR == "")
		{
			$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
			$id = $oldid;
			$oldid=0;
		}
	}

	$keyid="";

if(0)
{
  if($_SESSION["profile"]["id"] != 5897)
  {
    showheader(_("Welcome to CAcert.org"));
    echo "The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience.";
  
    exit(0);
  }
}


function verifyName($name)
{
	if($name == "") return 0;
	if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']) return 1;
	if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']) return 1;
	if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
	if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
	return 0;

}

function verifyEmail($email)
{
	if($email == "") return 0;
	if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
	return 0;
}



	$ToBeDeleted=array();
	$state=0;
	if($oldid == "0" && $CSR != "")
	{
		$debugkey = $gpgkey = clean_gpgcsr($CSR);

		$tnam = tempnam('/tmp/', '__gpg');
		$fp = fopen($tnam, 'w');
		fwrite($fp, $gpgkey);
		fclose($fp);
		$debugpg = $gpg = trim(`gpg --with-colons --homedir /tmp 2>&1 < $tnam`);
		unlink($tnam);

		$lines = "";
		$gpgarr = explode("\n", $gpg);
		foreach($gpgarr as $line)
		{
			#echo "Line[]: $line <br/>\n";
			if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid")
			{
				if($lines != "")
					$lines .= "\n";
				$lines .= $line;
			}
		}
		$gpg = $lines;
		$expires = 0;
		$nerr=0; $nok=0;
		$multiple = 0;

		$resulttable=_("The following UIDs were found in your key:")."<br/><table border='1'><tr><td>#</td><td>"._("Name")."</td><td>"._("Email")."</td><td>Result</td>";
		$i=0;
		$lastvalidemail="";
                $npubs=0;
		foreach(explode("\n", $gpg) as $line)
		{
			$bits = explode(":", $line);
			$resulttable.="<tr><td>".++$i."</td>";
			$name = $comment = "";
			if($bits[0] == "pub")
			{
				$npubs++;
			}
			if($npubs>1)
			{
				showheader(_("Welcome to CAcert.org"));
				echo "<font color='#ff0000'>"._("Please upload only one key at a time.")."</font>";
				unset($_REQUEST['process']);
				$id = $oldid;
				unset($oldid);
				exit();
			}
			if($bits[0] == "pub" && (!$keyid || !$when))
			{
				$keyid = $bits[4];
				$when = $bits[5];
				if($bits[6] != "")
					$expires = 1;
			}
			$name="";
			$comm="";
			$mail="";
			$uidformatwrong=0;

			if(sizeof($bits)<10) $uidformatwrong=1;
			
			if(preg_match("/\@.*\@/",$bits[9]))
			{
				showheader(_("Welcome to CAcert.org"));

				echo "<font color='#ff0000'>"._("Multiple Email Adresses per UID are not allowed.")."</font>";
				unset($_REQUEST['process']);
				$id = $oldid;
				unset($oldid);
				exit();
			}

			// Name (Comment) <Email>
			if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
			{
			  $name=trim(hex2bin($matches[1]));
			  $nocomment=0;
			  $comm=trim(hex2bin($matches[2]));
			  $mail=trim(hex2bin($matches[3]));
			}
			// Name <EMail>
			elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
			{
			  $name=trim(hex2bin($matches[1]));
			  $nocomment=1;
			  $comm="";
			  $mail=trim(hex2bin($matches[2]));
			}
			// Unrecognized format
			else
			{
				$nocomment=1;
				$uidformatwrong=1;
			}
  		  	$nameok=verifyName($name);
			$emailok=verifyEmail($mail);


			if($comm != "")
				$comment[] = $comm;

			$resulttable.="<td bgcolor='#".($nameok?"c0ffc0":"ffc0c0")."'>".sanitizeHTML($name)."</td>";
                        $resulttable.="<td bgcolor='#".($emailok?"c0ffc0":"ffc0c0")."'>".sanitizeHTML($mail)."</td>";

			$uidok=0;
			if($bits[1]=="r")
			{
				$rmessage=_("Error: UID is revoked");
			}
			elseif($uidformatwrong==1)
			{
				$rmessage=_("The format of the UID was not recognized. Please use 'Name (comment) &lt;email@domain>'");
			}
			elseif($mail=="" and $name=="")
			{
				$rmessage=_("Error: Both Name and Email address are empty");
			}
			elseif($emailok and $nameok)
			{
				$uidok=1;
				$rmessage=_("Name and Email OK.");
			}
			elseif(!$emailok and !$nameok)
			{
				$rmessage=_("Name and Email both cannot be matched with your account.");
			}
			elseif($emailok and $name=="")
			{
				$uidok=1;
				$rmessage=_("The email is OK. The name is empty.");
			}
			elseif($nameok and $mail=="")
			{
				$uidok=1;
				$rmessage=_("The name is OK. The email is empty.");
			}
			elseif(!$emailok)
			{
				$rmessage=_("The email address has not been registered and verified in your account. Please add the email address to your account first.");
			}
			elseif(!$nameok)
			{
				$rmessage=_("The name in the UID does not match the name in your account. Please verify the name.");
			}

			else
			{
				$rmessage=_("Error");
			}
			if($uidok)
			{
				$nok++;
				$resulttable.="<td>$rmessage</td>";
				$lastvalidemail=$mail;
			}
			else
			{
				$nerr++;
				//$ToBeDeleted[]=$i;
				//echo "Adding UID $i\n";
				$resulttable.="<td bgcolor='#ffc0c0'>$rmessage</td>";
			}
			$resulttable.="</tr>\n";

			if($emailok) $multiple++;
			
			if(trim($_REQUEST['description']) == ""){
       $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
      }else{
       $description= "";
      }
		}
		$resulttable.="</table>";


		if($nok==0)
		{
			showheader(_("Welcome to CAcert.org"));
			echo $resulttable;

			echo "<font color='#ff0000'>"._("No valid UIDs found on your key")."</font>";
			unset($_REQUEST['process']);
			$id = $oldid;
			unset($oldid);
			$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
			exit();
		}
		elseif($nerr)
		{
			$resulttable.=_("The unverified UIDs have been removed, the verified UIDs have been signed.");
		}


 	}


	if($oldid == "0" && $CSR != "")
	{
		$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
						`email`='".mysql_real_escape_string($lastvalidemail)."',
						`level`='1',
						`expires`='".mysql_real_escape_string($expires)."',
						`multiple`='".mysql_real_escape_string($multiple)."',
						`keyid`='".mysql_real_escape_string($keyid)."', 
						`description`='".mysql_real_escape_string($description)."'";
		mysql_query($query);
		$id = mysql_insert_id();


		$cwd = '/tmp/gpgspace'.$id;
		mkdir($cwd,0755);

		$fp = fopen("$cwd/gpg.csr", "w");
		fputs($fp, clean_gpgcsr($CSR));
		fclose($fp);


		system("gpg --homedir $cwd --import $cwd/gpg.csr");


		$debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`);
		$lines = "";
		$gpgarr = explode("\n", $gpg);
		foreach($gpgarr as $line)
		{
			//echo "Line[]: $line <br/>\n";
			if(substr($line, 0, 4) == "uid:")
			{
				$name = $comment = "";
				$bits = explode(":", $line);

				$pos = strpos($bits[9], "(") - 1;
				$nocomment = 0;
				if($pos < 0)
				{
					$nocomment = 1;
					$pos = strpos($bits[9], "<") - 1;
				}
				if($pos < 0)
				{
					$pos = strlen($bits[9]);
				}

				$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
				$nameok=verifyName($name);
				if($nocomment == 0)
				{
					$pos += 2;
					$pos2 = strpos($bits[9], ")");
					$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
					if($comm != "")
						$comment[] = $comm;
					$pos = $pos2 + 3;
				} else {
					$pos = strpos($bits[9], "<") + 1;
				}

				$mail="";
	                        if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
					//echo "Found: ".$match[1];
					$mail = trim(hex2bin($match[1]));
				}
				else
				{
					//echo "Not found!\n";
				}
	
				$emailok=verifyEmail($mail);

				$uidid=$bits[7];

			if($bits[1]=="r")
			{
				$ToBeDeleted[]=$uidid;
			}
			elseif($mail=="" and $name=="")
			{
				//echo "$uidid will be deleted\n";
				$ToBeDeleted[]=$uidid;
			}
			elseif($emailok and $nameok)
			{
			}
			elseif($emailok and $name=="")
			{
			}
			elseif($nameok and $mail=="")
			{
			}
			elseif(!$emailok and !$nameok)
			{
				//echo "$uidid will be deleted\n";
				$ToBeDeleted[]=$uidid;
			}
			elseif(!$emailok)
			{
				//echo "$uidid will be deleted\n";
				$ToBeDeleted[]=$uidid;
			}
			elseif(!$nameok)
			{
				//echo "$uidid will be deleted\n";
				$ToBeDeleted[]=$uidid;
			}

			}
		}




        if(count($ToBeDeleted)>0)
	{


		$descriptorspec = array(
			0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
			1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
			2 => array("pipe", "w") // stderr is a file to write to
		);
 
		$stderr = fopen('php://stderr', 'w'); 


		//echo "Keyid: $keyid\n";

		$process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
 
		//echo "Process: $process\n";
		//fputs($stderr,"Process: $process\n");

		if (is_resource($process)) {
		//echo("it is a resource\n");
		// $pipes now looks like this:
		// 0 => writeable handle connected to child stdin
		// 1 => readable handle connected to child stdout
		// Any error output will be appended to /tmp/error-output.txt
			while (!feof($pipes[1])) 
			{
				$buffer = fgets($pipes[1], 4096);
				//echo $buffer;

      if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
      {
        fputs($pipes[0],"yes\n");
      }
      elseif($buffer == "[GNUPG:] GOT_IT\n")
      {
      }
      elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
      {
        fputs($pipes[0],"yes\n");
      }
      elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
      {
        if(count($ToBeDeleted)>0)
        {
	  $delthisuid=array_pop($ToBeDeleted);
	  //echo "Deleting an UID $delthisuid\n";
          fputs($pipes[0],"uid ".$delthisuid."\n");
        }
        else
        {
	  //echo "Saving\n";
          fputs($pipes[0],$state?"save\n":"deluid\n");
          $state++;
        }
      }
      elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
      {
      }
      elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
      {
        echo "Key expired!\n";
	exit;
      }
      elseif($buffer == "")
      {
        //echo "Empty!\n";
      }
      else
      {
        echo "ERROR: UNKNOWN $buffer\n";
      }


			}
			//echo "Fertig\n";
			fclose($pipes[0]);
 
			//echo stream_get_contents($pipes[1]);
			fclose($pipes[1]);
 
			// It is important that you close any pipes before calling
			// proc_close in order to avoid a deadlock
			$return_value = proc_close($process);
 
			//echo "command returned $return_value\n";
		}
		else
		{
			echo "Keine ressource!\n";
		}


		}


		$csrname=generatecertpath("csr","gpg",$id);
		$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >$csrname`;

		mysql_query("update `gpg` set `csr`='$csrname' where `id`='$id'");
		waitForResult('gpg', $id);

		showheader(_("Welcome to CAcert.org"));
		echo $resulttable;
		$query = "select * from `gpg` where `id`='$id' and `crt`!=''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n";
			echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
		} else {
			echo "<pre>";
			readfile(generatecertpath("crt","gpg",$id));
			echo "</pre>";
		}

		showfooter();
		exit;
	}

	$id = intval($id);

	showheader(_("Welcome to CAcert.org"));
	includeit($id, "gpg");
	showfooter();
?>
gpgmodified.php (13,234 bytes)   

INOPIAE

2012-11-10 08:25

updater  

accountmodified.php (121,399 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
  
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
	require_once("../includes/loggedin.php");
	require_once("../includes/lib/l10n.php");

	loadem("account");

	$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
	$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
	$process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];

	$cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
	$orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
	$memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
	$domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);


	if(!$_SESSION['mconn'])
	{
		echo _("Several CAcert Services are currently unavailable. Please try again later.");
		exit;
	}

	if ($process == _("Cancel"))
	{
		// General reset CANCEL process requests
		$process = "";
	}


	if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
	{
		$id = 1;
		$oldid=0;
	}

	if($process != "" && $oldid == 1)
	{
		$id = 1;
		csrf_check('addemail');
		if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
			showfooter();
			exit;
		}
		if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("Not a valid email address. Can't continue."));
			showfooter();
			exit;
		}
		$oldid=0;
		$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
		$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0)
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
			showfooter();
			exit;
		}
		$checkemail = checkEmail($_REQUEST['newemail']);
		if($checkemail != "OK")
		{
			showheader(_("My CAcert.org Account!"));
			if (substr($checkemail, 0, 1) == "4") 
			{
				echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
			} else {
				echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
			}
			echo "<p>$checkemail</p>\n";
			showfooter();
			exit;
		}
		$hash = make_hash();
		$query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
		mysql_query($query);
		$emailid = mysql_insert_id();

