2004-10-16 00:28:17 +00:00
< ? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright ( C ) 2004 - 2008 CAcert Inc .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; version 2 of the License .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2013-10-21 09:17:17 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA
2004-10-16 00:28:17 +00:00
*/
2004-11-10 06:12:43 +00:00
require_once ( " ../includes/loggedin.php " );
2012-01-24 14:26:05 +00:00
require_once ( " ../includes/lib/l10n.php " );
2013-07-17 08:19:05 +00:00
require_once ( " ../includes/lib/check_weak_key.php " );
2013-09-06 15:21:06 +00:00
require_once ( " ../includes/notary.inc.php " );
2004-10-16 00:28:17 +00:00
loadem ( " account " );
2008-08-17 20:41:07 +00:00
$id = 0 ; if ( array_key_exists ( " id " , $_REQUEST )) $id = intval ( $_REQUEST [ 'id' ]);
$oldid = 0 ; if ( array_key_exists ( " oldid " , $_REQUEST )) $oldid = intval ( $_REQUEST [ 'oldid' ]);
2008-08-17 23:25:30 +00:00
$process = " " ; if ( array_key_exists ( " process " , $_REQUEST )) $process = $_REQUEST [ 'process' ];
2006-02-03 18:45:23 +00:00
2008-09-03 16:13:28 +00:00
$cert = 0 ; if ( array_key_exists ( 'cert' , $_REQUEST )) $cert = intval ( $_REQUEST [ 'cert' ]);
$orgid = 0 ; if ( array_key_exists ( 'orgid' , $_REQUEST )) $orgid = intval ( $_REQUEST [ 'orgid' ]);
$memid = 0 ; if ( array_key_exists ( 'memid' , $_REQUEST )) $memid = intval ( $_REQUEST [ 'memid' ]);
$domid = 0 ; if ( array_key_exists ( 'domid' , $_REQUEST )) $domid = intval ( $_REQUEST [ 'domid' ]);
2008-09-23 22:20:50 +00:00
if ( ! $_SESSION [ 'mconn' ])
{
echo _ ( " Several CAcert Services are currently unavailable. Please try again later. " );
exit ;
}
2011-10-21 20:01:45 +00:00
if ( $process == _ ( " Cancel " ))
{
// General reset CANCEL process requests
$process = " " ;
}
2008-09-23 22:20:50 +00:00
2006-08-14 06:15:32 +00:00
if ( $id == 45 || $id == 46 || $oldid == 45 || $oldid == 46 )
{
$id = 1 ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2006-08-14 06:15:32 +00:00
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 1 )
2004-10-16 00:28:17 +00:00
{
$id = 1 ;
2008-09-07 02:44:55 +00:00
csrf_check ( 'addemail' );
2006-02-03 18:45:23 +00:00
if ( strstr ( $_REQUEST [ 'newemail' ], " xn-- " ) && $_SESSION [ 'profile' ][ 'codesign' ] <= 0 )
2005-02-16 18:11:53 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses. " );
showfooter ();
exit ;
}
2006-04-20 20:48:35 +00:00
if ( trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'newemail' ]))) == " " )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:05:54 +00:00
printf ( _ ( " Not a valid email address. Can't continue. " ));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2006-04-20 20:48:35 +00:00
$_REQUEST [ 'email' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'newemail' ])));
2013-09-06 15:21:06 +00:00
if ( check_email_exists ( $_REQUEST [ 'email' ]) == true )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2009-12-20 22:41:21 +00:00
printf ( _ ( " The email address '%s' is already in a different account. Can't continue. " ), sanitizeHTML ( $_REQUEST [ 'email' ]));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2006-02-03 18:45:23 +00:00
$checkemail = checkEmail ( $_REQUEST [ 'newemail' ]);
2006-08-12 19:39:00 +00:00
if ( $checkemail != " OK " )
2005-05-13 15:34:39 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2013-10-21 09:17:17 +00:00
if ( substr ( $checkemail , 0 , 1 ) == " 4 " )
2007-07-30 18:42:35 +00:00
{
2008-05-22 23:03:28 +00:00
echo " <p> " . _ ( " The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes. " ) . " </p> \n " ;
2007-07-30 18:42:35 +00:00
} else {
echo " <p> " . _ ( " Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid " ) . " </p> \n " ;
}
2005-07-01 13:12:14 +00:00
echo " <p> $checkemail </p> \n " ;
2005-05-13 15:34:39 +00:00
showfooter ();
exit ;
}
2006-04-30 08:30:54 +00:00
$hash = make_hash ();
2006-02-03 18:45:23 +00:00
$query = " insert into `email` set `email`=' " . $_REQUEST [ 'email' ] . " ',`memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ',`created`=NOW(),`hash`=' $hash ' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$emailid = mysql_insert_id ();
2006-08-16 18:47:22 +00:00
$body = _ ( " Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content! " ) . " \n \n " ;
2004-12-07 13:21:06 +00:00
$body .= " http:// " . $_SESSION [ '_config' ][ 'normalhostname' ] . " /verify.php?type=email&emailid= $emailid &hash= $hash\n\n " ;
2004-10-16 00:28:17 +00:00
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2006-02-03 18:45:23 +00:00
sendmail ( $_REQUEST [ 'email' ], " [CAcert.org] " . _ ( " Email Probe " ), $body , " support@cacert.org " , " " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2007-07-13 17:39:10 +00:00
printf ( _ ( " The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address. " ), sanitizeHTML ( $_REQUEST [ 'email' ]));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( array_key_exists ( " makedefault " , $_REQUEST ) && $_REQUEST [ 'makedefault' ] != " " && $oldid == 2 )
2004-10-16 00:28:17 +00:00
{
$id = 2 ;
2008-09-07 02:44:55 +00:00
$emailid = intval ( $_REQUEST [ 'emailid' ]);
2004-10-16 00:28:17 +00:00
$query = " select * from `email` where `id`=' $emailid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `hash` = '' and `deleted`=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " Error! " ));
echo _ ( " You currently don't have access to the email address you selected, or you haven't verified it yet. " );
showfooter ();
exit ;
}
$row = mysql_fetch_assoc ( $res );
2012-11-01 13:57:40 +00:00
$body = sprintf ( _ ( " Hi %s, " ), $_SESSION [ 'profile' ][ 'fname' ]) . " \n \n " ;
$body .= _ ( " You are receiving this email because you or someone else " .
" has changed the default email on your account. " ) . " \n \n " ;
2006-08-14 05:46:33 +00:00
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2008-09-07 02:44:55 +00:00
sendmail ( $_SESSION [ 'profile' ][ 'email' ], " [CAcert.org] " . _ ( " Default Account Changed " ), $body ,
2006-08-14 05:46:33 +00:00
" support@cacert.org " , " " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
$_SESSION [ 'profile' ][ 'email' ] = $row [ 'email' ];
$query = " update `users` set `email`=' " . $row [ 'email' ] . " ' where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
mysql_query ( $query );
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:24:42 +00:00
printf ( _ ( " Your default email address has been updated to '%s'. " ), sanitizeHTML ( $row [ 'email' ]));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 2 )
2004-10-16 00:28:17 +00:00
{
$id = 2 ;
2008-09-07 02:44:55 +00:00
csrf_check ( " chgdef " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2006-08-16 09:40:22 +00:00
$delcount = 0 ;
2008-09-07 02:44:55 +00:00
if ( array_key_exists ( 'delid' , $_REQUEST ) && is_array ( $_REQUEST [ 'delid' ]))
2004-10-16 00:28:17 +00:00
{
2013-10-21 09:17:17 +00:00
$deltitle = false ;
2008-08-18 11:23:07 +00:00
foreach ( $_REQUEST [ 'delid' ] as $id )
2004-10-16 00:28:17 +00:00
{
2013-10-21 09:17:17 +00:00
if ( ! $deltitle ) {
echo _ ( 'The following email addresses have been removed:' ) . " <br> \n " ;
$deltitle = true ;
}
2007-03-12 16:33:12 +00:00
$id = intval ( $id );
2008-08-18 11:23:07 +00:00
$query = " select * from `email` where `id`=' $id ' and `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' and
2007-03-12 16:33:12 +00:00
`email` != '".$_SESSION[' profile '][' email ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
echo $row [ 'email' ] . " <br> \n " ;
2013-09-06 15:21:06 +00:00
account_email_delete ( $row [ 'id' ]);
2007-03-12 16:33:12 +00:00
$delcount ++ ;
}
2004-10-16 00:28:17 +00:00
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any email accounts for removal. " );
}
2013-10-21 09:17:17 +00:00
if ( 0 == $delcount )
2006-08-16 09:40:22 +00:00
{
2013-10-21 09:17:17 +00:00
echo _ ( " You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken. " );
2006-08-16 09:40:22 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 3 )
2004-10-16 00:28:17 +00:00
{
2013-09-06 15:21:06 +00:00
if ( ! array_key_exists ( 'CCA' , $_REQUEST ))
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You did not accept the CAcert Community Agreement (CCA), hit the back button and try again. " );
showfooter ();
exit ;
}
2008-09-03 19:00:30 +00:00
if ( ! ( array_key_exists ( 'addid' , $_REQUEST ) && is_array ( $_REQUEST [ 'addid' ])) && $_REQUEST [ 'SSO' ] != '1' )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
2007-02-07 15:33:46 +00:00
$_SESSION [ '_config' ][ 'SSO' ] = intval ( $_REQUEST [ 'SSO' ]);
2008-08-18 11:23:07 +00:00
$_SESSION [ '_config' ][ 'addid' ] = $_REQUEST [ 'addid' ];
2004-11-10 06:12:43 +00:00
if ( $_SESSION [ 'profile' ][ 'points' ] >= 50 )
2008-09-03 19:00:30 +00:00
$_SESSION [ '_config' ][ 'incname' ] = intval ( $_REQUEST [ 'incname' ]);
if ( array_key_exists ( 'codesign' , $_REQUEST ) && $_REQUEST [ 'codesign' ] != 0 && ( $_SESSION [ 'profile' ][ 'codesign' ] == 0 || $_SESSION [ 'profile' ][ 'points' ] < 100 ))
2004-12-09 01:48:16 +00:00
{
2006-05-01 14:45:38 +00:00
$_REQUEST [ 'codesign' ] = 0 ;
2004-12-09 01:48:16 +00:00
}
2008-09-28 20:10:56 +00:00
if ( $_SESSION [ 'profile' ][ 'points' ] >= 100 && $_SESSION [ 'profile' ][ 'codesign' ] > 0 && array_key_exists ( 'codesign' , $_REQUEST ) && $_REQUEST [ 'codesign' ] == 1 )
2004-12-09 01:48:16 +00:00
{
if ( $_SESSION [ '_config' ][ 'incname' ] < 1 || $_SESSION [ '_config' ][ 'incname' ] > 4 )
$_SESSION [ '_config' ][ 'incname' ] = 1 ;
}
2008-09-03 19:00:30 +00:00
if ( array_key_exists ( 'codesign' , $_REQUEST ) && $_REQUEST [ 'codesign' ] == 1 && $_SESSION [ 'profile' ][ 'points' ] >= 100 )
2004-12-09 01:48:16 +00:00
$_SESSION [ '_config' ][ 'codesign' ] = 1 ;
else
$_SESSION [ '_config' ][ 'codesign' ] = 0 ;
2005-05-23 01:53:59 +00:00
2008-09-03 19:00:30 +00:00
if ( array_key_exists ( 'login' , $_REQUEST ) && $_REQUEST [ 'login' ] == 1 )
2008-06-07 23:27:55 +00:00
$_SESSION [ '_config' ][ 'disablelogin' ] = 0 ;
else
$_SESSION [ '_config' ][ 'disablelogin' ] = 1 ;
2005-05-23 01:53:59 +00:00
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
if ( $_SESSION [ 'profile' ][ 'points' ] >= 50 )
{
2006-05-01 14:45:38 +00:00
$_SESSION [ '_config' ][ 'rootcert' ] = intval ( $_REQUEST [ 'rootcert' ]);
2005-05-23 01:53:59 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
}
2005-06-09 15:21:55 +00:00
$csr = " " ;
2006-05-01 14:45:38 +00:00
if ( trim ( $_REQUEST [ 'optionalCSR' ]) == " " )
2005-06-09 15:21:55 +00:00
{
$id = 4 ;
} else {
$oldid = 4 ;
2006-05-01 14:45:38 +00:00
$_REQUEST [ 'keytype' ] = " MS " ;
2009-04-13 23:07:13 +00:00
$csr = clean_csr ( $_REQUEST [ 'optionalCSR' ]);
2005-06-09 15:21:55 +00:00
}
2013-07-17 08:19:05 +00:00
if ( trim ( $_REQUEST [ 'description' ]) != " " ){
$_SESSION [ '_config' ][ 'description' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'description' ])));
} else {
$_SESSION [ '_config' ][ 'description' ] = " " ;
}
2004-10-16 00:28:17 +00:00
}
if ( $oldid == 4 )
{
2006-05-01 14:45:38 +00:00
if ( $_REQUEST [ 'keytype' ] == " NS " )
2004-10-16 00:28:17 +00:00
{
2008-09-03 19:00:30 +00:00
$spkac = " " ; if ( array_key_exists ( 'SPKAC' , $_REQUEST ) && preg_match ( " /^[a-zA-Z0-9+= \ /]+ $ / " , trim ( str_replace ( " \n " , " " , str_replace ( " \r " , " " , $_REQUEST [ 'SPKAC' ]))))) $spkac = trim ( str_replace ( " \n " , " " , str_replace ( " \r " , " " , $_REQUEST [ 'SPKAC' ])));
2008-08-18 11:23:07 +00:00
if ( $spkac == " " || $spkac == " deadbeef " )
2004-10-16 00:28:17 +00:00
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
2008-02-19 23:09:55 +00:00
echo _ ( " I didn't receive a valid Certificate Request, please try a different browser. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-18 11:23:07 +00:00
$count = 0 ;
2004-10-16 00:28:17 +00:00
$emails = " " ;
$addys = array ();
2008-08-18 11:23:07 +00:00
$defaultemail = " " ;
2004-10-16 00:28:17 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'addid' ]))
foreach ( $_SESSION [ '_config' ][ 'addid' ] as $id )
{
2008-08-18 11:23:07 +00:00
$res = mysql_query ( " select * from `email` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `id`=' " . intval ( $id ) . " ' " );
2004-10-16 00:28:17 +00:00
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
if ( ! $emails )
$defaultemail = $row [ 'email' ];
2006-02-03 18:45:23 +00:00
$emails .= " $count .emailAddress = " . $row [ 'email' ] . " \n " ;
$count ++ ;
2008-08-18 11:23:07 +00:00
$addys [] = intval ( $row [ 'id' ]);
2004-10-16 00:28:17 +00:00
}
}
2007-02-07 15:33:46 +00:00
if ( $count <= 0 && $_SESSION [ '_config' ][ 'SSO' ] != 1 )
2004-10-16 00:28:17 +00:00
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request. " );
showfooter ();
exit ;
}
2006-08-13 16:06:56 +00:00
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
2007-02-07 15:33:46 +00:00
if ( $_SESSION [ '_config' ][ 'SSO' ] == 1 )
$emails .= " $count .emailAddress = " . $user [ 'uniqueID' ] . " \n " ;
2006-08-14 17:22:21 +00:00
if ( strlen ( $user [ 'mname' ]) == 1 )
$user [ 'mname' ] .= '.' ;
2008-10-27 13:58:49 +00:00
if ( ! array_key_exists ( 'incname' , $_SESSION [ '_config' ]) || $_SESSION [ '_config' ][ 'incname' ] <= 0 || $_SESSION [ '_config' ][ 'incname' ] > 4 )
{
2004-10-16 00:28:17 +00:00
$emails .= " commonName = CAcert WoT User \n " ;
2008-10-27 13:58:49 +00:00
}
else
{
if ( $_SESSION [ '_config' ][ 'incname' ] == 1 )
$emails .= " commonName = " . $user [ 'fname' ] . " " . $user [ 'lname' ] . " \n " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 2 )
$emails .= " commonName = " . $user [ 'fname' ] . " " . $user [ 'mname' ] . " " . $user [ 'lname' ] . " \n " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 3 )
$emails .= " commonName = " . $user [ 'fname' ] . " " . $user [ 'lname' ] . " " . $user [ 'suffix' ] . " \n " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 4 )
$emails .= " commonName = " . $user [ 'fname' ] . " " . $user [ 'mname' ] . " " . $user [ 'lname' ] . " " . $user [ 'suffix' ] . " \n " ;
}
2009-12-02 22:08:51 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2008-08-18 11:23:07 +00:00
$emails .= " SPKAC = $spkac " ;
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeySPKAC ( $emails )) !== " " )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2013-09-06 15:21:06 +00:00
write_user_agreement ( intval ( $_SESSION [ 'profile' ][ 'id' ]), " CCA " , " certificate creation " , " " , 1 );
2008-02-19 23:09:55 +00:00
$query = " insert into emailcerts set
2013-10-21 09:17:17 +00:00
`CN` = '$defaultemail' ,
2008-02-19 23:09:55 +00:00
`keytype` = 'NS' ,
2008-08-18 11:23:07 +00:00
`memid` = '".intval($_SESSION[' profile '][' id '])."' ,
2004-12-09 01:48:16 +00:00
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
2008-08-18 11:23:07 +00:00
`codesign` = '".intval($_SESSION[' _config '][' codesign '])."' ,
2008-06-07 23:27:55 +00:00
`disablelogin` = '".($_SESSION[' _config '][' disablelogin ']?1:0)."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".intval($_SESSION[' _config '][' rootcert '])."' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$emailid = mysql_insert_id ();
if ( is_array ( $addys ))
foreach ( $addys as $addy )
mysql_query ( " insert into `emaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " client " , $emailid );
2004-10-16 00:28:17 +00:00
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $emails );
fclose ( $fp );
2009-04-26 21:27:56 +00:00
$challenge = $_SESSION [ 'spkac_hash' ];
2013-07-17 08:19:05 +00:00
$res = `openssl spkac -verify -in $CSRname` ;
if ( ! strstr ( $res , " Challenge String: " . $challenge ))
{
$id = $oldid ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The challenge-response code of your certificate request did not match. Can't continue with certificaterequest. " );
showfooter ();
exit ;
}
2008-08-18 11:23:07 +00:00
mysql_query ( " update `emailcerts` set `csr_name`=' $CSRname ' where `id`=' " . intval ( $emailid ) . " ' " );
2007-07-13 17:39:10 +00:00
} else if ( $_REQUEST [ 'keytype' ] == " MS " || $_REQUEST [ 'keytype' ] == " VI " ) {
2005-06-09 15:21:55 +00:00
if ( $csr == " " )
2009-04-13 23:07:13 +00:00
$csr = " -----BEGIN CERTIFICATE REQUEST----- \n " . clean_csr ( $_REQUEST [ 'CSR' ]) . " \n -----END CERTIFICATE REQUEST----- \n " ;
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( $csr )) !== " " )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2009-04-13 23:07:13 +00:00
$tmpfname = tempnam ( " /tmp " , " id4CSR " );
2004-10-16 00:28:17 +00:00
$fp = fopen ( $tmpfname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
$addys = array ();
$defaultemail = " " ;
2008-09-04 13:47:04 +00:00
$csrsubject = " " ;
2004-10-16 00:28:17 +00:00
2008-08-18 11:23:07 +00:00
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' " ));
2013-07-17 08:19:05 +00:00
if ( strlen ( $user [ 'mname' ]) == 1 )
$user [ 'mname' ] .= '.' ;
2004-12-06 14:02:02 +00:00
if ( $_SESSION [ '_config' ][ 'incname' ] <= 0 || $_SESSION [ '_config' ][ 'incname' ] > 4 )
2004-10-16 00:28:17 +00:00
$csrsubject = " /CN=CAcert WoT User " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 1 )
2006-08-13 16:06:56 +00:00
$csrsubject = " /CN= " . $user [ 'fname' ] . " " . $user [ 'lname' ];
2004-12-06 14:02:02 +00:00
if ( $_SESSION [ '_config' ][ 'incname' ] == 2 )
2008-08-22 11:57:47 +00:00
$csrsubject = " /CN= " . $user [ 'fname' ] . " " . $user [ 'mname' ] . " " . $user [ 'lname' ];
2004-12-06 14:02:02 +00:00
if ( $_SESSION [ '_config' ][ 'incname' ] == 3 )
2008-08-22 11:57:47 +00:00
$csrsubject = " /CN= " . $user [ 'fname' ] . " " . $user [ 'lname' ] . " " . $user [ 'suffix' ];
2004-12-06 14:02:02 +00:00
if ( $_SESSION [ '_config' ][ 'incname' ] == 4 )
2008-08-22 11:57:47 +00:00
$csrsubject = " /CN= " . $user [ 'fname' ] . " " . $user [ 'mname' ] . " " . $user [ 'lname' ] . " " . $user [ 'suffix' ];
2004-10-16 00:28:17 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'addid' ]))
foreach ( $_SESSION [ '_config' ][ 'addid' ] as $id )
{
2008-08-18 11:23:07 +00:00
$res = mysql_query ( " select * from `email` where `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' and `id`=' " . intval ( $id ) . " ' " );
2004-10-16 00:28:17 +00:00
