cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

Fix for http://bugs.cacert.org/view.php?id=782

Browse Source 
Add "notes" field to certificate information.
pull/1/head
root 11 years ago
parent 550b4dd53a
commit 47d3b2b0a2
14 changed files with 588 additions and 306 deletions
Show Stats Download Patch File Download Diff File

158
includes/account.php
Unescape Escape View File

@ -17,7 +17,7 @@
*/ */
require_once("../includes/loggedin.php"); require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php"); require_once("../includes/lib/l10n.php");
require_once('lib/check_weak_key.php'); require_once("../includes/lib/check_weak_key.php");
loadem("account"); loadem("account");
@ -240,6 +240,11 @@
$_REQUEST['keytype'] = "MS"; $_REQUEST['keytype'] = "MS";
$csr = clean_csr($_REQUEST['optionalCSR']); $csr = clean_csr($_REQUEST['optionalCSR']);
} }
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
} }
if($oldid == 4) if($oldid == 4)
@ -323,7 +328,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."', `codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."'"; `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
if(is_array($addys)) if(is_array($addys))
@ -423,7 +429,8 @@
`subject`='".mysql_real_escape_string($csrsubject)."', `subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."', `codesign`='".$_SESSION['_config']['codesign']."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".$_SESSION['_config']['rootcert']."'"; `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
if(is_array($addys)) if(is_array($addys))
@ -676,6 +683,12 @@
exit; exit;
} }
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w"); $fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR); fputs($fp, $CSR);
@ -777,13 +790,15 @@
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."', `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'"; `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'"; `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
} else { } else {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo _("Domain not verified."); echo _("Domain not verified.");
@ -865,7 +880,8 @@
`modified`=NOW(), `modified`=NOW(),
`rootcert`='".$row['rootcert']."', `rootcert`='".$row['rootcert']."',
`type`='".$row['type']."', `type`='".$row['type']."',
`pkhash`='".$row['pkhash']."'"; `pkhash`='".$row['pkhash']."',
`description`='".$row['description']."'";
mysql_query($query); mysql_query($query);
$newid = mysql_insert_id(); $newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid); $newfile=generatecertpath("csr","server",$newid);
@ -1003,6 +1019,24 @@
exit; exit;
} }
if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
showheader(_("My CAcert.org Account!"));
foreach($_REQUEST as $id => $val)
{
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
showfooter();
exit;
}
if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "") if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
{ {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
@ -1041,7 +1075,8 @@
`modified`=NOW(), `modified`=NOW(),
`disablelogin`='".$row['disablelogin']."', `disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."', `codesign`='".$row['codesign']."',
`rootcert`='".$row['rootcert']."'"; `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query); mysql_query($query);
$newid = mysql_insert_id(); $newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid); $newfile=generatecertpath("csr","client",$newid);
@ -1141,17 +1176,21 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "") if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{ {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
//echo _("Now changing the settings for the following certificates:")."<br>\n";
foreach($_REQUEST as $id => $val) foreach($_REQUEST as $id => $val)
{ {
//echo $id."<br/>";
if(substr($id,0,5)=="cert_") if(substr($id,0,5)=="cert_")
{ {
$id = intval(substr($id,5)); $cid = intval(substr($id,5));
$dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1"; $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
//echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n"; mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"); }
//$row = mysql_fetch_assoc($res); if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
if(!empty($_REQUEST['check_comment_'.$cid])) {
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
}
} }
} }
echo(_("Certificate settings have been changed.")."<br/>\n"); echo(_("Certificate settings have been changed.")."<br/>\n");
@ -1160,6 +1199,23 @@
} }