		$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
		$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
		$body .= _("Best regards")."\n"._("CAcert.org Support!");

		sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");

		showheader(_("My CAcert.org Account!"));
		printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
		showfooter();
		exit;
	}

	if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
	{
		$id = 2;
		$emailid = intval($_REQUEST['emailid']);
		$query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			showheader(_("Error!"));
			echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
			showfooter();
			exit;
		}
		$row = mysql_fetch_assoc($res);
		$body  = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
		$body .= _("You are receiving this email because you or someone else")."\n";
		$body .= _("has changed the default email on your account.")."\n\n";

		$body .= _("Best regards")."\n"._("CAcert.org Support!");

		sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
				"support@cacert.org", "", "", "CAcert Support");

		$_SESSION['profile']['email'] = $row['email'];
		$query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
		mysql_query($query);
		showheader(_("My CAcert.org Account!"));
		printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
		showfooter();
		exit;
	}

	if($process != "" && $oldid == 2)
	{
		$id = 2;
		csrf_check("chgdef");
		showheader(_("My CAcert.org Account!"));
		$delcount = 0;
		if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
		{
			foreach($_REQUEST['delid'] as $id)
			{
				$id = intval($id);
				$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
						`email`!='".$_SESSION['profile']['email']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) > 0)
				{
					$row = mysql_fetch_assoc($res);
					echo $row['email']."<br>\n";
					$query = "select `emailcerts`.`id` 
							from `emaillink`,`emailcerts` where
							`emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
							`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
							group by `emailcerts`.`id`";
					$dres = mysql_query($query);
					while($drow = mysql_fetch_assoc($dres))
						mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
	
					$query = "update `email` set `deleted`=NOW() where `id`='$id'";
					mysql_query($query);
					$delcount++;
				}
			}
		}
		else
		{
			echo _("You did not select any email accounts for removal.");
		}
		if($delcount > 0)
		{
			echo _("The following accounts have been removed:")."<br>\n";
		} else {
			echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
		}

		showfooter();
		exit;
	}

	if($process != "" && $oldid == 3)
	{
		if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
		{
			showheader(_("My CAcert.org Account!"));
			echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
			showfooter();
			exit;
		}

		$_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);

		$_SESSION['_config']['addid'] = $_REQUEST['addid'];
		if($_SESSION['profile']['points'] >= 50)
			$_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
		if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
		{
			$_REQUEST['codesign'] = 0;
		}
		if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
		{
			if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
				$_SESSION['_config']['incname'] = 1;
		}
		if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
			$_SESSION['_config']['codesign'] = 1;
		else
			$_SESSION['_config']['codesign'] = 0;

		if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
			$_SESSION['_config']['disablelogin'] = 0;
		else
			$_SESSION['_config']['disablelogin'] = 1;

		$_SESSION['_config']['rootcert'] = 1;
		if($_SESSION['profile']['points'] >= 50)
		{
			$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
				$_SESSION['_config']['rootcert'] = 1;
		}
		$csr = "";
		if(trim($_REQUEST['optionalCSR']) == "")
		{
			$id = 4;
		} else {
			$oldid = 4;
			$_REQUEST['keytype'] = "MS";
			$csr = clean_csr($_REQUEST['optionalCSR']);
		}
		if(trim($_REQUEST['description']) == ""){
       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
    }else{
       $_SESSION['_config']['description']= "";
    }
	}

	if($oldid == 4)
	{
		if($_REQUEST['keytype'] == "NS")
		{
			$spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));

			if($spkac=="" || $spkac == "deadbeef")
			{
				$id = 4;
				showheader(_("My CAcert.org Account!"));
				echo _("I didn't receive a valid Certificate Request, please try a different browser.");
				showfooter();
				exit;
			}
			$count = 0;
			$emails = "";
			$addys = array();
			$defaultemail="";
			if(is_array($_SESSION['_config']['addid']))
			foreach($_SESSION['_config']['addid'] as $id)
			{
				$res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
				if(mysql_num_rows($res) > 0)
				{
					$row = mysql_fetch_assoc($res);
					if(!$emails)
						$defaultemail = $row['email'];
					$emails .= "$count.emailAddress = ".$row['email']."\n";
					$count++;
					$addys[] = intval($row['id']);
				}
			}
			if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
			{
				$id = 4;
				showheader(_("My CAcert.org Account!"));
				echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
				showfooter();
				exit;
			}
			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
			if($_SESSION['_config']['SSO'] == 1)
				$emails .= "$count.emailAddress = ".$user['uniqueID']."\n";

			if(strlen($user['mname']) == 1)
				$user['mname'] .= '.';
			if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
			{
				$emails .= "commonName = CAcert WoT User\n";
			}
			else
			{
				if($_SESSION['_config']['incname'] == 1)
					$emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
				if($_SESSION['_config']['incname'] == 2)
					$emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
				if($_SESSION['_config']['incname'] == 3)
					$emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
				if($_SESSION['_config']['incname'] == 4)
					$emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
			}
			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
				$_SESSION['_config']['rootcert'] = 1;

			$emails .= "SPKAC = $spkac";
			if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
			{
				$id = 4;
				showheader(_("My CAcert.org Account!"));
				echo $weakKey;
				showfooter();
				exit;
			}
			
			$query = "insert into emailcerts set
						`CN`='$defaultemail', 
						`keytype`='NS',
						`memid`='".intval($_SESSION['profile']['id'])."',
						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
						`codesign`='".intval($_SESSION['_config']['codesign'])."',
						`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
						`rootcert`='".intval($_SESSION['_config']['rootcert'])."', 
						`description`='".intval($_SESSION['_config']['description'])."'";
			mysql_query($query);
			$emailid = mysql_insert_id();
			if(is_array($addys))
			foreach($addys as $addy)
				mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
			$CSRname=generatecertpath("csr","client",$emailid);
			$fp = fopen($CSRname, "w");
			fputs($fp, $emails);
			fclose($fp);
			$challenge=$_SESSION['spkac_hash'];
                        $res=`openssl spkac -verify -in $CSRname`;
                        if(!strstr($res,"Challenge String: ".$challenge))
                        {
                                $id = $oldid;
                                showheader(_("My CAcert.org Account!"));
                                echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
                                showfooter();
                                exit;
                        }
			mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
			if($csr == "")
				$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
			
			if (($weakKey = checkWeakKeyCSR($csr)) !== "")
			{
				$id = 4;
				showheader(_("My CAcert.org Account!"));
				echo $weakKey;
				showfooter();
				exit;
			}
			
			$tmpfname = tempnam("/tmp", "id4CSR");
			$fp = fopen($tmpfname, "w");
			fputs($fp, $csr);
			fclose($fp);

			$addys = array();
			$defaultemail = "";
			$csrsubject="";

			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                        if(strlen($user['mname']) == 1)
                                $user['mname'] .= '.';
			if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
				$csrsubject = "/CN=CAcert WoT User";
			if($_SESSION['_config']['incname'] == 1)
				$csrsubject = "/CN=".$user['fname']." ".$user['lname'];
			if($_SESSION['_config']['incname'] == 2)
				$csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
			if($_SESSION['_config']['incname'] == 3)
				$csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
			if($_SESSION['_config']['incname'] == 4)
				$csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
			if(is_array($_SESSION['_config']['addid']))
			foreach($_SESSION['_config']['addid'] as $id)
			{
				$res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
				if(mysql_num_rows($res) > 0)
				{
					$row = mysql_fetch_assoc($res);
					if($defaultemail == "")
						$defaultemail = $row['email'];
					$csrsubject .= "/emailAddress=".$row['email'];
					$addys[] = $row['id'];
				}
			}
			if($_SESSION['_config']['SSO'] == 1)
				$csrsubject .= "/emailAddress = ".$user['uniqueID'];

			$tmpname = tempnam("/tmp", "id4csr");
			$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
			@unlink($tmpfname);
			$csr = "";
			$fp = fopen($tmpname, "r");
			while($data = fgets($fp, 4096))
				$csr .= $data;
			fclose($fp);
			@unlink($tmpname);
			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
				$_SESSION['_config']['rootcert'] = 1;

			if($csr == "")
			{
				$id = 4;
				showheader(_("My CAcert.org Account!"));
				echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
				showfooter();
				exit;
			}
			$query = "insert into emailcerts set 
						`CN`='$defaultemail', 
						`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
						`memid`='".$_SESSION['profile']['id']."',
						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
						`subject`='".mysql_real_escape_string($csrsubject)."',
						`codesign`='".$_SESSION['_config']['codesign']."',
						`rootcert`='".$_SESSION['_config']['rootcert']."', 
						`description`='".intval($_SESSION['_config']['description'])."'";
			mysql_query($query);
			$emailid = mysql_insert_id();
			if(is_array($addys))
			foreach($addys as $addy)
				mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
			$CSRname=generatecertpath("csr","client",$emailid);
			$fp = fopen($CSRname, "w");
			fputs($fp, $csr);
			fclose($fp);
			mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
		}
		waitForResult("emailcerts", $emailid, 4);
		$query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			$id = 4;
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		} else {
			$id = 6;
			$cert = $emailid;
			$_REQUEST['cert']=$emailid;
		}
	}

	if($oldid == 7)
	{
		csrf_check("adddomain");
		if(strstr($_REQUEST['newdomain'],"\x00"))
		{
                        showheader(_("My CAcert.org Account!"));
                        echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
                        showfooter();
                        exit;
		}

		list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
		while($newdomain['0'] == '-')
			$newdomain = substr($newdomain, 1);
		if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
			showfooter();
			exit;
		}

		$newdom = trim(escapeshellarg($newdomain));
		$newdomain = mysql_real_escape_string(trim($newdomain));

		$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
		$query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
		$res2 = mysql_query($query);
		if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
		{
			$oldid=0;
			$id = 7;
			showheader(_("My CAcert.org Account!"));
			printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
			showfooter();
			exit;
		}
	}

	if($oldid == 7)
	{
		$oldid=0;
		$id = 8;
		$addy = array();
		$adds = array();
		if(strtolower(substr($newdom, -4, 3)) != ".jp")
			$adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
		if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
		{
			if(is_array($adds))
			foreach($adds as $line)
			{
				$bits = explode(":", $line, 2);
				$line = trim($bits[1]);
				if(!in_array($line, $addy) && $line != "")
					$addy[] = trim(mysql_real_escape_string(stripslashes($line)));
			}
		} else {
			if(is_array($adds))
			foreach($adds as $line)
			{
				$line = trim(str_replace("\t", " ", $line));
				$line = trim(str_replace("(", "", $line));
				$line = trim(str_replace(")", " ", $line));
				$line = trim(str_replace(":", " ", $line));

				$bits = explode(" ", $line);
				foreach($bits as $bit)
				{
					if(strstr($bit, "@"))
						$line = $bit;
				}
				if(!in_array($line, $addy) && $line != "")
					$addy[] = trim(mysql_real_escape_string(stripslashes($line)));
			}
		}

		$rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
		foreach($rfc as $sub)
			if(!in_array($sub, $addy))
				$addy[] = $sub;
		$_SESSION['_config']['addy'] = $addy;
		$_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
	}

	if($process != "" && $oldid == 8)
	{
		csrf_check('ctcinfo');
		$oldid=0;
		$id = 8;

		$authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));

		if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
		{
			showheader(_("My CAcert.org Account!"));
			echo _("The address you submitted isn't a valid authority address for the domain.");
			showfooter();
			exit;
		}

		if(!in_array($authaddy, $_SESSION['_config']['addy']))
		{
			showheader(_("My CAcert.org Account!"));
			echo _("The address you submitted isn't a valid authority address for the domain.");
			showfooter();
			exit;
		}

		$query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0)
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
			showfooter();
			exit;
		}
		$checkemail = checkEmail($authaddy);
		if($checkemail != "OK")
		{
			showheader(_("My CAcert.org Account!"));
			//echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
			if (substr($checkemail, 0, 1) == "4") 
			{
				echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
			} else {
				echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
			}
			echo "<p>$checkemail</p>\n";
			showfooter();
			exit;
		}

		$hash = make_hash();
		$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
					`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
		mysql_query($query);
		$domainid = mysql_insert_id();

		$body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
		$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
		$body .= _("Best regards")."\n"._("CAcert.org Support!");

		sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");

		showheader(_("My CAcert.org Account!"));
		printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
		showfooter();
		exit;
	}

	if($process != "" && $oldid == 9)
	{
		$id = 9;
		showheader(_("My CAcert.org Account!"));
		if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
		{
			echo _("The following domains have been removed:")."<br>
				("._("Any valid certificates will be revoked as well").")<br>\n";

			foreach($_REQUEST['delid'] as $id)
			{
				$id = intval($id);
				$query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) > 0)
				{
					$row = mysql_fetch_assoc($res);
					echo $row['domain']."<br>\n";
					mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
					$dres = mysql_query("select * from `domlink` where `domid`='$id'");
					while($drow = mysql_fetch_assoc($dres))
						mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
				}
			}
		}
		else
		{
			echo _("You did not select any domains for removal.");
		}

		showfooter();
		exit;
	}

	if($process != "" && $oldid == 10)
	{
		$CSR = clean_csr($_REQUEST['CSR']);
		if(strpos($CSR,"---BEGIN")===FALSE)
		{
		  // In case the CSR is missing the ---BEGIN lines, add them automatically:
		  $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
		}
		
		if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
		{
			showheader(_("My CAcert.org Account!"));
			echo $weakKey;
			showfooter();
			exit;
		}
		
		if(trim($_REQUEST['description']) == ""){
       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
    }else{
       $_SESSION['_config']['description']= "";
    }
    
