(Problems on cert login with "duplicate" serial numbers)
This commit is contained in:
Wytze van der Raay
parent
d67dd3d438
commit
d98d23ff5b
3 changed files with 65 additions and 13 deletions
50
includes/lib/general.php
Normal file
50
includes/lib/general.php
Normal file
|
|
@ -0,0 +1,50 @@
|
||||||
|
<? /*
|
||||||
|
LibreSSL - CAcert web application
|
||||||
|
Copyright (C) 2004-2011 CAcert Inc.
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; version 2 of the License.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if the user may log in and retrieve the user id
|
||||||
|
*
|
||||||
|
* Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and
|
||||||
|
* $_SERVER['SSL_CLIENT_I_DN_CN']
|
||||||
|
*
|
||||||
|
* @param $serial string
|
||||||
|
* usually $_SERVER['SSL_CLIENT_M_SERIAL']
|
||||||
|
* @param $issuer_cn string
|
||||||
|
* usually $_SERVER['SSL_CLIENT_I_DN_CN']
|
||||||
|
* @return int
|
||||||
|
* the user id, -1 in case of error
|
||||||
|
*/
|
||||||
|
function get_user_id_from_cert($serial, $issuer_cn)
|
||||||
|
{
|
||||||
|
$query = "select `memid` from `emailcerts` where
|
||||||
|
`serial`='".mysql_escape_string($serial)."' and
|
||||||
|
`rootcert`= (select `id` from `root_certs` where
|
||||||
|
`Cert_Text`='".mysql_escape_string($issuer_cn)."') and
|
||||||
|
`revoked`=0 and disablelogin=0 and
|
||||||
|
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
|
||||||
|
$res = mysql_query($query);
|
||||||
|
if(mysql_num_rows($res) > 0)
|
||||||
|
{
|
||||||
|
$row = mysql_fetch_assoc($res);
|
||||||
|
return intval($row['memid']);
|
||||||
|
}
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
@ -16,6 +16,7 @@
|
||||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
include_once("../includes/lib/general.php");
|
||||||
|
|
||||||
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
|
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
|
||||||
{
|
{
|
||||||
|
|
@ -41,14 +42,11 @@
|
||||||
|
|
||||||
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
|
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
|
||||||
{
|
{
|
||||||
$query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and
|
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
|
||||||
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
|
$_SERVER['SSL_CLIENT_I_DN_CN']);
|
||||||
$res = mysql_query($query);
|
|
||||||
|
|
||||||
if(mysql_num_rows($res) > 0)
|
if($user_id >= 0)
|
||||||
{
|
{
|
||||||
$row = mysql_fetch_assoc($res);
|
|
||||||
|
|
||||||
$_SESSION['profile']['loggedin'] = 0;
|
$_SESSION['profile']['loggedin'] = 0;
|
||||||
$_SESSION['profile'] = "";
|
$_SESSION['profile'] = "";
|
||||||
foreach($_SESSION as $key)
|
foreach($_SESSION as $key)
|
||||||
|
|
@ -61,7 +59,8 @@
|
||||||
session_unregister($key);
|
session_unregister($key);
|
||||||
}
|
}
|
||||||
|
|
||||||
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
|
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
|
||||||
|
"select * from `users` where `id`='".$user_id."'"));
|
||||||
if($_SESSION['profile']['locked'] == 0)
|
if($_SESSION['profile']['locked'] == 0)
|
||||||
$_SESSION['profile']['loggedin'] = 1;
|
$_SESSION['profile']['loggedin'] = 1;
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -148,13 +148,16 @@
|
||||||
|
|
||||||
if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
|
if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
|
||||||
{
|
{
|
||||||
$query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and disablelogin=0 and
|
include_once("../includes/lib/general.php");
|
||||||
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
|
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
|
||||||
$res = mysql_query($query);
|
$_SERVER['SSL_CLIENT_I_DN_CN']);
|
||||||
if(mysql_num_rows($res) > 0)
|
|
||||||
|
if($user_id >= 0)
|
||||||
{
|
{
|
||||||
$row = mysql_fetch_assoc($res);
|
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
|
||||||
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0"));
|
"select * from `users` where
|
||||||
|
`id`='$user_id' and `deleted`=0 and `locked`=0"));
|
||||||
|
|
||||||
if($_SESSION['profile']['id'] != 0)
|
if($_SESSION['profile']['id'] != 0)
|
||||||
{
|
{
|
||||||
$_SESSION['profile']['loggedin'] = 1;
|
$_SESSION['profile']['loggedin'] = 1;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue