2004-10-16 00:28:17 +00:00
< ? /*
Copyright ( C ) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert .
CAcert has been released under a CAcert Source license
which can be found included with these source files or can
be downloaded from the internet from the following address :
http :// www . cacert . org / src - lic . php
CAcert is distributed WITHOUT ANY WARRANTY ; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE . See the License for more details .
*/
2004-10-16 12:59:42 +00:00
if ( $_SERVER [ 'HTTP_HOST' ] == " secure.cacert.org " )
2004-10-16 00:28:17 +00:00
{
$query = " select * from `emailcerts` where `serial`=' $_SERVER[SSL_CLIENT_M_SERIAL] ' and `revoked`=0 and
UNIX_TIMESTAMP ( `expire` ) - UNIX_TIMESTAMP () > 0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
$_SESSION [ 'profile' ] = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . $row [ 'memid' ] . " ' " ));
$_SESSION [ 'profile' ][ 'loggedin' ] = 1 ;
} else {
$_SESSION [ 'profile' ][ 'loggedin' ] = 0 ;
unset ( $_SESSION [ '_config' ][ 'oldlocation' ]);
foreach ( $_GET as $key => $val )
{
if ( $_SESSION [ '_config' ][ 'oldlocation' ])
$_SESSION [ '_config' ][ 'oldlocation' ] .= " & " ;
$_SESSION [ '_config' ][ 'oldlocation' ] .= " $key = $val " ;
}
$_SESSION [ '_config' ][ 'oldlocation' ] = " account.php? " . $_SESSION [ '_config' ][ 'oldlocation' ];
2004-10-16 12:59:42 +00:00
header ( " location: https:// " . $_SERVER [ 'HTTP_HOST' ] . " /index.php?id=4 " );
2004-10-16 00:28:17 +00:00
exit ;
}
2004-10-16 12:59:42 +00:00
} else if ( $_SERVER [ 'HTTP_HOST' ] == " secure.cacert.org " && $_SESSION [ 'profile' ][ 'id' ] > 0 ) {
2004-10-16 00:28:17 +00:00
$_SESSION [ 'profile' ] = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
}
2004-10-16 12:59:42 +00:00
if ( $_SERVER [ 'HTTP_HOST' ] == " secure.cacert.org " && ( $_SESSION [ 'profile' ][ 'id' ] <= 0 || $_SESSION [ 'profile' ][ 'loggedin' ] == 0 ))
2004-10-16 00:28:17 +00:00
{
header ( " location: https://www.cacert.org " );
exit ;
}
2004-10-16 12:59:42 +00:00
if ( $_SERVER [ 'HTTP_HOST' ] == " secure.cacert.org " && $_SESSION [ 'profile' ][ 'id' ] > 0 )
{
2004-10-16 14:45:32 +00:00
$query = " select sum(`points`) as `total` from `notary` where `to`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' group by `to` " ;
$res = mysql_query ( $query );
$row = mysql_fetch_assoc ( $res );
$_SESSION [ 'profile' ][ 'points' ] = $row [ 'total' ];
if ( $_SESSION [ 'profile' ][ 'language' ] == " " )
{
$query = " update `users` set `language`=' " . $_SESSION [ '_config' ][ 'language' ] . " '
where `id` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
2004-10-16 15:14:46 +00:00
} else {
$_SESSION [ '_config' ][ 'language' ] = $_SESSION [ 'profile' ][ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'language' ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'language' ]);
$domain = 'messages' ;
bindtextdomain ( " $domain " , " /home/cacert/locale " );
textdomain ( " $domain " );
2004-10-16 14:45:32 +00:00
}
2004-10-16 12:59:42 +00:00
}
2004-10-16 00:28:17 +00:00
if ( $id == " logout " )
{
$_SESSION [ 'profile' ][ 'loggedin' ] = 0 ;
2004-10-16 12:59:42 +00:00
header ( " location: https:// " . $_SERVER [ 'HTTP_HOST' ] . " /index.php " );
2004-10-16 00:28:17 +00:00
exit ;
}
if ( $_SESSION [ 'profile' ][ 'loggedin' ] < 1 )
{
unset ( $_SESSION [ '_config' ][ 'oldlocation' ]);
foreach ( $_GET as $key => $val )
{
if ( $_SESSION [ '_config' ][ 'oldlocation' ])
$_SESSION [ '_config' ][ 'oldlocation' ] .= " & " ;
$_SESSION [ '_config' ][ 'oldlocation' ] .= " $key = $val " ;
}
$_SESSION [ '_config' ][ 'oldlocation' ] = " account.php? " . $_SESSION [ '_config' ][ 'oldlocation' ];
2004-10-16 12:59:42 +00:00
header ( " location: https:// " . $_SERVER [ 'HTTP_HOST' ] . " /index.php?id=4 " );
2004-10-16 00:28:17 +00:00
exit ;
}
loadem ( " account " );
if ( $process == _ ( " Add " ) && $oldid == 1 )
{
$id = 1 ;
if ( trim ( mysql_escape_string ( stripslashes ( $newemail ))) == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Not a valid email address. Can't continue. " ), $email );
showfooter ();
exit ;
}
unset ( $oldid );
$email = trim ( mysql_escape_string ( stripslashes ( $newemail )));
$query = " select * from `email` where `email`=' $email ' and `deleted`=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The email address '%s' is already in the system. Can't continue. " ), $email );
showfooter ();
exit ;
}
$rnd = fopen ( " /dev/urandom " , " r " );
$hash = md5 ( fgets ( $rnd , 64 ));
fclose ( $rnd );
$query = " insert into `email` set `email`=' $email ',`memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ',`created`=NOW(),`hash`=' $hash ' " ;
mysql_query ( $query );
$emailid = mysql_insert_id ();
$body = _ ( " Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content! " ) . " \n \n " ;
$body .= " http:// $hostname /verify.php?type=email&emailid= $emailid &hash= $hash\n\n " ;
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
mail ( $email , " [CAcert.org] " . _ ( " Email Probe " ), $body , " From: Support <duane@cacert.org> \n Errors-To: returns@cacert.org " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address. " ), $email );
showfooter ();
exit ;
}
if ( $process == _ ( " Make Default " ) && $oldid == 2 )
{
$id = 2 ;
$emailid = intval ( $emailid );
$query = " select * from `email` where `id`=' $emailid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `hash` = '' and `deleted`=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " Error! " ));
echo _ ( " You currently don't have access to the email address you selected, or you haven't verified it yet. " );
showfooter ();
exit ;
}
$row = mysql_fetch_assoc ( $res );
$_SESSION [ 'profile' ][ 'email' ] = $row [ 'email' ];
$query = " update `users` set `email`=' " . $row [ 'email' ] . " ' where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
mysql_query ( $query );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Your default email address has been updated to '%s'. " ), $row [ 'email' ]);
showfooter ();
exit ;
}
if ( $process == _ ( " Delete " ) && $oldid == 2 )
{
$id = 2 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The following accounts have been removed: " ) . " <br> \n " ;
if ( is_array ( $delid ))
foreach ( $delid as $id )
{
$id = intval ( $id );
$query = " select * from `email` where `id`=' $id ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and
`email` != '".$_SESSION[' profile '][' email ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
echo $row [ 'email' ] . " <br> \n " ;
$query = " select `emailcerts`.`id`
from `emaillink` , `emailcerts` where
`emailid` = '$id' and `emaillink` . `emailcertsid` = `emailcerts` . `id` and
`revoked` = 0 and UNIX_TIMESTAMP ( `expire` ) - UNIX_TIMESTAMP () > 0
group by `emailcerts` . `id` " ;
$dres = mysql_query ( $query );
while ( $drow = mysql_fetch_assoc ( $dres ))
mysql_query ( " update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . $drow [ 'id' ] . " ' " );