		$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
		$fp = fopen($_SESSION['_config']['tmpfname'], "w");
		fputs($fp, $CSR);
		fclose($fp);
		$CSR = $_SESSION['_config']['tmpfname'];
		$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
		$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
		foreach($bits as $val)
		{
			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
		}
		$id = 11;

		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
		extractit();
		getcn();
		getalt();

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
		{
			showheader(_("My CAcert.org Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
			showfooter();
			exit;
		}

		$_SESSION['_config']['rootcert'] = 1;
		if($_SESSION['profile']['points'] >= 50)
		{
			$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
				$_SESSION['_config']['rootcert'] = 1;
		}
	}

	if($process != "" && $oldid == 11)
	{
		if(!file_exists($_SESSION['_config']['tmpfname']))
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		}
		
		if (($weakKey = checkWeakKeyCSR(file_get_contents(
				$_SESSION['_config']['tmpfname']))) !== "")
		{
			showheader(_("My CAcert.org Account!"));
			echo $weakKey;
			showfooter();
			exit;
		}
		
		$id = 11;
		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
		{
			showheader(_("My CAcert.org Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
			showfooter();
			exit;
		}

		$subject = "";
		$count = 0;
		$supressSAN=0;
                if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;

		if(is_array($_SESSION['_config']['rows']))
			foreach($_SESSION['_config']['rows'] as $row)
			{
				$count++;
				if($count <= 1)
				{
					$subject .= "/CN=$row";
					if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
					if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
				} else {
					if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
					if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
				}
			}
		if(is_array($_SESSION['_config']['altrows']))
			foreach($_SESSION['_config']['altrows'] as $row)
			{
				if(substr($row, 0, 4) == "DNS:")
				{
					$row = substr($row, 4);
					if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
					if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
				}
			}
		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
			$_SESSION['_config']['rootcert'] = 1;

		if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
		{
			$query = "insert into `domaincerts` set 
						`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
						`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
						`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', 
						`description`='".intval($_SESSION['_config']['description'])."'";
		} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
			$query = "insert into `domaincerts` set 
						`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
						`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
						`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', 
						`description`='".intval($_SESSION['_config']['description'])."'";
		} else {
			showheader(_("My CAcert.org Account!"));
			echo _("Domain not verified.");
			showfooter();
			exit;

		}

		mysql_query($query);
		$CSRid = mysql_insert_id();

		if(is_array($_SESSION['_config']['rowid']))
			foreach($_SESSION['_config']['rowid'] as $dom)
				mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
		if(is_array($_SESSION['_config']['altid']))
		foreach($_SESSION['_config']['altid'] as $dom)
			mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");

		$CSRname=generatecertpath("csr","server",$CSRid);
		rename($_SESSION['_config']['tmpfname'], $CSRname);
		chmod($CSRname,0644);
		mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
		waitForResult("domaincerts", $CSRid, 11);
		$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			$id = 11;
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		} else {
			$id = 15;
			$cert = $CSRid;
			$_REQUEST['cert']=$CSRid;
		}
	}

	if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
	{
		csrf_check('srvcerchange');
		$id = 12;
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			echo _("Now renewing the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				echo _("Processing request")." $id:<br/>";
				$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
						where `domaincerts`.`id`='$id' and
						`domaincerts`.`domid`=`domains`.`id` and
						`domains`.`memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
					continue;
				}
				
				$row = mysql_fetch_assoc($res);
				
				if (($weakKey = checkWeakKeyX509(file_get_contents(
						$row['crt_name']))) !== "")
				{
					echo $weakKey, "<br/>\n";
					continue;
				}
				
				mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
				$query = "insert into `domaincerts` set 
						`domid`='".$row['domid']."', 
						`CN`='".mysql_real_escape_string($row['CN'])."',
						`subject`='".mysql_real_escape_string($row['subject'])."',".
						//`csr_name`='".$row['csr_name']."', // RACE CONDITION
						"`created`='".$row['created']."',
						`modified`=NOW(), 
						`rootcert`='".$row['rootcert']."',
						`type`='".$row['type']."',
						`pkhash`='".$row['pkhash']."', 
						`description`='".$row['description']."'";
				mysql_query($query);
				$newid = mysql_insert_id();
				$newfile=generatecertpath("csr","server",$newid);
				copy($row['csr_name'], $newfile);
				$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
				$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
				foreach($bits as $val)
				{
					$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
				}
				$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
				extractit();
				getcn();
				getalt();

				if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
				{
					echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
					continue;
				}

				$subject = "";
				$count = 0;
				if(is_array($_SESSION['_config']['rows']))
					foreach($_SESSION['_config']['rows'] as $row)
					{
						$count++;
						if($count <= 1)
						{
							$subject .= "/CN=$row";
							if(!strstr($subject, "=$row/") &&
								substr($subject, -strlen("=$row")) != "=$row")
								$subject .= "/subjectAltName=$row";
						} else {
							if(!strstr($subject, "=$row/") &&
								substr($subject, -strlen("=$row")) != "=$row")
								$subject .= "/subjectAltName=$row";
						}
					}
				if(is_array($_SESSION['_config']['altrows']))
					foreach($_SESSION['_config']['altrows'] as $row)
						if(!strstr($subject, "=$row/") &&
							substr($subject, -strlen("=$row")) != "=$row")
							$subject .= "/subjectAltName=$row";
				$subject = mysql_real_escape_string($subject);
				mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");

				echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
				waitForResult("domaincerts", $newid,$oldid,0);
				$query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
				} else {
					$drow = mysql_fetch_assoc($res);
					$cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
					echo "<pre>\n$cert\n</pre>\n";
				}
			}
		}
		else
		{
			echo _("You did not select any certificates for renewal.");
		}
		showfooter();
		exit;
	}

	if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
	{
		csrf_check('srvcerchange');
		$id = 12;
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			echo _("Now revoking the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` 
						where `domaincerts`.`id`='$id' and
						`domaincerts`.`domid`=`domains`.`id` and
						`domains`.`memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['revoke'] > 0)
				{
					printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
				printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
			}
		}
		else
		{
			echo _("You did not select any certificates for revocation.");
		}

		if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
		{
			echo _("Now deleting the following pending requests:")."<br>\n";
			foreach($_REQUEST['delid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` 
						where `domaincerts`.`id`='$id' and
						`domaincerts`.`domid`=`domains`.`id` and
						`domains`.`memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['expired'] > 0)
				{
					printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("delete from `domaincerts` where `id`='$id'");
				@unlink($row['csr_name']);
				@unlink($row['crt_name']);
				printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
			}
		}
		showfooter();
		exit;
	}

	if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
	{
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			echo _("Now renewing the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` 
						where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				
				$row = mysql_fetch_assoc($res);
				
				if (($weakKey = checkWeakKeyX509(file_get_contents(
						$row['crt_name']))) !== "")
				{
					echo $weakKey, "<br/>\n";
					continue;
				}
				
				mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
				$query = "insert into emailcerts set 
						`memid`='".$row['memid']."', 
						`CN`='".mysql_real_escape_string($row['CN'])."',
						`subject`='".mysql_real_escape_string($row['subject'])."',
						`keytype`='".$row['keytype']."', 
						`csr_name`='".$row['csr_name']."', 
						`created`='".$row['created']."', 
						`modified`=NOW(),
						`disablelogin`='".$row['disablelogin']."',
						`codesign`='".$row['codesign']."',
						`rootcert`='".$row['rootcert']."', 
						`description`='".$row['description']."'";
				mysql_query($query);
				$newid = mysql_insert_id();
				$newfile=generatecertpath("csr","client",$newid);
				copy($row['csr_name'], $newfile);
				mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
				$res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
				while($r2 = mysql_fetch_assoc($res))
				{
					mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
							`emailcertsid`='$newid'");
				}
				waitForResult("emailcerts", $newid,$oldid,0);
				$query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
				} else {
					printf(_("Certificate for '%s' has been renewed."), $row['CN']);
					echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
						_("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
				}
			}
		}
		else
		{
			echo _("You did not select any certificates for renewal.")."<br/>";
		}

		showfooter();
		exit;
	}

	if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
	{
		$id = 5;
		showheader(_("My CAcert.org Account!"));
		if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
		{
			echo _("Now revoking the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` 
						where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['revoke'] > 0)
				{
					printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
				printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
			}
		}
		else
		{
			echo _("You did not select any certificates for revocation.");
		}

		if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
		{
			echo _("Now deleting the following pending requests:")."<br>\n";
			foreach($_REQUEST['delid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` 
						where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['expired'] > 0)
				{
					printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("delete from `emailcerts` where `id`='$id'");
				@unlink($row['csr_name']);
				@unlink($row['crt_name']);
				printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
			}
		}
		showfooter();
		exit;
	}

	if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
	{
	  showheader(_("My CAcert.org Account!"));
	  //echo _("Now changing the settings for the following certificates:")."<br>\n";
	  foreach($_REQUEST as $id => $val)
	  {
	    //echo $id."<br/>";
	    if(substr($id,0,5)=="cert_")
	    {
	      $id = intval(substr($id,5));
	      $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
	      //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
	      mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
	      //$row = mysql_fetch_assoc($res);
	    }
	  }
	  echo(_("Certificate settings have been changed.")."<br/>\n");
	  showfooter();
	  exit;
	}


	if($oldid == 13 && $process != "")
	{
		csrf_check("perschange");
		$_SESSION['_config']['user'] = $_SESSION['profile'];

		$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
		$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
		$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
		$_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
		$_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
		$_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
		$_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
		$_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
		$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
		$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));

                if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
                        $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
                        $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
                {
                        $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
                        $id = $oldid;
			$oldid=0;
                }

		if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
			$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
			$_SESSION['_config']['user']['Q5'] == "")
		{
			$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
			$id = $oldid;
			$oldid=0;
		}
	}

	if($oldid == 13 && $process != "")
	{
		$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
		$ddres = mysql_query($ddquery);
		$ddrow = mysql_fetch_assoc($ddres);
		$_SESSION['profile']['points'] = $ddrow['total'];
		
		if($_SESSION['profile']['points'] == 0)
		{
			$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
			$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
			$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
			$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
			$_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
			$_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
			$_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);

			if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
			{
				$_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
				$id = $oldid;
				$oldid=0;
			}
			if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
				$_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
			{
				$_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
				$id = $oldid;
				$oldid=0;
			}
		}
	}

	if($oldid == 13 && $process != "")
	{
		if($_SESSION['profile']['points'] == 0)
		{
			$query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
						`mname`='".$_SESSION['_config']['user']['mname']."',
						`lname`='".$_SESSION['_config']['user']['lname']."',
						`suffix`='".$_SESSION['_config']['user']['suffix']."',
						`dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
						where `id`='".$_SESSION['profile']['id']."'";
			mysql_query($query);
		}
		$query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
						`Q2`='".$_SESSION['_config']['user']['Q2']."',
						`Q3`='".$_SESSION['_config']['user']['Q3']."',
						`Q4`='".$_SESSION['_config']['user']['Q4']."',
						`Q5`='".$_SESSION['_config']['user']['Q5']."',
						`A1`='".$_SESSION['_config']['user']['A1']."',
						`A2`='".$_SESSION['_config']['user']['A2']."',
						`A3`='".$_SESSION['_config']['user']['A3']."',
						`A4`='".$_SESSION['_config']['user']['A4']."',
						`A5`='".$_SESSION['_config']['user']['A5']."'
						where `id`='".$_SESSION['profile']['id']."'";
		mysql_query($query);

		//!!!Should be rewritten 
		$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
		$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
		if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
		{
			$query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
						`otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
			mysql_query($query);
		}

		$_SESSION['_config']['user']['set'] = 0;
		$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
		$_SESSION['profile']['loggedin'] = 1;

		$ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
		$ddres = mysql_query($ddquery);
		$ddrow = mysql_fetch_assoc($ddres);
		$_SESSION['profile']['points'] = $ddrow['total'];


		$id = 13;
		showheader(_("My CAcert.org Account!"));
		echo _("Your details have been updated with the database.");
		showfooter();
		exit;
	}

	if($oldid == 14 && $process != "")
	{
		$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
		$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
		$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));

		$id = 14;
		csrf_check("pwchange");

		showheader(_("My CAcert.org Account!"));
		if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
		{
			echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
				'</h3>', "\n";
			echo _("New Pass Phrases specified don't match or were blank.");
		} else {
			$score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
						$_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);

			if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
			{
				$match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
						(`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
						`password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
				$rc = mysql_num_rows($match);
			} else {
				$rc = 1;
			}

			if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
				echo '<h3 style="color:red">',
					_("Failure: Pass Phrase not Changed"), '</h3>', "\n";
				echo _("The Pass Phrase you submitted was too short.");
			} else if($score < 3) {
				echo '<h3 style="color:red">',
					_("Failure: Pass Phrase not Changed"), '</h3>', "\n";
				printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
			} else if($rc <= 0) {
				echo '<h3 style="color:red">',
					_("Failure: Pass Phrase not Changed"), '</h3>', "\n";
				echo _("You failed to correctly enter your current Pass Phrase.");
			} else {
				mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
						where `id`='".$_SESSION['profile']['id']."'");
				echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
				echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
				$body  = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
				$body .= _("You are receiving this email because you or someone else")."\n";
				$body .= _("has changed the password on your account.")."\n";

