@ -10,7 +10,7 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
@ -82,7 +82,7 @@
if($checkemail != "OK")
if($checkemail != "OK")
{
{
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
if (substr($checkemail, 0, 1) == "4")
if (substr($checkemail, 0, 1) == "4")
{
{
echo "< p > "._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."< / p > \n";
echo "< p > "._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."< / p > \n";
} else {
} else {
@ -149,8 +149,13 @@
$delcount = 0;
$delcount = 0;
if(array_key_exists('delid',$_REQUEST) & & is_array($_REQUEST['delid']))
if(array_key_exists('delid',$_REQUEST) & & is_array($_REQUEST['delid']))
{
{
$deltitle=false;
foreach($_REQUEST['delid'] as $id)
foreach($_REQUEST['delid'] as $id)
{
{
if (!$deltitle) {
echo _('The following email addresses have been removed:')."< br > \n";
$deltitle=true;
}
$id = intval($id);
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
`email`!='".$_SESSION['profile']['email']."'";
`email`!='".$_SESSION['profile']['email']."'";
@ -168,11 +173,9 @@
{
{
echo _("You did not select any email accounts for removal.");
echo _("You did not select any email accounts for removal.");
}
}
if($delcount > 0 )
if(0 == $delcount)
{
{
echo _("The following accounts have been removed:")."< br > \n";
echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
} else {
echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
}
}
showfooter();
showfooter();
@ -317,11 +320,11 @@
showfooter();
showfooter();
exit;
exit;
}
}
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
$query = "insert into emailcerts set
$query = "insert into emailcerts set
`CN`='$defaultemail',
`CN`='$defaultemail',
`keytype`='NS',
`keytype`='NS',
`memid`='".intval($_SESSION['profile']['id'])."',
`memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
@ -352,7 +355,7 @@
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
{
$id = 4;
$id = 4;
@ -361,7 +364,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
$tmpfname = tempnam("/tmp", "id4CSR");
$tmpfname = tempnam("/tmp", "id4CSR");
$fp = fopen($tmpfname, "w");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
fputs($fp, $csr);
@ -420,8 +423,8 @@
showfooter();
showfooter();
exit;
exit;
}
}
$query = "insert into emailcerts set
$query = "insert into emailcerts set
`CN`='$defaultemail',
`CN`='$defaultemail',
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`memid`='".$_SESSION['profile']['id']."',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
@ -581,7 +584,7 @@
{
{
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
//echo "< p > "._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."< / p > \n";
//echo "< p > "._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."< / p > \n";
if (substr($checkemail, 0, 1) == "4")
if (substr($checkemail, 0, 1) == "4")
{
{
echo "< p > "._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."< / p > \n";
echo "< p > "._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."< / p > \n";
} else {
} else {
@ -658,7 +661,7 @@
// In case the CSR is missing the ---BEGIN lines, add them automatically:
// In case the CSR is missing the ---BEGIN lines, add them automatically:
$CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
$CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
}
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
{
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
@ -666,7 +669,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
if(trim($_REQUEST['description']) != ""){
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
}else{
@ -717,7 +720,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
if (($weakKey = checkWeakKeyCSR(file_get_contents(
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
$_SESSION['_config']['tmpfname']))) !== "")
{
{
@ -726,7 +729,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
$id = 11;
$id = 11;
if($_SESSION['_config']['0.CN'] == "" & & $_SESSION['_config']['0.subjectAltName'] == "")
if($_SESSION['_config']['0.CN'] == "" & & $_SESSION['_config']['0.subjectAltName'] == "")
{
{
@ -772,14 +775,14 @@
if(array_key_exists('0',$_SESSION['_config']['rowid']) & & $_SESSION['_config']['rowid']['0'] > 0)
if(array_key_exists('0',$_SESSION['_config']['rowid']) & & $_SESSION['_config']['rowid']['0'] > 0)
{
{
$query = "insert into `domaincerts` set
$query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
`description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) & & $_SESSION['_config']['altid']['0'] > 0) {
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) & & $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set
$query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
@ -846,24 +849,24 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br / > \n", $id);
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br / > \n", $id);
continue;
continue;
}
}
$row = mysql_fetch_assoc($res);
$row = mysql_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
$row['crt_name']))) !== "")
{
{
echo $weakKey, "< br / > \n";
echo $weakKey, "< br / > \n";
continue;
continue;
}
}
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$query = "insert into `domaincerts` set
$query = "insert into `domaincerts` set
`domid`='".$row['domid']."',