$query = " update `email` set `deleted`=NOW() where `id`=' $id ' " ;
mysql_query ( $query );
}
}
showfooter ();
exit ;
}
if ( $process == _ ( " Next " ) && $oldid == 3 )
{
if ( ! is_array ( $addid ))
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
$_SESSION [ '_config' ][ 'addid' ] = $addid ;
if ( $_SESSION [ 'profile' ][ 'points' ] > 50 )
$_SESSION [ '_config' ][ 'incname' ] = intval ( $incname );
$id = 4 ;
}
if ( $oldid == 4 )
{
if ( $_POST [ 'keytype' ] == " NS " )
{
if ( $_POST [ 'SPKAC' ] == " " || $_POST [ 'SPKAC' ] == " deadbeef " )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
$emailcount = 0 ;
$emails = " " ;
$addys = array ();
if ( is_array ( $_SESSION [ '_config' ][ 'addid' ]))
foreach ( $_SESSION [ '_config' ][ 'addid' ] as $id )
{
$res = mysql_query ( " select * from `email` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `id`=' $id ' " );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
if ( ! $emails )
$defaultemail = $row [ 'email' ];
$emails .= " $emailcount .emailAddress = " . $row [ 'email' ] . " \n " ;
$emailcount ++ ;
$addys [] = $row [ 'id' ];
}
}
if ( $emailcount <= 0 )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request. " );
showfooter ();
exit ;
}
if ( $_SESSION [ '_config' ][ 'incname' ] <= 0 || $_SESSION [ '_config' ][ 'incname' ] > 5 )
$emails .= " commonName = CAcert WoT User \n " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 1 )
$emails .= " commonName = " . $_SESSION [ 'profile' ][ 'fname' ] . " \n " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 2 )
$emails .= " commonName = " . $_SESSION [ 'profile' ][ 'fname' ] . " " . $_SESSION [ 'profile' ][ 'lname' ] . " \n " ;
$emails .= " SPKAC = " . str_replace ( " \n " , " " , str_replace ( " \r " , " " , $_POST [ 'SPKAC' ]));
$query = " insert into `emailcerts` set `CN`=' $defaultemail ', `keytype`='NS',
`memid` = '".$_SESSION[' profile '][' id ']."' ,
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()) " ;
mysql_query ( $query );
$emailid = mysql_insert_id ();
if ( is_array ( $addys ))
foreach ( $addys as $addy )
mysql_query ( " insert into `emaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
$CSRname = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/email- $emailid .csr " ;
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $emails );
fclose ( $fp );
mysql_query ( " update `emailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
} else if ( $_POST [ 'keytype' ] == " MS " ) {
$csr = " -----BEGIN CERTIFICATE REQUEST----- \n " . $CSR . " -----END CERTIFICATE REQUEST----- \n " ;
$tmpfname = tempnam ( " /tmp " , " CSR " );
$fp = fopen ( $tmpfname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
$addys = array ();
$defaultemail = " " ;
if ( $_SESSION [ '_config' ][ 'incname' ] <= 0 || $_SESSION [ '_config' ][ 'incname' ] > 5 )
$csrsubject = " /CN=CAcert WoT User " ;
if ( $_SESSION [ '_config' ][ 'incname' ] == 1 )
$csrsubject = " /CN= " . $_SESSION [ 'profile' ][ 'fname' ];
if ( $_SESSION [ '_config' ][ 'incname' ] == 2 )
$csrsubject = " /CN= " . $_SESSION [ 'profile' ][ 'fname' ] . " " . $_SESSION [ 'profile' ][ 'lname' ];
if ( is_array ( $_SESSION [ '_config' ][ 'addid' ]))
foreach ( $_SESSION [ '_config' ][ 'addid' ] as $id )
{
$res = mysql_query ( " select * from `email` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `id`=' $id ' " );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
if ( $defaultemail == " " )
$defaultemail = $row [ 'email' ];
$csrsubject .= " /emailAddress= " . $row [ 'email' ];
$addys [] = $row [ 'id' ];
}
}
$tmpname = tempnam ( " /tmp " , " CSR " );
$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname` ; // -subj "$csr"`;
@ unlink ( $tmpfname );
$csr = " " ;
$fp = fopen ( $tmpname , " r " );
while ( $data = fgets ( $fp , 4096 ))
$csr .= $data ;
fclose ( $fp );
@ unlink ( $tmpname );
if ( $csr == " " )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
$query = " insert into `emailcerts` set `CN`=' $defaultemail ', `keytype`='MS',
`memid` = '".$_SESSION[' profile '][' id ']."' ,
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
`subject` = '$csrsubject' " ;
mysql_query ( $query );
$emailid = mysql_insert_id ();
if ( is_array ( $addys ))
foreach ( $addys as $addy )
mysql_query ( " insert into `emaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
$CSRname = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/email- $emailid .csr " ;
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
mysql_query ( " update `emailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
}
$do = `../scripts/runclient` ;
$query = " select * from `emailcerts` where `id`=' $emailid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
$id = 4 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
showfooter ();
exit ;
} else {
$id = 6 ;
$cert = $emailid ;
}
}
if ( $oldid == 7 )
{
$newdomain = trim ( mysql_escape_string ( stripslashes ( $newdomain )));
$res1 = mysql_query ( " select * from `orgdomains` where `domain`=' $newdomain ' " );
$query = " select * from `domains` where `domain`=' " . $newdomain . " ' and `deleted`=0 " ;
$res2 = mysql_query ( $query );
if ( mysql_num_rows ( $res1 ) > 0 || mysql_num_rows ( $res2 ))
{
$id = $oldid ;
unset ( $oldid );
$id = 7 ;
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The domain '%s' is already in the system and is listed as valid. Can't continue. " ), $newdomain );
showfooter ();
exit ;
}
}
if ( $oldid == 7 )
{
unset ( $oldid );
$id = 8 ;
$addy = array ();
$adds = explode ( " \n " , trim ( `whois $newdomain|grep \@` ));
if ( substr ( $newdomain , - 4 ) == " .org " || substr ( $newdomain , - 5 ) == " .info " )
{
if ( is_array ( $adds ))
foreach ( $adds as $line )
{
$bits = explode ( " : " , $line , 2 );
$line = trim ( $bits [ 1 ]);
if ( ! in_array ( $line , $addy ) && $line != " " )
$addy [] = $line ;
}
} else {
if ( is_array ( $adds ))
foreach ( $adds as $line )
{
$line = trim ( $line );
$bits = explode ( " " , $line );
foreach ( $bits as $bit )
{
if ( strstr ( $bit , " @ " ))
$line = $bit ;
}
if ( ! in_array ( $line , $addy ) && $line != " " )
$addy [] = $line ;
}
}
$rfc = array ( " root@ $newdomain " , " hostmaster@ $newdomain " , " postmaster@ $newdomain " , " admin@ $newdomain " , " webmaster@ $newdomain " );
foreach ( $rfc as $sub )
if ( ! in_array ( $sub , $addy ))
$addy [] = $sub ;
$_SESSION [ '_config' ][ 'addy' ] = $addy ;
$_SESSION [ '_config' ][ 'domain' ] = $newdomain ;
}
if ( $process == _ ( " Probe " ) && $oldid == 8 )
{
unset ( $oldid );
$id = 8 ;
$authaddy = trim ( mysql_escape_string ( stripslashes ( $authaddy )));
if ( ! in_array ( $authaddy , $_SESSION [ '_config' ][ 'addy' ]) || $authaddy == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The address you submitted isn't a valid authority address for the domain. " );
showfooter ();
exit ;
}