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
if ( $defaultemail == " " )
$defaultemail = $row [ 'email' ];
$csrsubject .= " /emailAddress= " . $row [ 'email' ];
$addys [] = $row [ 'id' ];
}
}
2007-02-07 15:33:46 +00:00
if ( $_SESSION [ '_config' ][ 'SSO' ] == 1 )
$csrsubject .= " /emailAddress = " . $user [ 'uniqueID' ];
2004-10-16 00:28:17 +00:00
2009-04-13 23:07:13 +00:00
$tmpname = tempnam ( " /tmp " , " id4csr " );
2004-10-16 00:28:17 +00:00
$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname` ; // -subj "$csr"`;
@ unlink ( $tmpfname );
$csr = " " ;
$fp = fopen ( $tmpname , " r " );
while ( $data = fgets ( $fp , 4096 ))
$csr .= $data ;
fclose ( $fp );
@ unlink ( $tmpname );
2009-12-02 22:08:51 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2004-10-16 00:28:17 +00:00
if ( $csr == " " )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
$query = " insert into emailcerts set
`CN` = '$defaultemail' ,
2008-02-19 23:09:55 +00:00
`keytype` = '".sanitizeHTML($_REQUEST[' keytype '])."' ,
2004-10-16 00:28:17 +00:00
`memid` = '".$_SESSION[' profile '][' id ']."' ,
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
2006-04-20 20:48:35 +00:00
`subject` = '".mysql_real_escape_string($csrsubject)."' ,
2005-05-23 01:53:59 +00:00
`codesign` = '".$_SESSION[' _config '][' codesign ']."' ,
2013-02-27 10:29:48 +00:00
`disablelogin` = '".($_SESSION[' _config '][' disablelogin ']?1:0)."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".$_SESSION[' _config '][' rootcert ']."' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$emailid = mysql_insert_id ();
if ( is_array ( $addys ))
foreach ( $addys as $addy )
2006-04-20 20:48:35 +00:00
mysql_query ( " insert into `emaillink` set `emailcertsid`=' $emailid ', `emailid`=' " . mysql_real_escape_string ( $addy ) . " ' " );
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " client " , $emailid );
2004-10-16 00:28:17 +00:00
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
mysql_query ( " update `emailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
}
2007-01-28 18:54:23 +00:00
waitForResult ( " emailcerts " , $emailid , 4 );
2004-10-16 00:28:17 +00:00
$query = " select * from `emailcerts` where `id`=' $emailid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
2006-11-23 22:22:31 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
} else {
$id = 6 ;
$cert = $emailid ;
2008-09-04 13:47:04 +00:00
$_REQUEST [ 'cert' ] = $emailid ;
2004-10-16 00:28:17 +00:00
}
}
if ( $oldid == 7 )
{
2009-09-20 17:38:13 +00:00
csrf_check ( " adddomain " );
2009-07-31 21:25:38 +00:00
if ( strstr ( $_REQUEST [ 'newdomain' ], " \x00 " ))
{
2013-07-17 08:19:05 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes. " );
showfooter ();
exit ;
2009-07-31 21:25:38 +00:00
}
2008-09-03 16:13:28 +00:00
list ( $newdomain ) = explode ( " " , $_REQUEST [ 'newdomain' ], 2 ); // Ignore the rest
2006-08-12 19:50:20 +00:00
while ( $newdomain [ '0' ] == '-' )
$newdomain = substr ( $newdomain , 1 );
2005-02-16 18:11:53 +00:00
if ( strstr ( $newdomain , " xn-- " ) && $_SESSION [ 'profile' ][ 'codesign' ] <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses. " );
showfooter ();
exit ;
}
2004-12-09 12:30:18 +00:00
$newdom = trim ( escapeshellarg ( $newdomain ));
2006-04-20 20:48:35 +00:00
$newdomain = mysql_real_escape_string ( trim ( $newdomain ));
2004-10-16 00:28:17 +00:00
2004-12-09 12:30:18 +00:00
$res1 = mysql_query ( " select * from `orgdomains` where `domain`=' $newdomain ' " );
$query = " select * from `domains` where `domain`=' $newdomain ' and `deleted`=0 " ;
2004-10-16 00:28:17 +00:00
$res2 = mysql_query ( $query );
if ( mysql_num_rows ( $res1 ) > 0 || mysql_num_rows ( $res2 ))
{
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
$id = 7 ;
showheader ( _ ( " My CAcert.org Account! " ));
2009-12-20 22:41:21 +00:00
printf ( _ ( " The domain '%s' is already in a different account and is listed as valid. Can't continue. " ), sanitizeHTML ( $newdomain ));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
}
if ( $oldid == 7 )
{
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
$id = 8 ;
$addy = array ();
2008-08-14 09:00:25 +00:00
$adds = array ();
2005-07-01 13:12:14 +00:00
if ( strtolower ( substr ( $newdom , - 4 , 3 )) != " .jp " )
$adds = explode ( " \n " , trim ( `/usr/bin/whois $newdom|grep "@"` ));
2004-10-16 00:28:17 +00:00
if ( substr ( $newdomain , - 4 ) == " .org " || substr ( $newdomain , - 5 ) == " .info " )
{
if ( is_array ( $adds ))
foreach ( $adds as $line )
{
$bits = explode ( " : " , $line , 2 );
$line = trim ( $bits [ 1 ]);
if ( ! in_array ( $line , $addy ) && $line != " " )
2006-04-20 20:48:35 +00:00
$addy [] = trim ( mysql_real_escape_string ( stripslashes ( $line )));
2004-10-16 00:28:17 +00:00
}
} else {
if ( is_array ( $adds ))
foreach ( $adds as $line )
{
2004-12-02 11:34:07 +00:00
$line = trim ( str_replace ( " \t " , " " , $line ));
2004-12-30 22:16:58 +00:00
$line = trim ( str_replace ( " ( " , " " , $line ));
$line = trim ( str_replace ( " ) " , " " , $line ));
2010-05-04 19:51:50 +00:00
$line = trim ( str_replace ( " : " , " " , $line ));
2004-12-30 22:16:58 +00:00
2004-10-16 00:28:17 +00:00
$bits = explode ( " " , $line );
foreach ( $bits as $bit )
{
if ( strstr ( $bit , " @ " ))
$line = $bit ;
}
if ( ! in_array ( $line , $addy ) && $line != " " )
2006-04-20 20:48:35 +00:00
$addy [] = trim ( mysql_real_escape_string ( stripslashes ( $line )));
2004-10-16 00:28:17 +00:00
}
}
$rfc = array ( " root@ $newdomain " , " hostmaster@ $newdomain " , " postmaster@ $newdomain " , " admin@ $newdomain " , " webmaster@ $newdomain " );
foreach ( $rfc as $sub )
if ( ! in_array ( $sub , $addy ))
$addy [] = $sub ;
$_SESSION [ '_config' ][ 'addy' ] = $addy ;
2006-04-20 20:48:35 +00:00
$_SESSION [ '_config' ][ 'domain' ] = mysql_real_escape_string ( $newdomain );
2004-10-16 00:28:17 +00:00
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 8 )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'ctcinfo' );
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
$id = 8 ;
2006-05-01 14:45:38 +00:00
$authaddy = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'authaddy' ])));
2004-10-16 00:28:17 +00:00
2005-07-01 13:12:14 +00:00
if ( $authaddy == " " || ! is_array ( $_SESSION [ '_config' ][ 'addy' ]))
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The address you submitted isn't a valid authority address for the domain. " );
showfooter ();
exit ;
}
if ( ! in_array ( $authaddy , $_SESSION [ '_config' ][ 'addy' ]))
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The address you submitted isn't a valid authority address for the domain. " );
showfooter ();
exit ;
}
2006-04-20 20:48:35 +00:00
$query = " select * from `domains` where `domain`=' " . mysql_real_escape_string ( $_SESSION [ '_config' ][ 'domain' ]) . " ' and `deleted`=0 " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
2009-12-20 22:41:21 +00:00
printf ( _ ( " The domain '%s' is already in a different account and is listed as valid. Can't continue. " ), sanitizeHTML ( $_SESSION [ '_config' ][ 'domain' ]));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2006-08-13 19:01:06 +00:00
$checkemail = checkEmail ( $authaddy );
2006-08-12 19:39:00 +00:00
if ( $checkemail != " OK " )
2005-05-13 15:34:39 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2007-07-30 18:42:35 +00:00
//echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
2013-10-21 09:17:17 +00:00
if ( substr ( $checkemail , 0 , 1 ) == " 4 " )
2007-07-30 18:42:35 +00:00
{
2008-05-22 23:03:28 +00:00
echo " <p> " . _ ( " The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes. " ) . " </p> \n " ;
2007-07-30 18:42:35 +00:00
} else {
echo " <p> " . _ ( " Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid " ) . " </p> \n " ;
}
2005-07-01 13:12:14 +00:00
echo " <p> $checkemail </p> \n " ;
2005-05-13 15:34:39 +00:00
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
2006-04-30 08:30:54 +00:00
$hash = make_hash ();
2006-04-20 20:48:35 +00:00
$query = " insert into `domains` set `domain`=' " . mysql_real_escape_string ( $_SESSION [ '_config' ][ 'domain' ]) . " ',
2004-10-16 00:28:17 +00:00
`memid` = '".$_SESSION[' profile '][' id ']."' , `created` = NOW (), `hash` = '$hash' " ;
mysql_query ( $query );
$domainid = mysql_insert_id ();
2007-08-19 15:28:57 +00:00
$body = sprintf ( _ ( " Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content! " ), $_SESSION [ '_config' ][ 'domain' ]) . " \n \n " ;
2004-12-07 13:21:06 +00:00
$body .= " http:// " . $_SESSION [ '_config' ][ 'normalhostname' ] . " /verify.php?type=domain&domainid= $domainid &hash= $hash\n\n " ;
2004-10-16 00:28:17 +00:00
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2005-05-23 01:53:59 +00:00
sendmail ( $authaddy , " [CAcert.org] " . _ ( " Email Probe " ), $body , " support@cacert.org " , " " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address. " ), $_SESSION [ '_config' ][ 'domain' ]);
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 9 )
2004-10-16 00:28:17 +00:00
{
$id = 9 ;
showheader ( _ ( " My CAcert.org Account! " ));
2008-09-19 19:09:52 +00:00
if ( array_key_exists ( 'delid' , $_REQUEST ) && is_array ( $_REQUEST [ 'delid' ]))
2004-10-16 00:28:17 +00:00
{
2007-03-12 16:33:12 +00:00
echo _ ( " The following domains have been removed: " ) . " <br>
( " ._( " Any valid certificates will be revoked as well " ). " ) < br > \n " ;
2008-09-05 14:50:54 +00:00
foreach ( $_REQUEST [ 'delid' ] as $id )
2004-10-16 00:28:17 +00:00
{
2007-03-12 16:33:12 +00:00
$id = intval ( $id );
$query = " select * from `domains` where `id`=' $id ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
echo $row [ 'domain' ] . " <br> \n " ;
2013-09-06 15:21:06 +00:00
account_domain_delete ( $row [ 'id' ]);
2007-03-12 16:33:12 +00:00
}
2013-09-06 15:21:06 +00:00
2004-10-16 00:28:17 +00:00
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any domains for removal. " );
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 10 )
2004-10-16 00:28:17 +00:00
{
2013-09-06 15:21:06 +00:00
if ( ! array_key_exists ( 'CCA' , $_REQUEST ))
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You did not accept the CAcert Community Agreement (CCA), hit the back button and try again. " );
showfooter ();
exit ;
}
2009-04-13 23:07:13 +00:00
$CSR = clean_csr ( $_REQUEST [ 'CSR' ]);
2008-01-12 22:11:35 +00:00
if ( strpos ( $CSR , " ---BEGIN " ) === FALSE )
{
2013-07-17 08:19:05 +00:00
// In case the CSR is missing the ---BEGIN lines, add them automatically:
$CSR = " -----BEGIN CERTIFICATE REQUEST----- \n " . $CSR . " \n -----END CERTIFICATE REQUEST----- \n " ;
2008-01-12 22:11:35 +00:00
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( $CSR )) !== " " )
2008-01-12 22:11:35 +00:00
{
2011-06-16 09:19:58 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
2008-01-12 22:11:35 +00:00
}
2013-10-21 09:17:17 +00:00
2013-07-17 08:19:05 +00:00
if ( trim ( $_REQUEST [ 'description' ]) != " " ){
$_SESSION [ '_config' ][ 'description' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'description' ])));
} else {
$_SESSION [ '_config' ][ 'description' ] = " " ;
}
2011-06-16 09:19:58 +00:00
$_SESSION [ '_config' ][ 'tmpfname' ] = tempnam ( " /tmp " , " id10CSR " );
$fp = fopen ( $_SESSION [ '_config' ][ 'tmpfname' ], " w " );
fputs ( $fp , $CSR );
2004-12-09 12:30:18 +00:00
fclose ( $fp );
$CSR = $_SESSION [ '_config' ][ 'tmpfname' ];
2005-11-08 10:06:04 +00:00
$_SESSION [ '_config' ][ 'subject' ] = trim ( `/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"` );
$bits = explode ( " , " , trim ( `/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:` ));
2005-05-13 15:34:39 +00:00
foreach ( $bits as $val )
{
$_SESSION [ '_config' ][ 'subject' ] .= " /subjectAltName= " . trim ( $val );
}
2004-10-16 00:28:17 +00:00
$id = 11 ;
2005-05-13 15:34:39 +00:00
$_SESSION [ '_config' ][ '0.CN' ] = $_SESSION [ '_config' ][ '0.subjectAltName' ] = " " ;
2004-10-16 00:28:17 +00:00
extractit ();
getcn ();
getalt ();
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2005-05-23 01:53:59 +00:00
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
if ( $_SESSION [ 'profile' ][ 'points' ] >= 50 )
{
2006-05-01 14:45:38 +00:00
$_SESSION [ '_config' ][ 'rootcert' ] = intval ( $_REQUEST [ 'rootcert' ]);
2005-05-23 01:53:59 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
}
2004-10-16 00:28:17 +00:00
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 11 )
2004-10-16 00:28:17 +00:00
{
2011-06-16 09:19:58 +00:00
if ( ! file_exists ( $_SESSION [ '_config' ][ 'tmpfname' ]))
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( file_get_contents (
$_SESSION [ '_config' ][ 'tmpfname' ]))) !== " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2004-10-16 00:28:17 +00:00
$id = 11 ;
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2004-12-09 01:48:16 +00:00
$subject = " " ;
2005-05-23 01:53:59 +00:00
$count = 0 ;
2007-12-19 22:09:55 +00:00
$supressSAN = 0 ;
2013-07-17 08:19:05 +00:00
if ( $_SESSION [ " profile " ][ " id " ] == 104074 ) $supressSAN = 1 ;
2007-12-19 22:09:55 +00:00
2005-05-13 15:34:39 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'rows' ]))
foreach ( $_SESSION [ '_config' ][ 'rows' ] as $row )
2005-05-23 01:53:59 +00:00
{
$count ++ ;
if ( $count <= 1 )
{
$subject .= " /CN= $row " ;
2007-12-19 22:09:55 +00:00
if ( ! $supressSAN ) $subject .= " /subjectAltName=DNS: $row " ;
if ( ! $supressSAN ) $subject .= " /subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8: $row " ;
2005-05-23 01:53:59 +00:00
} else {
2007-12-19 22:09:55 +00:00
if ( ! $supressSAN ) $subject .= " /subjectAltName=DNS: $row " ;
if ( ! $supressSAN ) $subject .= " /subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8: $row " ;
2005-05-23 01:53:59 +00:00
}
}
2005-05-13 15:34:39 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'altrows' ]))
foreach ( $_SESSION [ '_config' ][ 'altrows' ] as $row )
2006-02-03 18:45:23 +00:00
{
if ( substr ( $row , 0 , 4 ) == " DNS: " )
{
$row = substr ( $row , 4 );
2007-12-19 22:09:55 +00:00
if ( ! $supressSAN ) $subject .= " /subjectAltName=DNS: $row " ;
if ( ! $supressSAN ) $subject .= " /subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8: $row " ;
2006-02-03 18:45:23 +00:00
}
}
2009-12-02 22:08:51 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2004-12-09 01:48:16 +00:00
2013-09-06 15:21:06 +00:00
write_user_agreement ( intval ( $_SESSION [ 'profile' ][ 'id' ]), " CCA " , " certificate creation " , " " , 1 );
2008-10-07 15:49:04 +00:00
if ( array_key_exists ( '0' , $_SESSION [ '_config' ][ 'rowid' ]) && $_SESSION [ '_config' ][ 'rowid' ][ '0' ] > 0 )
2005-05-13 15:34:39 +00:00
{
2013-10-21 09:17:17 +00:00
$query = " insert into `domaincerts` set
2008-02-19 23:09:55 +00:00
`CN` = '".mysql_real_escape_string($_SESSION[' _config '][' rows '][' 0 '])."' ,
2006-04-20 20:48:35 +00:00
`domid` = '".mysql_real_escape_string($_SESSION[' _config '][' rowid '][' 0 '])."' ,
`created` = NOW (), `subject` = '".mysql_real_escape_string($subject)."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".mysql_real_escape_string($_SESSION[' _config '][' rootcert '])."' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
2008-10-17 21:17:24 +00:00
} elseif ( array_key_exists ( '0' , $_SESSION [ '_config' ][ 'altid' ]) && $_SESSION [ '_config' ][ 'altid' ][ '0' ] > 0 ) {
2013-10-21 09:17:17 +00:00
$query = " insert into `domaincerts` set
2008-02-19 23:09:55 +00:00
`CN` = '".mysql_real_escape_string($_SESSION[' _config '][' altrows '][' 0 '])."' ,
2006-04-20 20:48:35 +00:00
`domid` = '".mysql_real_escape_string($_SESSION[' _config '][' altid '][' 0 '])."' ,
`created` = NOW (), `subject` = '".mysql_real_escape_string($subject)."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".mysql_real_escape_string($_SESSION[' _config '][' rootcert '])."' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
2008-10-17 21:17:24 +00:00
} else {
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Domain not verified. " );
showfooter ();
exit ;
2005-05-13 15:34:39 +00:00
}
2008-10-17 21:17:24 +00:00
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$CSRid = mysql_insert_id ();
2005-05-13 15:34:39 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'rowid' ]))
foreach ( $_SESSION [ '_config' ][ 'rowid' ] as $dom )
mysql_query ( " insert into `domlink` set `certid`=' $CSRid ', `domid`=' $dom ' " );
2004-10-16 00:28:17 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'altid' ]))
foreach ( $_SESSION [ '_config' ][ 'altid' ] as $dom )
mysql_query ( " insert into `domlink` set `certid`=' $CSRid ', `domid`=' $dom ' " );
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " server " , $CSRid );
2004-12-09 12:30:18 +00:00
rename ( $_SESSION [ '_config' ][ 'tmpfname' ], $CSRname );
2008-09-04 13:47:04 +00:00
chmod ( $CSRname , 0644 );
2004-10-16 00:28:17 +00:00
mysql_query ( " update `domaincerts` set `CSR_name`=' $CSRname ' where `id`=' $CSRid ' " );
2007-01-28 18:54:23 +00:00
waitForResult ( " domaincerts " , $CSRid , 11 );
2004-10-16 00:28:17 +00:00
$query = " select * from `domaincerts` where `id`=' $CSRid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
2007-01-28 18:54:23 +00:00
$id = 11 ;
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2006-11-23 22:22:31 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
} else {
$id = 15 ;
$cert = $CSRid ;
2008-09-04 13:47:04 +00:00
$_REQUEST [ 'cert' ] = $CSRid ;
2004-10-16 00:28:17 +00:00
}
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 12 && array_key_exists ( 'renew' , $_REQUEST ) && $_REQUEST [ 'renew' ] != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'srvcerchange' );
2004-10-16 00:28:17 +00:00
$id = 12 ;
showheader ( _ ( " My CAcert.org Account! " ));
2008-12-28 12:32:47 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
2009-05-31 16:48:40 +00:00
echo _ ( " Processing request " ) . " $id :<br/> " ;
2004-10-16 00:28:17 +00:00
$query = " select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts` . `id` = '$id' and
`domaincerts` . `domid` = `domains` . `id` and
`domains` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
2007-12-29 12:51:53 +00:00
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br/> \n " , $id );