if($oldid == 6 && $_REQUEST['certid'] != "")
{
if(trim($_REQUEST['description']) != ""){
$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$description= "";
}
if(trim($_REQUEST['disablelogin']) == "1"){
$disablelogin = 1;
}else{
$disablelogin = 0;
}
mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
}
if($oldid == 13 && $process != "") if($oldid == 13 && $process != "")
{ {
csrf_check("perschange"); csrf_check("perschange");
@ -1394,6 +1450,13 @@
} }
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name']))); $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
} }
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@ -1423,6 +1486,12 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1; $_SESSION['_config']['rootcert'] = 1;
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
if(@count($_SESSION['_config']['emails']) > 0) if(@count($_SESSION['_config']['emails']) > 0)
$id = 17; $id = 17;
} }
@ -1469,6 +1538,7 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1; $_SESSION['_config']['rootcert'] = 1;
$emails .= "SPKAC = $spkac"; $emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "") if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{ {
@ -1485,7 +1555,8 @@
`orgid`='".$org['orgid']."', `orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."', `codesign`='".$_SESSION['_config']['codesign']."',
`rootcert`='".$_SESSION['_config']['rootcert']."'"; `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
@ -1575,7 +1646,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject', `subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."', `codesign`='".$_SESSION['_config']['codesign']."',
`rootcert`='".$_SESSION['_config']['rootcert']."'"; `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
@ -1650,7 +1722,8 @@
`created`='".$row['created']."', `created`='".$row['created']."',
`modified`=NOW(), `modified`=NOW(),
`codesign`='".$row['codesign']."', `codesign`='".$row['codesign']."',
`rootcert`='".$row['rootcert']."'"; `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query); mysql_query($query);
$newid = mysql_insert_id(); $newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid); $newfile=generatecertpath("csr","orgclient",$newid);
@ -1742,6 +1815,24 @@
exit; exit;
} }
if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
showheader(_("My CAcert.org Account!"));
foreach($_REQUEST as $id => $val)
{
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
showfooter();
exit;
}
if($process != "" && $oldid == 20) if($process != "" && $oldid == 20)
{ {
$CSR = clean_csr($_REQUEST['CSR']); $CSR = clean_csr($_REQUEST['CSR']);
@ -1755,6 +1846,12 @@
exit; exit;
} }
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w"); $fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR); fputs($fp, $CSR);
@ -1886,7 +1983,8 @@
`created`=NOW(), `created`=NOW(),
`subject`='$csrsubject', `subject`='$csrsubject',
`rootcert`='".$_SESSION['_config']['rootcert']."', `rootcert`='".$_SESSION['_config']['rootcert']."',
`type`='$type'"; `type`='$type',
`description`='".$_SESSION['_config']['description']."'";
} else { } else {
$query = "insert into `orgdomaincerts` set $query = "insert into `orgdomaincerts` set
`CN`='".$_SESSION['_config']['altrows']['0']."', `CN`='".$_SESSION['_config']['altrows']['0']."',
@ -1894,7 +1992,8 @@
`created`=NOW(), `created`=NOW(),
`subject`='$csrsubject', `subject`='$csrsubject',
`rootcert`='".$_SESSION['_config']['rootcert']."', `rootcert`='".$_SESSION['_config']['rootcert']."',
`type`='$type'"; `type`='$type',
`description`='".$_SESSION['_config']['description']."'";
} }
mysql_query($query); mysql_query($query);
$CSRid = mysql_insert_id(); $CSRid = mysql_insert_id();
@ -1970,7 +2069,8 @@
`modified`=NOW(), `modified`=NOW(),
`subject`='".$row['subject']."', `subject`='".$row['subject']."',
`type`='".$row['type']."', `type`='".$row['type']."',
`rootcert`='".$row['rootcert']."'"; `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query); mysql_query($query);
$newid = mysql_insert_id(); $newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n"; //echo "NewID: $newid<br/>\n";
@ -2071,6 +2171,24 @@
exit; exit;
} }
if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
showheader(_("My CAcert.org Account!"));
foreach($_REQUEST as $id => $val)
{
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
showfooter();
exit;
}
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 || if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 || $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) && $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&