$query = " select * from `domains` where `domain`=' " . $_SESSION [ '_config' ][ 'domain' ] . " ' and `deleted`=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The domain '%s' is already in the system and is listed as valid. Can't continue. " ), $_SESSION [ '_config' ][ 'domain' ]);
showfooter ();
exit ;
}
$rnd = fopen ( " /dev/urandom " , " r " );
$hash = md5 ( fgets ( $rnd , 64 ));
fclose ( $rnd );
$query = " insert into `domains` set `domain`=' " . $_SESSION [ '_config' ][ 'domain' ] . " ',
`memid` = '".$_SESSION[' profile '][' id ']."' , `created` = NOW (), `hash` = '$hash' " ;
mysql_query ( $query );
$domainid = mysql_insert_id ();
$body = _ ( " Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content! " ) . " \n \n " ;
$body .= " http:// $hostname /verify.php?type=domain&domainid= $domainid &hash= $hash\n\n " ;
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
mail ( $authaddy , " [CAcert.org] Email Probe " , $body , " From: Support <duane@cacert.org> \n Errors-To: returns@cacert.org " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address. " ), $_SESSION [ '_config' ][ 'domain' ]);
showfooter ();
exit ;
}
if ( $process == _ ( " Delete " ) && $oldid == 9 )
{
$id = 9 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " The following domains have been removed: " ) . " <br>
( " ._( " Any valid certificates will be revoked as well " ). " ) < br > \n " ;
if ( is_array ( $delid ))
foreach ( $delid as $id )
{
$id = intval ( $id );
$query = " select * from `domains` where `id`=' $id ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
echo $row [ 'domain' ] . " <br> \n " ;
mysql_query ( " update `domains` set `deleted`=NOW() where `id`=' $id ' " );
$dres = mysql_query ( " select * from `domaincerts` where `domid`=' $id ' and `expire`=0 " );
while ( $drow = mysql_fetch_assoc ( $dres ))
{
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
mysql_query ( " delete from `domaincerts` where `id`=' " . $drow [ 'id' ] . " ' " );
}
mysql_query ( " update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `domid`=' $id ' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 " );
}
}
showfooter ();
exit ;
}
if ( $process == _ ( " Submit " ) && $oldid == 10 )
{
$CSR = trim ( $CSR );
$_SESSION [ '_config' ][ 'CSR' ] = $CSR ;
$_SESSION [ '_config' ][ 'subject' ] = trim ( `echo "$CSR"|/usr/bin/openssl req -text|grep Subject:` );
$id = 11 ;
extractit ();
getcn ();
getalt ();
if ( $_SESSION [ '_config' ][ " 0.CN " ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CommonName field was blank. Can't continue. " );
showfooter ();
exit ;
}
}
if ( $process == _ ( " Submit " ) && $oldid == 11 )
{
$CSR = $_SESSION [ '_config' ][ 'CSR' ];
$_SESSION [ '_config' ][ 'subject' ] = trim ( `echo "$CSR"|/usr/bin/openssl req -text|grep Subject:` );
$id = 11 ;
extractit ();
getcn ();
getalt ();
if ( $_SESSION [ '_config' ][ " 0.CN " ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CommonName field was blank. Can't continue. " );
showfooter ();
exit ;
}
$query = " insert into `domaincerts` set `CN`=' " . $_SESSION [ '_config' ][ " 0.CN " ] . " ',
`domid` = '".$_SESSION[' _config '][' row '][' id ']."' ,
`created` = NOW () " ;
mysql_query ( $query );
$CSRid = mysql_insert_id ();
foreach ( $_SESSION [ '_config' ][ 'rowid' ] as $dom )
mysql_query ( " insert into `domlink` set `certid`=' $CSRid ', `domid`=' $dom ' " );
if ( is_array ( $_SESSION [ '_config' ][ 'altid' ]))
foreach ( $_SESSION [ '_config' ][ 'altid' ] as $dom )
mysql_query ( " insert into `domlink` set `certid`=' $CSRid ', `domid`=' $dom ' " );
$CSRname = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/ $CSRid .csr " ;
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $_SESSION [ '_config' ][ 'CSR' ]);
fclose ( $fp );
mysql_query ( " update `domaincerts` set `CSR_name`=' $CSRname ' where `id`=' $CSRid ' " );
$do = `../scripts/runserver` ;
$query = " select * from `domaincerts` where `id`=' $CSRid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
showfooter ();
exit ;
} else {
$id = 15 ;
$cert = $CSRid ;
}
}
if ( $oldid == 12 && $process == _ ( " Renew " ))
{
$id = 12 ;
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts` . `id` = '$id' and
`domaincerts` . `domid` = `domains` . `id` and
`domains` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
$query = " insert into `domaincerts` set `domid`=' " . $row [ 'domid' ] . " ', `CN`=' " . $row [ 'CN' ] . " ',
`csr_name` = '".$row[' csr_name ']."' , `created` = '".$row[' created ']."' ,
`modified` = NOW () " ;
mysql_query ( $query );
$newid = mysql_insert_id ();
$newfile = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/ $newid .csr " ;
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `domaincerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
echo _ ( " Renewing " ) . " : " . $row [ 'CN' ] . " <br> \n " ;
$do = `../scripts/runserver` ;
$query = " select * from `domaincerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
} else {
$drow = mysql_fetch_assoc ( $res );
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]` ;
echo " <pre> \n $cert\n </pre> \n " ;
}
}
}
showfooter ();
exit ;
}
if ( $oldid == 12 && $process == _ ( " Revoke/Delete " ))
{
$id = 12 ;
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts` . `id` = '$id' and
`domaincerts` . `domid` = `domains` . `id` and
`domains` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
$do = `../scripts/runserver` ;
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
if ( is_array ( $delid ))
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
foreach ( $delid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts` . `id` = '$id' and
`domaincerts` . `domid` = `domains` . `id` and
`domains` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `domaincerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
if ( $oldid == 5 && $process == _ ( " Renew " ))
{
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id` = '$id' and `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
$query = " insert into `emailcerts` set `memid`=' " . $row [ 'memid' ] . " ', `CN`=' " . $row [ 'CN' ] . " ',
`keytype` = '".$row[' keytype ']."' , `csr_name` = '".$row[' csr_name ']."' ,
`created` = '".$row[' created ']."' , `modified` = NOW () " ;
mysql_query ( $query );
$newid = mysql_insert_id ();
$newfile = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/email- $newid .csr " ;
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `emailcerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
$res = mysql_query ( " select * from `emaillink` where `emailcertsid`=' " . $row [ 'id' ] . " ' " );
while ( $r2 = mysql_fetch_assoc ( $res ))
{
mysql_query ( " insert into `emaillink` set `emailid`=' " . $r2 [ 'emailid' ] . " ',
`emailcertsid` = '$newid' " );
}
$do = `../scripts/runclient` ;
$query = " select * from `emailcerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
} else {
printf ( _ ( " Certificate for '%s' has been renewed. " ), $row [ 'CN' ]);
echo " <a href='account.php?id=6&cert= $newid ' target='_new'> " .