				$body .= _("Best regards")."\n"._("CAcert.org Support!");

				sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
						"support@cacert.org", "", "", "CAcert Support");
			}
		}
		showfooter();
		exit;
	}

	if($oldid == 16)
	{
		$id = 16;
		$_SESSION['_config']['emails'] = array();

		foreach($_REQUEST['emails'] as $val)
		{
			$val = mysql_real_escape_string(stripslashes(trim($val)));
			$bits = explode("@", $val);
			$count = count($bits);
			if($count != 2)
				continue;

			if(checkownership($bits[1]) == false)
				continue;

			if(!is_array($_SESSION['_config']['row']))
				continue;
			else if($_SESSION['_config']['row']['id'] > 0)
				$_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];

			if($val != "")
				$_SESSION['_config']['emails'][] = $val;
		}
		$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
		$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
		
      
    if(trim($_REQUEST['description']) == ""){
        $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
    }else{
        $_SESSION['_config']['description']= "";
    }
	}

	if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
	{
		$id = 16;
		showheader(_("My CAcert.org Account!"));
		echo _("I couldn't match any emails against your organisational account.");
		showfooter();
		exit;
	}

	if($oldid == 16 && $process != "")
	{

		if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
		{
			$_REQUEST['codesign'] = 1;
			$_SESSION['_config']['codesign'] = 1;
		}
		else
		{
			$_REQUEST['codesign'] = 0;
			$_SESSION['_config']['codesign'] = 0;
		}

		$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
			$_SESSION['_config']['rootcert'] = 1;

    if(trim($_REQUEST['description']) == ""){
        $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
    }else{
        $_SESSION['_config']['description']= "";
    }
      
		if(@count($_SESSION['_config']['emails']) > 0)
			$id = 17;
	}

	if($oldid == 17)
	{
		$org = $_SESSION['_config']['row'];
		if($_REQUEST['keytype'] == "NS")
		{
			$spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));

			if($spkac == "" || strlen($spkac) < 128)
			{
				$id = 17;
				showheader(_("My CAcert.org Account!"));
				echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
				showfooter();
				exit;
			}

			$count = 0;
			$emails = "";
			$addys = array();
			if(is_array($_SESSION['_config']['emails']))
			foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
			{
				if(!$emails)
					$defaultemail = $_REQUEST['email'];
				$emails .= "$count.emailAddress = $_REQUEST[email]\n";
				$count++;
			}
			if($_SESSION['_config']['name'] != "")
				$emails .= "commonName = ".$_SESSION['_config']['name']."\n";
			if($_SESSION['_config']['OU'])
				$emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
			if($org['O'])
				$emails .= "organizationName = ".$org['O']."\n";
			if($org['L'])
				$emails .= "localityName = ".$org['L']."\n";
			if($org['ST'])
				$emails .= "stateOrProvinceName = ".$org['ST']."\n";
			if($org['C'])
				$emails .= "countryName = ".$org['C']."\n";
			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
				$_SESSION['_config']['rootcert'] = 1;
      
      
			$emails .= "SPKAC = $spkac";
			if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
			{
				$id = 17;
				showheader(_("My CAcert.org Account!"));
				echo $weakKey;
				showfooter();
				exit;
			}
			
			$query = "insert into `orgemailcerts` set 
						`CN`='$defaultemail', 
						`keytype`='NS',
						`orgid`='".$org['orgid']."',
						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
						`codesign`='".$_SESSION['_config']['codesign']."',
						`rootcert`='".$_SESSION['_config']['rootcert']."', 
						`description`='".intval($_SESSION['_config']['description'])."'";
			mysql_query($query);
			$emailid = mysql_insert_id();

			foreach($_SESSION['_config']['domids'] as $addy)
				mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");

			$CSRname=generatecertpath("csr","orgclient",$emailid);
			$fp = fopen($CSRname, "w");
			fputs($fp, $emails);
			fclose($fp);
			$challenge=$_SESSION['spkac_hash'];
                        $res=`openssl spkac -verify -in $CSRname`;
                        if(!strstr($res,"Challenge String: ".$challenge))
                        {
                                $id = $oldid;
                                showheader(_("My CAcert.org Account!"));
                                echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
                                showfooter();
                                exit;
                        }
			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
			$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
			
			if (($weakKey = checkWeakKeyCSR($csr)) !== "")
			{
				$id = 17;
				showheader(_("My CAcert.org Account!"));
				echo $weakKey;
				showfooter();
				exit;
			}
			
			$tmpfname = tempnam("/tmp", "id17CSR");
			$fp = fopen($tmpfname, "w");
			fputs($fp, $csr);
			fclose($fp);

			$addys = array();
			$defaultemail = "";
			$csrsubject="";

			if($_SESSION['_config']['name'] != "")
				$csrsubject = "/CN=".$_SESSION['_config']['name'];
			if(is_array($_SESSION['_config']['emails']))
			foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
			{
				if($defaultemail == "")
					$defaultemail = $_REQUEST['email'];
				$csrsubject .= "/emailAddress=$_REQUEST[email]";
			}
			if($_SESSION['_config']['OU'])
				$csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
			if($org['O'])
				$csrsubject .= "/organizationName=".$org['O'];
			if($org['L'])
				$csrsubject .= "/localityName=".$org['L'];
			if($org['ST'])
				$csrsubject .= "/stateOrProvinceName=".$org['ST'];
			if($org['C'])
				$csrsubject .= "/countryName=".$org['C'];

			$tmpname = tempnam("/tmp", "id17csr");
			$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
			@unlink($tmpfname);
			$csr = "";
			$fp = fopen($tmpname, "r");
			while($data = fgets($fp, 4096))
				$csr .= $data;
			fclose($fp);
			@unlink($tmpname);

			if($csr == "")
			{
				showheader(_("My CAcert.org Account!"));
				echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
				showfooter();
				exit;
			}
			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
				$_SESSION['_config']['rootcert'] = 1;

			$query = "insert into `orgemailcerts` set 
						`CN`='$defaultemail', 
						`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
						`orgid`='".$org['orgid']."',
						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
						`subject`='$csrsubject',
						`codesign`='".$_SESSION['_config']['codesign']."',
						`rootcert`='".$_SESSION['_config']['rootcert'].."', 
						`description`='".intval($_SESSION['_config']['description'])."'";
			mysql_query($query);
			$emailid = mysql_insert_id();

			foreach($_SESSION['_config']['domids'] as $addy)
				mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");

			$CSRname=generatecertpath("csr","orgclient",$emailid);
			$fp = fopen($CSRname, "w");
			fputs($fp, $csr);
			fclose($fp);
			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
		}
		waitForResult("orgemailcerts", $emailid,$oldid);
		$query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		} else {
			$id = 19;
			$cert = $emailid;
			$_REQUEST['cert']=$emailid;
		}
	}

	if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
	{
		csrf_check('clicerchange');
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			$id = 18;
			echo _("Now renewing the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				echo "Renewing certificate #$id ...\n<br/>";
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
						where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
						`org`.`orgid`=`orgemailcerts`.`orgid`";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				
				$row = mysql_fetch_assoc($res);
				
				if (($weakKey = checkWeakKeyX509(file_get_contents(
						$row['crt_name']))) !== "")
				{
					echo $weakKey, "<br/>\n";
					continue;
				}
				
				mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
				if($row['revoke'] > 0)
				{
					printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
					continue;
				}
				$query = "insert into `orgemailcerts` set 
						`orgid`='".$row['orgid']."', 
						`CN`='".$row['CN']."',
						`subject`='".$row['subject']."',
						`keytype`='".$row['keytype']."', 
						`csr_name`='".$row['csr_name']."', 
						`created`='".$row['created']."', 
						`modified`=NOW(),
						`codesign`='".$row['codesign']."',
						`rootcert`='".$row['rootcert']."', 
						`description`='".$row['description']."'";
				mysql_query($query);
				$newid = mysql_insert_id();
				$newfile=generatecertpath("csr","orgclient",$newid);
				copy($row['csr_name'], $newfile);
				mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
				waitForResult("orgemailcerts", $newid,$oldid,0);
				$query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
				$res = mysql_query($query);
				if(mysql_num_rows($res) > 0)
				{
					printf(_("Certificate for '%s' has been renewed."), $row['CN']);
					echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
						_("Click here")."</a> "._("to install your certificate.");
				}
				echo("<br/>");
			}
		}
		else
		{
			echo _("You did not select any certificates for renewal.");
		}
		showfooter();
		exit;
	}

	if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
	{
		csrf_check('clicerchange');
		$id = 18;
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			echo _("Now revoking the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
						where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
						`org`.`orgid`=`orgemailcerts`.`orgid`";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['revoke'] > 0)
				{
					printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
				printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
			}
		}
		else
		{
			echo _("You did not select any certificates for revocation.");
		}

		if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
		{
			echo _("Now deleting the following pending requests:")."<br>\n";
			foreach($_REQUEST['delid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
						where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
						`org`.`orgid`=`orgemailcerts`.`orgid`";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['expired'] > 0)
				{
					printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("delete from `orgemailcerts` where `id`='$id'");
				@unlink($row['csr_name']);
				@unlink($row['crt_name']);
				printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
			}
		}
		showfooter();
		exit;
	}

	if($process != "" && $oldid == 20)
	{
		$CSR = clean_csr($_REQUEST['CSR']);
		
		if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
		{
			$id = 20;
			showheader(_("My CAcert.org Account!"));
			echo $weakKey;
			showfooter();
			exit;
		}
		
		if(trim($_REQUEST['description']) == ""){
       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
    }else{
       $_SESSION['_config']['description']= "";
    }
    
		$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
		$fp = fopen($_SESSION['_config']['tmpfname'], "w");
		fputs($fp, $CSR);
		fclose($fp);
		$CSR = $_SESSION['_config']['tmpfname'];
		$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
		$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
		foreach($bits as $val)
		{
			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
		}
		$id = 21;

		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
		extractit();
		getcn2();
		getalt2();

		$query = "select * from `orginfo`,`org`,`orgdomains` where
				`org`.`memid`='".$_SESSION['profile']['id']."' and
				`org`.`orgid`=`orginfo`.`id` and
				`org`.`orgid`=`orgdomains`.`orgid` and
				`orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
		$_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
		$query = "select * from `orginfo`,`org`,`orgdomains` where
				`org`.`memid`='".$_SESSION['profile']['id']."' and
				`org`.`orgid`=`orginfo`.`id` and
				`org`.`orgid`=`orgdomains`.`orgid` and
				`orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
		$_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
//echo "<pre>"; print_r($_SESSION['_config']); die;

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
		{
			$id = 20;
			showheader(_("My CAcert.org Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
			showfooter();
			exit;
		}

		$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
			$_SESSION['_config']['rootcert'] = 1;
	}

	if($process != "" && $oldid == 21)
	{
		$id = 21;
		
		if(!file_exists($_SESSION['_config']['tmpfname']))
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		}
		
		if (($weakKey = checkWeakKeyCSR(file_get_contents(
				$_SESSION['_config']['tmpfname']))) !== "")
		{
			showheader(_("My CAcert.org Account!"));
			echo $weakKey;
			showfooter();
			exit;
		}

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
		{
			showheader(_("My CAcert.org Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
			showfooter();
			exit;
		}

                if($_SESSION['_config']['rowid']['0'] > 0)
                {
			$query = "select * from `org`,`orginfo` where
					`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
					`orginfo`.`id`=`org`.`orgid` and
					`org`.`memid`='".$_SESSION['profile']['id']."'";
		} else {
			$query = "select * from `org`,`orginfo` where
					`orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
					`orginfo`.`id`=`org`.`orgid` and
					`org`.`memid`='".$_SESSION['profile']['id']."'";
		}
		$org = mysql_fetch_assoc(mysql_query($query));
		$csrsubject = "";

		if($_SESSION['_config']['OU'])
			$csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
		if($org['O'])
			$csrsubject .= "/organizationName=".$org['O'];
		if($org['L'])
			$csrsubject .= "/localityName=".$org['L'];
		if($org['ST'])
			$csrsubject .= "/stateOrProvinceName=".$org['ST'];
		if($org['C'])
			$csrsubject .= "/countryName=".$org['C'];
		//if($org['contact'])
		//	$csrsubject .= "/emailAddress=".trim($org['contact']);

		if(is_array($_SESSION['_config']['rows']))
			foreach($_SESSION['_config']['rows'] as $row)
				$csrsubject .= "/commonName=$row";
		$SAN="";		
		if(is_array($_SESSION['_config']['altrows']))
			foreach($_SESSION['_config']['altrows'] as $subalt)
			{
				if($SAN != "")
					$SAN .= ",";
				$SAN .= "$subalt";
			}

		if($SAN != "")
			$csrsubject .= "/subjectAltName=".$SAN;