10
pages/account/10.php
Unescape Escape View File

@ -31,12 +31,14 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<? if($_SESSION['profile']['points'] >= 50) { ?> <? if($_SESSION['profile']['points'] >= 50) { ?>
<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br />
<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> <input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br />
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?> <? } ?>
<p><?=_("Optional comment, only used in the certifictate overview")?><br>
<input type="text" name="description" maxlength="80" size=80/></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br> <textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>"> <input type="submit" name="process" value="<?=_("Submit")?>"/>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>"/>
</form> </form>

26
pages/account/12.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -28,13 +28,15 @@
<td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Expires")?></td>
<td colspan="2" class="DataTD"><?=_("Comment *")?></td>
</tr> </tr>
<? <?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`, `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id` UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
`domaincerts`.`description`
from `domaincerts`,`domains` from `domaincerts`,`domains`
where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1) if($viewall != 1)
@ -49,7 +51,7 @@
{ {
?> ?>
<tr> <tr>
<td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td> <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
</tr> </tr>
<? } else { <? } else {
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
@ -67,9 +69,9 @@
?> ?>
<tr> <tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
<? } else if($verified != _("Revoked")) { ?> <? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
<? } else { ?> <? } else { ?>
<td class="DataTD">&nbsp;</td> <td class="DataTD">&nbsp;</td>
<? } ?> <? } ?>
@ -78,17 +80,25 @@
<td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160; <td class="DataTD" colspan="8">
<?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>"/>&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>"/>
<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form> </form>

20
pages/account/16.php
Unescape Escape View File

@ -29,25 +29,25 @@
foreach($_SESSION['_config']['emails'] as $val) { ?> foreach($_SESSION['_config']['emails'] as $val) { ?>
<tr> <tr>
<td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td> <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="emails[]"></td> <td class="DataTD"><input type="text" name="emails[]"/></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Name")?>:</td> <td class="DataTD"><?=_("Name")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td> <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Department")?>:</td> <td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td> <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
<input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
</td> </td>
</tr> </tr>
@ -56,9 +56,15 @@
<td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
</tr> </tr>
<? } ?> <? } ?>
<tr>
<td class="DataTD" colspan="2" align="left">
<?=_("Optional comment, only used in the certifictate overview")?><br />
<input type="text" name="description" maxlength="80" size=80 />
</td>
</tr>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
<input type="submit" name="process" value="<?=_("Next")?>"></td> <input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>">

16
pages/account/18.php
Unescape Escape View File

@ -19,13 +19,14 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> <td colspan="8" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td> <td class="DataTD"><?=_("CommonName")?></td>
<td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Comment")?></td>
<td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Expires")?></td>
@ -35,7 +36,8 @@
UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
`oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
`oemail`.`CN`, `oemail`.`serial`, `oemail`.`id` `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
`oemail`.`description`
from `orgemailcerts` as `oemail`, `org` from `orgemailcerts` as `oemail`, `org`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`oemail`.`orgid` "; `org`.`orgid`=`oemail`.`orgid` ";
@ -50,7 +52,7 @@
{ {
?> ?>
<tr> <tr>
<td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td> <td colspan="8" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr> </tr>
<? } else { <? } else {
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
@ -83,11 +85,19 @@
<td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<tr>
<td class="DataTD" colspan="8">
<?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
</td>
</tr>
<tr> <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160; <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
</tr> </tr>
<? } ?> <? } ?>
</table> </table>

12
pages/account/20.php
Unescape Escape View File

@ -27,11 +27,13 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php"> <form method="post" action="account.php">
<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br />
<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> <input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br />
<p> <?=_("Optional comment, only used in the certifictate overview")?><br />
<input type="text" name="description" maxlength="80" size=80 /></p>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<p><?=_("Paste your CSR below...")?></p> <p><?=_("Paste your CSR below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br> <textarea name="CSR" cols="80" rows="15"></textarea><br />
<input type="submit" name="process" value="<?=_("Submit")?>"> <input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>

23
pages/account/22.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -28,7 +28,7 @@
<td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Expires")?></td>
<td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<? <?
$query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`, $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
@ -36,7 +36,8 @@
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
`orgdomaincerts`.`serial`, `orgdomaincerts`.`serial`,
`orgdomaincerts`.`id` as `id` `orgdomaincerts`.`id` as `id`,
`orgdomaincerts`.`description`
from `orgdomaincerts`,`org` from `orgdomaincerts`,`org`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
if($viewall != 1) if($viewall != 1)
@ -51,7 +52,7 @@
{ {
?> ?>
<tr> <tr>
<td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr> </tr>
<? } else { <? } else {
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
@ -80,15 +81,23 @@
<td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160; <td class="DataTD" colspan="8">
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr> </tr>
<? } ?> <? } ?>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
</form> </form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