_ ( " Click here " ) . " </a> " . _ ( " to install your certificate. " );
}
}
}
showfooter ();
exit ;
}
if ( $oldid == 5 && $process == _ ( " Revoke/Delete " ))
{
$id = 5 ;
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id` = '$id' and `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
$do = `../scripts/runclient` ;
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
if ( is_array ( $delid ))
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
foreach ( $delid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id` = '$id' and `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `emailcerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
if ( $id == 13 && $_SESSION [ '_config' ][ 'user' ][ 'set' ] != 1 )
{
$_SESSION [ '_config' ][ 'user' ] = $_SESSION [ 'profile' ];
$_SESSION [ '_config' ][ 'user' ][ 'set' ] = 1 ;
}
if ( $oldid == 13 && $process == _ ( " Update " ))
{
$_SESSION [ '_config' ][ 'user' ][ 'fname' ] = trim ( mysql_escape_string ( stripslashes ( $fname )));
$_SESSION [ '_config' ][ 'user' ][ 'mname' ] = trim ( mysql_escape_string ( stripslashes ( $mname )));
$_SESSION [ '_config' ][ 'user' ][ 'lname' ] = trim ( mysql_escape_string ( stripslashes ( $lname )));
$_SESSION [ '_config' ][ 'user' ][ 'suffix' ] = trim ( mysql_escape_string ( stripslashes ( $suffix )));
$_SESSION [ '_config' ][ 'user' ][ 'day' ] = intval ( $day );
$_SESSION [ '_config' ][ 'user' ][ 'month' ] = intval ( $month );
$_SESSION [ '_config' ][ 'user' ][ 'year' ] = intval ( $year );
$_SESSION [ '_config' ][ 'user' ][ 'Q1' ] = trim ( mysql_escape_string ( stripslashes ( $Q1 )));
$_SESSION [ '_config' ][ 'user' ][ 'Q2' ] = trim ( mysql_escape_string ( stripslashes ( $Q2 )));
$_SESSION [ '_config' ][ 'user' ][ 'Q3' ] = trim ( mysql_escape_string ( stripslashes ( $Q3 )));
$_SESSION [ '_config' ][ 'user' ][ 'Q4' ] = trim ( mysql_escape_string ( stripslashes ( $Q4 )));
$_SESSION [ '_config' ][ 'user' ][ 'Q5' ] = trim ( mysql_escape_string ( stripslashes ( $Q5 )));
$_SESSION [ '_config' ][ 'user' ][ 'A1' ] = trim ( mysql_escape_string ( stripslashes ( $A1 )));
$_SESSION [ '_config' ][ 'user' ][ 'A2' ] = trim ( mysql_escape_string ( stripslashes ( $A2 )));
$_SESSION [ '_config' ][ 'user' ][ 'A3' ] = trim ( mysql_escape_string ( stripslashes ( $A3 )));
$_SESSION [ '_config' ][ 'user' ][ 'A4' ] = trim ( mysql_escape_string ( stripslashes ( $A4 )));
$_SESSION [ '_config' ][ 'user' ][ 'A5' ] = trim ( mysql_escape_string ( stripslashes ( $A5 )));
if ( $_SESSION [ 'profile' ][ 'points' ] < 100 )
{
if ( $_SESSION [ '_config' ][ 'user' ][ 'fname' ] == " " || $_SESSION [ '_config' ][ 'user' ][ 'lname' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] .= _ ( " First and Last name fields can not be blank. " ) . " <br> " ;
$id = $oldid ;
unset ( $oldid );
}
if ( $_SESSION [ '_config' ][ 'user' ][ 'year' ] < 1900 || $_SESSION [ '_config' ][ 'user' ][ 'month' ] < 1 || $_SESSION [ '_config' ][ 'user' ][ 'month' ] > 12 ||
$_SESSION [ '_config' ][ 'user' ][ 'day' ] < 1 || $_SESSION [ '_config' ][ 'user' ][ 'day' ] > 31 )
{
$_SESSION [ '_config' ][ 'errmsg' ] .= _ ( " Invalid date of birth " ) . " <br> \n " ;
$id = $oldid ;
unset ( $oldid );
}
}
}
if ( $oldid == 13 && $process == _ ( " Update " ))
{
if ( $_SESSION [ 'profile' ][ 'points' ] < 100 )
{
$query = " update `users` set `fname`=' " . $_SESSION [ '_config' ][ 'user' ][ 'fname' ] . " ',
`mname` = '".$_SESSION[' _config '][' user '][' mname ']."' ,
`lname` = '".$_SESSION[' _config '][' user '][' lname ']."' ,
`suffix` = '".$_SESSION[' _config '][' user '][' suffix ']."' ,
`dob` = '".$_SESSION[' _config '][' user '][' year ']."-".$_SESSION[' _config '][' user '][' month ']."-".$_SESSION[' _config '][' user '][' day ']."'
where `id` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
}
$query = " update `users` set `Q1`=' " . $_SESSION [ '_config' ][ 'user' ][ 'Q1' ] . " ',
`Q2` = '".$_SESSION[' _config '][' user '][' Q2 ']."' ,
`Q3` = '".$_SESSION[' _config '][' user '][' Q3 ']."' ,
`Q4` = '".$_SESSION[' _config '][' user '][' Q4 ']."' ,
`Q5` = '".$_SESSION[' _config '][' user '][' Q5 ']."' ,
`A1` = '".$_SESSION[' _config '][' user '][' A1 ']."' ,
`A2` = '".$_SESSION[' _config '][' user '][' A2 ']."' ,
`A3` = '".$_SESSION[' _config '][' user '][' A3 ']."' ,
`A4` = '".$_SESSION[' _config '][' user '][' A4 ']."' ,
`A5` = '".$_SESSION[' _config '][' user '][' A5 ']."'
where `id` = '".$_SESSION[' profile '][' id ']."' " ;
mysql_query ( $query );
$_SESSION [ '_config' ][ 'user' ][ 'set' ] = 0 ;
$_SESSION [ 'profile' ] = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
$_SESSION [ 'profile' ][ 'loggedin' ] = 1 ;
$id = 13 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your details have been updated with the database. " );
showfooter ();
exit ;
}
if ( $oldid == 14 && $process == _ ( " Update Pass Phrase " ))
{
$_SESSION [ '_config' ][ 'user' ][ 'oldpass' ] = trim ( mysql_escape_string ( stripslashes ( $oldpassword )));
$_SESSION [ '_config' ][ 'user' ][ 'pword1' ] = trim ( mysql_escape_string ( stripslashes ( $pword1 )));
$_SESSION [ '_config' ][ 'user' ][ 'pword2' ] = trim ( mysql_escape_string ( stripslashes ( $pword2 )));
$id = 14 ;
showheader ( _ ( " My CAcert.org Account! " ));
if ( $_SESSION [ '_config' ][ 'user' ][ 'pword1' ] == " " || $_SESSION [ '_config' ][ 'user' ][ 'pword1' ] != $_SESSION [ '_config' ][ 'user' ][ 'pword2' ])
{
echo _ ( " New Pass Phrases specified don't match or were blank. " );
} else {
$score = checkpw ( $_SESSION [ '_config' ][ 'user' ][ 'pword1' ], $_SESSION [ 'profile' ][ 'email' ], $_SESSION [ 'profile' ][ 'fname' ],
$_SESSION [ 'profile' ][ 'mname' ], $_SESSION [ 'profile' ][ 'lname' ], $_SESSION [ 'profile' ][ 'suffix' ]);
$match = mysql_query ( " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and
`password` = password ( '".$_SESSION[' _config '][' user '][' oldpass ']."' ) " );
if ( strlen ( $_SESSION [ '_config' ][ 'user' ][ 'pword1' ]) < 6 ) {
echo _ ( " The Pass Phrase you submitted was too short. " );
} else if ( $score < 3 ) {
echo _ ( " The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6. " );
} else if ( mysql_num_rows ( $match ) <= 0 ) {
echo _ ( " You failed to correctly enter your current Pass Phrase. " );
} else {
mysql_query ( " update `users` set `password`=password(' " . $_SESSION [ '_config' ][ 'user' ][ 'pword1' ] . " ')
where `id` = '".$_SESSION[' profile '][' id ']."' " );