		$type="";
		if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
			$_SESSION['_config']['rootcert'] = 1;

                if($_SESSION['_config']['rowid']['0'] > 0)
                {
                        $query = "insert into `orgdomaincerts` set 
						`CN`='".$_SESSION['_config']['rows']['0']."',
						`orgid`='".$org['id']."',
                                                `created`=NOW(),
						`subject`='$csrsubject',
						`rootcert`='".$_SESSION['_config']['rootcert']."',
						`type`='$type'";
                } else {
                        $query = "insert into `orgdomaincerts` set 
						`CN`='".$_SESSION['_config']['altrows']['0']."',
						`orgid`='".$org['id']."',
                                                `created`=NOW(),
						`subject`='$csrsubject',
						`rootcert`='".$_SESSION['_config']['rootcert']."',
						`type`='$type', 
						`description`='".intval($_SESSION['_config']['description'])."'";
                }
                mysql_query($query);
		$CSRid = mysql_insert_id();

		$CSRname=generatecertpath("csr","orgserver",$CSRid);
		rename($_SESSION['_config']['tmpfname'], $CSRname);
		chmod($CSRname,0644);
		mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
		if(is_array($_SESSION['_config']['rowid']))
			foreach($_SESSION['_config']['rowid'] as $id)
				mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
		if(is_array($_SESSION['_config']['altid']))
			foreach($_SESSION['_config']['altid'] as $id)
				mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
		waitForResult("orgdomaincerts", $CSRid,$oldid);
		$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		} else {
			$id = 23;
			$cert = $CSRid;
			$_REQUEST['cert']=$CSRid;
		}
	}

	if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
	{
		csrf_check('orgsrvcerchange');
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			echo _("Now renewing the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
						`orgdomaincerts`,`org`
						where `orgdomaincerts`.`id`='$id' and
						`orgdomaincerts`.`orgid`=`org`.`orgid` and
						`org`.`memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				
				$row = mysql_fetch_assoc($res);
				
				if (($weakKey = checkWeakKeyX509(file_get_contents(
						$row['crt_name']))) !== "")
				{
					echo $weakKey, "<br/>\n";
					continue;
				}
				
				mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
				if($row['revoke'] > 0)
				{
					printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
					continue;
				}
				$query = "insert into `orgdomaincerts` set 
						`orgid`='".$row['orgid']."', 
						`CN`='".$row['CN']."',
						`csr_name`='".$row['csr_name']."', 
						`created`='".$row['created']."',
						`modified`=NOW(), 
						`subject`='".$row['subject']."', 
						`type`='".$row['type']."',
						`rootcert`='".$row['rootcert']."', 
						`description`='".$row['description']."'";
				mysql_query($query);
				$newid = mysql_insert_id();
				//echo "NewID: $newid<br/>\n";
				$newfile=generatecertpath("csr","orgserver",$newid);
				copy($row['csr_name'], $newfile);
				mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
				echo _("Renewing").": ".$row['CN']."<br>\n";
				$res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
				while($r2 = mysql_fetch_assoc($res))
					mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
				waitForResult("orgdomaincerts", $newid,$oldid,0);
				$query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
				} else {
					$drow = mysql_fetch_assoc($res);
					$cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
					echo "<pre>\n$cert\n</pre>\n";
				}
			}
		}
		else
		{
			echo _("You did not select any certificates for renewal.");
		}
		showfooter();
		exit;
	}

	if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
	{
		csrf_check('orgsrvcerchange');
		showheader(_("My CAcert.org Account!"));
		if(is_array($_REQUEST['revokeid']))
		{
			echo _("Now revoking the following certificates:")."<br>\n";
			foreach($_REQUEST['revokeid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
						`orgdomaincerts`,`org`
						where `orgdomaincerts`.`id`='$id' and
						`orgdomaincerts`.`orgid`=`org`.`orgid` and
						`org`.`memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['revoke'] > 0)
				{
					printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
				printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
			}
		}
		else
		{
			echo _("You did not select any certificates for revocation.");
		}

		if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
		{
			echo _("Now deleting the following pending requests:")."<br>\n";
			foreach($_REQUEST['delid'] as $id)
			{
				$id = intval($id);
				$query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
						`orgdomaincerts`,`org`
						where `orgdomaincerts`.`id`='$id' and
						`orgdomaincerts`.`orgid`=`org`.`orgid` and
						`org`.`memid`='".$_SESSION['profile']['id']."'";
				$res = mysql_query($query);
				if(mysql_num_rows($res) <= 0)
				{
					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
					continue;
				}
				$row = mysql_fetch_assoc($res);
				if($row['expired'] > 0)
				{
					printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
					continue;
				}
				mysql_query("delete from `orgdomaincerts` where `id`='$id'");
				@unlink($row['csr_name']);
				@unlink($row['crt_name']);
				printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
			}
		}
		showfooter();
		exit;
	}

	if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
		$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
		$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
		$_SESSION['profile']['orgadmin'] != 1)
	{
		showheader(_("My CAcert.org Account!"));
		echo _("You don't have access to this area.");
		showfooter();
		exit;
	}

	if($oldid == 24 && $process != "")
	{
		$id = intval($oldid);
		$_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
		$_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
		$_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
		$_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
		$_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
		$_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));

		if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
		{
			$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
		} else {
			mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
						`contact`='".$_SESSION['_config']['contact']."',
						`L`='".$_SESSION['_config']['L']."',
						`ST`='".$_SESSION['_config']['ST']."',
						`C`='".$_SESSION['_config']['C']."',
						`comments`='".$_SESSION['_config']['comments']."'");
			showheader(_("My CAcert.org Account!"));
			printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
			showfooter();
			exit;
		}
	}

	if($oldid == 27 && $process != "")
	{
		csrf_check('orgdetchange');
		$id = intval($oldid);
		$_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
		$_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
		$_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
		$_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
		$_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
		$_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));

		if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
		{
			$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
		} else {
			mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
						`contact`='".$_SESSION['_config']['contact']."',
						`L`='".$_SESSION['_config']['L']."',
						`ST`='".$_SESSION['_config']['ST']."',
						`C`='".$_SESSION['_config']['C']."',
						`comments`='".$_SESSION['_config']['comments']."'
					where `id`='".$_SESSION['_config']['orgid']."'");
			showheader(_("My CAcert.org Account!"));
			printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
			showfooter();
			exit;
		}
	}

	if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
	{
		$domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
		$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
		if(mysql_num_rows($res1) > 0)
		{
			$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
			$id = $oldid;
			$oldid=0;
		}
	}

	if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
	{
		$oldid=0;
		$id = 25;
	}

	if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
	{
		mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
		showheader(_("My CAcert.org Account!"));
		printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
		echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
		showfooter();
		exit;
	}

	if($oldid == 29 && $process != "")
	{
		$domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));

		$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
		$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
		if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
		{
			$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
			$id = $oldid;
			$oldid=0;
		}
	}

	if(($oldid == 29 || $oldid == 30) && $process != "")      // _("Cancel") is handled in front of account.php
	{
		$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
				`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
				`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
				`orgdomains`.`id`='".intval($domid)."'";
		$res = mysql_query($query);
		while($row = mysql_fetch_assoc($res))
			mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");

		$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
				`orgemaillink`.`domid`=`orgdomains`.`id` and
				`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
				`orgdomains`.`id`='".intval($domid)."'";
		$res = mysql_query($query);
		while($row = mysql_fetch_assoc($res))
			mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
	}

	if($oldid == 29 && $process != "")
	{
		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
		mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
		showheader(_("My CAcert.org Account!"));
		printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
		echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
		showfooter();
		exit;
	}

	if($oldid == 30 && $process != "")
	{
		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
		$domain = $row['domain'];
		mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
		showheader(_("My CAcert.org Account!"));
		printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
		echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
		showfooter();
		exit;
	}

	if($oldid == 30)
	{
		$id = 26;
		$orgid = 0;
	}

	if($oldid == 31 && $process != "")
	{
		$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
		$dres = mysql_query($query);
		while($drow = mysql_fetch_assoc($dres))
		{
			$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
					`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
					`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
					`orgdomains`.`id`='".intval($drow['id'])."'";
			$res = mysql_query($query);
			while($row = mysql_fetch_assoc($res))
			{
				mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
				mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
				mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
			}

			$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
					`orgemaillink`.`domid`=`orgdomains`.`id` and
					`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
					`orgdomains`.`id`='".intval($drow['id'])."'";
			$res = mysql_query($query);
			while($row = mysql_fetch_assoc($res))
			{
				mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
				mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
				mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
			}
		}
		mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
		mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
		mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
	}

	if($oldid == 31)
	{
		$id = 25;
		$orgid = 0;
	}

	if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
	{
		$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
		$_macc = mysql_num_rows(mysql_query($query));
		if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			echo _("You don't have access to this area.");
			showfooter();
			exit;
		}
	}

	if($id == 35 || $oldid == 35)
	{
		$query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
		$is_orguser = mysql_num_rows(mysql_query($query));
		if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			echo _("You don't have access to this area.");
			showfooter();
			exit;
		}
	}

	if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
	{
		$orgid = intval($_SESSION['_config']['orgid']);
		$query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			$id = 35;
		}
	}

	if($oldid == 33 && $process != "")
	{
		csrf_check('orgadmadd');
		if($_SESSION['profile']['orgadmin'] == 1)
			$masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
		else
			$masteracc = $_SESSION['_config'][masteracc] = 0;
		$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
		$OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
		$comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
		$res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
		if(mysql_num_rows($res) <= 0)
		{
			$id = $oldid;
			$oldid=0;
			$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
		} else {
			$row = mysql_fetch_assoc($res);
			if ( !is_assurer(intval($row['id'])) )
			{
				$id = $oldid;
				$oldid=0;
				$_SESSION['_config']['errmsg'] =
						_("The user is not an Assurer yet");
			} else {
				mysql_query(
					"insert into `org`
						set `memid`='".intval($row['id'])."',
							`orgid`='".intval($_SESSION['_config']['orgid'])."',
							`masteracc`='$masteracc',
							`OU`='$OU',
							`comments`='$comments'");
			}
		}
	}

	if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
	{
		$orgid = intval($_SESSION['_config']['orgid']);
		$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
		if(mysql_num_rows($res) <= 0)
			$id = 32;
	}

	if($oldid == 34 && $process != "")
	{
		$orgid = intval($_SESSION['_config']['orgid']);
		$memid = intval($_REQUEST['memid']);
		$query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
		mysql_query($query);
	}

	if($oldid == 34 || $oldid == 33)
	{
		$oldid=0;
		$id = 32;
		$orgid = 0;
	}

	if($id == 36)
	{
		$row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
		$_REQUEST['general'] = $row['general'];
		$_REQUEST['country'] = $row['country'];
		$_REQUEST['regional'] = $row['regional'];
		$_REQUEST['radius'] = $row['radius'];
	}

	if($oldid == 36)
	{
		$rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
		if($rc > 0)
		{
			$query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
							`country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
							`regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',
							`radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."'
					where `memid`='".intval($_SESSION['profile']['id'])."'";
		} else {
			$query = "insert into `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
							`country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
							`regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',
							`radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
							`memid`='".intval($_SESSION['profile']['id'])."'";
		}
		mysql_query($query);
		$id = $oldid;
		$oldid=0;
	}

	if($oldid == 41 && $_REQUEST['action'] == 'default')
	{
		csrf_check("mainlang");
		$lang = mysql_real_escape_string($_REQUEST['lang']);
		foreach(L10n::$translations as $key => $val)
		{
			if($key == $lang)
			{
				mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
				$_SESSION['profile']['language'] = $lang;
				showheader(_("My CAcert.org Account!"));
				echo _("Your language setting has been updated.");
				showfooter();
				exit;
			}
		}

		showheader(_("My CAcert.org Account!"));
		echo _("You tried to use an invalid language.");
		showfooter();
		exit;
	}

	if($oldid == 41 && $_REQUEST['action'] == 'addsec')
	{
		csrf_check("seclang");
		$addlang = mysql_real_escape_string($_REQUEST['addlang']);
		// Does the language exist?
		mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
		showheader(_("My CAcert.org Account!"));
		echo _("Your language setting has been updated.");
		showfooter();
		exit;
	}

	if($oldid == 41 && $_REQUEST['action'] == 'dellang')
	{
		csrf_check("seclang");
		$remove = mysql_real_escape_string($_REQUEST['remove']);
		mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
		showheader(_("My CAcert.org Account!"));
		echo _("Your language setting has been updated.");
		showfooter();
		exit;
	}

	if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 ||
		$oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) &&
		$_SESSION['profile']['admin'] != 1)
	{
		showheader(_("My CAcert.org Account!"));
		echo _("You don't have access to this area.");
		showfooter();
		exit;
	}

	if(($id == 53 || $id == 54 || $oldid == 53 || $oldid == 54) &&
		$_SESSION['profile']['locadmin'] != 1)
	{
		showheader(_("My CAcert.org Account!"));
		echo _("You don't have access to this area.");
		showfooter();
		exit;
	}