38
pages/account/3.php
Unescape Escape View File

@ -52,27 +52,26 @@ if($_SESSION['profile']['points'] >= 50)
$lname = $_SESSION['profile']['lname']; $lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix']; $suffix = $_SESSION['profile']['suffix'];
?> ?>
<tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
<input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
</td> </td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br> <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br />
<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?> <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?>
<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?> <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?>
<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?> <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?>
<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?>
</td> </td>
</tr> </tr>
<? } ?> <? } ?>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr> <tr>
<td class="DataTD" align="left"> <td class="DataTD" align="left">
<input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td> <input type="checkbox" name="codesign" value="1" /> <?=_("Code Signing")?></td>
<td class="DataTD" align="left"> <td class="DataTD" align="left">
<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
</td> </td>
@ -81,11 +80,16 @@ if($_SESSION['profile']['points'] >= 50)
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br> <input type="checkbox" name="login" value="1" checked="checked" /> <?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
</td> </td>
</tr> </tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<?=_("Optional comment, only used in the certifictate overview max. 100 characters")?><br />
<input type="text" name="description" maxlength="100" size="100" />
</td>
</tr>
<tr name="expertoff" style="display:none"> <tr name="expertoff" style="display:none">
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
@ -95,12 +99,14 @@ if($_SESSION['profile']['points'] >= 50)
<tr name="expert"> <tr name="expert">
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br> <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br />
<input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br> <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
</td> </td>
</tr> </tr>
<tr name="expert"> <tr name="expert">
<td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
</tr> </tr>
@ -108,10 +114,10 @@ if($_SESSION['profile']['points'] >= 50)
<td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>
<script language="javascript"> <script language="javascript">

27
pages/account/5.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -29,7 +29,7 @@
<td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td> <td class="DataTD"><?=_("Login")?></td>
<td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<? <?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
@ -40,7 +40,8 @@
`emailcerts`.`id`, `emailcerts`.`id`,
`emailcerts`.`CN`, `emailcerts`.`CN`,
`emailcerts`.`serial`, `emailcerts`.`serial`,
emailcerts.disablelogin as `disablelogin` `emailcerts`.`disablelogin` as `disablelogin`,
`emailcerts`.`description`
from `emailcerts` from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
"; ";
@ -56,7 +57,7 @@
{ {
?> ?>
<tr> <tr>
<td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td> <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr> </tr>
<? } else { <? } else {
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
@ -93,24 +94,32 @@
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
<input type="hidden" name="cert_<?=$row['id']?>" value="1" /> <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
</td> </td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="8"> <td class="DataTD" colspan="9">
<a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td> </td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160; <td class="DataTD" colspan="9">
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
<td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr> </tr>
<? } ?> <? } ?>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form> </form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

86
pages/account/6.php
Unescape Escape View File

@ -18,7 +18,24 @@
<? <?
$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'"; // $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
`emailcerts`.`expire` as `expires`,
`emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
`emailcerts`.`disablelogin` as `disablelogin`,
`emailcerts`.`crt_name`,
`emailcerts`.`keytype`,
`emailcerts`.`description`
from `emailcerts`
where `emailcerts`.`id`='$certid' and `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
@ -127,10 +144,73 @@
<p><?=_("Your certificate:")?></p> <p><?=_("Your certificate:")?></p>
<pre><?=$cert?></pre> <pre><?=$cert?></pre>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Information about the certificte")?></td>
</tr>
<? <?
if($row['timeleft'] > 0)
$verified = _("Valid");
if($row['timeleft'] < 0)
$verified = _("Expired");
if($row['expired'] == 0)
$verified = _("Pending");
if($row['revoked'] > 0)
$verified = _("Revoked");
if($row['revoked'] == 0)
$row['revoke'] = _("Not Revoked");
?>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td>
<? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
</tr>
<tr>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=$verified?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=$row['serial']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=$row['revoke']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=$row['expires']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Login")?></td>
<td class="DataTD">
<input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
</td>
</tr>
<tr>
<td class="DataTD"><?=_("Comment")?></td>
<td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
</tr>
</table>
<input type="hidden" name="oldid" value="6">
<input type="hidden" name="certid" value="<?=$certid?>">
</form>
<?
showfooter(); showfooter();
exit; exit;
} }
?>