echo _ ( " Your Pass Phrase has been updated and your primary email account has been notified of the change. " );
}
}
showfooter ();
exit ;
}
if ( $oldid == 16 )
{
$id = 16 ;
$_SESSION [ '_config' ][ 'emails' ] = array ();
foreach ( $_POST [ 'emails' ] as $val )
{
$val = mysql_escape_string ( stripslashes ( trim ( $val )));
$bits = explode ( " @ " , $val );
$count = count ( $bits );
if ( $count != 2 )
continue ;
if ( checkownership ( $bits [ 1 ]) == false )
continue ;
if ( ! is_array ( $_SESSION [ '_config' ][ 'row' ]))
continue ;
else if ( $_SESSION [ '_config' ][ 'row' ][ 'id' ] > 0 )
$_SESSION [ '_config' ][ 'domids' ][] = $_SESSION [ '_config' ][ 'row' ][ 'id' ];
if ( $val != " " )
$_SESSION [ '_config' ][ 'emails' ][] = $val ;
}
$_SESSION [ '_config' ][ 'name' ] = mysql_escape_string ( stripslashes ( trim ( $name )));
}
if ( $oldid == 16 && ( intval ( count ( $_SESSION [ '_config' ][ 'emails' ])) + 0 ) <= 0 )
{
$id = 16 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I couldn't match any emails against your organisational account. " );
showfooter ();
exit ;
}
if ( $oldid == 16 && $process == _ ( " Next " ))
{
if ( @ count ( $_SESSION [ '_config' ][ 'emails' ]) > 0 )
$id = 17 ;
}
if ( $oldid == 17 )
{
$org = $_SESSION [ '_config' ][ 'row' ];
if ( $_POST [ 'keytype' ] == " NS " )
{
if ( $_POST [ 'SPKAC' ] == " " || $_POST [ 'SPKAC' ] == " deadbeef " )
{
$id = 17 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
$emailcount = 0 ;
$emails = " " ;
$addys = array ();
if ( is_array ( $_SESSION [ '_config' ][ 'emails' ]))
foreach ( $_SESSION [ '_config' ][ 'emails' ] as $email )
{
if ( ! $emails )
$defaultemail = $email ;
$emails .= " $emailcount .emailAddress = $email\n " ;
$emailcount ++ ;
}
if ( $_SESSION [ '_config' ][ 'name' ] != " " )
$emails .= " commonName = " . $_SESSION [ '_config' ][ 'name' ] . " \n " ;
if ( $org [ 'OU' ])
$emails .= " organizationalUnitName = " . $org [ 'OU' ] . " \n " ;
if ( $org [ 'O' ])
$emails .= " organizationName = " . $org [ 'O' ] . " \n " ;
if ( $org [ 'L' ])
$emails .= " localityName = " . $org [ 'L' ] . " \n " ;
if ( $org [ 'ST' ])
$emails .= " stateOrProvinceName = " . $org [ 'ST' ] . " \n " ;
if ( $org [ 'C' ])
$emails .= " countryName = " . $org [ 'C' ] . " \n " ;
$emails .= " SPKAC = " . str_replace ( " \n " , " " , str_replace ( " \r " , " " , $_POST [ 'SPKAC' ]));
$query = " insert into `orgemailcerts` set `CN`=' $defaultemail ', `keytype`='NS',
`orgid` = '".$org[' orgid ']."' ,
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()) " ;
mysql_query ( $query );
$emailid = mysql_insert_id ();
foreach ( $_SESSION [ '_config' ][ 'domids' ] as $addy )
mysql_query ( " insert into `domemaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
$CSRname = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/orgemail- $emailid .csr " ;
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $emails );
fclose ( $fp );
mysql_query ( " update `orgemailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
} else if ( $_POST [ 'keytype' ] == " MS " ) {
$csr = " -----BEGIN CERTIFICATE REQUEST----- \n " . $CSR . " -----END CERTIFICATE REQUEST----- \n " ;
$tmpfname = tempnam ( " /tmp " , " CSR " );
$fp = fopen ( $tmpfname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
$addys = array ();
$defaultemail = " " ;
if ( $_SESSION [ '_config' ][ 'name' ] != " " )
$csrsubject = " /CN= " . $_SESSION [ '_config' ][ 'name' ];
if ( is_array ( $_SESSION [ '_config' ][ 'emails' ]))
foreach ( $_SESSION [ '_config' ][ 'emails' ] as $email )
{
if ( $defaultemail == " " )
$defaultemail = $email ;
$csrsubject .= " /emailAddress= $email " ;
}
if ( $org [ 'OU' ])
$csrsubject .= " /organizationalUnitName= " . $org [ 'OU' ];
if ( $org [ 'O' ])
$csrsubject .= " /organizationName= " . $org [ 'O' ];
if ( $org [ 'L' ])
$csrsubject .= " /localityName= " . $org [ 'L' ];
if ( $org [ 'ST' ])
$csrsubject .= " /stateOrProvinceName= " . $org [ 'ST' ];
if ( $org [ 'C' ])
$csrsubject .= " /countryName= " . $org [ 'C' ];
$tmpname = tempnam ( " /tmp " , " CSR " );
$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname` ;
@ unlink ( $tmpfname );
$csr = " " ;
$fp = fopen ( $tmpname , " r " );
while ( $data = fgets ( $fp , 4096 ))
$csr .= $data ;
fclose ( $fp );
@ unlink ( $tmpname );
if ( $csr == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " I didn't receive a valid Certificate Request, hit the back button and try again. " );
showfooter ();
exit ;
}
$query = " insert into `orgemailcerts` set `CN`=' $defaultemail ', `keytype`='MS',
`orgid` = '".$org[' orgid ']."' ,
`created` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
`subject` = '$csrsubject' " ;
mysql_query ( $query );
$emailid = mysql_insert_id ();
foreach ( $_SESSION [ '_config' ][ 'domids' ] as $addy )
mysql_query ( " insert into `domemaillink` set `emailcertsid`=' $emailid ', `emailid`=' $addy ' " );
$CSRname = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/orgemail- $emailid .csr " ;
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $csr );
fclose ( $fp );
mysql_query ( " update `orgemailcerts` set `csr_name`=' $CSRname ' where `id`=' $emailid ' " );
}
$do = `../scripts/runclient` ;
$query = " select * from `orgemailcerts` where `id`=' $emailid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
showfooter ();
exit ;
} else {
$id = 19 ;
$cert = $emailid ;
}
}
if ( $oldid == 18 && $process == _ ( " Renew " ))
{
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
$id = 18 ;
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts` . `id` = '$id' and `org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orgemailcerts` . `orgid` " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
$query = " insert into `orgemailcerts` set `orgid`=' " . $row [ 'orgid' ] . " ', `CN`=' " . $row [ 'CN' ] . " ',
`keytype` = '".$row[' keytype ']."' , `csr_name` = '".$row[' csr_name ']."' ,
`created` = '".$row[' created ']."' , `modified` = NOW (), `subject` = '".$row[' subject ']."' " ;
mysql_query ( $query );
$newid = mysql_insert_id ();
$newfile = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/orgemail- $newid .csr " ;
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `orgemailcerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
$do = `../scripts/runclient` ;
$query = " select * from `orgemailcerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
} else {
printf ( _ ( " Certificate for '%s' has been renewed. " ), $row [ 'CN' ]);
echo " <a href='account.php?id=19&cert= $newid ' target='_new'> " .