2004-10-16 00:28:17 +00:00
continue ;
}
2013-10-21 09:17:17 +00:00
2004-10-16 00:28:17 +00:00
$row = mysql_fetch_assoc ( $res );
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyX509 ( file_get_contents (
$row [ 'crt_name' ]))) !== " " )
{
echo $weakKey , " <br/> \n " ;
continue ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
mysql_query ( " update `domaincerts` set `renewed`='1' where `id`=' $id ' " );
2013-10-21 09:17:17 +00:00
$query = " insert into `domaincerts` set
`domid` = '".$row[' domid ']."' ,
2008-02-19 23:09:55 +00:00
`CN` = '".mysql_real_escape_string($row[' CN '])."' ,
2009-01-16 17:36:57 +00:00
`subject` = '".mysql_real_escape_string($row[' subject '])."' , " .
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
" `created`=' " . $row [ 'created' ] . " ',
2013-10-21 09:17:17 +00:00
`modified` = NOW (),
2009-05-22 05:09:24 +00:00
`rootcert` = '".$row[' rootcert ']."' ,
`type` = '".$row[' type ']."' ,
2013-07-17 08:19:05 +00:00
`pkhash` = '".$row[' pkhash ']."' ,
`description` = '".$row[' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$newid = mysql_insert_id ();
2009-10-15 21:11:30 +00:00
$newfile = generatecertpath ( " csr " , " server " , $newid );
2004-10-16 00:28:17 +00:00
copy ( $row [ 'csr_name' ], $newfile );
2005-11-08 10:06:04 +00:00
$_SESSION [ '_config' ][ 'subject' ] = trim ( `/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"` );
$bits = explode ( " , " , trim ( `/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:` ));
2005-05-13 15:34:39 +00:00
foreach ( $bits as $val )
{
$_SESSION [ '_config' ][ 'subject' ] .= " /subjectAltName= " . trim ( $val );
}
$_SESSION [ '_config' ][ '0.CN' ] = $_SESSION [ '_config' ][ '0.subjectAltName' ] = " " ;
2004-12-30 22:16:58 +00:00
extractit ();
getcn ();
getalt ();
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-12-30 22:16:58 +00:00
{
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2007-12-29 12:51:53 +00:00
continue ;
2004-12-30 22:16:58 +00:00
}
$subject = " " ;
2005-05-23 01:53:59 +00:00
$count = 0 ;
2005-05-13 15:34:39 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'rows' ]))
foreach ( $_SESSION [ '_config' ][ 'rows' ] as $row )
2005-05-23 01:53:59 +00:00
{
$count ++ ;
if ( $count <= 1 )
{
$subject .= " /CN= $row " ;
if ( ! strstr ( $subject , " = $row / " ) &&
substr ( $subject , - strlen ( " = $row " )) != " = $row " )
$subject .= " /subjectAltName= $row " ;
} else {
if ( ! strstr ( $subject , " = $row / " ) &&
substr ( $subject , - strlen ( " = $row " )) != " = $row " )
$subject .= " /subjectAltName= $row " ;
}
}
2005-05-13 15:34:39 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'altrows' ]))
foreach ( $_SESSION [ '_config' ][ 'altrows' ] as $row )
2005-05-23 01:53:59 +00:00
if ( ! strstr ( $subject , " = $row / " ) &&
substr ( $subject , - strlen ( " = $row " )) != " = $row " )
$subject .= " /subjectAltName= $row " ;
2006-04-20 20:48:35 +00:00
$subject = mysql_real_escape_string ( $subject );
2004-12-30 22:16:58 +00:00
mysql_query ( " update `domaincerts` set `subject`=' $subject ',`csr_name`=' $newfile ' where `id`=' $newid ' " );
2009-01-16 17:36:57 +00:00
echo _ ( " Renewing " ) . " : " . sanitizeHTML ( $_SESSION [ '_config' ][ '0.CN' ]) . " <br> \n " ;
2008-03-16 00:53:17 +00:00
waitForResult ( " domaincerts " , $newid , $oldid , 0 );
2004-10-16 00:28:17 +00:00
$query = " select * from `domaincerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
2006-11-23 22:22:31 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
} else {
$drow = mysql_fetch_assoc ( $res );
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]` ;
echo " <pre> \n $cert\n </pre> \n " ;
}
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for renewal. " );
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 12 && array_key_exists ( 'revoke' , $_REQUEST ) && $_REQUEST [ 'revoke' ] != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'srvcerchange' );
2004-10-16 00:28:17 +00:00
$id = 12 ;
showheader ( _ ( " My CAcert.org Account! " ));
2008-10-17 21:17:24 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
2008-10-17 21:17:24 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
2013-10-21 09:17:17 +00:00
$query = " select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
2004-10-16 00:28:17 +00:00
where `domaincerts` . `id` = '$id' and
`domaincerts` . `domid` = `domains` . `id` and
`domains` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
2008-09-05 14:45:49 +00:00
if ( $row [ 'revoke' ] > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for revocation. " );
}
2004-10-16 00:28:17 +00:00
2008-09-19 19:09:52 +00:00
if ( array_key_exists ( 'delid' , $_REQUEST ) && is_array ( $_REQUEST [ 'delid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
2008-09-05 14:50:54 +00:00
foreach ( $_REQUEST [ 'delid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
2013-10-21 09:17:17 +00:00
$query = " select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
2004-10-16 00:28:17 +00:00
where `domaincerts` . `id` = '$id' and
`domaincerts` . `domid` = `domains` . `id` and
`domains` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `domaincerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
2013-07-17 08:19:05 +00:00
if ( $oldid == 12 && array_key_exists ( 'change' , $_REQUEST ) && $_REQUEST [ 'change' ] != " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
foreach ( $_REQUEST as $id => $val )
{
if ( substr ( $id , 0 , 14 ) == " check_comment_ " )
{
$cid = intval ( substr ( $id , 14 ));
$comment = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'comment_' . $cid ])));
mysql_query ( " update `domaincerts` set `description`=' $comment ' where `id`=' $cid ' " );
}
}
echo ( _ ( " Certificate settings have been changed. " ) . " <br/> \n " );
showfooter ();
exit ;
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 5 && array_key_exists ( 'renew' , $_REQUEST ) && $_REQUEST [ 'renew' ] != " " )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2008-12-28 12:32:47 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
2013-10-21 09:17:17 +00:00
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
2004-10-16 00:28:17 +00:00
where `id` = '$id' and `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
2013-10-21 09:17:17 +00:00
2004-10-16 00:28:17 +00:00
$row = mysql_fetch_assoc ( $res );
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyX509 ( file_get_contents (
$row [ 'crt_name' ]))) !== " " )
{
echo $weakKey , " <br/> \n " ;
continue ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
mysql_query ( " update `emailcerts` set `renewed`='1' where `id`=' $id ' " );
2013-10-21 09:17:17 +00:00
$query = " insert into emailcerts set
`memid` = '".$row[' memid ']."' ,
2008-02-19 23:09:55 +00:00
`CN` = '".mysql_real_escape_string($row[' CN '])."' ,
`subject` = '".mysql_real_escape_string($row[' subject '])."' ,
2013-10-21 09:17:17 +00:00
`keytype` = '".$row[' keytype ']."' ,
`csr_name` = '".$row[' csr_name ']."' ,
`created` = '".$row[' created ']."' ,
2008-02-19 23:09:55 +00:00
`modified` = NOW (),
`disablelogin` = '".$row[' disablelogin ']."' ,
2008-06-07 00:47:53 +00:00
`codesign` = '".$row[' codesign ']."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".$row[' rootcert ']."' ,
`description` = '".$row[' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$newid = mysql_insert_id ();
2009-10-15 21:11:30 +00:00
$newfile = generatecertpath ( " csr " , " client " , $newid );
2004-10-16 00:28:17 +00:00
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `emailcerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
$res = mysql_query ( " select * from `emaillink` where `emailcertsid`=' " . $row [ 'id' ] . " ' " );
while ( $r2 = mysql_fetch_assoc ( $res ))
{
mysql_query ( " insert into `emaillink` set `emailid`=' " . $r2 [ 'emailid' ] . " ',
`emailcertsid` = '$newid' " );
}
2008-03-16 00:53:17 +00:00
waitForResult ( " emailcerts " , $newid , $oldid , 0 );
2004-10-16 00:28:17 +00:00
$query = " select * from `emailcerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
2006-11-23 22:22:31 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
} else {
printf ( _ ( " Certificate for '%s' has been renewed. " ), $row [ 'CN' ]);
2009-10-04 15:34:39 +00:00
echo " <br/> \n <a href='account.php?id=6&cert= $newid ' target='_new'> " .
_ ( " Click here " ) . " </a> " . _ ( " to install your certificate. " ) . " <br/><br/> \n " ;
2004-10-16 00:28:17 +00:00
}
}
}
2007-03-12 16:33:12 +00:00
else
{
2009-10-04 15:34:39 +00:00
echo _ ( " You did not select any certificates for renewal. " ) . " <br/> " ;
2007-03-12 16:33:12 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 5 && array_key_exists ( 'revoke' , $_REQUEST ) && $_REQUEST [ 'revoke' ] != " " )
2004-10-16 00:28:17 +00:00
{
$id = 5 ;
showheader ( _ ( " My CAcert.org Account! " ));
2009-09-19 23:23:30 +00:00
if ( array_key_exists ( 'revokeid' , $_REQUEST ) && is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
2013-10-21 09:17:17 +00:00
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
2004-10-16 00:28:17 +00:00
where `id` = '$id' and `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
2008-09-05 14:45:49 +00:00
if ( $row [ 'revoke' ] > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for revocation. " );
}
2004-10-16 00:28:17 +00:00
2008-09-19 19:09:52 +00:00
if ( array_key_exists ( 'delid' , $_REQUEST ) && is_array ( $_REQUEST [ 'delid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
2008-09-05 14:50:54 +00:00
foreach ( $_REQUEST [ 'delid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
2013-10-21 09:17:17 +00:00
$query = " select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
2004-10-16 00:28:17 +00:00
where `id` = '$id' and `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `emailcerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 5 && array_key_exists ( 'change' , $_REQUEST ) && $_REQUEST [ 'change' ] != " " )
2008-06-08 14:44:14 +00:00
{
2013-07-17 08:19:05 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
foreach ( $_REQUEST as $id => $val )
{
if ( substr ( $id , 0 , 5 ) == " cert_ " )
{
$cid = intval ( substr ( $id , 5 ));
$dis = ( array_key_exists ( 'disablelogin_' . $cid , $_REQUEST ) && $_REQUEST [ 'disablelogin_' . $cid ] == " 1 " ) ? " 0 " : " 1 " ;
mysql_query ( " update `emailcerts` set `disablelogin`=' $dis ' where `id`=' $cid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " );
}
if ( substr ( $id , 0 , 14 ) == " check_comment_ " )
{
$cid = intval ( substr ( $id , 14 ));
if ( ! empty ( $_REQUEST [ 'check_comment_' . $cid ])) {
$comment = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'comment_' . $cid ])));
mysql_query ( " update `emailcerts` set `description`=' $comment ' where `id`=' $cid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " );
}
}
}
echo ( _ ( " Certificate settings have been changed. " ) . " <br/> \n " );
showfooter ();
exit ;
}
if ( $oldid == 6 && $_REQUEST [ 'certid' ] != " " )
{
if ( trim ( $_REQUEST [ 'description' ]) != " " ){
$description = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'description' ])));
} else {
$description = " " ;
2013-09-06 15:21:06 +00:00
}
2013-07-17 08:19:05 +00:00
2013-09-06 15:21:06 +00:00
if ( trim ( $_REQUEST [ 'disablelogin' ]) == " 1 " ){
$disablelogin = 1 ;
} else {
$disablelogin = 0 ;
}
2008-06-08 14:44:14 +00:00
2013-09-06 15:21:06 +00:00
mysql_query ( " update `emailcerts` set `disablelogin`=' $disablelogin ', `description`=' $description ' where `id`=' " . $_REQUEST [ 'certid' ] . " ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " );
}
2008-06-08 14:44:14 +00:00
2008-08-31 22:26:12 +00:00
if ( $oldid == 13 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2008-09-07 02:44:55 +00:00
csrf_check ( " perschange " );
2004-10-16 00:28:17 +00:00
$_SESSION [ '_config' ][ 'user' ] = $_SESSION [ 'profile' ];
2006-05-01 14:45:38 +00:00
$_SESSION [ '_config' ][ 'user' ][ 'Q1' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'Q1' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'Q2' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'Q2' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'Q3' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'Q3' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'Q4' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'Q4' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'Q5' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'Q5' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'A1' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'A2' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'A3' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'A3' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'A4' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'A4' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'A5' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'A5' ]))));
2004-10-16 00:28:17 +00:00
2013-07-17 08:19:05 +00:00
if ( $_SESSION [ '_config' ][ 'user' ][ 'Q1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q2' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q3' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q2' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q3' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q2' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q2' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q3' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q3' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'Q4' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q1' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q2' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q3' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q3' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A3' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A3' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A4' ] == $_SESSION [ '_config' ][ 'user' ][ 'Q5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'A2' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'A3' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'A4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] == $_SESSION [ '_config' ][ 'user' ][ 'A5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] == $_SESSION [ '_config' ][ 'user' ][ 'A3' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] == $_SESSION [ '_config' ][ 'user' ][ 'A4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] == $_SESSION [ '_config' ][ 'user' ][ 'A5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A3' ] == $_SESSION [ '_config' ][ 'user' ][ 'A4' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A3' ] == $_SESSION [ '_config' ][ 'user' ][ 'A5' ] ||
$_SESSION [ '_config' ][ 'user' ][ 'A4' ] == $_SESSION [ '_config' ][ 'user' ][ 'A5' ])
{
$_SESSION [ '_config' ][ 'errmsg' ] .= _ ( " For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer. " ) . " <br> \n " ;
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2013-07-17 08:19:05 +00:00
}
2006-08-16 17:25:19 +00:00
2005-07-01 14:33:30 +00:00
if ( $_SESSION [ '_config' ][ 'user' ][ 'Q1' ] == " " || $_SESSION [ '_config' ][ 'user' ][ 'Q2' ] == " " ||
$_SESSION [ '_config' ][ 'user' ][ 'Q3' ] == " " || $_SESSION [ '_config' ][ 'user' ][ 'Q4' ] == " " ||
$_SESSION [ '_config' ][ 'user' ][ 'Q5' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] .= _ ( " For your own security you must enter 5 lost password questions and answers. " ) . " <br> " ;
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2005-07-01 14:33:30 +00:00
}
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 13 && $process != " " )
2005-07-01 14:33:30 +00:00
{
2009-04-05 00:30:33 +00:00
$ddquery = " select sum(`points`) as `total` from `notary` where `to`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' group by `to` " ;
$ddres = mysql_query ( $ddquery );
$ddrow = mysql_fetch_assoc ( $ddres );
$_SESSION [ 'profile' ][ 'points' ] = $ddrow [ 'total' ];
2013-10-21 09:17:17 +00:00
2005-07-14 19:56:28 +00:00
if ( $_SESSION [ 'profile' ][ 'points' ] == 0 )
2004-10-16 00:28:17 +00:00
{
2008-03-22 18:15:28 +00:00
$_SESSION [ '_config' ][ 'user' ][ 'fname' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'fname' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'mname' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'mname' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'lname' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'lname' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'suffix' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'suffix' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'day' ] = intval ( $_REQUEST [ 'day' ]);
$_SESSION [ '_config' ][ 'user' ][ 'month' ] = intval ( $_REQUEST [ 'month' ]);
$_SESSION [ '_config' ][ 'user' ][ 'year' ] = intval ( $_REQUEST [ 'year' ]);
2004-10-16 00:28:17 +00:00
if ( $_SESSION [ '_config' ][ 'user' ][ 'fname' ] == " " || $_SESSION [ '_config' ][ 'user' ][ 'lname' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] .= _ ( " First and Last name fields can not be blank. " ) . " <br> " ;
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
}
if ( $_SESSION [ '_config' ][ 'user' ][ 'year' ] < 1900 || $_SESSION [ '_config' ][ 'user' ][ 'month' ] < 1 || $_SESSION [ '_config' ][ 'user' ][ 'month' ] > 12 ||
$_SESSION [ '_config' ][ 'user' ][ 'day' ] < 1 || $_SESSION [ '_config' ][ 'user' ][ 'day' ] > 31 )
{
$_SESSION [ '_config' ][ 'errmsg' ] .= _ ( " Invalid date of birth " ) . " <br> \n " ;
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
}
}
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 13 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2005-07-14 19:56:28 +00:00
if ( $_SESSION [ 'profile' ][ 'points' ] == 0 )
2004-10-16 00:28:17 +00:00
{
$query = " update `users` set `fname`=' " . $_SESSION [ '_config' ][ 'user' ][ 'fname' ] . " ',
`mname` = '".$_SESSION[' _config '][' user '][' mname ']."' ,
`lname` = '".$_SESSION[' _config '][' user '][' lname ']."' ,
`suffix` = '".$_SESSION[' _config '][' user '][' suffix ']."' ,
`dob` = '".$_SESSION[' _config '][' user '][' year ']."-".$_SESSION[' _config '][' user '][' month ']."-".$_SESSION[' _config '][' user '][' day ']."'
