cacert
/
cacert-webdb
9
0
Fork 0
Code Issues Pull Requests 5 Projects Releases 3 Wiki Activity

https://bugs.cacert.org/view.php?id=215

Browse Source
pull/1/head
root 16 years ago
parent 0c192198fc
commit c0fa2d9054
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File

20
includes/account.php
Unescape Escape View File

@ -313,6 +313,16 @@
$fp = fopen($CSRname, "w"); $fp = fopen($CSRname, "w");
fputs($fp, $emails); fputs($fp, $emails);
fclose($fp); fclose($fp);
$challenge=$_SESSION['spkac_hash'];
$res=`openssl spkac -verify -in $CSRname`;
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
showheader(_("My CAcert.org Account!"));
echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
showfooter();
exit;
}
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'"); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "") if($csr == "")
@ -1361,6 +1371,16 @@
$fp = fopen($CSRname, "w"); $fp = fopen($CSRname, "w");
fputs($fp, $emails); fputs($fp, $emails);
fclose($fp); fclose($fp);
$challenge=$_SESSION['spkac_hash'];
$res=`openssl spkac -verify -in $CSRname`;
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
showheader(_("My CAcert.org Account!"));
echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
showfooter();
exit;
}
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") { } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n"; $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";

Write Preview
Loading…
Cancel
Save