_ ( " Click here " ) . " </a> " . _ ( " to install your certificate. " );
}
}
}
showfooter ();
exit ;
}
if ( $oldid == 18 && $process == _ ( " Revoke/Delete " ))
{
$id = 18 ;
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts` . `id` = '$id' and `org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orgemailcerts` . `orgid` " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
$do = `../scripts/runclient` ;
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
if ( is_array ( $delid ))
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
foreach ( $delid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
where `orgemailcerts` . `id` = '$id' and `org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orgemailcerts` . `orgid` " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `orgemailcerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
if ( $process == _ ( " Submit " ) && $oldid == 20 )
{
$CSR = trim ( $CSR );
$_SESSION [ '_config' ][ 'CSR' ] = $CSR ;
$_SESSION [ '_config' ][ 'subject' ] = trim ( `echo "$CSR"|/usr/bin/openssl req -text|grep Subject:` );
$id = 21 ;
extractit ();
getcn2 ();
getalt2 ();
$query = " select * from `orginfo`,`org`,`orgdomains` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`org` . `orgid` = `orgdomains` . `orgid` and
`orgdomains` . `domain` = '".$_SESSION[' _config ']["0.CN"]."' " ;
$_SESSION [ '_config' ][ org ] = mysql_fetch_assoc ( mysql_query ( $query ));
if ( $_SESSION [ '_config' ][ " 0.CN " ] == " " )
{
$id = 20 ;
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CommonName field was blank. Can't continue. " );
showfooter ();
exit ;
}
}
if ( $process == _ ( " Submit " ) && $oldid == 21 )
{
$CSR = $_SESSION [ '_config' ][ 'CSR' ];
$_SESSION [ '_config' ][ 'subject' ] = trim ( `echo "$CSR"|/usr/bin/openssl req -text|grep Subject:` );
extractit ();
getcn2 ();
getalt2 ();
if ( $_SESSION [ '_config' ][ " 0.CN " ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CommonName field was blank. Can't continue. " );
showfooter ();
exit ;
}
$query = " select * from `orginfo`,`org`,`orgdomains` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`orgdomains` . `orgid` = `orginfo` . `id` and
`org` . `orgid` = `orginfo` . `id` and
`orgdomains` . `domain` = '".$_SESSION[' _config ']["0.CN"]."' " ;
$org = mysql_fetch_assoc ( mysql_query ( $query ));
if ( $org [ 'OU' ])
$csrsubject .= " /organizationalUnitName= " . $org [ 'OU' ];
if ( $org [ 'O' ])
$csrsubject .= " /organizationName= " . $org [ 'O' ];
if ( $org [ 'L' ])
$csrsubject .= " /localityName= " . $org [ 'L' ];
if ( $org [ 'ST' ])
$csrsubject .= " /stateOrProvinceName= " . $org [ 'ST' ];
if ( $org [ 'C' ])
$csrsubject .= " /countryName= " . $org [ 'C' ];
if ( $org [ 'contact' ])
$csrsubject .= " /emailAddress= " . $org [ 'contact' ];
if ( is_array ( $_SESSION [ '_config' ][ 'rows' ]))
foreach ( $_SESSION [ '_config' ][ 'rows' ] as $row )
$csrsubject .= " /commonName= $row " ;
if ( is_array ( $_SESSION [ '_config' ][ 'altrows' ]))
foreach ( $_SESSION [ '_config' ][ 'altrows' ] as $subalt )
$csrsubject .= " /subjectAltName= $subalt " ;
$query = " insert into `orgdomaincerts` set `CN`=' " . $_SESSION [ '_config' ][ " 0.CN " ] . " ',
`orgid` = '".$_SESSION[' _config '][' row '][' id ']."' ,
`created` = NOW (), `subject` = '$csrsubject' " ;
mysql_query ( $query );
$CSRid = mysql_insert_id ();
$CSRname = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/org $CSRid .csr " ;
$fp = fopen ( $CSRname , " w " );
fputs ( $fp , $_SESSION [ '_config' ][ 'CSR' ]);
fclose ( $fp );
mysql_query ( " update `orgdomaincerts` set `CSR_name`=' $CSRname ' where `id`=' $CSRid ' " );
foreach ( $_SESSION [ '_config' ][ 'rowid' ] as $id )
mysql_query ( " insert into `orgdomlink` set `orgdomid`=' $id ', `orgcertid`=' $CSRid ' " );
if ( is_array ( $_SESSION [ '_config' ][ 'altid' ]))
foreach ( $_SESSION [ '_config' ][ 'altid' ] as $id )
mysql_query ( " insert into `orgdomlink` set `orgdomid`=' $id ', `orgcertid`=' $CSRid ' " );
$do = `../scripts/runserver` ;
$query = " select * from `orgdomaincerts` where `id`=' $CSRid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
showfooter ();
exit ;
} else {
$id = 23 ;
$cert = $CSRid ;
}
}
if ( $oldid == 22 && $process == _ ( " Renew " ))
{
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now renewing the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
`orgdomaincerts` , `org`
where `orgdomaincerts` . `id` = '$id' and
`orgdomaincerts` . `orgid` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
$query = " insert into `orgdomaincerts` set `orgid`=' " . $row [ 'orgid' ] . " ', `CN`=' " . $row [ 'CN' ] . " ',
`csr_name` = '".$row[' csr_name ']."' , `created` = '".$row[' created ']."' ,
`modified` = NOW (), `subject` = '".$row[' subject ']."' " ;
mysql_query ( $query );
$newid = mysql_insert_id ();
$newfile = $_SESSION [ '_config' ][ 'filepath' ] . " /csr/ $newid .csr " ;
copy ( $row [ 'csr_name' ], $newfile );
mysql_query ( " update `orgdomaincerts` set `csr_name`=' $newfile ' where `id`=' $newid ' " );
echo _ ( " Renewing " ) . " : " . $row [ 'CN' ] . " <br> \n " ;
$res = mysql_query ( " select * from `orgdomlink` where `orgcertid`=' " . $row [ 'id' ] . " ' " );
while ( $r2 = mysql_fetch_assoc ( $res ))
mysql_query ( " insert into `orgdomlink` set `orgdomid`=' " . $r2 [ 'id' ] . " ', `orgcertid`=' $newid ' " );
$do = `../scripts/runserver` ;
$query = " select * from `orgdomaincerts` where `id`=' $newid ' and `crt_name` != '' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " );
} else {
$drow = mysql_fetch_assoc ( $res );
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]` ;
echo " <pre> \n $cert\n </pre> \n " ;
}
}
}
showfooter ();
exit ;
}
if ( $oldid == 22 && $process == _ ( " Revoke/Delete " ))
{
showheader ( _ ( " My CAcert.org Account! " ));
if ( is_array ( $revokeid ))
{
echo _ ( " Now revoking the following certificates: " ) . " <br> \n " ;
foreach ( $revokeid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
`orgdomaincerts` , `org`
where `orgdomaincerts` . `id` = '$id' and
`orgdomaincerts` . `orgid` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ revoke ] > 0 )
{
printf ( _ ( " It would seem '%s' has already been revoked. I'll skip this for now. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' $id ' " );
$do = `../scripts/runserver` ;
printf ( _ ( " Certificate for '%s' has been revoked. " ) . " <br> \n " , $row [ 'CN' ]);
}
}
if ( is_array ( $delid ))
{
echo _ ( " Now deleting the following pending requests: " ) . " <br> \n " ;
foreach ( $delid as $id )
{
$id = intval ( $id );
$query = " select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
`orgdomaincerts` , `org`
where `orgdomaincerts` . `id` = '$id' and
`orgdomaincerts` . `orgid` = `org` . `orgid` and
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
printf ( _ ( " Invalid ID '%s' presented, can't do anything with it. " ) . " <br> \n " , $id );