where `id` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
}
$query = " update `users` set `Q1`=' " . $_SESSION [ '_config' ][ 'user' ][ 'Q1' ] . " ',
`Q2` = '".$_SESSION[' _config '][' user '][' Q2 ']."' ,
`Q3` = '".$_SESSION[' _config '][' user '][' Q3 ']."' ,
`Q4` = '".$_SESSION[' _config '][' user '][' Q4 ']."' ,
`Q5` = '".$_SESSION[' _config '][' user '][' Q5 ']."' ,
`A1` = '".$_SESSION[' _config '][' user '][' A1 ']."' ,
`A2` = '".$_SESSION[' _config '][' user '][' A2 ']."' ,
`A3` = '".$_SESSION[' _config '][' user '][' A3 ']."' ,
`A4` = '".$_SESSION[' _config '][' user '][' A4 ']."' ,
`A5` = '".$_SESSION[' _config '][' user '][' A5 ']."'
where `id` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
2013-10-21 09:17:17 +00:00
//!!!Should be rewritten
2008-03-22 18:15:28 +00:00
$_SESSION [ '_config' ][ 'user' ][ 'otphash' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'otphash' ]))));
$_SESSION [ '_config' ][ 'user' ][ 'otppin' ] = trim ( mysql_real_escape_string ( stripslashes ( strip_tags ( $_REQUEST [ 'otppin' ]))));
2007-02-07 15:33:46 +00:00
if ( $_SESSION [ '_config' ][ 'user' ][ 'otphash' ] != " " && $_SESSION [ '_config' ][ 'user' ][ 'otppin' ] != " " )
{
$query = " update `users` set `otphash`=' " . $_SESSION [ '_config' ][ 'user' ][ 'otphash' ] . " ',
`otppin` = '".$_SESSION[' _config '][' user '][' otppin ']."' where `id` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
}
2004-10-16 00:28:17 +00:00
$_SESSION [ '_config' ][ 'user' ][ 'set' ] = 0 ;
$_SESSION [ 'profile' ] = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
$_SESSION [ 'profile' ][ 'loggedin' ] = 1 ;
2009-04-05 00:30:33 +00:00
$ddquery = " select sum(`points`) as `total` from `notary` where `to`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' group by `to` " ;
$ddres = mysql_query ( $ddquery );
$ddrow = mysql_fetch_assoc ( $ddres );
$_SESSION [ 'profile' ][ 'points' ] = $ddrow [ 'total' ];
2008-08-31 22:26:12 +00:00
2004-10-16 00:28:17 +00:00
$id = 13 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your details have been updated with the database. " );
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 14 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2008-08-31 22:29:02 +00:00
$_SESSION [ '_config' ][ 'user' ][ 'oldpass' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'oldpassword' ])));
$_SESSION [ '_config' ][ 'user' ][ 'pword1' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'pword1' ])));
$_SESSION [ '_config' ][ 'user' ][ 'pword2' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'pword2' ])));
2004-10-16 00:28:17 +00:00
$id = 14 ;
2008-09-07 02:44:55 +00:00
csrf_check ( " pwchange " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
if ( $_SESSION [ '_config' ][ 'user' ][ 'pword1' ] == " " || $_SESSION [ '_config' ][ 'user' ][ 'pword1' ] != $_SESSION [ '_config' ][ 'user' ][ 'pword2' ])
{
2011-08-03 10:08:53 +00:00
echo '<h3 style="color:red">' , _ ( " Failure: Pass Phrase not Changed " ),
'</h3>' , " \n " ;
2004-10-16 00:28:17 +00:00
echo _ ( " New Pass Phrases specified don't match or were blank. " );
} else {
$score = checkpw ( $_SESSION [ '_config' ][ 'user' ][ 'pword1' ], $_SESSION [ 'profile' ][ 'email' ], $_SESSION [ 'profile' ][ 'fname' ],
$_SESSION [ 'profile' ][ 'mname' ], $_SESSION [ 'profile' ][ 'lname' ], $_SESSION [ 'profile' ][ 'suffix' ]);
2006-08-14 06:00:29 +00:00
if ( $_SESSION [ '_config' ][ 'hostname' ] != $_SESSION [ '_config' ][ 'securehostname' ])
{
$match = mysql_query ( " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and
2006-02-03 18:45:23 +00:00
( `password` = old_password ( '".$_SESSION[' _config '][' user '][' oldpass ']."' ) or
`password` = sha1 ( '".$_SESSION[' _config '][' user '][' oldpass ']."' )) " );
2006-08-14 06:00:29 +00:00
$rc = mysql_num_rows ( $match );
} else {
$rc = 1 ;
}
2004-10-16 00:28:17 +00:00
if ( strlen ( $_SESSION [ '_config' ][ 'user' ][ 'pword1' ]) < 6 ) {
2011-08-03 10:08:53 +00:00
echo '<h3 style="color:red">' ,
_ ( " Failure: Pass Phrase not Changed " ), '</h3>' , " \n " ;
2004-10-16 00:28:17 +00:00
echo _ ( " The Pass Phrase you submitted was too short. " );
} else if ( $score < 3 ) {
2011-08-03 10:08:53 +00:00
echo '<h3 style="color:red">' ,
_ ( " Failure: Pass Phrase not Changed " ), '</h3>' , " \n " ;
2005-02-16 18:11:53 +00:00
printf ( _ ( " The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6. " ), $score );
2006-08-14 06:00:29 +00:00
} else if ( $rc <= 0 ) {
2011-08-03 10:08:53 +00:00
echo '<h3 style="color:red">' ,
_ ( " Failure: Pass Phrase not Changed " ), '</h3>' , " \n " ;
2004-10-16 00:28:17 +00:00
echo _ ( " You failed to correctly enter your current Pass Phrase. " );
} else {
2006-02-03 18:45:23 +00:00
mysql_query ( " update `users` set `password`=sha1(' " . $_SESSION [ '_config' ][ 'user' ][ 'pword1' ] . " ')
2004-10-16 00:28:17 +00:00
where `id` = '".$_SESSION[' profile '][' id ']."' " );
2011-08-03 10:08:53 +00:00
echo '<h3>' , _ ( " Pass Phrase Changed Successfully " ), '</h3>' , " \n " ;
2004-10-16 00:28:17 +00:00
echo _ ( " Your Pass Phrase has been updated and your primary email account has been notified of the change. " );
2012-11-01 13:57:40 +00:00
$body = sprintf ( _ ( " Hi %s, " ), $_SESSION [ 'profile' ][ 'fname' ]) . " \n \n " ;
$body .= _ ( " You are receiving this email because you or someone else " .
" has changed the password on your account. " ) . " \n \n " ;
2006-08-14 05:46:33 +00:00
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2008-05-22 23:03:28 +00:00
sendmail ( $_SESSION [ 'profile' ][ 'email' ], " [CAcert.org] " . _ ( " Password Update Notification " ), $body ,
2006-08-14 05:46:33 +00:00
" support@cacert.org " , " " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
}
}
showfooter ();
exit ;
}
if ( $oldid == 16 )
{
$id = 16 ;
$_SESSION [ '_config' ][ 'emails' ] = array ();
2006-05-01 14:45:38 +00:00
foreach ( $_REQUEST [ 'emails' ] as $val )
2004-10-16 00:28:17 +00:00
{
2006-04-20 20:48:35 +00:00
$val = mysql_real_escape_string ( stripslashes ( trim ( $val )));
2004-10-16 00:28:17 +00:00
$bits = explode ( " @ " , $val );
$count = count ( $bits );
if ( $count != 2 )
continue ;
if ( checkownership ( $bits [ 1 ]) == false )
continue ;
if ( ! is_array ( $_SESSION [ '_config' ][ 'row' ]))
continue ;
else if ( $_SESSION [ '_config' ][ 'row' ][ 'id' ] > 0 )
$_SESSION [ '_config' ][ 'domids' ][] = $_SESSION [ '_config' ][ 'row' ][ 'id' ];
if ( $val != " " )
$_SESSION [ '_config' ][ 'emails' ][] = $val ;
}
2006-08-14 01:31:49 +00:00
$_SESSION [ '_config' ][ 'name' ] = mysql_real_escape_string ( stripslashes ( trim ( $_REQUEST [ 'name' ])));
$_SESSION [ '_config' ][ 'OU' ] = mysql_real_escape_string ( stripslashes ( trim ( $_REQUEST [ 'OU' ])));
2013-07-17 08:19:05 +00:00
if ( trim ( $_REQUEST [ 'description' ]) != " " ){
$_SESSION [ '_config' ][ 'description' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'description' ])));
} else {
$_SESSION [ '_config' ][ 'description' ] = " " ;
}
2004-10-16 00:28:17 +00:00
}
if ( $oldid == 16 && ( intval ( count ( $_SESSION [ '_config' ][ 'emails' ])) + 0 ) <= 0 )
{
$id = 16 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I couldn't match any emails against your organisational account. " );
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 16 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2007-12-19 22:09:55 +00:00
2008-11-23 04:22:32 +00:00
if ( array_key_exists ( 'codesign' , $_REQUEST ) && $_REQUEST [ 'codesign' ] && $_SESSION [ 'profile' ][ 'codesign' ] && ( $_SESSION [ 'profile' ][ 'points' ] >= 100 ))
2007-12-19 22:09:55 +00:00
{
$_REQUEST [ 'codesign' ] = 1 ;
$_SESSION [ '_config' ][ 'codesign' ] = 1 ;
}
else
{
$_REQUEST [ 'codesign' ] = 0 ;
$_SESSION [ '_config' ][ 'codesign' ] = 0 ;
}
2006-05-01 14:45:38 +00:00
$_SESSION [ '_config' ][ 'rootcert' ] = intval ( $_REQUEST [ 'rootcert' ]);
2005-05-23 01:53:59 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2013-07-17 08:19:05 +00:00
if ( trim ( $_REQUEST [ 'description' ]) != " " ){
$_SESSION [ '_config' ][ 'description' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'description' ])));
} else {
$_SESSION [ '_config' ][ 'description' ] = " " ;
}
2004-10-16 00:28:17 +00:00
if ( @ count ( $_SESSION [ '_config' ][ 'emails' ]) > 0 )
$id = 17 ;
}
if ( $oldid == 17 )
{
$org = $_SESSION [ '_config' ][ 'row' ];
2006-05-01 14:45:38 +00:00
if ( $_REQUEST [ 'keytype' ] == " NS " )
2004-10-16 00:28:17 +00:00
{
2008-08-18 11:23:07 +00:00
$spkac = " " ; if ( preg_match ( " /^[a-zA-Z0-9+= \ /]+ $ / " , trim ( str_replace ( " \n " , " " , str_replace ( " \r " , " " , $_REQUEST [ 'SPKAC' ]))))) $spkac = trim ( str_replace ( " \n " , " " , str_replace ( " \r " , " " , $_REQUEST [ 'SPKAC' ])));
if ( $spkac == " " || strlen ( $spkac ) < 128 )
2004-10-16 00:28:17 +00:00
{
$id = 17 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
2006-02-03 18:45:23 +00:00
$count = 0 ;
2004-10-16 00:28:17 +00:00
$emails = " " ;
$addys = array ();
if ( is_array ( $_SESSION [ '_config' ][ 'emails' ]))
2006-02-03 18:45:23 +00:00
foreach ( $_SESSION [ '_config' ][ 'emails' ] as $_REQUEST [ 'email' ])
2004-10-16 00:28:17 +00:00
{
if ( ! $emails )
2006-02-03 18:45:23 +00:00
$defaultemail = $_REQUEST [ 'email' ];
$emails .= " $count .emailAddress = $_REQUEST[email] \n " ;
$count ++ ;
2004-10-16 00:28:17 +00:00
}
if ( $_SESSION [ '_config' ][ 'name' ] != " " )
$emails .= " commonName = " . $_SESSION [ '_config' ][ 'name' ] . " \n " ;
2007-02-13 21:50:01 +00:00
if ( $_SESSION [ '_config' ][ 'OU' ])
2006-08-14 01:31:49 +00:00
$emails .= " organizationalUnitName = " . $_SESSION [ '_config' ][ 'OU' ] . " \n " ;
2004-10-16 00:28:17 +00:00
if ( $org [ 'O' ])
$emails .= " organizationName = " . $org [ 'O' ] . " \n " ;
if ( $org [ 'L' ])
$emails .= " localityName = " . $org [ 'L' ] . " \n " ;
if ( $org [ 'ST' ])
$emails .= " stateOrProvinceName = " . $org [ 'ST' ] . " \n " ;
if ( $org [ 'C' ])
$emails .= " countryName = " . $org [ 'C' ] . " \n " ;
2009-12-02 22:08:51 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2004-10-16 00:28:17 +00:00
2013-07-17 08:19:05 +00:00
2008-08-18 11:23:07 +00:00
$emails .= " SPKAC = $spkac " ;
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeySPKAC ( $emails )) !== " " )
{
$id = 17 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
$query = " insert into `orgemailcerts` set
`CN` = '$defaultemail' ,
2008-02-19 23:09:55 +00:00
`keytype` = 'NS' ,
2004-10-16 00:28:17 +00:00
`orgid` = '".$org[' orgid ']."' ,
2005-05-23 01:53:59 +00:00
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
2007-12-19 22:09:55 +00:00
`codesign` = '".$_SESSION[' _config '][' codesign ']."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".$_SESSION[' _config '][' rootcert ']."' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$emailid = mysql_insert_id ();
foreach ( $_SESSION [ '_config' ][ 'domids' ] as $addy )
mysql_query ( " insert into `domemaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " orgclient " , $emailid );
2004-10-16 00:28:17 +00:00
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $emails );
fclose ( $fp );
2009-04-26 21:27:56 +00:00
$challenge = $_SESSION [ 'spkac_hash' ];
2013-07-17 08:19:05 +00:00
$res = `openssl spkac -verify -in $CSRname` ;
if ( ! strstr ( $res , " Challenge String: " . $challenge ))
{
$id = $oldid ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The challenge-response code of your certificate request did not match. Can't continue with certificaterequest. " );
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
mysql_query ( " update `orgemailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
2007-07-13 17:39:10 +00:00
} else if ( $_REQUEST [ 'keytype' ] == " MS " || $_REQUEST [ 'keytype' ] == " VI " ) {
2009-04-13 23:07:13 +00:00
$csr = " -----BEGIN CERTIFICATE REQUEST----- \n " . clean_csr ( $_REQUEST [ 'CSR' ]) . " -----END CERTIFICATE REQUEST----- \n " ;
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( $csr )) !== " " )
{
$id = 17 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2009-04-13 23:07:13 +00:00
$tmpfname = tempnam ( " /tmp " , " id17CSR " );
2004-10-16 00:28:17 +00:00
$fp = fopen ( $tmpfname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
$addys = array ();
$defaultemail = " " ;
2008-09-04 13:47:04 +00:00
$csrsubject = " " ;
2004-10-16 00:28:17 +00:00
if ( $_SESSION [ '_config' ][ 'name' ] != " " )
$csrsubject = " /CN= " . $_SESSION [ '_config' ][ 'name' ];
if ( is_array ( $_SESSION [ '_config' ][ 'emails' ]))
2006-02-03 18:45:23 +00:00
foreach ( $_SESSION [ '_config' ][ 'emails' ] as $_REQUEST [ 'email' ])
2004-10-16 00:28:17 +00:00
{
if ( $defaultemail == " " )
2006-02-03 18:45:23 +00:00
$defaultemail = $_REQUEST [ 'email' ];
$csrsubject .= " /emailAddress= $_REQUEST[email] " ;
2004-10-16 00:28:17 +00:00
}
2007-02-13 21:50:01 +00:00
if ( $_SESSION [ '_config' ][ 'OU' ])
2006-08-14 01:31:49 +00:00
$csrsubject .= " /organizationalUnitName= " . $_SESSION [ '_config' ][ 'OU' ];
2004-10-16 00:28:17 +00:00
if ( $org [ 'O' ])
$csrsubject .= " /organizationName= " . $org [ 'O' ];
if ( $org [ 'L' ])
$csrsubject .= " /localityName= " . $org [ 'L' ];
if ( $org [ 'ST' ])
$csrsubject .= " /stateOrProvinceName= " . $org [ 'ST' ];
if ( $org [ 'C' ])
$csrsubject .= " /countryName= " . $org [ 'C' ];
2009-04-13 23:07:13 +00:00
$tmpname = tempnam ( " /tmp " , " id17csr " );
2004-10-16 00:28:17 +00:00
$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname` ;
@ unlink ( $tmpfname );
$csr = " " ;
$fp = fopen ( $tmpname , " r " );
while ( $data = fgets ( $fp , 4096 ))
$csr .= $data ;
fclose ( $fp );
@ unlink ( $tmpname );
if ( $csr == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
2009-12-02 22:08:51 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2013-10-21 09:17:17 +00:00
$query = " insert into `orgemailcerts` set
`CN` = '$defaultemail' ,
2008-02-19 23:09:55 +00:00
`keytype` = '" . sanitizeHTML($_REQUEST[' keytype ']) . "' ,
2004-10-16 00:28:17 +00:00
`orgid` = '".$org[' orgid ']."' ,
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
2005-05-23 01:53:59 +00:00
`subject` = '$csrsubject' ,
2007-12-19 22:09:55 +00:00
`codesign` = '".$_SESSION[' _config '][' codesign ']."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".$_SESSION[' _config '][' rootcert ']."' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$emailid = mysql_insert_id ();
foreach ( $_SESSION [ '_config' ][ 'domids' ] as $addy )
mysql_query ( " insert into `domemaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " orgclient " , $emailid );
2004-10-16 00:28:17 +00:00
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
mysql_query ( " update `orgemailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
}
2008-03-16 00:53:17 +00:00
waitForResult ( " orgemailcerts " , $emailid , $oldid );
2004-10-16 00:28:17 +00:00
$query = " select * from `orgemailcerts` where `id`=' $emailid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
2006-11-23 22:22:31 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
} else {
$id = 19 ;
$cert = $emailid ;
2008-09-04 13:47:04 +00:00
$_REQUEST [ 'cert' ] = $emailid ;
2004-10-16 00:28:17 +00:00
}
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 18 && array_key_exists ( 'renew' , $_REQUEST ) && $_REQUEST [ 'renew' ] != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'clicerchange' );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2008-12-28 12:32:47 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
$id = 18 ;
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
2008-03-16 00:53:17 +00:00
echo " Renewing certificate # $id ... \n <br/> " ;
2004-10-16 00:28:17 +00:00
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts` . `id` = '$id' and `org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orgemailcerts` . `orgid` " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
2013-10-21 09:17:17 +00:00
2004-10-16 00:28:17 +00:00
$row = mysql_fetch_assoc ( $res );
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyX509 ( file_get_contents (