4
pages/account/8.php
Unescape Escape View File

@ -25,7 +25,7 @@
if(is_array($_SESSION['_config']['addy'])) if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?> foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr> <tr>
<td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td> <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?> /></td>
<td class="DataTD" width="175"><?=$add?></td> <td class="DataTD" width="175"><?=$add?></td>
</tr> </tr>
<? } ?> <? } ?>
@ -34,5 +34,5 @@
</tr> </tr>
</table> </table>
<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>

8
pages/gpg/0.php
Unescape Escape View File

@ -19,7 +19,9 @@
?> ?>
<p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p> <p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
<form method="post" action="gpg.php"> <form method="post" action="gpg.php">
<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br> <p><?=_("Optional comment, only used in the certifictate overview")?><br />
<input type="submit" name="process" value="<?=_("Submit")?>"> <input type="text" name="description" maxlength="80" size=80 /></p>
<input type="hidden" name="oldid" value="<?=$id?>"> <textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>

22
pages/gpg/2.php
Unescape Escape View File

@ -15,29 +15,30 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */ ?>
<form method="post" action="gpg.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="5" class="title"><?=_("OpenPGP Keys")?></td> <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td> <td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Key ID")?></td> <td class="DataTD"><?=_("Key ID")?></td>
<td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<? <?
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`, $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`, UNIX_TIMESTAMP(`expire`) as `expired`,
`expire` as `expires`, `id`, `level`, `expire` as `expires`, `id`, `level`,
`email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc"; ORDER BY `issued` desc";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
?> ?>
<tr> <tr>
<td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td> <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
</tr> </tr>
<? } else { <? } else {
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
@ -62,10 +63,19 @@
<? } ?> <? } ?>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<? } ?> <? } ?>
<tr>
<td class="DataTD" colspan="6">
<?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>

34
www/gpg.php
Unescape Escape View File

@ -251,7 +251,6 @@ function verifyEmail($email)
} }
$resulttable.="</table>"; $resulttable.="</table>";
if($nok==0) if($nok==0)
{ {
showheader(_("Welcome to CAcert.org")); showheader(_("Welcome to CAcert.org"));
@ -275,12 +274,20 @@ function verifyEmail($email)
if($oldid == "0" && $CSR != "") if($oldid == "0" && $CSR != "")
{ {
//set variable for comment
if(trim($_REQUEST['description']) == ""){
$description= "";
}else{
$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}
$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."', $query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
`email`='".mysql_real_escape_string($lastvalidemail)."', `email`='".mysql_real_escape_string($lastvalidemail)."',
`level`='1', `level`='1',
`expires`='".mysql_real_escape_string($expires)."', `expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."', `multiple`='".mysql_real_escape_string($multiple)."',
`keyid`='".mysql_real_escape_string($keyid)."'"; `keyid`='".mysql_real_escape_string($keyid)."',
`description`='".mysql_real_escape_string($description)."'";
mysql_query($query); mysql_query($query);
$id = mysql_insert_id(); $id = mysql_insert_id();
@ -384,13 +391,8 @@ function verifyEmail($email)
} }
} }
if(count($ToBeDeleted)>0) if(count($ToBeDeleted)>0)
{ {
$descriptorspec = array( $descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
@ -399,7 +401,6 @@ function verifyEmail($email)
$stderr = fopen('php://stderr', 'w'); $stderr = fopen('php://stderr', 'w');
//echo "Keyid: $keyid\n"; //echo "Keyid: $keyid\n";
$process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes); $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
@ -508,6 +509,23 @@ function verifyEmail($email)
exit; exit;
} }
if($oldid == 2 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
showheader(_("My CAcert.org Account!"));
foreach($_REQUEST as $id => $val)
{
if(substr($id,0,14)=="check_comment_")
{
$cid = intval(substr($id,14));
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
}
}
echo(_("Certificate settings have been changed.")."<br/>\n");
showfooter();
exit;
}
$id = intval($id); $id = intval($id);
showheader(_("Welcome to CAcert.org")); showheader(_("Welcome to CAcert.org"));

Write Preview
Loading…
Cancel
Save