continue ;
}
$row = mysql_fetch_assoc ( $res );
if ( $row [ 'expired' ] > 0 )
{
printf ( _ ( " Couldn't remove the request for `%s`, request had already been processed. " ) . " <br> \n " , $row [ 'CN' ]);
continue ;
}
mysql_query ( " delete from `orgdomaincerts` where `id`=' $id ' " );
@ unlink ( $row [ 'csr_name' ]);
@ unlink ( $row [ 'crt_name' ]);
printf ( _ ( " Removed a pending request for '%s' " ) . " <br> \n " , $row [ 'CN' ]);
}
}
showfooter ();
exit ;
}
if (( $id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31 ) &&
$_SESSION [ 'profile' ][ 'id' ] != 1 && $_SESSION [ 'profile' ][ 'id' ] != 5 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
exit ;
}
if ( $oldid == 24 && $process == _ ( " Next " ))
{
$id = intval ( $oldid );
$_SESSION [ '_config' ][ 'O' ] = trim ( mysql_escape_string ( stripslashes ( $O )));
$_SESSION [ '_config' ][ 'contact' ] = trim ( mysql_escape_string ( stripslashes ( $contact )));
$_SESSION [ '_config' ][ 'L' ] = trim ( mysql_escape_string ( stripslashes ( $L )));
$_SESSION [ '_config' ][ 'ST' ] = trim ( mysql_escape_string ( stripslashes ( $ST )));
$_SESSION [ '_config' ][ 'C' ] = trim ( mysql_escape_string ( stripslashes ( $C )));
$_SESSION [ '_config' ][ 'comments' ] = trim ( mysql_escape_string ( stripslashes ( $comments )));
if ( $_SESSION [ '_config' ][ 'O' ] == " " || $_SESSION [ '_config' ][ 'contact' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " Organisation Name and Contact Email are required fields. " );
} else {
mysql_query ( " insert into `orginfo` set `O`=' " . $_SESSION [ '_config' ][ 'O' ] . " ',
`contact` = '".$_SESSION[' _config '][' contact ']."' ,
`L` = '".$_SESSION[' _config '][' L ']."' ,
`ST` = '".$_SESSION[' _config '][' ST ']."' ,
`C` = '".$_SESSION[' _config '][' C ']."' ,
`comments` = '".$_SESSION[' _config '][' comments ']."' " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " '%s' has just been successfully added as an organisation to the database. " ), $_SESSION [ '_config' ][ 'O' ]);
showfooter ();
exit ;
}
}
if ( $oldid == 27 && $process == _ ( " Update " ))
{
$id = intval ( $oldid );
$_SESSION [ '_config' ][ 'O' ] = trim ( mysql_escape_string ( stripslashes ( $O )));
$_SESSION [ '_config' ][ 'contact' ] = trim ( mysql_escape_string ( stripslashes ( $contact )));
$_SESSION [ '_config' ][ 'L' ] = trim ( mysql_escape_string ( stripslashes ( $L )));
$_SESSION [ '_config' ][ 'ST' ] = trim ( mysql_escape_string ( stripslashes ( $ST )));
$_SESSION [ '_config' ][ 'C' ] = trim ( mysql_escape_string ( stripslashes ( $C )));
$_SESSION [ '_config' ][ 'comments' ] = trim ( mysql_escape_string ( stripslashes ( $comments )));
if ( $_SESSION [ '_config' ][ 'O' ] == " " || $_SESSION [ '_config' ][ 'contact' ] == " " )
{
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " Organisation Name and Contact Email are required fields. " );
} else {
mysql_query ( " update `orginfo` set `O`=' " . $_SESSION [ '_config' ][ 'O' ] . " ',
`contact` = '".$_SESSION[' _config '][' contact ']."' ,
`L` = '".$_SESSION[' _config '][' L ']."' ,
`ST` = '".$_SESSION[' _config '][' ST ']."' ,
`C` = '".$_SESSION[' _config '][' C ']."' ,
`comments` = '".$_SESSION[' _config '][' comments ']."'
where `id` = '".$_SESSION[' _config '][' orgid ']."' " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " '%s' has just been successfully updated in the database. " ), $_SESSION [ '_config' ][ 'O' ]);
showfooter ();
exit ;
}
}
if ( $oldid == 28 && $process == _ ( " Add " ))
{
$domain = $_SESSION [ '_config' ][ 'domain' ] = trim ( mysql_escape_string ( stripslashes ( $domainname )));
$res1 = mysql_query ( " select * from `orgdomains` where `domain`=' $domain ' " );
$res2 = mysql_query ( " select * from `domains` where `domain`=' $domain ' and `deleted`=0 " );
if ( mysql_num_rows ( $res1 ) > 0 || mysql_num_rows ( $res2 ) > 0 )
{
$_SESSION [ '_config' ][ 'errmsg' ] = sprintf ( _ ( " The domain '%s' is already in the system and is listed as valid. Can't continue. " ), $domain );
$id = $oldid ;
unset ( $oldid );
}
}
if ( $_SESSION [ '_config' ][ 'orgid' ] <= 0 && $oldid == 28 )
{
unset ( $oldid );
$id = 25 ;
}
if ( $oldid == 28 && $process == _ ( " Add " ))
{
mysql_query ( " insert into `orgdomains` set `orgid`=' " . $_SESSION [ '_config' ][ 'orgid' ] . " ', `domain`=' $domain ' " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " '%s' has just been successfully added to the database. " ), $domain );
echo " <br><br><a href='account.php?id=26&orgid= " . $_SESSION [ '_config' ][ 'orgid' ] . " '> " . _ ( " Click here " ) . " </a> " . _ ( " to continue. " );
showfooter ();
exit ;
}
if ( $oldid == 29 && $process == _ ( " Update " ))
{
$domain = mysql_escape_string ( stripslashes ( trim ( $domainname )));
$res1 = mysql_query ( " select * from `orgdomains` where `domain` like ' $domain ' and `id`!=' " . $_SESSION [ '_config' ][ 'domid' ] . " ' " );
$res2 = mysql_query ( " select * from `domains` where `domain` like ' $domain ' and `deleted`=0 " );
if ( mysql_num_rows ( $res1 ) > 0 || mysql_num_rows ( $res2 ) > 0 )
{
$_SESSION [ '_config' ][ 'errmsg' ] = sprintf ( _ ( " The domain '%s' is already in the system and is listed as valid. Can't continue. " ), $domain );
$id = $oldid ;
unset ( $oldid );
}
}
if (( $oldid == 29 || $oldid == 30 ) && $process != _ ( " Cancel " ))
{
$query = " select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink` . `orgdomid` = `orgdomains` . `id` and
`orgdomaincerts` . `id` = `orgdomlink` . `orgcertid` and
`orgdomains` . `id` = '".$_SESSION[' _config '][' domid ']."' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
mysql_query ( " update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . $row [ 'id' ] . " ' " );
$query = " select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink` . `domid` = `orgdomains` . `id` and
`orgemailcerts` . `id` = `orgemaillink` . `emailcertsid` and
`orgdomains` . `id` = '".$_SESSION[' _config '][' domid ']."' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
mysql_query ( " update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . $row [ 'id' ] . " ' " );
$do = `../scripts/runserver` ;
$do = `../scripts/runclient` ;
}
if ( $oldid == 29 && $process == _ ( " Update " ))
{
$row = mysql_fetch_assoc ( mysql_query ( " select * from `orgdomains` where `id`=' " . $_SESSION [ '_config' ][ 'domid' ] . " ' " ));
mysql_query ( " update `orgdomains` set `domain`=' $domain ' where `id`=' " . $_SESSION [ '_config' ][ 'domid' ] . " ' " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " '%s' has just been successfully updated in the database. " ), $domain );
echo " <br><br><a href='account.php?id=26&orgid= " . $_SESSION [ '_config' ][ 'orgid' ] . " '> " . _ ( " Click here " ) . " </a> " . _ ( " to continue. " );
showfooter ();
exit ;
}
if ( $oldid == 30 && $process == _ ( " Delete " ))
{
$row = mysql_fetch_assoc ( mysql_query ( " select * from `orgdomains` where `id`=' " . $_SESSION [ '_config' ][ 'domid' ] . " ' " ));