$row [ 'crt_name' ]))) !== " " )
{
echo $weakKey , " <br/> \n " ;
continue ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
mysql_query ( " update `orgemailcerts` set `renewed`='1' where `id`=' $id ' " );
2008-09-05 14:45:49 +00:00
if ( $row [ 'revoke' ] > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
2013-10-21 09:17:17 +00:00
$query = " insert into `orgemailcerts` set
`orgid` = '".$row[' orgid ']."' ,
2008-02-19 23:09:55 +00:00
`CN` = '".$row[' CN ']."' ,
`subject` = '".$row[' subject ']."' ,
2013-10-21 09:17:17 +00:00
`keytype` = '".$row[' keytype ']."' ,
`csr_name` = '".$row[' csr_name ']."' ,
`created` = '".$row[' created ']."' ,
2008-02-19 23:09:55 +00:00
`modified` = NOW (),
2008-06-07 00:47:53 +00:00
`codesign` = '".$row[' codesign ']."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".$row[' rootcert ']."' ,
`description` = '".$row[' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$newid = mysql_insert_id ();
2009-10-15 21:11:30 +00:00
$newfile = generatecertpath ( " csr " , " orgclient " , $newid );
2004-10-16 00:28:17 +00:00
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `orgemailcerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
2008-03-16 00:53:17 +00:00
waitForResult ( " orgemailcerts " , $newid , $oldid , 0 );
2004-10-16 00:28:17 +00:00
$query = " select * from `orgemailcerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
2008-03-16 00:53:17 +00:00
if ( mysql_num_rows ( $res ) > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " Certificate for '%s' has been renewed. " ), $row [ 'CN' ]);
echo " <a href='account.php?id=19&cert= $newid ' target='_new'> " .
_ ( " Click here " ) . " </a> " . _ ( " to install your certificate. " );
}
2008-03-16 00:53:17 +00:00
echo ( " <br/> " );
2004-10-16 00:28:17 +00:00
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for renewal. " );
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 18 && array_key_exists ( 'revoke' , $_REQUEST ) && $_REQUEST [ 'revoke' ] != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'clicerchange' );
2004-10-16 00:28:17 +00:00
$id = 18 ;
showheader ( _ ( " My CAcert.org Account! " ));
2008-12-28 12:32:47 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts` . `id` = '$id' and `org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orgemailcerts` . `orgid` " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
2008-09-05 14:45:49 +00:00
if ( $row [ 'revoke' ] > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for revocation. " );
}
2004-10-16 00:28:17 +00:00
2008-09-19 19:09:52 +00:00
if ( array_key_exists ( 'delid' , $_REQUEST ) && is_array ( $_REQUEST [ 'delid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
2008-09-05 14:50:54 +00:00
foreach ( $_REQUEST [ 'delid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
where `orgemailcerts` . `id` = '$id' and `org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orgemailcerts` . `orgid` " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `orgemailcerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
2013-07-17 08:19:05 +00:00
if ( $oldid == 18 && array_key_exists ( 'change' , $_REQUEST ) && $_REQUEST [ 'change' ] != " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
foreach ( $_REQUEST as $id => $val )
{
if ( substr ( $id , 0 , 14 ) == " check_comment_ " )
{
$cid = intval ( substr ( $id , 14 ));
$comment = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'comment_' . $cid ])));
mysql_query ( " update `orgemailcerts` set `description`=' $comment ' where `id`=' $cid ' " );
}
}
echo ( _ ( " Certificate settings have been changed. " ) . " <br/> \n " );
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 20 )
2004-10-16 00:28:17 +00:00
{
2009-04-13 23:07:13 +00:00
$CSR = clean_csr ( $_REQUEST [ 'CSR' ]);
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( $CSR )) !== " " )
{
$id = 20 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2013-07-17 08:19:05 +00:00
if ( trim ( $_REQUEST [ 'description' ]) != " " ){
$_SESSION [ '_config' ][ 'description' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'description' ])));
} else {
$_SESSION [ '_config' ][ 'description' ] = " " ;
}
2009-04-13 23:07:13 +00:00
$_SESSION [ '_config' ][ 'tmpfname' ] = tempnam ( " /tmp " , " id20CSR " );
2004-12-09 12:30:18 +00:00
$fp = fopen ( $_SESSION [ '_config' ][ 'tmpfname' ], " w " );
fputs ( $fp , $CSR );
fclose ( $fp );
$CSR = $_SESSION [ '_config' ][ 'tmpfname' ];
2005-11-08 10:06:04 +00:00
$_SESSION [ '_config' ][ 'subject' ] = trim ( `/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"` );
$bits = explode ( " , " , trim ( `/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:` ));
2005-05-13 15:34:39 +00:00
foreach ( $bits as $val )
{
$_SESSION [ '_config' ][ 'subject' ] .= " /subjectAltName= " . trim ( $val );
}
2004-10-16 00:28:17 +00:00
$id = 21 ;
2005-05-13 15:34:39 +00:00
$_SESSION [ '_config' ][ '0.CN' ] = $_SESSION [ '_config' ][ '0.subjectAltName' ] = " " ;
2004-10-16 00:28:17 +00:00
extractit ();
getcn2 ();
getalt2 ();
$query = " select * from `orginfo`,`org`,`orgdomains` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`org` . `orgid` = `orgdomains` . `orgid` and
2004-12-30 22:16:58 +00:00
`orgdomains` . `domain` = '".$_SESSION[' _config '][' 0. CN ']."' " ;
2005-05-13 15:34:39 +00:00
$_SESSION [ '_config' ][ 'CNorg' ] = mysql_fetch_assoc ( mysql_query ( $query ));
$query = " select * from `orginfo`,`org`,`orgdomains` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`org` . `orgid` = `orgdomains` . `orgid` and
`orgdomains` . `domain` = '".$_SESSION[' _config '][' 0. subjectAltName ']."' " ;
$_SESSION [ '_config' ][ 'SANorg' ] = mysql_fetch_assoc ( mysql_query ( $query ));
//echo "<pre>"; print_r($_SESSION['_config']); die;
2004-10-16 00:28:17 +00:00
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-10-16 00:28:17 +00:00
{
$id = 20 ;
showheader ( _ ( " My CAcert.org Account! " ));
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2005-05-23 01:53:59 +00:00
2006-05-01 14:45:38 +00:00
$_SESSION [ '_config' ][ 'rootcert' ] = intval ( $_REQUEST [ 'rootcert' ]);
2005-05-23 01:53:59 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2004-10-16 00:28:17 +00:00
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 21 )
2004-10-16 00:28:17 +00:00
{
2004-12-09 12:30:18 +00:00
$id = 21 ;
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if ( ! file_exists ( $_SESSION [ '_config' ][ 'tmpfname' ]))
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( file_get_contents (
$_SESSION [ '_config' ][ 'tmpfname' ]))) !== " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2013-07-17 08:19:05 +00:00
if ( $_SESSION [ '_config' ][ 'rowid' ][ '0' ] > 0 )
{
2005-05-13 15:34:39 +00:00
$query = " select * from `org`,`orginfo` where
`orginfo` . `id` = '".$_SESSION[' _config '][' rowid '][' 0 ']."' and
`orginfo` . `id` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
} else {
$query = " select * from `org`,`orginfo` where
`orginfo` . `id` = '".$_SESSION[' _config '][' altid '][' 0 ']."' and
`orginfo` . `id` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
}
2004-10-16 00:28:17 +00:00
$org = mysql_fetch_assoc ( mysql_query ( $query ));
2005-12-04 21:04:05 +00:00
$csrsubject = " " ;
2004-10-16 00:28:17 +00:00
2007-02-13 21:50:01 +00:00
if ( $_SESSION [ '_config' ][ 'OU' ])
2006-08-14 02:12:45 +00:00
$csrsubject .= " /organizationalUnitName= " . $_SESSION [ '_config' ][ 'OU' ];
2004-10-16 00:28:17 +00:00
if ( $org [ 'O' ])
$csrsubject .= " /organizationName= " . $org [ 'O' ];
if ( $org [ 'L' ])
$csrsubject .= " /localityName= " . $org [ 'L' ];
if ( $org [ 'ST' ])
$csrsubject .= " /stateOrProvinceName= " . $org [ 'ST' ];
if ( $org [ 'C' ])
$csrsubject .= " /countryName= " . $org [ 'C' ];
2008-05-25 20:09:38 +00:00
//if($org['contact'])
// $csrsubject .= "/emailAddress=".trim($org['contact']);
2004-10-16 00:28:17 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'rows' ]))
foreach ( $_SESSION [ '_config' ][ 'rows' ] as $row )
$csrsubject .= " /commonName= $row " ;
2013-10-21 09:17:17 +00:00
$SAN = " " ;
2004-10-16 00:28:17 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'altrows' ]))
foreach ( $_SESSION [ '_config' ][ 'altrows' ] as $subalt )
2005-05-13 15:34:39 +00:00
{
if ( $SAN != " " )
$SAN .= " , " ;
$SAN .= " $subalt " ;
}
2004-10-16 00:28:17 +00:00
2005-05-13 15:34:39 +00:00
if ( $SAN != " " )
2005-12-04 21:04:05 +00:00
$csrsubject .= " /subjectAltName= " . $SAN ;
2005-05-13 15:34:39 +00:00
2007-03-06 22:16:34 +00:00
$type = " " ;
2009-04-23 19:19:58 +00:00
if ( $_REQUEST [ " ocspcert " ] != " " && $_SESSION [ 'profile' ][ 'admin' ] == 1 ) $type = " 8 " ;
2009-12-02 22:08:51 +00:00
if ( $_SESSION [ '_config' ][ 'rootcert' ] < 1 || $_SESSION [ '_config' ][ 'rootcert' ] > 2 )
$_SESSION [ '_config' ][ 'rootcert' ] = 1 ;
2007-03-06 22:16:34 +00:00
2013-07-17 08:19:05 +00:00
if ( $_SESSION [ '_config' ][ 'rowid' ][ '0' ] > 0 )
{
$query = " insert into `orgdomaincerts` set
`CN` = '".$_SESSION[' _config '][' rows '][' 0 ']."' ,
`orgid` = '".$org[' id ']."' ,
`created` = NOW (),
`subject` = '$csrsubject' ,
`rootcert` = '".$_SESSION[' _config '][' rootcert ']."' ,
`type` = '$type' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
} else {
$query = " insert into `orgdomaincerts` set
`CN` = '".$_SESSION[' _config '][' altrows '][' 0 ']."' ,
`orgid` = '".$org[' id ']."' ,
`created` = NOW (),
`subject` = '$csrsubject' ,
`rootcert` = '".$_SESSION[' _config '][' rootcert ']."' ,
`type` = '$type' ,
`description` = '".$_SESSION[' _config '][' description ']."' " ;
}
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
$CSRid = mysql_insert_id ();
2007-03-12 14:06:21 +00:00
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " orgserver " , $CSRid );
2004-12-09 12:30:18 +00:00
rename ( $_SESSION [ '_config' ][ 'tmpfname' ], $CSRname );
2008-09-04 13:47:04 +00:00
chmod ( $CSRname , 0644 );
2004-10-16 00:28:17 +00:00
mysql_query ( " update `orgdomaincerts` set `CSR_name`=' $CSRname ' where `id`=' $CSRid ' " );
2005-05-13 15:34:39 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'rowid' ]))
foreach ( $_SESSION [ '_config' ][ 'rowid' ] as $id )
mysql_query ( " insert into `orgdomlink` set `orgdomid`=' $id ', `orgcertid`=' $CSRid ' " );
2004-10-16 00:28:17 +00:00
if ( is_array ( $_SESSION [ '_config' ][ 'altid' ]))
2005-05-13 15:34:39 +00:00
foreach ( $_SESSION [ '_config' ][ 'altid' ] as $id )
mysql_query ( " insert into `orgdomlink` set `orgdomid`=' $id ', `orgcertid`=' $CSRid ' " );
2008-03-16 00:53:17 +00:00
waitForResult ( " orgdomaincerts " , $CSRid , $oldid );
2004-10-16 00:28:17 +00:00
$query = " select * from `orgdomaincerts` where `id`=' $CSRid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
2007-03-12 14:06:21 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ) . " CSRid: $CSRid " , " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
} else {
$id = 23 ;
$cert = $CSRid ;
2008-09-04 13:47:04 +00:00
$_REQUEST [ 'cert' ] = $CSRid ;
2004-10-16 00:28:17 +00:00
}
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 22 && array_key_exists ( 'renew' , $_REQUEST ) && $_REQUEST [ 'renew' ] != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'orgsrvcerchange' );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2008-12-28 12:32:47 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
`orgdomaincerts` , `org`
where `orgdomaincerts` . `id` = '$id' and
`orgdomaincerts` . `orgid` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
2013-10-21 09:17:17 +00:00
2004-10-16 00:28:17 +00:00
$row = mysql_fetch_assoc ( $res );
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyX509 ( file_get_contents (
$row [ 'crt_name' ]))) !== " " )
{
echo $weakKey , " <br/> \n " ;
continue ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
mysql_query ( " update `orgdomaincerts` set `renewed`='1' where `id`=' $id ' " );
2008-09-05 14:45:49 +00:00
if ( $row [ 'revoke' ] > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
2013-10-21 09:17:17 +00:00
$query = " insert into `orgdomaincerts` set
`orgid` = '".$row[' orgid ']."' ,
2008-02-19 23:09:55 +00:00
`CN` = '".$row[' CN ']."' ,
2013-10-21 09:17:17 +00:00
`csr_name` = '".$row[' csr_name ']."' ,
2008-02-19 23:09:55 +00:00
`created` = '".$row[' created ']."' ,
2013-10-21 09:17:17 +00:00
`modified` = NOW (),
`subject` = '".$row[' subject ']."' ,
2009-04-23 19:19:58 +00:00
`type` = '".$row[' type ']."' ,
2013-07-17 08:19:05 +00:00
`rootcert` = '".$row[' rootcert ']."' ,
`description` = '".$row[' description ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$newid = mysql_insert_id ();
2009-01-22 20:36:09 +00:00
//echo "NewID: $newid<br/>\n";
2009-10-15 21:11:30 +00:00
$newfile = generatecertpath ( " csr " , " orgserver " , $newid );
2004-10-16 00:28:17 +00:00
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `orgdomaincerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
echo _ ( " Renewing " ) . " : " . $row [ 'CN' ] . " <br> \n " ;
$res = mysql_query ( " select * from `orgdomlink` where `orgcertid`=' " . $row [ 'id' ] . " ' " );
while ( $r2 = mysql_fetch_assoc ( $res ))
mysql_query ( " insert into `orgdomlink` set `orgdomid`=' " . $r2 [ 'id' ] . " ', `orgcertid`=' $newid ' " );
2008-03-16 00:53:17 +00:00
waitForResult ( " orgdomaincerts " , $newid , $oldid , 0 );
2004-10-16 00:28:17 +00:00
$query = " select * from `orgdomaincerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
2007-03-12 14:06:21 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ) . " newid: $newid " , " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-10-16 00:28:17 +00:00
} else {
$drow = mysql_fetch_assoc ( $res );
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]` ;
echo " <pre> \n $cert\n </pre> \n " ;
}
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for renewal. " );
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-05 14:45:49 +00:00
if ( $oldid == 22 && array_key_exists ( 'revoke' , $_REQUEST ) && $_REQUEST [ 'revoke' ] != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'orgsrvcerchange' );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2008-12-28 12:32:47 +00:00
if ( is_array ( $_REQUEST [ 'revokeid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
2008-12-28 12:32:47 +00:00
foreach ( $_REQUEST [ 'revokeid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
`orgdomaincerts` , `org`
where `orgdomaincerts` . `id` = '$id' and
`orgdomaincerts` . `orgid` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
2008-09-05 14:45:49 +00:00
if ( $row [ 'revoke' ] > 0 )
2004-10-16 00:28:17 +00:00
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
2007-03-12 16:33:12 +00:00
else
{
echo _ ( " You did not select any certificates for revocation. " );
}
2004-10-16 00:28:17 +00:00
2008-09-19 19:09:52 +00:00
if ( array_key_exists ( 'delid' , $_REQUEST ) && is_array ( $_REQUEST [ 'delid' ]))
2004-10-16 00:28:17 +00:00
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
2008-09-05 14:50:54 +00:00
foreach ( $_REQUEST [ 'delid' ] as $id )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
`orgdomaincerts` , `org`
where `orgdomaincerts` . `id` = '$id' and
`orgdomaincerts` . `orgid` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `orgdomaincerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
2013-07-17 08:19:05 +00:00
if ( $oldid == 22 && array_key_exists ( 'change' , $_REQUEST ) && $_REQUEST [ 'change' ] != " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
foreach ( $_REQUEST as $id => $val )
{
if ( substr ( $id , 0 , 14 ) == " check_comment_ " )
{
$cid = intval ( substr ( $id , 14 ));
$comment = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'comment_' . $cid ])));
mysql_query ( " update `orgdomaincerts` set `description`=' $comment ' where `id`=' $cid ' " );
}
}
echo ( _ ( " Certificate settings have been changed. " ) . " <br/> \n " );
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
if (( $id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31 ) &&
2006-11-27 02:02:09 +00:00
$_SESSION [ 'profile' ][ 'orgadmin' ] != 1 )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 24 && $process != " " )
2004-10-16 00:28:17 +00:00
{
$id = intval ( $oldid );
2008-09-05 15:02:43 +00:00
$_SESSION [ '_config' ][ 'O' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'O' ])));
$_SESSION [ '_config' ][ 'contact' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'contact' ])));
$_SESSION [ '_config' ][ 'L' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'L' ])));
$_SESSION [ '_config' ][ 'ST' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'ST' ])));
$_SESSION [ '_config' ][ 'C' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'C' ])));
$_SESSION [ '_config' ][ 'comments' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'comments' ])));
2004-10-16 00:28:17 +00:00
if ( $_SESSION [ '_config' ][ 'O' ] == " " || $_SESSION [ '_config' ][ 'contact' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " Organisation Name and Contact Email are required fields. " );
} else {
mysql_query ( " insert into `orginfo` set `O`=' " . $_SESSION [ '_config' ][ 'O' ] . " ',
`contact` = '".$_SESSION[' _config '][' contact ']."' ,
`L` = '".$_SESSION[' _config '][' L ']."' ,
`ST` = '".$_SESSION[' _config '][' ST ']."' ,
`C` = '".$_SESSION[' _config '][' C ']."' ,
`comments` = '".$_SESSION[' _config '][' comments ']."' " );
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:13:45 +00:00
printf ( _ ( " '%s' has just been successfully added as an organisation to the database. " ), sanitizeHTML ( $_SESSION [ '_config' ][ 'O' ]));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 27 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'orgdetchange' );
2004-10-16 00:28:17 +00:00
$id = intval ( $oldid );
2008-09-05 15:02:43 +00:00
$_SESSION [ '_config' ][ 'O' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'O' ])));
$_SESSION [ '_config' ][ 'contact' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'contact' ])));
$_SESSION [ '_config' ][ 'L' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'L' ])));
$_SESSION [ '_config' ][ 'ST' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'ST' ])));
$_SESSION [ '_config' ][ 'C' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'C' ])));
$_SESSION [ '_config' ][ 'comments' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'comments' ])));
2004-10-16 00:28:17 +00:00
if ( $_SESSION [ '_config' ][ 'O' ] == " " || $_SESSION [ '_config' ][ 'contact' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " Organisation Name and Contact Email are required fields. " );
} else {
mysql_query ( " update `orginfo` set `O`=' " . $_SESSION [ '_config' ][ 'O' ] . " ',
`contact` = '".$_SESSION[' _config '][' contact ']."' ,
`L` = '".$_SESSION[' _config '][' L ']."' ,
`ST` = '".$_SESSION[' _config '][' ST ']."' ,
`C` = '".$_SESSION[' _config '][' C ']."' ,
`comments` = '".$_SESSION[' _config '][' comments ']."'
where `id` = '".$_SESSION[' _config '][' orgid ']."' " );
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:13:45 +00:00
printf ( _ ( " '%s' has just been successfully updated in the database. " ), sanitizeHTML ( $_SESSION [ '_config' ][ 'O' ]));
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 28 && $process != " " && array_key_exists ( " domainname " , $_REQUEST ))
2004-10-16 00:28:17 +00:00
{
2008-08-17 23:25:30 +00:00
$domain = $_SESSION [ '_config' ][ 'domain' ] = trim ( mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'domainname' ])));
2004-10-16 00:28:17 +00:00
$res1 = mysql_query ( " select * from `orgdomains` where `domain`=' $domain ' " );
2004-11-18 23:21:15 +00:00
if ( mysql_num_rows ( $res1 ) > 0 )
2004-10-16 00:28:17 +00:00
{
2009-12-20 22:41:21 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] = sprintf ( _ ( " The domain '%s' is already in a different account and is listed as valid. Can't continue. " ), sanitizeHTML ( $domain ));
2004-10-16 00:28:17 +00:00
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
}
}
2008-08-27 23:08:26 +00:00
if ( $oldid == 28 && $_SESSION [ '_config' ][ 'orgid' ] <= 0 )
2004-10-16 00:28:17 +00:00
{
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
$id = 25 ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 28 && $process != " " && array_key_exists ( " orgid " , $_SESSION [ " _config " ]))
2004-10-16 00:28:17 +00:00
{
2008-08-17 23:25:30 +00:00
mysql_query ( " insert into `orgdomains` set `orgid`=' " . intval ( $_SESSION [ '_config' ][ 'orgid' ]) . " ', `domain`=' $domain ' " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:24:42 +00:00
printf ( _ ( " '%s' has just been successfully added to the database. " ), sanitizeHTML ( $domain ));
2008-08-17 23:25:30 +00:00
echo " <br><br><a href='account.php?id=26&orgid= " . intval ( $_SESSION [ '_config' ][ 'orgid' ]) . " '> " . _ ( " Click here " ) . " </a> " . _ ( " to continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 29 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2012-07-25 15:16:46 +00:00
$domain = mysql_real_escape_string ( stripslashes ( trim ( $_REQUEST [ 'domainname' ])));
2004-10-16 00:28:17 +00:00
2012-07-25 15:16:46 +00:00
$res1 = mysql_query ( " select * from `orgdomains` where `domain` like ' $domain ' and `id`!=' " . intval ( $domid ) . " ' " );
2004-10-16 00:28:17 +00:00
$res2 = mysql_query ( " select * from `domains` where `domain` like ' $domain ' and `deleted`=0 " );
if ( mysql_num_rows ( $res1 ) > 0 || mysql_num_rows ( $res2 ) > 0 )
{
2009-12-20 22:41:21 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] = sprintf ( _ ( " The domain '%s' is already in a different account and is listed as valid. Can't continue. " ), sanitizeHTML ( $domain ));
2004-10-16 00:28:17 +00:00
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
}
}
2012-07-25 15:16:46 +00:00
if (( $oldid == 29 || $oldid == 30 ) && $process != " " ) // _("Cancel") is handled in front of account.php
2004-10-16 00:28:17 +00:00
{
2013-10-21 09:17:17 +00:00
$query = " select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2004-10-16 00:28:17 +00:00
`orgdomlink` . `orgdomid` = `orgdomains` . `id` and
`orgdomaincerts` . `id` = `orgdomlink` . `orgcertid` and
2012-07-25 15:16:46 +00:00
`orgdomains` . `id` = '".intval($domid)."' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
mysql_query ( " update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . $row [ 'id' ] . " ' " );
2013-10-21 09:17:17 +00:00
$query = " select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2004-10-16 00:28:17 +00:00
`orgemaillink` . `domid` = `orgdomains` . `id` and
`orgemailcerts` . `id` = `orgemaillink` . `emailcertsid` and
2012-07-25 15:16:46 +00:00
`orgdomains` . `id` = '".intval($domid)."' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
2008-08-17 23:25:30 +00:00
mysql_query ( " update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . intval ( $row [ 'id' ]) . " ' " );
2004-10-16 00:28:17 +00:00
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 29 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2012-07-25 15:16:46 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `orgdomains` where `id`=' " . intval ( $domid ) . " ' " ));
mysql_query ( " update `orgdomains` set `domain`=' $domain ' where `id`=' " . intval ( $domid ) . " ' " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:24:42 +00:00
printf ( _ ( " '%s' has just been successfully updated in the database. " ), sanitizeHTML ( $domain ));
2012-07-25 15:16:46 +00:00
echo " <br><br><a href='account.php?id=26&orgid= " . intval ( $orgid ) . " '> " . _ ( " Click here " ) . " </a> " . _ ( " to continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 30 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2012-07-25 15:16:46 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `orgdomains` where `id`=' " . intval ( $domid ) . " ' " ));
2004-10-16 00:28:17 +00:00
$domain = $row [ 'domain' ];
2012-07-25 15:16:46 +00:00
mysql_query ( " delete from `orgdomains` where `id`=' " . intval ( $domid ) . " ' " );
2004-10-16 00:28:17 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
2008-11-17 21:24:42 +00:00
printf ( _ ( " '%s' has just been successfully deleted from the database. " ), sanitizeHTML ( $domain ));
2012-07-25 15:16:46 +00:00
echo " <br><br><a href='account.php?id=26&orgid= " . intval ( $orgid ) . " '> " . _ ( " Click here " ) . " </a> " . _ ( " to continue. " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
if ( $oldid == 30 )
{
$id = 26 ;
$orgid = 0 ;
}
2011-10-21 20:01:45 +00:00
if ( $oldid == 31 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2008-08-17 23:25:30 +00:00
$query = " select * from `orgdomains` where `orgid`=' " . intval ( $_SESSION [ '_config' ][ 'orgid' ]) . " ' " ;
2004-10-16 00:28:17 +00:00
$dres = mysql_query ( $query );
while ( $drow = mysql_fetch_assoc ( $dres ))
{
2013-10-21 09:17:17 +00:00
$query = " select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2004-10-16 00:28:17 +00:00
`orgdomlink` . `orgdomid` = `orgdomains` . `id` and
`orgdomaincerts` . `id` = `orgdomlink` . `orgcertid` and
2008-08-17 23:25:30 +00:00
`orgdomains` . `id` = '".intval($drow[' id '])."' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2008-08-17 23:25:30 +00:00
mysql_query ( " update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . intval ( $row [ 'id' ]) . " ' " );
mysql_query ( " delete from `orgdomaincerts` where `orgid`=' " . intval ( $row [ 'id' ]) . " ' " );
mysql_query ( " delete from `orgdomlink` where `domid`=' " . intval ( $row [ 'id' ]) . " ' " );
2004-10-16 00:28:17 +00:00
}
2013-10-21 09:17:17 +00:00
$query = " select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2004-10-16 00:28:17 +00:00
`orgemaillink` . `domid` = `orgdomains` . `id` and
`orgemailcerts` . `id` = `orgemaillink` . `emailcertsid` and
2008-08-17 23:25:30 +00:00
`orgdomains` . `id` = '".intval($drow[' id '])."' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2008-08-17 23:25:30 +00:00
mysql_query ( " update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . intval ( $row [ 'id' ]) . " ' " );
mysql_query ( " delete from `orgemailcerts` where `id`=' " . intval ( $row [ 'id' ]) . " ' " );
mysql_query ( " delete from `orgemaillink` where `domid`=' " . intval ( $row [ 'id' ]) . " ' " );
2004-10-16 00:28:17 +00:00
}
}
2008-08-17 23:25:30 +00:00
mysql_query ( " delete from `org` where `orgid`=' " . intval ( $_SESSION [ '_config' ][ 'orgid' ]) . " ' " );
mysql_query ( " delete from `orgdomains` where `orgid`=' " . intval ( $_SESSION [ '_config' ][ 'orgid' ]) . " ' " );
mysql_query ( " delete from `orginfo` where `id`=' " . intval ( $_SESSION [ '_config' ][ 'orgid' ]) . " ' " );
2004-10-16 00:28:17 +00:00
}
if ( $oldid == 31 )
{
$id = 25 ;
$orgid = 0 ;
}
2012-08-10 11:06:29 +00:00
if ( $id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 )
2004-10-16 00:28:17 +00:00
{
2008-08-17 23:25:30 +00:00
$query = " select * from `org` where `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' and `masteracc`='1' " ;
2004-10-16 00:28:17 +00:00
$_macc = mysql_num_rows ( mysql_query ( $query ));
2007-02-07 15:33:46 +00:00
if ( $_SESSION [ 'profile' ][ 'orgadmin' ] != 1 && $_macc <= 0 )
2004-10-16 00:28:17 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
2012-08-10 11:06:29 +00:00
exit ;
}
}
if ( $id == 35 || $oldid == 35 )
{
$query = " select 1 from `org` where `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' " ;
$is_orguser = mysql_num_rows ( mysql_query ( $query ));
if ( $_SESSION [ 'profile' ][ 'orgadmin' ] != 1 && $is_orguser <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
2004-10-16 00:28:17 +00:00
exit ;
}
}
2007-02-13 21:50:01 +00:00
if ( $id == 33 && $_SESSION [ 'profile' ][ 'orgadmin' ] != 1 )
2004-10-16 00:28:17 +00:00
{
2006-11-27 00:52:11 +00:00
$orgid = intval ( $_SESSION [ '_config' ][ 'orgid' ]);
2008-08-17 23:25:30 +00:00
$query = " select * from `org` where `orgid`=' $orgid ' and `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' and `masteracc`='1' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
$id = 35 ;
}
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 33 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'orgadmadd' );
2007-02-07 15:33:46 +00:00
if ( $_SESSION [ 'profile' ][ 'orgadmin' ] == 1 )
2008-08-17 23:25:30 +00:00
$masteracc = $_SESSION [ '_config' ][ masteracc ] = intval ( $_REQUEST [ 'masteracc' ]);
2004-10-16 00:28:17 +00:00
else
$masteracc = $_SESSION [ '_config' ][ masteracc ] = 0 ;
2006-04-20 20:48:35 +00:00
$_REQUEST [ 'email' ] = $_SESSION [ '_config' ][ 'email' ] = mysql_real_escape_string ( stripslashes ( trim ( $_REQUEST [ 'email' ])));
2008-08-17 23:25:30 +00:00
$OU = $_SESSION [ '_config' ][ 'OU' ] = mysql_real_escape_string ( stripslashes ( trim ( $_REQUEST [ 'OU' ])));
$comments = $_SESSION [ '_config' ][ 'comments' ] = mysql_real_escape_string ( stripslashes ( trim ( $_REQUEST [ 'comments' ])));
2007-09-29 22:41:53 +00:00
$res = mysql_query ( " select * from `users` where `email`=' " . $_REQUEST [ 'email' ] . " ' and `deleted`=0 " );
2004-10-16 00:28:17 +00:00
if ( mysql_num_rows ( $res ) <= 0 )
{
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2008-11-17 21:24:42 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] = sprintf ( _ ( " Wasn't able to match '%s' against any user in the system " ), sanitizeHTML ( $_REQUEST [ 'email' ]));
2004-10-16 00:28:17 +00:00
} else {
$row = mysql_fetch_assoc ( $res );
2012-07-04 09:00:17 +00:00
if ( ! is_assurer ( intval ( $row [ 'id' ])) )
{
2013-10-21 09:17:17 +00:00
$id = $oldid ;
$oldid = 0 ;
2012-07-04 09:00:17 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] =
_ ( " The user is not an Assurer yet " );
} else {
mysql_query (
" insert into `org`
set `memid` = '".intval($row[' id '])."' ,
`orgid` = '".intval($_SESSION[' _config '][' orgid '])."' ,
`masteracc` = '$masteracc' ,
`OU` = '$OU' ,
`comments` = '$comments' " );
}
2004-10-16 00:28:17 +00:00
}
}
2007-02-07 15:33:46 +00:00
if (( $oldid == 34 || $id == 34 ) && $_SESSION [ 'profile' ][ 'orgadmin' ] != 1 )
2006-08-16 00:24:46 +00:00
{
2006-11-27 00:52:11 +00:00
$orgid = intval ( $_SESSION [ '_config' ][ 'orgid' ]);
2006-08-16 00:33:30 +00:00
$res = mysql_query ( " select * from `org` where `orgid`=' $orgid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `masteracc`='1' " );
if ( mysql_num_rows ( $res ) <= 0 )
2006-08-16 00:24:46 +00:00
$id = 32 ;
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 34 && $process != " " )
2004-10-16 00:28:17 +00:00
{
2006-11-27 00:52:11 +00:00
$orgid = intval ( $_SESSION [ '_config' ][ 'orgid' ]);
2006-08-16 00:24:46 +00:00
$memid = intval ( $_REQUEST [ 'memid' ]);
2006-11-27 00:52:11 +00:00
$query = " delete from `org` where `orgid`=' $orgid ' and `memid`=' $memid ' " ;
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
}
if ( $oldid == 34 || $oldid == 33 )
{
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
$id = 32 ;
$orgid = 0 ;
}
2006-08-13 16:44:05 +00:00
if ( $id == 36 )
{
2008-09-19 22:11:49 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `alerts` where `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' " ));
2006-08-13 16:44:05 +00:00
$_REQUEST [ 'general' ] = $row [ 'general' ];
$_REQUEST [ 'country' ] = $row [ 'country' ];
$_REQUEST [ 'regional' ] = $row [ 'regional' ];
$_REQUEST [ 'radius' ] = $row [ 'radius' ];
}
2004-10-16 00:28:17 +00:00
if ( $oldid == 36 )
{
2008-09-19 22:11:49 +00:00
$rc = mysql_num_rows ( mysql_query ( " select * from `alerts` where `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' " ));
2004-10-16 00:28:17 +00:00
if ( $rc > 0 )
{
2008-09-19 22:11:49 +00:00
$query = " update `alerts` set `general`=' " . intval ( array_key_exists ( 'general' , $_REQUEST ) ? $_REQUEST [ 'general' ] : 0 ) . " ',
`country` = '".intval(array_key_exists(' country ',$_REQUEST)?$_REQUEST[' country ']:0)."' ,
`regional` = '".intval(array_key_exists(' regional ',$_REQUEST)?$_REQUEST[' regional ']:0)."' ,
`radius` = '".intval(array_key_exists(' radius ',$_REQUEST)?$_REQUEST[' radius ']:0)."'