	if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || 
	             ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
			$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
	{
		$id = 53;
		$ccid = intval(array_key_exists('ccid',$_REQUEST)?$_REQUEST['ccid']:0);
		$regid = intval(array_key_exists('regid',$_REQUEST)?$_REQUEST['regid']:0);
		$newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0);
		$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
		$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
		$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
		$lat =  array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
		$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";

		if($locid > 0 && $action == "edit")
		{
			$query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'";
			mysql_query($query);
			$row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
			$_REQUEST['regid'] = $row['regid'];
			unset($_REQUEST['ccid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($regid > 0 && $action == "edit") {
			$query = "update `regions` set `name`='$name' where `id`='$regid'";
			mysql_query($query);
			$row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
			$_REQUEST['ccid'] = $row['ccid'];
			unset($_REQUEST['regid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($regid > 0 && $action == "add") {
			$row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'"));
			$ccid = $row['ccid'];
			$query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'";
			mysql_query($query);
			unset($_REQUEST['ccid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($ccid > 0 && $action == "add" && $name != "") {
			$query = "insert into `regions` set `ccid`='$ccid', `name`='$name'";
			mysql_query($query);
			$row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
			unset($_REQUEST['regid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($locid > 0 && $action == "delete") {
			$row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
			$_REQUEST['regid'] = $row['regid'];
			mysql_query("delete from `localias` where `locid`='$locid'");
			mysql_query("delete from `locations` where `id`='$locid'");
			unset($_REQUEST['ccid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($locid > 0 && $action == "move") {
			$row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
			$oldregid = $row['regid'];
			mysql_query("update `locations` set `regid`='$newreg' where `id`='$locid'");
			mysql_query("update `users` set `regid`='$newreg' where `regid`='$oldregid'");
			$row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
			$_REQUEST['regid'] = $row['regid'];
			unset($_REQUEST['ccid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($regid > 0 && $action == "delete") {
			$row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
			$_REQUEST['ccid'] = $row['ccid'];
			mysql_query("delete from `locations` where `regid`='$regid'");
			mysql_query("delete from `regions` where `id`='$regid'");
			unset($_REQUEST['regid']);
			unset($_REQUEST['locid']);
			unset($_REQUEST['action']);
		} else if($locid > 0 && $action == "alias") {
			$id = 54;
			$_REQUEST['action'] = "aliases";
			$_REQUEST['locid'] = $locid;
			$name = htmlentities($name);
			$row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'");
		} else if($locid > 0 && $action == "delalias") {
			$id = 54;
			$_REQUEST['action'] = "aliases";
			$_REQUEST['locid'] = $locid;
			$row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'");
		}
	}

	if($oldid == 42 && $_REQUEST['email'] == "")
	{
		$id = $oldid;
		$oldid=0;
	}

	if($oldid == 42)
	{
		$id = 43;
		$oldid=0;
	}

	if($oldid == 43 && $_REQUEST['action'] == "updatedob")
	{
		$id = 43;
		$oldid=0;
		$fname = mysql_real_escape_string($_REQUEST['fname']);
		$mname = mysql_real_escape_string($_REQUEST['mname']);
		$lname = mysql_real_escape_string($_REQUEST['lname']);
		$suffix = mysql_real_escape_string($_REQUEST['suffix']);
		$day = intval($_REQUEST['day']);
		$month = intval($_REQUEST['month']);
		$year = intval($_REQUEST['year']);
		$userid = intval($_REQUEST['userid']);
		$query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
		$details = mysql_fetch_assoc(mysql_query($query));
		$query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
				`new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
		mysql_query($query);
		$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
		mysql_query($query);
	}

	if($oldid == 48 && $_REQUEST['domain'] == "")
	{
		$id = $oldid;
		$oldid=0;
	}

	if($oldid == 48)
	{
		$id = 49;
		$oldid=0;
	}

	if($id == 44)
	{
		if($_REQUEST['userid'] != "")
			$_REQUEST['userid'] = intval($_REQUEST['userid']);
		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
		if($row['email'] == "")
			$id = 42;
		else
			$_REQUEST['email'] = $row['email'];
	}

	if($oldid == 44)
	{
		showheader(_("My CAcert.org Account!"));
		if(intval($_REQUEST['userid']) <= 0)
		{
			echo _("No such user found.");
		} else {
			mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
			$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
			printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));


			$body  = sprintf(_("Hi %s,"),$row['fname'])."\n";
			$body .= _("You are receiving this email because a CAcert administrator")."\n";
			$body .= _("has changed the password on your account.")."\n";

			$body .= _("Best regards")."\n"._("CAcert.org Support!");

			sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
						"support@cacert.org", "", "", "CAcert Support");

		}
		showfooter();
		exit;
	}

	if($process != "" && $oldid == 45)
	{
		$CSR = clean_csr($CSR);
		$_SESSION['_config']['CSR'] = $CSR;
		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
		$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
		foreach($bits as $val)
		{
			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
		}
		$id = 46;

		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
		extractit();
		getcn();
		getalt();

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
		{
			showheader(_("My CAcert.org Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
			showfooter();
			exit;
		}
	}

	if($process != "" && $oldid == 46)
	{
		$CSR = clean_csr($_SESSION['_config']['CSR']);
		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
		$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
		foreach($bits as $val)
		{
			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
		}
		$id = 11;

		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
		extractit();
		getcn();
		getalt();

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
		{
			showheader(_("My CAcert.org Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
			showfooter();
			exit;
		}
		
		if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
		{
			showheader(_("My CAcert.org Account!"));
			echo $weakKey;
			showfooter();
			exit;
		}

		$query = "insert into `domaincerts` set 
						`CN`='".$_SESSION['_config']['0.CN']."',
						`domid`='".$_SESSION['_config']['row']['id']."',
						`created`=NOW()";
		mysql_query($query);
		$CSRid = mysql_insert_id();

		foreach($_SESSION['_config']['rowid'] as $dom)
			mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
		if(is_array($_SESSION['_config']['altid']))
		foreach($_SESSION['_config']['altid'] as $dom)
			mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");

		$CSRname=generatecertpath("csr","server",$CSRid);
		$fp = fopen($CSRname, "w");
		fputs($fp, $_SESSION['_config']['CSR']);
		fclose($fp);
		mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
		waitForResult("domaincerts", $CSRid,$oldid);
		$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
			showfooter();
			exit;
		} else {
			$id = 47;
			$cert = $CSRid;
			$_REQUEST['cert']=$CSRid;
		}
	}

	if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['tverify'];
		mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
	}

  if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
  {
    csrf_check('admsetassuret');
    $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
    $query = "select * from `users` where `id`='$memid'";
    $row = mysql_fetch_assoc(mysql_query($query));
    $ver = !$row['assurer'];
    mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
  }

  if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
  {
    $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
    $query = "select * from `users` where `id`='$memid'";
    $row = mysql_fetch_assoc(mysql_query($query));
    $ver = !$row['assurer_blocked'];
    mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
  }

	if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
	{
		csrf_check('admactlock');	
		$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['locked'];
		mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
	{
		csrf_check('admcodesign');
		$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['codesign'];
		mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
	{
		csrf_check('admorgadmin');
		$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['orgadmin'];
		mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
	{
		csrf_check('admttpadmin');
		$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['ttpadmin'];
		mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = $row['adadmin'] + 1;
		if($ver > 2)
			$ver = 0;
		mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['locadmin'];
		mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
	{
		csrf_check('admsetadmin');
		$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
		$query = "select * from `users` where `id`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['admin'];
		mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
	}

	if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
		$query = "select * from `alerts` where `memid`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['general'];
		mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
	}

	if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
		$query = "select * from `alerts` where `memid`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['country'];
		mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
	}

	if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
		$query = "select * from `alerts` where `memid`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['regional'];
		mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
	}

	if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
	{
		$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
		$query = "select * from `alerts` where `memid`='$memid'";
		$row = mysql_fetch_assoc(mysql_query($query));
		$ver = !$row['radius'];
		mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
	}

	if($id == 50)
	{
		if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
			$_REQUEST['userid'] = intval($_REQUEST['userid']);

		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
		if($row['email'] == "")
			$id = 42;
		else
			$_REQUEST['email'] = $row['email'];
	}

	if($oldid == 50)
	{
		$id = 43;
		$_REQUEST['userid'] = intval($_REQUEST['userid']);
	}

	if($oldid == 50 && $process != "")
	{
		$_REQUEST['userid'] = intval($_REQUEST['userid']);
		$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
		if(mysql_num_rows($res) > 0)
		{
			$query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
					WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
			mysql_query($query);
			$query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
			mysql_query($query);
			$query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
			mysql_query($query);
			$query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
			mysql_query($query);
			$query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
			mysql_query($query);
			$query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
			mysql_query($query);
		}
	}

	if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
	{
		showheader(_("My CAcert.org Account!"));
		echo _("You don't have access to this area.");
		showfooter();
		exit;
	}

	if($oldid == 52)
	{
		$uid = intval($_REQUEST['uid']);
		$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
		$rc = mysql_num_rows(mysql_query($query));
		if($rc <= 0)
		{
			showheader(_("My CAcert.org Account!"));
			echo _("Unable to find a valid tverify request for this ID.");
			showfooter();
			exit;
		}
	}

	if($oldid == 52)
	{
		$query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
		$rc = mysql_num_rows(mysql_query($query));
		if($rc > 0)
		{
			showheader(_("My CAcert.org Account!"));
			echo _("You have already voted on this request.");
			showfooter();
			exit;
		}
	}

	if($oldid == 52 && ($_REQUEST['agree'] != "" || $_REQUEST['disagree'] != ""))
	{
		$vote = -1;
		if($_REQUEST['agree'] != "")
			$vote = 1;

		$query = "insert into `tverify-vote` set
				`tverify`='$uid',
				`memid`='".$_SESSION['profile']['id']."',
				`when`=NOW(), `vote`='$vote',
				`comment`='".mysql_real_escape_string($_REQUEST['comment'])."'";
		mysql_query($query);

		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
		if($rc >= 8)
		{
			mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
			$tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
			$memid = $tverify['memid'];
			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
			$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));

			$points = 0;
			if($tverify['URL'] != "" && $tverify['photoid'] != "")
				$points = 150 - intval($tmp['points']);
			if($tverify['URL'] != "" && $tverify['photoid'] == "")
				$points = 90 - intval($tmp['points']);
			if($tverify['URL'] == "" && $tverify['photoid'] == "")
				$points = 50 - intval($tmp['points']);

			if($points < 0)
				$points = 0;

			if($points > 0)
			{
				mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
						`method`='Thawte Points Transfer', `when`=NOW()");
				fix_assurer_flag($memid);
			}
			$totalpoints = intval($tmp['points']) + $points;

			$body  = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n";
			$res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'");
			while($row = mysql_fetch_assoc($res))
				$body .= $row['comment']."\n";
			$body .= "\n";
			
			$body .= _("Best regards")."\n";
			$body .= _("CAcert Support Team");
			sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
		}

		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"));
		if($rc >= 4)
		{
			mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
			$tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
			$memid = $tverify['memid'];
			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));

			$body  = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n";
			$res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'");
			while($row = mysql_fetch_assoc($res))
				$body .= $row['comment']."\n";
			$body .= "\n";

			$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
			
			$body .= _("Best regards")."\n";
			$body .= _("CAcert Support Team");
			sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
		}

		showheader(_("My CAcert.org Account!"));
		echo _("Your vote has been accepted.");
		showfooter();
		exit;
	}

	if(intval($cert) > 0)
		$_SESSION['_config']['cert'] = intval($cert);
	if(intval($orgid) > 0)
		$_SESSION['_config']['orgid'] = intval($orgid);
	if(intval($memid) > 0)
		$_SESSION['_config']['memid'] = intval($memid);
?>
accountmodified.php (121,399 bytes)   

INOPIAE

2012-11-10 08:25

updater  

3modified.php (7,467 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
	include_once("../includes/shutdown.php");
?>
<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>

<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>

<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>

<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>

<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("New Client Certificate")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Add")?></td>
    <td class="DataTD"><?=_("Address")?></td>

<?
	$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
	$res = mysql_query($query);
	while($row = mysql_fetch_assoc($res))
	{ ?>
  <tr>
    <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
    <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
  </tr>
<? } 
if($_SESSION['profile']['points'] >= 50)
{
	$fname = $_SESSION['profile']['fname'];
	$mname = $_SESSION['profile']['mname'];
	$lname = $_SESSION['profile']['lname'];
	$suffix = $_SESSION['profile']['suffix'];
?>
  <tr>
   <td class="DataTD" colspan="2" align="left">
      <?=_("Optional comment, only used in the certifictate overview")?><br>
       <input type="text" name="description" maxlength="80" size=80>
   </td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2" align="left">
	<input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
	<input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
	<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
    </td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2" align="left">
	<input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
    </td>
  </tr>
<? } ?> 
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
  <tr>
    <td class="DataTD" align="left">
	<input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td>
    <td class="DataTD" align="left">
	<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
    </td>
  </tr>
<? } ?>

  <tr>
    <td class="DataTD" colspan="2" align="left">
      <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br>
      <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
    </td>
  </tr>


  <tr name="expertoff" style="display:none">
    <td class="DataTD" colspan="2" align="left">
      <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?>
    </td>
  </tr>

