diff --git a/includes/account.php b/includes/account.php
index f0c3baa..6855acc 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -218,7 +218,7 @@
{
$id = 4;
showheader(_("My CAcert.org Account!"));
- echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
+ echo _("I didn't receive a valid Certificate Request, please try a different browser.");
showfooter();
exit;
}
@@ -264,7 +264,9 @@
if($_SESSION['_config']['incname'] == 4)
$emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
$emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_REQUEST['SPKAC']));
- $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS',
+ $query = "insert into emailcerts set
+ `CN`='$defaultemail',
+ `keytype`='NS',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
@@ -337,7 +339,9 @@
showfooter();
exit;
}
- $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
+ $query = "insert into emailcerts set
+ `CN`='$defaultemail',
+ `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='".mysql_real_escape_string($csrsubject)."',
@@ -633,12 +637,14 @@
if($_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+ $query = "insert into `domaincerts` set
+ `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
} else {
- $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+ $query = "insert into `domaincerts` set
+ `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
@@ -702,9 +708,14 @@
}
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$row = mysql_fetch_assoc($res);
- $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
- `csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
- `modified`=NOW(), `rootcert`='".$row['rootcert']."'";
+ $query = "insert into `domaincerts` set
+ `domid`='".$row['domid']."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
+ `modified`=NOW(),
+ `rootcert`='".$row['rootcert']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/server-$newid.csr";
@@ -860,9 +871,15 @@
}
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$row = mysql_fetch_assoc($res);
- $query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."',
- `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."', `modified`=NOW(),
+ $query = "insert into emailcerts set
+ `memid`='".$row['memid']."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
+ `modified`=NOW(),
+ `disablelogin`='".$row['disablelogin']."',
`rootcert`='".$row['rootcert']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -1250,7 +1267,9 @@
$emails .= "countryName = ".$org['C']."\n";
$emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_REQUEST['SPKAC']));
- $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='NS',
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `keytype`='NS',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
@@ -1313,7 +1332,9 @@
showfooter();
exit;
}
- $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
@@ -1372,10 +1393,16 @@
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']);
continue;
}
- $query = "insert into `orgemailcerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."',
- `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."', `modified`=NOW(),
- `subject`='".$row['subject']."', `rootcert`='".$row['rootcert']."'";
+ $query = "insert into `orgemailcerts` set
+ `orgid`='".$row['orgid']."',
+ `CN`='".$row['CN']."',
+ `subject`='".$row['subject']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
+ `modified`=NOW(),
+ `subject`='".$row['subject']."',
+ `rootcert`='".$row['rootcert']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr";
@@ -1575,15 +1602,19 @@
if($_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['rows']['0']."',
`orgid`='".$org['id']."',
- `created`=NOW(),`subject`='$csrsubject',
+ `created`=NOW(),
+ `subject`='$csrsubject',
`rootcert`='".$_SESSION['_config']['rootcert']."',
`type`='$type'";
} else {
- $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."',
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['altrows']['0']."',
`orgid`='".$org['id']."',
- `created`=NOW(),`subject`='$csrsubject',
+ `created`=NOW(),
+ `subject`='$csrsubject',
`rootcert`='".$_SESSION['_config']['rootcert']."',
`type`='$type'";
}
@@ -1641,9 +1672,15 @@
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']);
continue;
}
- $query = "insert into `orgdomaincerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
- `modified`=NOW(), `subject`='".$row['subject']."', `rootcert`='".$row['rootcert']."'";
+ $query = "insert into `orgdomaincerts` set
+ `orgid`='".$row['orgid']."',
+ `CN`='".$row['CN']."',
+ `subject`='".$row['subject']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
+ `modified`=NOW(),
+ `subject`='".$row['subject']."',
+ `rootcert`='".$row['rootcert']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/orgserver-$newid.csr";
@@ -2303,7 +2340,8 @@
exit;
}
- $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['0.CN']."',
+ $query = "insert into `domaincerts` set
+ `CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
mysql_query($query);