where `memid` = '".intval($_SESSION[' profile '][' id '])."' " ;
2004-10-16 00:28:17 +00:00
} else {
2008-09-19 22:11:49 +00:00
$query = " insert into `alerts` set `general`=' " . intval ( array_key_exists ( 'general' , $_REQUEST ) ? $_REQUEST [ 'general' ] : 0 ) . " ',
`country` = '".intval(array_key_exists(' country ',$_REQUEST)?$_REQUEST[' country ']:0)."' ,
`regional` = '".intval(array_key_exists(' regional ',$_REQUEST)?$_REQUEST[' regional ']:0)."' ,
`radius` = '".intval(array_key_exists(' radius ',$_REQUEST)?$_REQUEST[' radius ']:0)."' ,
`memid` = '".intval($_SESSION[' profile '][' id '])."' " ;
2004-10-16 00:28:17 +00:00
}
mysql_query ( $query );
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-16 00:28:17 +00:00
}
2006-08-15 22:12:25 +00:00
if ( $oldid == 41 && $_REQUEST [ 'action' ] == 'default' )
2004-10-16 14:45:32 +00:00
{
2008-09-07 02:44:55 +00:00
csrf_check ( " mainlang " );
2006-05-01 14:45:38 +00:00
$lang = mysql_real_escape_string ( $_REQUEST [ 'lang' ]);
2012-01-24 14:26:05 +00:00
foreach ( L10n :: $translations as $key => $val )
2004-10-16 14:45:32 +00:00
{
if ( $key == $lang )
{
mysql_query ( " update `users` set `language`=' $lang ' where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " );
2005-07-24 13:56:10 +00:00
$_SESSION [ 'profile' ][ 'language' ] = $lang ;
2004-10-16 14:45:32 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your language setting has been updated. " );
showfooter ();
exit ;
}
}
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You tried to use an invalid language. " );
showfooter ();
exit ;
}
2006-08-15 22:12:25 +00:00
if ( $oldid == 41 && $_REQUEST [ 'action' ] == 'addsec' )
{
2008-09-07 02:44:55 +00:00
csrf_check ( " seclang " );
2006-08-15 23:00:25 +00:00
$addlang = mysql_real_escape_string ( $_REQUEST [ 'addlang' ]);
2008-09-07 02:44:55 +00:00
// Does the language exist?
mysql_query ( " insert into `addlang` set `userid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ', `lang`=' $addlang ' " );
2006-08-15 23:00:25 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your language setting has been updated. " );
showfooter ();
exit ;
}
if ( $oldid == 41 && $_REQUEST [ 'action' ] == 'dellang' )
{
2008-09-07 02:44:55 +00:00
csrf_check ( " seclang " );
2006-08-15 23:00:25 +00:00
$remove = mysql_real_escape_string ( $_REQUEST [ 'remove' ]);
2008-09-07 02:44:55 +00:00
mysql_query ( " delete from `addlang` where `userid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ' and `lang`=' $remove ' " );
2006-08-15 22:12:25 +00:00
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your language setting has been updated. " );
showfooter ();
exit ;
}
2004-12-07 13:21:06 +00:00
if (( $id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 ||
$oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50 ) &&
$_SESSION [ 'profile' ][ 'admin' ] != 1 )
2004-10-28 02:13:59 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
exit ;
}
2005-12-04 21:04:05 +00:00
if (( $id == 53 || $id == 54 || $oldid == 53 || $oldid == 54 ) &&
$_SESSION [ 'profile' ][ 'locadmin' ] != 1 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
if ( $oldid == 54 || ( $id == 53 && array_key_exists ( 'action' , $_REQUEST ) && $_REQUEST [ 'action' ] != " " ) ||
2013-07-17 08:19:05 +00:00
( $id == 54 && array_key_exists ( 'action' , $_REQUEST ) && $_REQUEST [ 'action' ] != " " &&
2006-08-13 23:14:21 +00:00
$_REQUEST [ 'action' ] != " aliases " && $_REQUEST [ 'action' ] != " edit " && $_REQUEST [ 'action' ] != " add " ))
2005-12-04 21:04:05 +00:00
{
$id = 53 ;
2008-09-19 22:11:49 +00:00
$ccid = intval ( array_key_exists ( 'ccid' , $_REQUEST ) ? $_REQUEST [ 'ccid' ] : 0 );
$regid = intval ( array_key_exists ( 'regid' , $_REQUEST ) ? $_REQUEST [ 'regid' ] : 0 );
$newreg = intval ( array_key_exists ( 'newreg' , $_REQUEST ) ? $_REQUEST [ 'newreg' ] : 0 );
$locid = intval ( array_key_exists ( 'locid' , $_REQUEST ) ? $_REQUEST [ 'locid' ] : 0 );
2008-10-17 21:17:24 +00:00
$name = array_key_exists ( 'name' , $_REQUEST ) ? mysql_real_escape_string ( strip_tags ( $_REQUEST [ 'name' ])) : " " ;
2009-12-03 20:50:54 +00:00
$long = array_key_exists ( 'longitude' , $_REQUEST ) ? ereg_replace ( " [^-0-9 \ .] " , " " , $_REQUEST [ 'longitude' ]) : " " ;
2013-07-17 08:19:05 +00:00
$lat = array_key_exists ( 'latitude' , $_REQUEST ) ? ereg_replace ( " [^-0-9 \ .] " , " " , $_REQUEST [ 'latitude' ]) : " " ;
2008-09-19 22:11:49 +00:00
$action = array_key_exists ( 'action' , $_REQUEST ) ? $_REQUEST [ 'action' ] : " " ;
2005-12-04 21:04:05 +00:00
2008-10-17 21:17:24 +00:00
if ( $locid > 0 && $action == " edit " )
2005-12-04 21:04:05 +00:00
{
$query = " update `locations` set `name`=' $name ', `lat`=' $lat ', `long`=' $long ' where `id`=' $locid ' " ;
mysql_query ( $query );
$row = mysql_fetch_assoc ( mysql_query ( " select * from `locations` where `id`=' $locid ' " ));
$_REQUEST [ 'regid' ] = $row [ 'regid' ];
unset ( $_REQUEST [ 'ccid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-10-17 21:17:24 +00:00
} else if ( $regid > 0 && $action == " edit " ) {
2005-12-04 21:04:05 +00:00
$query = " update `regions` set `name`=' $name ' where `id`=' $regid ' " ;
mysql_query ( $query );
$row = mysql_fetch_assoc ( mysql_query ( " select * from `regions` where `id`=' $regid ' " ));
$_REQUEST [ 'ccid' ] = $row [ 'ccid' ];
unset ( $_REQUEST [ 'regid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-10-17 21:17:24 +00:00
} else if ( $regid > 0 && $action == " add " ) {
2005-12-04 21:04:05 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select `ccid` from `regions` where `id`=' $regid ' " ));
$ccid = $row [ 'ccid' ];
$query = " insert into `locations` set `ccid`=' $ccid ', `regid`=' $regid ', `name`=' $name ', `lat`=' $lat ', `long`=' $long ' " ;
mysql_query ( $query );
unset ( $_REQUEST [ 'ccid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-10-17 21:17:24 +00:00
} else if ( $ccid > 0 && $action == " add " && $name != " " ) {
2005-12-04 21:04:05 +00:00
$query = " insert into `regions` set `ccid`=' $ccid ', `name`=' $name ' " ;
mysql_query ( $query );
$row = mysql_fetch_assoc ( mysql_query ( " select * from `locations` where `id`=' $locid ' " ));
unset ( $_REQUEST [ 'regid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-09-19 22:11:49 +00:00
} else if ( $locid > 0 && $action == " delete " ) {
2005-12-04 21:04:05 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `locations` where `id`=' $locid ' " ));
$_REQUEST [ 'regid' ] = $row [ 'regid' ];
2006-02-03 18:45:23 +00:00
mysql_query ( " delete from `localias` where `locid`=' $locid ' " );
2005-12-04 21:04:05 +00:00
mysql_query ( " delete from `locations` where `id`=' $locid ' " );
unset ( $_REQUEST [ 'ccid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-09-19 22:11:49 +00:00
} else if ( $locid > 0 && $action == " move " ) {
2005-12-04 21:04:05 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `locations` where `id`=' $locid ' " ));
$oldregid = $row [ 'regid' ];
mysql_query ( " update `locations` set `regid`=' $newreg ' where `id`=' $locid ' " );
mysql_query ( " update `users` set `regid`=' $newreg ' where `regid`=' $oldregid ' " );
$row = mysql_fetch_assoc ( mysql_query ( " select * from `locations` where `id`=' $locid ' " ));
$_REQUEST [ 'regid' ] = $row [ 'regid' ];
unset ( $_REQUEST [ 'ccid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-09-19 22:11:49 +00:00
} else if ( $regid > 0 && $action == " delete " ) {
2005-12-04 21:04:05 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `regions` where `id`=' $regid ' " ));
$_REQUEST [ 'ccid' ] = $row [ 'ccid' ];
mysql_query ( " delete from `locations` where `regid`=' $regid ' " );
mysql_query ( " delete from `regions` where `id`=' $regid ' " );
unset ( $_REQUEST [ 'regid' ]);
unset ( $_REQUEST [ 'locid' ]);
unset ( $_REQUEST [ 'action' ]);
2008-09-19 22:11:49 +00:00
} else if ( $locid > 0 && $action == " alias " ) {
2006-02-03 18:45:23 +00:00
$id = 54 ;
$_REQUEST [ 'action' ] = " aliases " ;
$_REQUEST [ 'locid' ] = $locid ;
$name = htmlentities ( $name );
$row = mysql_query ( " insert into `localias` set `locid`=' $locid ',`name`=' $name ' " );
2008-09-19 22:11:49 +00:00
} else if ( $locid > 0 && $action == " delalias " ) {
2006-02-03 18:45:23 +00:00
$id = 54 ;
$_REQUEST [ 'action' ] = " aliases " ;
$_REQUEST [ 'locid' ] = $locid ;
$row = mysql_query ( " delete from `localias` where `locid`=' $locid ' and `name`=' $name ' " );
2005-12-04 21:04:05 +00:00
}
}
2006-05-01 14:45:38 +00:00
if ( $oldid == 42 && $_REQUEST [ 'email' ] == " " )
2004-10-28 02:13:59 +00:00
{
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-28 02:13:59 +00:00
}
if ( $oldid == 42 )
{
$id = 43 ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-10-28 02:13:59 +00:00
}
2006-08-07 18:34:48 +00:00
if ( $oldid == 43 && $_REQUEST [ 'action' ] == " updatedob " )
{
$id = 43 ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2008-07-18 16:36:20 +00:00
$fname = mysql_real_escape_string ( $_REQUEST [ 'fname' ]);
$mname = mysql_real_escape_string ( $_REQUEST [ 'mname' ]);
2006-08-13 17:39:31 +00:00
$lname = mysql_real_escape_string ( $_REQUEST [ 'lname' ]);
2008-07-18 16:36:20 +00:00
$suffix = mysql_real_escape_string ( $_REQUEST [ 'suffix' ]);
2006-08-07 18:34:48 +00:00
$day = intval ( $_REQUEST [ 'day' ]);
$month = intval ( $_REQUEST [ 'month' ]);
$year = intval ( $_REQUEST [ 'year' ]);
$userid = intval ( $_REQUEST [ 'userid' ]);
2008-07-18 16:36:20 +00:00
$query = " select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`=' $userid ' " ;
2006-08-13 19:21:26 +00:00
$details = mysql_fetch_assoc ( mysql_query ( $query ));
$query = " insert into `adminlog` set `when`=NOW(),`old-lname`=' ${ details['lname']}',`old-dob`='${details['dob'] } ',
`new-lname` = '$lname' , `new-dob` = '$year-$month-$day' , `uid` = '$userid' , `adminid` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
2008-07-18 16:36:20 +00:00
$query = " update `users` set `fname`=' $fname ',`mname`=' $mname ',`lname`=' $lname ',`suffix`=' $suffix ',`dob`=' $year - $month - $day ' where `id`=' $userid ' " ;
2006-08-07 18:34:48 +00:00
mysql_query ( $query );
}
2013-09-06 15:21:06 +00:00
if ( $oldid == 43 && $_REQUEST [ 'action' ] == 'revokecert' )
{
$userid = intval ( $_REQUEST [ 'userid' ]);
revoke_all_private_cert ( $userid );
$id = 43 ;
}
2006-05-01 14:45:38 +00:00
if ( $oldid == 48 && $_REQUEST [ 'domain' ] == " " )
2004-12-07 12:35:40 +00:00
{
$id = $oldid ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-12-07 12:35:40 +00:00
}
if ( $oldid == 48 )
{
$id = 49 ;
2008-09-03 16:13:28 +00:00
$oldid = 0 ;
2004-12-07 12:35:40 +00:00
}
2004-11-03 01:45:21 +00:00
if ( $id == 44 )
{
2006-05-01 14:45:38 +00:00
if ( $_REQUEST [ 'userid' ] != " " )
$_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'userid' ]);
2008-11-18 00:06:34 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . intval ( $_REQUEST [ 'userid' ]) . " ' " ));
2004-11-03 01:45:21 +00:00
if ( $row [ 'email' ] == " " )
$id = 42 ;
else
2006-05-01 14:45:38 +00:00
$_REQUEST [ 'email' ] = $row [ 'email' ];
2004-11-03 01:45:21 +00:00
}
if ( $oldid == 44 )
{
showheader ( _ ( " My CAcert.org Account! " ));
2006-05-01 14:45:38 +00:00
if ( intval ( $_REQUEST [ 'userid' ]) <= 0 )
2004-11-03 01:45:21 +00:00
{
echo _ ( " No such user found. " );
} else {
2006-05-01 14:45:38 +00:00
mysql_query ( " update `users` set `password`=sha1(' " . mysql_real_escape_string ( stripslashes ( $_REQUEST [ 'newpass' ])) . " ') where `id`=' " . intval ( $_REQUEST [ 'userid' ]) . " ' " );
2008-11-18 00:06:34 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . intval ( $_REQUEST [ 'userid' ]) . " ' " ));
2008-11-17 21:24:42 +00:00
printf ( _ ( " The password for %s has been updated successfully in the system. " ), sanitizeHTML ( $row [ 'email' ]));
2008-03-22 18:15:28 +00:00
2012-11-01 13:57:40 +00:00
$body = sprintf ( _ ( " Hi %s, " ), $row [ 'fname' ]) . " \n \n " ;
$body .= _ ( " You are receiving this email because a CAcert administrator " .