  <tr name="expert">
    <td class="DataTD" colspan="2" align="left">
	<input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br>
	<input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br>
	<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
	<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
    </td>
  </tr>
 <tr name="expert">
    <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
 </tr>
 <tr name="expert">
    <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
 </tr>
 <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
  </tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

<script language="javascript">
function showExpert(a)
{
  b=document.getElementsByName("expert");
  for(i=0;b.length>i;i++)
  {
    if(!a) {b[i].setAttribute("style","display:none"); }
    else {b[i].removeAttribute("style");}
  }
  b=document.getElementsByName("expertoff");
  for(i=0;b.length>i;i++)
  {
    b[i].removeAttribute("style");
  }

}
showExpert(false);
</script>

3modified.php (7,467 bytes)   

INOPIAE

2012-11-10 08:26

updater  

5modified.php (5,090 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
    <td class="DataTD"><?=_("Status")?></td>
    <td class="DataTD"><?=_("Email Address")?></td>
	  <td class="DataTD"><?=_("SerialNumber")?></td>
	  <td class="DataTD"><?=_("Comment")?></td>
    <td class="DataTD"><?=_("Revoked")?></td>
    <td class="DataTD"><?=_("Expires")?></td>
    <td class="DataTD"><?=_("Login")?></td>

<?
	$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
			UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
			UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
			`emailcerts`.`expire` as `expires`, 
			`emailcerts`.`revoked` as `revoke`,
			UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, 
			`emailcerts`.`id`,
			`emailcerts`.`CN`,
			`emailcerts`.`serial`,
			emailcerts.disablelogin as `disablelogin`,
			`emailcerts`.`description`
      			from `emailcerts`
			where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
			";
	if($viewall != 1)
		$query .= " AND `revoked`=0 AND `renewed`=0 ";
	$query .= " GROUP BY `emailcerts`.`id` ";
	if($viewall != 1)
                $query .= " HAVING `timeleft` > 0 ";
	$query .= " ORDER BY `emailcerts`.`modified` desc";
// echo $query."<br>\n";
	$res = mysql_query($query);
	if(mysql_num_rows($res) <= 0)
	{
?>
  <tr>
    <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
  </tr>
<? } else {
	while($row = mysql_fetch_assoc($res))
	{
		if($row['timeleft'] > 0)
			$verified = _("Valid");
		if($row['timeleft'] < 0)
			$verified = _("Expired");
		if($row['expired'] == 0)
			$verified = _("Pending");
		if($row['revoked'] > 0)
			$verified = _("Revoked");
		if($row['revoked'] == 0)
			$row['revoke'] = _("Not Revoked");
?>
  <tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
<? } else if($verified != _("Revoked")) { ?>
    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<? } else { ?>
    <td class="DataTD">&nbsp;</td>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<? } ?>
	  <td class="DataTD"><?=$row['serial']?></td>
		<td class="DataTD"><?=$row['description']?></td>
    <td class="DataTD"><?=$row['revoke']?></td>
    <td class="DataTD"><?=$row['expires']?></td>
    <td class="DataTD">
      <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
      <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
    </td>
  </tr>
<? } ?>
  <tr>
    <td class="DataTD" colspan="8">
      <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
    </td>
  </tr>

  <tr>
    <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
    			<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>

    <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>

  </tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
<p><?=_("Login").": "._("By allowing certificate login, this certificate can be used to login into your account at https://secure.cacert.org/ .")?></p>
5modified.php (5,090 bytes)   

INOPIAE

2012-11-10 08:26

updater  

10modified.php (4,044 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
	include_once("../includes/shutdown.php");
?>
<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>

<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>

<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p>

<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>

<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p>

<form method="post" action="account.php">
<? if($_SESSION['profile']['points'] >= 50) { ?>
<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?>
<p> <?=_("Optional comment, only used in the certifictate overview")?><br>
       <input type="text" name="description" maxlength="80" size=80></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
10modified.php (4,044 bytes)   

INOPIAE

2012-11-10 08:26

updater  

12modified.php (3,989 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
    <td class="DataTD"><?=_("Status")?></td>
    <td class="DataTD"><?=_("CommonName")?></td>
	  <td class="DataTD"><?=_("SerialNumber")?></td>
	  <td class="DataTD"><?=_("Comment")?></td>
    <td class="DataTD"><?=_("Revoked")?></td>
    <td class="DataTD"><?=_("Expires")?></td>
  </tr>
<?
	$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
			UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
			UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
			`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
			`domaincerts`.`description`
			from `domaincerts`,`domains`
			where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
	if($viewall != 1)
	{
		$query .= "AND `revoked`=0 AND `renewed`=0 ";
		$query .= "HAVING `timeleft` > 0 ";
	}
	$query .= "ORDER BY `domaincerts`.`modified` desc";
//echo $query."<br>\n";
	$res = mysql_query($query);
	if(mysql_num_rows($res) <= 0)
	{
?>
  <tr>
    <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
  </tr>
<? } else {
	while($row = mysql_fetch_assoc($res))
	{
		if($row['timeleft'] > 0)
			$verified = _("Valid");
		if($row['timeleft'] < 0)
			$verified = _("Expired");
		if($row['expired'] == 0)
			$verified = _("Pending");
		if($row['revoked'] > 0)
			$verified = _("Revoked");
                if($row['revoked'] == 0)
                        $row['revoke'] = _("Not Revoked");
?>
  <tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<? } else if($verified != _("Revoked")) { ?>
    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<? } else { ?>
    <td class="DataTD">&nbsp;</td>
<? } ?>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
	  <td class="DataTD"><?=$row['serial']?></td>
		<td class="DataTD"><?=$row['description']?></td>
    <td class="DataTD"><?=$row['revoke']?></td>
    <td class="DataTD"><?=$row['expires']?></td>
  </tr>
<? } ?>
  <tr>
    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
	    <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
  </tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
12modified.php (3,989 bytes)   

INOPIAE

2012-11-10 08:26

updater  

16modified.php (3,314 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
	include_once("../includes/shutdown.php");
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("New Client Certificate")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Add")?></td>
    <td class="DataTD"><?=_("Address")?></td>
<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails']))
	foreach($_SESSION['_config']['emails'] as $val) { ?>
  <tr>
    <td class="DataTD"><?=_("Email")?>:</td>
    <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
  </tr>
<? } ?>
  <tr>
    <td class="DataTD"><?=_("Email")?>:</td>
    <td class="DataTD"><input type="text" name="emails[]"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Name")?>:</td>
    <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Department")?>:</td>
    <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2" align="left">
        <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
        <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
        <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
    </td>
  </tr>
<? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?>
  <tr>
    <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
  </tr>
<? } ?>
   <tr>
   <td class="DataTD" colspan="2" align="left">
      <?=_("Optional comment, only used in the certifictate overview")?><br>
       <input type="text" name="description" maxlength="80" size=80>
   </td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
			<input type="submit" name="process" value="<?=_("Next")?>"></td>
  </tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
16modified.php (3,314 bytes)   

INOPIAE

2012-11-10 08:27

updater  

18modified.php (4,207 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
    <td class="DataTD"><?=_("Status")?></td>
    <td class="DataTD"><?=_("CommonName")?></td>
	  <td class="DataTD"><?=_("SerialNumber")?></td>
		<td class="DataTD"><?=_("Comment")?></td>
    <td class="DataTD"><?=_("Revoked")?></td>
    <td class="DataTD"><?=_("Expires")?></td>

<?
	$query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`,
			UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
			UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
			`oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
			UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
			`oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
			`oemail`.`description`
			from `orgemailcerts` as `oemail`, `org`
			where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
				`org`.`orgid`=`oemail`.`orgid` ";
	if($viewall != 1)
	{
		$query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
		$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
	}
	$query .= "ORDER BY `oemail`.`modified` desc";
	$res = mysql_query($query);
	if(mysql_num_rows($res) <= 0)
	{
?>
  <tr>
    <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
  </tr>
<? } else {
	while($row = mysql_fetch_assoc($res))
	{
		if($row['timeleft'] > 0)
			$verified = _("Valid");
		if($row['timeleft'] < 0)
			$verified = _("Expired");
		if($row['expired'] == 0)
			$verified = _("Pending");
		if($row['revoked'] > 0)
			$verified = _("Revoked");
                if($row['revoked'] == 0)
                        $row['revoke'] = _("Not Revoked");
?>
  <tr>
<? if($verified == _("Valid") || $verified == _("Expired")) { ?>
    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } else if($verified == _("Pending")) { ?>
    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><?=$row['CN']?></td>
<? } else { ?>
    <td class="DataTD">&nbsp;</td>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } ?>
	  <td class="DataTD"><?=$row['serial']?></td>
		<td class="DataTD"><?=$row['description']?></td>
    <td class="DataTD"><?=$row['revoke']?></td>
    <td class="DataTD"><?=$row['expires']?></td>
  </tr>
<? } ?>
  <tr>
    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
    			<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
  </tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
18modified.php (4,207 bytes)   

INOPIAE

2012-11-10 08:27

updater  

20modified.php (3,366 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
	include_once("../includes/shutdown.php");
?>
<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>

<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>

<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p>

<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>

<form method="post" action="account.php">
<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
<p> <?=_("Optional comment, only used in the certifictate overview")?><br>
       <input type="text" name="description" maxlength="80" size=80></p>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<p><?=_("Paste your CSR below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br> 
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
20modified.php (3,366 bytes)   

INOPIAE

2012-11-10 08:27

updater  

22modified.php (3,999 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
    <td class="DataTD"><?=_("Status")?></td>
    <td class="DataTD"><?=_("CommonName")?></td>
	  <td class="DataTD"><?=_("SerialNumber")?></td>
		<td class="DataTD"><?=_("Comment")?></td>
    <td class="DataTD"><?=_("Revoked")?></td>
    <td class="DataTD"><?=_("Expires")?></td>

<?
	$query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
			UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
			UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
			`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
			`orgdomaincerts`.`serial`,
			`orgdomaincerts`.`id` as `id`,
			`orgdomaincerts`.`description`
			from `orgdomaincerts`,`org`
			where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
	if($viewall != 1)
	{
		$query .= "AND `revoked`=0 AND `renewed`=0 ";
		$query .= "HAVING `timeleft` > 0 ";
	}
	$query .= "ORDER BY `orgdomaincerts`.`modified` desc";
//echo $query."<br>\n";
	$res = mysql_query($query);
	if(mysql_num_rows($res) <= 0)
	{
?>
  <tr>
    <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
  </tr>
<? } else {
	while($row = mysql_fetch_assoc($res))
	{
		if($row['timeleft'] > 0)
			$verified = _("Valid");
		if($row['timeleft'] < 0)
			$verified = _("Expired");
		if($row['expired'] == 0)
			$verified = _("Pending");
		if($row['revoked'] > 0)
			$verified = _("Revoked");
                if($row['revoked'] == 0)
                        $row['revoke'] = _("Not Revoked");
?>
  <tr>
<? if($verified == _("Valid") || $verified == _("Expired")) { ?>
    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<? } else if($verified == _("Pending")) { ?>
    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<? } else { ?>
    <td class="DataTD">&nbsp;</td>
<? } ?>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
	  <td class="DataTD"><?=$row['serial']?></td>
		<td class="DataTD"><?=$row['description']?></td>
    <td class="DataTD"><?=$row['revoke']?></td>
    <td class="DataTD"><?=$row['expires']?></td>
  </tr>
<? } ?>
  <tr>
    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
	    <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
  </tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
22modified.php (3,999 bytes)   

INOPIAE

2012-11-10 08:28

updater  

gpg0modified.php (1,374 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/
	include_once("../includes/shutdown.php");
?>
<p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
<form method="post" action="gpg.php">
<p> <?=_("Optional comment, only used in the certifictate overview")?><br>
       <input type="text" name="description" maxlength="80" size=80></p>
<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
gpg0modified.php (1,374 bytes)   

INOPIAE

2012-11-10 08:28

updater  

gpg2modified.php (2,686 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Status")?></td>
    <td class="DataTD"><?=_("Email Address")?></td>
    <td class="DataTD"><?=_("Expires")?></td>
    <td class="DataTD"><?=_("Key ID")?></td>
    <td class="DataTD"><?=_("Comment")?></td>
<?
	$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
			UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
			UNIX_TIMESTAMP(`expire`) as `expired`,
			`expire` as `expires`, `id`, `level`, 
			`email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
			ORDER BY `issued` desc";
	$res = mysql_query($query);
	if(mysql_num_rows($res) <= 0)
	{
?>
  <tr>
    <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
  </tr>
<? } else {
	while($row = mysql_fetch_assoc($res))
	{
		if($row['timeleft'] > 0)
			$verified = _("Valid");
		if($row['timeleft'] < 0)
			$verified = _("Expired");
		if($row['expired'] == 0)
			$verified = _("Pending");
?>
  <tr>
<? if($verified == _("Valid")) { ?>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
<? } else if($verified == _("Pending")) { ?>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><?=$row['email']?></td>
<? } else { ?>
    <td class="DataTD"><?=$verified?></td>
    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
<? } ?>
    <td class="DataTD"><?=$row['expires']?></td>
    <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
    <td class="DataTD"><?=$row['description']?></td>
  </tr>
<? } ?>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
gpg2modified.php (2,686 bytes)   

INOPIAE

2012-11-10 08:31

updater   ~0003320

I attached the files which deals with the comment field for certificates.
I did the following changes:
For the Account area:
Changes in pages/account.php.3
added line 55 to 60

Change in pages/account.php 5
added line 29
added line 45 with change in line 44
added line 92

Changes in pages/ account.php.10
added lines 37 and 38

Changes in pages/account.php.12
added line 29
added line 39 with change in line 38
added line 81

Changes in pages/account.php.16
added lines 59 to 64

Changes in pages/account.php.18
added line 29
added line 40 with change in line 39
added line 86

Changes in pages/account.php.20
added lines 32 and 33

Changes in pages/account.php.22
added line 29
added line 41 with change in line 40
added line 83

Change in includes/account.php
added lines 242 to 246
added line 331 with change in line 330
added line 430 with change in line 430
added lines 663 to 667
added line 771 with change in line 770
added line 778 with change in line 777
added line 861 with change in line 860
added line 1038 with change in line 1037
added lines 1393 to 1397
added lines 1427 to 1431
added line 1497 with change in line 1496
added line 1588 with change in line 1587
added line 1664 with change in line 1663
added lines 1769 to 1772
added line 1914 with change in line 1915
added line 1991 with change in line 1992

For the gpg:
Changes in pages/gpg.php.0
added lines 22 to 23

Changes in pages/gpg.php.2
added line 27
change in line 33
added line 65

Changes in www.gpg.php
added lines 252 to 256
added line 290 with change in line 289

INOPIAE

2012-11-10 08:32

updater   ~0003321

Hi I attached my changed files and listed where I made the changes.