$domain = $row [ 'domain' ];
mysql_query ( " delete from `orgdomains` where `id`=' " . $_SESSION [ '_config' ][ 'domid' ] . " ' " );
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " '%s' has just been successfully deleted from the database. " ), $domain );
echo " <br><br><a href='account.php?id=26&orgid= " . $_SESSION [ '_config' ][ 'orgid' ] . " '> " . _ ( " Click here " ) . " </a> " . _ ( " to continue. " );
showfooter ();
exit ;
}
if ( $oldid == 30 )
{
$id = 26 ;
$orgid = 0 ;
}
if ( $oldid == 31 && $process != _ ( " Cancel " ))
{
$query = " select * from `orgdomains` where `orgid`=' " . $_SESSION [ '_config' ][ 'orgid' ] . " ' " ;
$dres = mysql_query ( $query );
while ( $drow = mysql_fetch_assoc ( $dres ))
{
$query = " select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink` . `orgdomid` = `orgdomains` . `id` and
`orgdomaincerts` . `id` = `orgdomlink` . `orgcertid` and
`orgdomains` . `id` = '".$drow[' id ']."' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
mysql_query ( " update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . $row [ 'id' ] . " ' " );
$do = `../scripts/runserver` ;
mysql_query ( " delete from `orgdomaincerts` where `orgid`=' " . $row [ 'id' ] . " ' " );
mysql_query ( " delete from `orgdomlink` where `domid`=' " . $row [ 'id' ] . " ' " );
}
$query = " select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink` . `domid` = `orgdomains` . `id` and
`orgemailcerts` . `id` = `orgemaillink` . `emailcertsid` and
`orgdomains` . `id` = '".$drow[' id ']."' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
mysql_query ( " update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`=' " . $row [ 'id' ] . " ' " );
$do = `../scripts/runclient` ;
mysql_query ( " delete from `orgemailcerts` where `id`=' " . $row [ 'id' ] . " ' " );
mysql_query ( " delete from `orgemaillink` where `domid`=' " . $row [ 'id' ] . " ' " );
}
}
mysql_query ( " delete from `org` where `orgid`=' " . $_SESSION [ '_config' ][ 'orgid' ] . " ' " );
mysql_query ( " delete from `orgdomains` where `orgid`=' " . $_SESSION [ '_config' ][ 'orgid' ] . " ' " );
mysql_query ( " delete from `orginfo` where `id`=' " . $_SESSION [ '_config' ][ 'orgid' ] . " ' " );
}
if ( $oldid == 31 )
{
$id = 25 ;
$orgid = 0 ;
}
if ( $id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
$id == 35 || $oldid == 35 )
{
$query = " select * from `org` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `masteracc`='1' " ;
$_macc = mysql_num_rows ( mysql_query ( $query ));
if ( $_SESSION [ 'profile' ][ 'id' ] != 1 && $_SESSION [ 'profile' ][ 'id' ] != 5 && $_macc <= 0 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You don't have access to this area. " );
showfooter ();
exit ;
}
}
if ( $id == 33 && $_SESSION [ 'profile' ][ 'id' ] != 1 && $_SESSION [ 'profile' ][ 'id' ] != 5 )
{
$orgid = $_SESSION [ '_config' ][ 'orgid' ];
$query = " select * from `org` where `orgid`=' $orgid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
$id = 35 ;
}
}
if ( $id == 34 && $_SESSION [ 'profile' ][ 'id' ] != 1 && $_SESSION [ 'profile' ][ 'id' ] != 5 )
{
$orgid = intval ( $orgid );
$memid = intval ( $memid );
$res = mysql_query ( " select * from `org` where `orgid`=' $orgid ' and `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " );
$_macc2 = mysql_num_rows ( mysql_query ( " select * from `org` where `memid`=' $memid ' and `masteracc`='1' " ));
if ( mysql_num_rows ( $res ) <= 0 || $_macc2 > 0 )
{
$id = 32 ;
}
}
if ( $oldid == 33 && $process == _ ( " Add " ))
{
if ( $_SESSION [ 'profile' ][ 'admin' ] == 1 )
$masteracc = $_SESSION [ '_config' ][ masteracc ] = intval ( $masteracc );
else
$masteracc = $_SESSION [ '_config' ][ masteracc ] = 0 ;
$email = $_SESSION [ '_config' ][ 'email' ] = mysql_escape_string ( stripslashes ( trim ( $email )));
$OU = $_SESSION [ '_config' ][ 'OU' ] = mysql_escape_string ( stripslashes ( trim ( $OU )));
$comments = $_SESSION [ '_config' ][ 'comments' ] = mysql_escape_string ( stripslashes ( trim ( $comments )));
$res = mysql_query ( " select * from `users` where `email`=' $email ' " );
if ( mysql_num_rows ( $res ) <= 0 )
{
$id = $oldid ;
unset ( $oldid );
$_SESSION [ '_config' ][ 'errmsg' ] = sprintf ( _ ( " Wasn't able to match '%s' against any user in the system " ), $email );
} else {
$row = mysql_fetch_assoc ( $res );
mysql_query ( " insert into `org` set `memid`=' " . $row [ 'id' ] . " ', `orgid`=' " . $_SESSION [ '_config' ][ 'orgid' ] . " ',
`masteracc` = '$masteracc' , `OU` = '$OU' , `comments` = '$comments' " );
}
}
if ( $oldid == 34 && $process == _ ( " Delete " ))
{
mysql_query ( " delete from `org` where `memid`=' " . $_SESSION [ '_config' ][ 'memid' ] . " ' " );
}
if ( $oldid == 34 || $oldid == 33 )
{
unset ( $oldid );
$id = 32 ;
$orgid = 0 ;
}
if ( $oldid == 36 )
{
$rc = mysql_num_rows ( mysql_query ( " select * from `alerts` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
if ( $rc > 0 )
{
$query = " update `alerts` set `general`=' " . intval ( $_POST [ 'general' ]) . " ',
`country` = '".intval($_POST[' country '])."' ,
`regional` = '".intval($_POST[' regional '])."' ,
`radius` = '".intval($_POST[' radius '])."'
where `memid` = '".$_SESSION[' profile '][' id ']."' " ;
} else {
$query = " insert into `alerts` set `general`=' " . intval ( $_POST [ 'general' ]) . " ',
`country` = '".intval($_POST[' country '])."' ,
`regional` = '".intval($_POST[' regional '])."' ,
`radius` = '".intval($_POST[' radius '])."' ,
`memid` = '".$_SESSION[' profile '][' id ']."' " ;
}
mysql_query ( $query );
$id = $oldid ;
unset ( $oldid );
}
if ( $id == 36 )
{
$row = mysql_fetch_assoc ( mysql_query ( " select * from `alerts` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
$_POST [ 'general' ] = $row [ 'general' ];
$_POST [ 'country' ] = $row [ 'country' ];
$_POST [ 'regional' ] = $row [ 'regional' ];
$_POST [ 'radius' ] = $row [ 'radius' ];
}
2004-10-16 14:45:32 +00:00
if ( $oldid == 41 )
{
$lang = mysql_escape_string ( $_POST [ 'lang' ]);
foreach ( $_SESSION [ '_config' ][ 'translations' ] as $key => $val )
{
if ( $key == $lang )
{
mysql_query ( " update `users` set `language`=' $lang ' where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " );
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " Your language setting has been updated. " );
showfooter ();
exit ;
}
}
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " You tried to use an invalid language. " );
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
if ( intval ( $cert ) > 0 )
$_SESSION [ '_config' ][ 'cert' ] = intval ( $cert );
if ( intval ( $orgid ) > 0 )
$_SESSION [ '_config' ][ 'orgid' ] = intval ( $orgid );
if ( intval ( $memid ) > 0 )
$_SESSION [ '_config' ][ 'memid' ] = intval ( $memid );
if ( intval ( $domid ) > 0 )
$_SESSION [ '_config' ][ 'domid' ] = intval ( $domid );
$_SESSION [ '_config' ][ 'agent' ] = $HTTP_USER_AGENT ;
?>