" has changed the password on your account. " ) . " \n \n " ;
2008-03-22 18:15:28 +00:00
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
sendmail ( $row [ 'email' ], " [CAcert.org] " . _ ( " Password Update Notification " ), $body ,
" support@cacert.org " , " " , " " , " CAcert Support " );
2004-11-03 01:45:21 +00:00
}
showfooter ();
exit ;
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 45 )
2004-11-18 23:21:15 +00:00
{
2009-04-13 23:07:13 +00:00
$CSR = clean_csr ( $CSR );
2004-11-18 23:21:15 +00:00
$_SESSION [ '_config' ][ 'CSR' ] = $CSR ;
2005-11-08 10:06:04 +00:00
$_SESSION [ '_config' ][ 'subject' ] = trim ( `echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"` );
$bits = explode ( " , " , trim ( `echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:` ));
2005-05-13 15:34:39 +00:00
foreach ( $bits as $val )
{
$_SESSION [ '_config' ][ 'subject' ] .= " /subjectAltName= " . trim ( $val );
}
2004-11-18 23:21:15 +00:00
$id = 46 ;
2005-05-13 15:34:39 +00:00
$_SESSION [ '_config' ][ '0.CN' ] = $_SESSION [ '_config' ][ '0.subjectAltName' ] = " " ;
2004-11-18 23:21:15 +00:00
extractit ();
getcn ();
getalt ();
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-11-18 23:21:15 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2004-11-18 23:21:15 +00:00
showfooter ();
exit ;
}
}
2008-08-17 23:25:30 +00:00
if ( $process != " " && $oldid == 46 )
2004-11-18 23:21:15 +00:00
{
2009-04-13 23:07:13 +00:00
$CSR = clean_csr ( $_SESSION [ '_config' ][ 'CSR' ]);
2005-11-08 10:06:04 +00:00
$_SESSION [ '_config' ][ 'subject' ] = trim ( `echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"` );
$bits = explode ( " , " , trim ( `echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:` ));
2005-05-13 15:34:39 +00:00
foreach ( $bits as $val )
{
$_SESSION [ '_config' ][ 'subject' ] .= " /subjectAltName= " . trim ( $val );
}
2004-11-18 23:21:15 +00:00
$id = 11 ;
2005-05-13 15:34:39 +00:00
$_SESSION [ '_config' ][ '0.CN' ] = $_SESSION [ '_config' ][ '0.subjectAltName' ] = " " ;
2004-11-18 23:21:15 +00:00
extractit ();
getcn ();
getalt ();
2005-05-13 15:34:39 +00:00
if ( $_SESSION [ '_config' ][ '0.CN' ] == " " && $_SESSION [ '_config' ][ '0.subjectAltName' ] == " " )
2004-11-18 23:21:15 +00:00
{
showheader ( _ ( " My CAcert.org Account! " ));
2005-05-13 15:34:39 +00:00
echo _ ( " CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue. " );
2004-11-18 23:21:15 +00:00
showfooter ();
exit ;
}
2013-10-21 09:17:17 +00:00
2011-06-16 09:19:58 +00:00
if (( $weakKey = checkWeakKeyCSR ( $CSR )) !== " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo $weakKey ;
showfooter ();
exit ;
}
2004-11-18 23:21:15 +00:00
2013-10-21 09:17:17 +00:00
$query = " insert into `domaincerts` set
2008-02-19 23:09:55 +00:00
`CN` = '".$_SESSION[' _config '][' 0. CN ']."' ,
2004-11-18 23:21:15 +00:00
`domid` = '".$_SESSION[' _config '][' row '][' id ']."' ,
`created` = NOW () " ;
mysql_query ( $query );
$CSRid = mysql_insert_id ();
foreach ( $_SESSION [ '_config' ][ 'rowid' ] as $dom )
mysql_query ( " insert into `domlink` set `certid`=' $CSRid ', `domid`=' $dom ' " );
if ( is_array ( $_SESSION [ '_config' ][ 'altid' ]))
foreach ( $_SESSION [ '_config' ][ 'altid' ] as $dom )
mysql_query ( " insert into `domlink` set `certid`=' $CSRid ', `domid`=' $dom ' " );
2009-10-15 21:11:30 +00:00
$CSRname = generatecertpath ( " csr " , " server " , $CSRid );
2004-11-18 23:21:15 +00:00
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $_SESSION [ '_config' ][ 'CSR' ]);
fclose ( $fp );
mysql_query ( " update `domaincerts` set `CSR_name`=' $CSRname ' where `id`=' $CSRid ' " );
2008-03-16 00:53:17 +00:00
waitForResult ( " domaincerts " , $CSRid , $oldid );
2004-11-18 23:21:15 +00:00
$query = " select * from `domaincerts` where `id`=' $CSRid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
2006-11-23 22:22:31 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2004-11-18 23:21:15 +00:00
showfooter ();
exit ;
} else {
$id = 47 ;
$cert = $CSRid ;
2008-09-04 13:47:04 +00:00
$_REQUEST [ 'cert' ] = $CSRid ;
2004-11-18 23:21:15 +00:00
}
}
2008-09-19 22:11:49 +00:00
if ( $id == 43 && array_key_exists ( 'tverify' , $_REQUEST ) && $_REQUEST [ 'tverify' ] > 0 )
2005-03-12 19:40:24 +00:00
{
2006-05-01 14:45:38 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'tverify' ]);
2005-03-12 19:40:24 +00:00
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'tverify' ];
mysql_query ( " update `users` set `tverify`=' $ver ' where `id`=' $memid ' " );
}
2013-07-17 08:19:05 +00:00
if ( $id == 43 && array_key_exists ( 'assurer' , $_REQUEST ) && $_REQUEST [ 'assurer' ] > 0 )
{
csrf_check ( 'admsetassuret' );
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'assurer' ]);
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'assurer' ];
mysql_query ( " update `users` set `assurer`=' $ver ' where `id`=' $memid ' " );
}
if ( $id == 43 && array_key_exists ( 'assurer_blocked' , $_REQUEST ) && $_REQUEST [ 'assurer_blocked' ] > 0 )
{
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'assurer_blocked' ]);
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'assurer_blocked' ];
mysql_query ( " update `users` set `assurer_blocked`=' $ver ' where `id`=' $memid ' " );
}
2008-05-11 15:28:23 +00:00
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'locked' , $_REQUEST ) && $_REQUEST [ 'locked' ] > 0 )
2006-08-16 05:56:39 +00:00
{
2013-10-21 09:17:17 +00:00
csrf_check ( 'admactlock' );
2006-08-16 05:56:39 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'locked' ]);
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'locked' ];
mysql_query ( " update `users` set `locked`=' $ver ' where `id`=' $memid ' " );
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'codesign' , $_REQUEST ) && $_REQUEST [ 'codesign' ] > 0 )
2005-03-12 20:09:03 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'admcodesign' );
2006-05-01 14:45:38 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'codesign' ]);
2005-03-12 20:09:03 +00:00
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'codesign' ];
mysql_query ( " update `users` set `codesign`=' $ver ' where `id`=' $memid ' " );
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'orgadmin' , $_REQUEST ) && $_REQUEST [ 'orgadmin' ] > 0 )
2006-11-27 02:02:09 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'admorgadmin' );
2006-11-27 02:02:09 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'orgadmin' ]);
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'orgadmin' ];
mysql_query ( " update `users` set `orgadmin`=' $ver ' where `id`=' $memid ' " );
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'ttpadmin' , $_REQUEST ) && $_REQUEST [ 'ttpadmin' ] > 0 )
2005-11-20 08:16:55 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'admttpadmin' );
2006-05-01 14:45:38 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'ttpadmin' ]);
2005-11-20 08:16:55 +00:00
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'ttpadmin' ];
mysql_query ( " update `users` set `ttpadmin`=' $ver ' where `id`=' $memid ' " );
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'adadmin' , $_REQUEST ) && $_REQUEST [ 'adadmin' ] > 0 )
2006-12-09 00:23:15 +00:00
{
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'adadmin' ]);
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
2006-12-09 00:37:06 +00:00
$ver = $row [ 'adadmin' ] + 1 ;
if ( $ver > 2 )
$ver = 0 ;
2006-12-09 00:23:15 +00:00
mysql_query ( " update `users` set `adadmin`=' $ver ' where `id`=' $memid ' " );
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'locadmin' , $_REQUEST ) && $_REQUEST [ 'locadmin' ] > 0 )
2005-11-20 08:16:55 +00:00
{
2006-05-01 14:45:38 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'locadmin' ]);
2005-11-20 08:16:55 +00:00
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'locadmin' ];
mysql_query ( " update `users` set `locadmin`=' $ver ' where `id`=' $memid ' " );
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'admin' , $_REQUEST ) && $_REQUEST [ 'admin' ] > 0 )
2005-12-04 21:04:05 +00:00
{
2009-09-20 17:38:13 +00:00
csrf_check ( 'admsetadmin' );
2006-05-01 14:45:38 +00:00
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'admin' ]);
2005-12-04 21:04:05 +00:00
$query = " select * from `users` where `id`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$ver = ! $row [ 'admin' ];
mysql_query ( " update `users` set `admin`=' $ver ' where `id`=' $memid ' " );
}
2006-08-16 17:53:18 +00:00
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'general' , $_REQUEST ) && $_REQUEST [ 'general' ] > 0 )
2006-08-16 17:53:18 +00:00
{
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'general' ]);
2006-08-16 18:05:14 +00:00
$query = " select * from `alerts` where `memid`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
2006-08-16 17:53:18 +00:00
$ver = ! $row [ 'general' ];
2006-08-16 18:05:14 +00:00
mysql_query ( " update `alerts` set `general`=' $ver ' where `memid`=' $memid ' " );
2006-08-16 17:53:18 +00:00
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'country' , $_REQUEST ) && $_REQUEST [ 'country' ] > 0 )
2006-08-16 17:53:18 +00:00
{
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'country' ]);
2006-08-16 18:05:14 +00:00
$query = " select * from `alerts` where `memid`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
2006-08-16 17:53:18 +00:00
$ver = ! $row [ 'country' ];
2006-08-16 18:05:14 +00:00
mysql_query ( " update `alerts` set `country`=' $ver ' where `memid`=' $memid ' " );
2006-08-16 17:53:18 +00:00
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'regional' , $_REQUEST ) && $_REQUEST [ 'regional' ] > 0 )
2006-08-16 17:53:18 +00:00
{
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'regional' ]);
2006-08-16 18:05:14 +00:00
$query = " select * from `alerts` where `memid`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
2006-08-16 17:53:18 +00:00
$ver = ! $row [ 'regional' ];
2006-08-16 18:05:14 +00:00
mysql_query ( " update `alerts` set `regional`=' $ver ' where `memid`=' $memid ' " );
2006-08-16 17:53:18 +00:00
}
2008-09-05 15:37:40 +00:00
if ( $id == 43 && array_key_exists ( 'radius' , $_REQUEST ) && $_REQUEST [ 'radius' ] > 0 )
2006-08-16 17:53:18 +00:00
{
$memid = $_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'radius' ]);
2006-08-16 18:05:14 +00:00
$query = " select * from `alerts` where `memid`=' $memid ' " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
2006-08-16 17:53:18 +00:00
$ver = ! $row [ 'radius' ];
2006-08-16 18:05:14 +00:00
mysql_query ( " update `alerts` set `radius`=' $ver ' where `memid`=' $memid ' " );
2006-08-16 17:53:18 +00:00
}
2005-12-04 21:04:05 +00:00
2004-12-07 13:21:06 +00:00
if ( $id == 50 )
{
2008-09-05 15:37:40 +00:00
if ( array_key_exists ( 'userid' , $_REQUEST ) && $_REQUEST [ 'userid' ] != " " )
2005-12-04 21:04:05 +00:00
$_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'userid' ]);
2004-12-07 13:21:06 +00:00
2008-11-18 00:06:34 +00:00
$row = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . intval ( $_REQUEST [ 'userid' ]) . " ' " ));
2004-12-07 13:21:06 +00:00
if ( $row [ 'email' ] == " " )
$id = 42 ;
else
2006-02-03 18:45:23 +00:00
$_REQUEST [ 'email' ] = $row [ 'email' ];
2004-12-07 13:21:06 +00:00
}
if ( $oldid == 50 )
{
$id = 43 ;
2006-02-03 18:45:23 +00:00
$_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'userid' ]);
2004-12-07 13:21:06 +00:00
}
2008-08-17 23:25:30 +00:00
if ( $oldid == 50 && $process != " " )
2004-12-07 13:21:06 +00:00
{
2006-02-03 18:45:23 +00:00
$_REQUEST [ 'userid' ] = intval ( $_REQUEST [ 'userid' ]);
2013-09-06 15:21:06 +00:00
if ( trim ( $_REQUEST [ 'arbitrationno' ]) == " " ){
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You did not enter an arbitration number entry. " );
showfooter ();
exit ;
}
if ( 1 !== preg_match ( '/^[a-z]\d{8}\.\d+\.\d+$/i' , trim ( $_REQUEST [ 'arbitrationno' ])) ) {
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " '%s' is not a valid arbitration number entry. " ), sanitizeHTML ( trim ( $_REQUEST [ 'arbitrationno' ])));
showfooter ();
exit ;
}
if ( check_email_exists ( trim ( $_REQUEST [ 'arbitrationno' ]) . '@cacert.org' )) {
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The email address '%s' is already in a different account. Can't continue. " ), sanitizeHTML ( $_REQUEST [ 'arbitrationno' ] . '@cacert.org' ));
showfooter ();
exit ;
}
if ( check_client_cert_running ( $_REQUEST [ 'userid' ], 1 ) ||
check_server_cert_running ( $_REQUEST [ 'userid' ], 1 ) ||
check_gpg_cert_running ( $_REQUEST [ 'userid' ], 1 )) {
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The CCA retention time for at least one certificate is not over. Can't continue. " ));
showfooter ();
exit ;
}
if ( check_is_orgadmin ( $_REQUEST [ 'userid' ], 1 )) {
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The user is listed as Organisation Administrator. Can't continue. " ));
showfooter ();
exit ;
2004-12-07 13:21:06 +00:00
}
2013-09-06 15:21:06 +00:00
account_delete ( $_REQUEST [ 'userid' ], trim ( $_REQUEST [ 'arbitrationno' ]), $_SESSION [ 'profile' ][ 'id' ]);
2004-12-07 13:21:06 +00:00
}
2005-03-18 16:08:22 +00:00
if (( $id == 51 || $id == 52 || $oldid == 52 ) && $_SESSION [ 'profile' ][ 'tverify' ] <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
exit ;
}
if ( $oldid == 52 )
{
2006-05-01 14:45:38 +00:00
$uid = intval ( $_REQUEST [ 'uid' ]);
2005-03-18 16:08:22 +00:00
$query = " select * from `tverify` where `id`=' $uid ' and `modified`=0 " ;
$rc = mysql_num_rows ( mysql_query ( $query ));
if ( $rc <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Unable to find a valid tverify request for this ID. " );
showfooter ();
exit ;
}
}
if ( $oldid == 52 )
{
$query = " select * from `tverify-vote` where `tverify`=' $uid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
$rc = mysql_num_rows ( mysql_query ( $query ));
if ( $rc > 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You have already voted on this request. " );
showfooter ();
exit ;
}
}
2006-05-01 14:45:38 +00:00
if ( $oldid == 52 && ( $_REQUEST [ 'agree' ] != " " || $_REQUEST [ 'disagree' ] != " " ))
2005-03-18 16:08:22 +00:00
{
$vote = - 1 ;
2006-05-01 14:45:38 +00:00
if ( $_REQUEST [ 'agree' ] != " " )
2005-03-18 16:08:22 +00:00
$vote = 1 ;
$query = " insert into `tverify-vote` set
`tverify` = '$uid' ,
`memid` = '".$_SESSION[' profile '][' id ']."' ,
`when` = NOW (), `vote` = '$vote' ,
2006-05-01 14:45:38 +00:00
`comment` = '".mysql_real_escape_string($_REQUEST[' comment '])."' " ;
2005-03-18 16:08:22 +00:00
mysql_query ( $query );
$rc = mysql_num_rows ( mysql_query ( " select * from `tverify-vote` where `tverify`=' $uid ' and `vote`='1' " ));
2005-11-08 10:06:04 +00:00
if ( $rc >= 8 )
2005-03-18 16:08:22 +00:00
{
mysql_query ( " update `tverify` set `modified`=NOW() where `id`=' $uid ' " );
$tverify = mysql_fetch_assoc ( mysql_query ( " select * from `tverify` where `id`=' $uid ' " ));
$memid = $tverify [ 'memid' ];
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $memid ' " ));
$tmp = mysql_fetch_assoc ( mysql_query ( " select sum(`points`) as `points` from `notary` where `to`=' $memid ' " ));
$points = 0 ;
if ( $tverify [ 'URL' ] != " " && $tverify [ 'photoid' ] != " " )
$points = 150 - intval ( $tmp [ 'points' ]);
if ( $tverify [ 'URL' ] != " " && $tverify [ 'photoid' ] == " " )
$points = 90 - intval ( $tmp [ 'points' ]);
if ( $tverify [ 'URL' ] == " " && $tverify [ 'photoid' ] == " " )
$points = 50 - intval ( $tmp [ 'points' ]);
if ( $points < 0 )
$points = 0 ;
if ( $points > 0 )
{
mysql_query ( " insert into `notary` set `from`='0', `to`=' $memid ', `points`=' $points ',
`method` = 'Thawte Points Transfer' , `when` = NOW () " );
2009-04-05 00:30:33 +00:00
fix_assurer_flag ( $memid );
2005-03-18 16:08:22 +00:00
}
$totalpoints = intval ( $tmp [ 'points' ]) + $points ;
2005-06-09 15:21:55 +00:00
$body = _ ( " Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total " ) . " \n \n " . _ ( " The following comments were made by reviewers " ) . " \n \n " ;
2005-03-18 16:08:22 +00:00
$res = mysql_query ( " select * from `tverify-vote` where `tverify`=' $uid ' and `vote`='1' " );
while ( $row = mysql_fetch_assoc ( $res ))
$body .= $row [ 'comment' ] . " \n " ;
$body .= " \n " ;
2013-10-21 09:17:17 +00:00
2005-03-18 16:08:22 +00:00
$body .= _ ( " Best regards " ) . " \n " ;
$body .= _ ( " CAcert Support Team " );
2005-05-23 01:53:59 +00:00
sendmail ( $user [ 'email' ], " [CAcert.org] Thawte Notary Points Transfer " , $body , " website-form@cacert.org " , " support@cacert.org " , " " , " CAcert Tverify " );
2005-03-18 16:08:22 +00:00
}
$rc = mysql_num_rows ( mysql_query ( " select * from `tverify-vote` where `tverify`=' $uid ' and `vote`='-1' " ));
if ( $rc >= 4 )
{
mysql_query ( " update `tverify` set `modified`=NOW() where `id`=' $uid ' " );
$tverify = mysql_fetch_assoc ( mysql_query ( " select * from `tverify` where `id`=' $uid ' " ));
$memid = $tverify [ 'memid' ];
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $memid ' " ));
$body = _ ( " Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application. " ) . " \n \n " ;
$res = mysql_query ( " select * from `tverify-vote` where `tverify`=' $uid ' and `vote`='-1' " );
while ( $row = mysql_fetch_assoc ( $res ))
$body .= $row [ 'comment' ] . " \n " ;
$body .= " \n " ;
$body .= _ ( " You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again. " ) . " \n \n " ;
2013-10-21 09:17:17 +00:00
2005-03-18 16:08:22 +00:00
$body .= _ ( " Best regards " ) . " \n " ;
$body .= _ ( " CAcert Support Team " );
2005-05-23 01:53:59 +00:00
sendmail ( $user [ 'email' ], " [CAcert.org] Thawte Notary Points Transfer " , $body , " website-form@cacert.org " , " support@cacert.org " , " " , " CAcert Tverify " );
2005-03-18 16:08:22 +00:00
}
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your vote has been accepted. " );
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
if ( intval ( $cert ) > 0 )
$_SESSION [ '_config' ][ 'cert' ] = intval ( $cert );
if ( intval ( $orgid ) > 0 )
$_SESSION [ '_config' ][ 'orgid' ] = intval ( $orgid );
if ( intval ( $memid ) > 0 )
$_SESSION [ '_config' ][ 'memid' ] = intval ( $memid );
?>