BenBE

2012-11-13 22:15

updater   ~0003333

Merge conflict in includes/account.php (resolved on Testserver by hand)

INOPIAE

2012-11-20 21:09

updater   ~0003350

pushed new branch ti git-hub https://github.com/INOPIAE/CAcert/tree/bug-782

JensK

2012-12-08 11:26

reporter   ~0003382

Issued a new certificate, entering a comment. Comment shows up when viewing the list of certificates => OK

Changing a comment in the list of certificates does not work. Clicking on "Save comment" takes me back to the home page, the comment is not saved.
The same happens when trying to add a comment to a cert that existed before the comment function was added.

MartinGummi

2013-06-30 18:29

updater   ~0004088

Last edited: 2013-06-30 18:30

View 4 revisions

Test Case 1: gen Certificates with Filled Comment Field

Client Cert 	4K_Class1_no_name 		=> OK
Server Cert 	4K_Class1_no_name_server 	=> OK
GPG 		4K_GPG				=> OK
Org Client Cert 2K_by_firefox	 		=> OK
Org Server Cert 4K_Class1_org_server		=> OK


Test Case 2: edit Comment Field

Client Cert	4K_Class1_no_name_edit 		=> OK
Server Cert	4K_Class1_no_name_server_edit 	=> OK
GPG		GPG 4K_GPG_edit 		=> OK
Org Client Cert 2K_by_firefox_edit 		=> OK
Org Server Cert 4K_Class1_org_server_edit	=> OK


Test Case 3: edit Comment Field with uncheck box

Client Cert	4K_Class1_no_name_edit 		=> OK
Server Cert	4K_Class1_no_name_server_edit 	=> OK
GPG		GPG 4K_GPG_edit 		=> OK
Org Client Cert 2K_by_firefox_edit 		=> OK
Org Server Cert 4K_Class1_org_server_edit	=> OK


aterpotiz

2013-07-01 20:30

updater   ~0004089

Bestehendes Zertifikat nach Erweiterung mit Kommentar versehen --> OK
Das Kommentar geändert --> OK
Das Kommentarfeld geleert --> OK

Änderungen im Kommentar Feld und Feld NICHT angehakt --> Es kommt immer als Resultat "Zertifikats-Einstellungen wurden geändert."
Kontrolle der Meldung und KEINE Änderung wurde durchgeführt.

jbruckner

2013-07-02 19:44

reporter   ~0004091

Last edited: 2013-07-02 19:45

View 2 revisions

Created new client certificate with comment -> OK
Change comment -> OK
Delete comment -> OK
add comment -> OK

create new ORG client certificate with comment -> OK
change comment -> OK

create new client certificated without comment -> OK
add comment -> OK
change comment -> OK

create new ORG server certificate with comment -> OK
change comment -> OK
delete comment -> OK
add comment -> OK

couldnt test server certificates as adding a new domain failed.

double check 'success message'!
always same message either if comment changed or not

INOPIAE

2013-07-02 20:20

updater   ~0004092

please review, at least three tester approved the patch.

NEOatNHNG

2013-07-09 22:02

administrator   ~0004108

Second review OK. But we should switch to prepared statements in the near future. Ready to deploy.

wytze

2013-07-17 08:26

developer   ~0004169

The patches have been installed on the production server on July 17, 2013. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2013-07/msg00006.html

Issue History

Date Modified Username Field Change
2009-10-05 15:15 khopesh New Issue
2009-10-05 23:26 khopesh File Added: cacert_-_notes_for_certs.user.js
2009-10-06 22:25 khopesh Note Added: 0001501
2009-10-06 22:27 khopesh Priority normal => low
2009-10-06 22:28 khopesh Note Edited: 0001501
2009-10-06 22:30 khopesh Note Edited: 0001501
2009-10-06 22:31 khopesh Note Edited: 0001501
2011-08-31 11:26 Uli60 Relationship added related to 0000976
2011-08-31 11:35 Uli60 Note Added: 0002382
2011-08-31 11:36 Uli60 Assigned To => Uli60
2011-08-31 11:36 Uli60 Status new => needs work
2011-09-14 23:25 Uli60 Relationship added related to 0000776
2011-09-14 23:30 Uli60 Relationship added related to 0000596
2012-10-30 23:19 INOPIAE Relationship added duplicate of 0001106
2012-10-30 23:53 INOPIAE Relationship added related to 0001105
2012-11-10 08:24 INOPIAE File Added: gpgmodified.php
2012-11-10 08:25 INOPIAE File Added: accountmodified.php
2012-11-10 08:25 INOPIAE File Added: 3modified.php
2012-11-10 08:26 INOPIAE File Added: 5modified.php
2012-11-10 08:26 INOPIAE File Added: 10modified.php
2012-11-10 08:26 INOPIAE File Added: 12modified.php
2012-11-10 08:26 INOPIAE File Added: 16modified.php
2012-11-10 08:27 INOPIAE File Added: 18modified.php
2012-11-10 08:27 INOPIAE File Added: 20modified.php
2012-11-10 08:27 INOPIAE File Added: 22modified.php
2012-11-10 08:28 INOPIAE File Added: gpg0modified.php
2012-11-10 08:28 INOPIAE File Added: gpg2modified.php
2012-11-10 08:31 INOPIAE Note Added: 0003320
2012-11-10 08:32 INOPIAE Note Added: 0003321
2012-11-10 08:32 INOPIAE Assigned To Uli60 => BenBE
2012-11-10 08:32 INOPIAE Status needs work => fix available
2012-11-13 22:15 BenBE Source_changeset_attached => cacert-devel testserver 7b79337e
2012-11-13 22:15 BenBE Source_changeset_attached => cacert-devel testserver 3ecae0b7
2012-11-13 22:15 BenBE Note Added: 0003333
2012-11-13 22:30 BenBE Source_changeset_attached => cacert-devel testserver d32f58ef
2012-11-13 22:30 BenBE Source_changeset_attached => cacert-devel testserver a9618db4
2012-11-20 21:09 INOPIAE Note Added: 0003350
2012-11-20 21:30 BenBE Source_changeset_attached => cacert-devel testserver 10028d96
2012-11-20 21:30 INOPIAE Source_changeset_attached => cacert-devel testserver 1f5a3718
2012-11-20 21:30 INOPIAE Source_changeset_attached => cacert-devel testserver a9eb4516
2012-11-20 21:30 INOPIAE Source_changeset_attached => cacert-devel testserver e6dee64e
2012-11-20 23:45 BenBE Source_changeset_attached => cacert-devel testserver 3a2d96a4
2012-11-20 23:45 INOPIAE Source_changeset_attached => cacert-devel testserver 7fb56753
2012-11-20 23:45 INOPIAE Source_changeset_attached => cacert-devel testserver da87734b
2012-11-21 00:00 BenBE Source_changeset_attached => cacert-devel testserver 1940196b
2012-11-21 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver ef4fa3cf
2012-12-08 11:26 JensK Note Added: 0003382
2012-12-08 16:03 INOPIAE Relationship added related to 0001071
2012-12-12 09:41 INOPIAE Relationship added related to 0000454
2012-12-18 08:10 INOPIAE Relationship added related to 0000386
2012-12-20 18:29 Werner Dworak Relationship added related to 0000114
2013-01-06 21:55 BenBE Status fix available => needs work
2013-01-10 02:33 Werner Dworak Relationship deleted related to 0000114
2013-04-27 21:59 BenBE Relationship added parent of 0001169
2013-04-27 22:00 BenBE Relationship added parent of 0001168
2013-05-14 21:22 INOPIAE Assigned To BenBE => egal
2013-05-14 21:22 INOPIAE Status needs work => fix available
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 8afd9df7
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable b6ce9396
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable a3dbfe74
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 58c3707c
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 27ac5abe
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 38d03242
2013-06-12 00:00 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable ef67528f
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 5314b051
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 882428da
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 71d6d063
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 45ee2038
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 714d9cd8
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 121f820f
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable b4af4ce4
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 8bfc6bd2
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable a8fa9c12
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 494eb592
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable c5e49e00
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable a8d25bfb
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable c2b222a4
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable b02d5765
2013-06-12 00:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable f4838bd3
2013-06-15 11:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 7d41a539
2013-06-15 11:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 752a538d
2013-06-15 11:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable eac1f92e
2013-06-19 20:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 24d9df40
2013-06-19 20:55 INOPIAE Source_changeset_attached => cacert-devel testserver-stable a93fac2b
2013-06-19 20:55 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 8b5966d9
2013-06-19 20:55 INOPIAE Source_changeset_attached => cacert-devel testserver-stable fd647f30
2013-06-19 20:55 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 62aa3b39
2013-06-23 20:10 BenBE Source_changeset_attached => cacert-devel testserver-stable d210dc5c
2013-06-23 20:10 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 389f8351
2013-06-23 20:35 BenBE Source_changeset_attached => cacert-devel testserver-stable 79c4714c
2013-06-23 20:35 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 4c282894
2013-06-23 21:00 BenBE Source_changeset_attached => cacert-devel testserver-stable 4f99121d
2013-06-23 21:00 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 8dffbe94
2013-06-24 19:15 BenBE Source_changeset_attached => cacert-devel testserver-stable a49337f2
2013-06-24 19:15 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 0b8b84f4
2013-06-24 20:15 BenBE Source_changeset_attached => cacert-devel testserver-stable bf0fffdf
2013-06-24 20:15 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 57c0aa93
2013-06-25 21:10 BenBE Reviewed by => BenBE
2013-06-25 21:10 BenBE Status fix available => needs review & testing
2013-06-25 21:10 BenBE Product Version => 2009 Q4
2013-06-25 21:10 BenBE Target Version => 2013 Q3
2013-06-30 18:29 MartinGummi Note Added: 0004088
2013-06-30 18:29 MartinGummi Note Edited: 0004088 View Revisions
2013-06-30 18:30 MartinGummi Note Edited: 0004088 View Revisions
2013-06-30 18:30 MartinGummi Note Edited: 0004088 View Revisions
2013-07-01 20:30 aterpotiz Note Added: 0004089
2013-07-02 19:44 jbruckner Note Added: 0004091
2013-07-02 19:45 jbruckner Note Edited: 0004091 View Revisions
2013-07-02 20:20 INOPIAE Note Added: 0004092
2013-07-02 20:20 INOPIAE Assigned To egal => NEOatNHNG
2013-07-02 20:20 INOPIAE Status needs review & testing => needs review
2013-07-09 22:02 NEOatNHNG Reviewed by BenBE => NEOatNHNG, BenBE
2013-07-09 22:02 NEOatNHNG Note Added: 0004108
2013-07-09 22:02 NEOatNHNG Status needs review => ready to deploy
2013-07-12 20:10 BenBE Source_changeset_attached => cacert-devel release 0f787a6c
2013-07-17 08:26 wytze Note Added: 0004169
2013-07-17 08:26 wytze Status ready to deploy => solved?
2013-07-17 08:26 wytze Fixed in Version => 2013 Q3
2013-07-17 08:26 wytze Resolution open => fixed
2013-10-15 20:24 INOPIAE Relationship deleted parent of 0001169
2013-10-15 20:24 INOPIAE Relationship added related to 0001169
2013-10-15 20:25 INOPIAE Relationship deleted parent of 0001168
2013-10-15 20:25 INOPIAE Relationship added related to 0001168
2013-10-15 20:25 INOPIAE Status solved? => closed
2014-04-09 20:47 NEOatNHNG Relationship added related to 0001266