`domid`='".$row['domid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
"`created`='".$row['created']."',
"`created`='".$row['created']."',
`modified`=NOW(),
`modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
`type`='".$row['type']."',
`pkhash`='".$row['pkhash']."',
`pkhash`='".$row['pkhash']."',
@ -948,7 +951,7 @@
foreach($_REQUEST['revokeid'] as $id)
foreach($_REQUEST['revokeid'] as $id)
{
{
$id = intval($id);
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@ -979,7 +982,7 @@
foreach($_REQUEST['delid'] as $id)
foreach($_REQUEST['delid'] as $id)
{
{
$id = intval($id);
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@ -1032,7 +1035,7 @@
foreach($_REQUEST['revokeid'] as $id)
foreach($_REQUEST['revokeid'] as $id)
{
{
$id = intval($id);
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
if(mysql_num_rows($res) < = 0)
@ -1040,24 +1043,24 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br > \n", $id);
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br > \n", $id);
continue;
continue;
}
}
$row = mysql_fetch_assoc($res);
$row = mysql_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
$row['crt_name']))) !== "")
{
{
echo $weakKey, "< br / > \n";
echo $weakKey, "< br / > \n";
continue;
continue;
}
}
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$query = "insert into emailcerts set
$query = "insert into emailcerts set
`memid`='".$row['memid']."',
`memid`='".$row['memid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
`keytype`='".$row['keytype']."',
`keytype`='".$row['keytype']."',
`csr_name`='".$row['csr_name']."',
`csr_name`='".$row['csr_name']."',
`created`='".$row['created']."',
`created`='".$row['created']."',
`modified`=NOW(),
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
`codesign`='".$row['codesign']."',
@ -1106,7 +1109,7 @@
foreach($_REQUEST['revokeid'] as $id)
foreach($_REQUEST['revokeid'] as $id)
{
{
$id = intval($id);
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
if(mysql_num_rows($res) < = 0)
@ -1135,7 +1138,7 @@
foreach($_REQUEST['delid'] as $id)
foreach($_REQUEST['delid'] as $id)
{
{
$id = intval($id);
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
if(mysql_num_rows($res) < = 0)
@ -1271,7 +1274,7 @@
$ddres = mysql_query($ddquery);
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
$_SESSION['profile']['points'] = $ddrow['total'];
if($_SESSION['profile']['points'] == 0)
if($_SESSION['profile']['points'] == 0)
{
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
@ -1323,7 +1326,7 @@
where `id`='".$_SESSION['profile']['id']."'";
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
mysql_query($query);
//!!!Should be rewritten
//!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
if($_SESSION['_config']['user']['otphash'] != "" & & $_SESSION['_config']['user']['otppin'] != "")
if($_SESSION['_config']['user']['otphash'] != "" & & $_SESSION['_config']['user']['otppin'] != "")
@ -1534,9 +1537,9 @@
showfooter();
showfooter();
exit;
exit;
}
}
$query = "insert into `orgemailcerts` set
$query = "insert into `orgemailcerts` set
`CN`='$defaultemail',
`CN`='$defaultemail',
`keytype`='NS',
`keytype`='NS',
`orgid`='".$org['orgid']."',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
@ -1566,7 +1569,7 @@
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
{
$id = 17;
$id = 17;
@ -1575,7 +1578,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
$tmpfname = tempnam("/tmp", "id17CSR");
$tmpfname = tempnam("/tmp", "id17CSR");
$fp = fopen($tmpfname, "w");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
fputs($fp, $csr);
@ -1625,8 +1628,8 @@
if($_SESSION['_config']['rootcert'] < 1 | | $ _SESSION [ ' _config ' ] [ ' rootcert ' ] > 2)
if($_SESSION['_config']['rootcert'] < 1 | | $ _SESSION [ ' _config ' ] [ ' rootcert ' ] > 2)
$_SESSION['_config']['rootcert'] = 1;
$_SESSION['_config']['rootcert'] = 1;
$query = "insert into `orgemailcerts` set
$query = "insert into `orgemailcerts` set
`CN`='$defaultemail',
`CN`='$defaultemail',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`orgid`='".$org['orgid']."',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
@ -1683,29 +1686,29 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br > \n", $id);
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br > \n", $id);
continue;
continue;
}
}
$row = mysql_fetch_assoc($res);
$row = mysql_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
$row['crt_name']))) !== "")
{
{
echo $weakKey, "< br / > \n";
echo $weakKey, "< br / > \n";
continue;
continue;
}
}
mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
if($row['revoke'] > 0)
{
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."< br > \n", $row['CN']);
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."< br > \n", $row['CN']);
continue;
continue;
}
}
$query = "insert into `orgemailcerts` set
$query = "insert into `orgemailcerts` set
`orgid`='".$row['orgid']."',
`orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
`CN`='".$row['CN']."',
`subject`='".$row['subject']."',
`subject`='".$row['subject']."',
`keytype`='".$row['keytype']."',
`keytype`='".$row['keytype']."',
`csr_name`='".$row['csr_name']."',
`csr_name`='".$row['csr_name']."',
`created`='".$row['created']."',
`created`='".$row['created']."',
`modified`=NOW(),
`modified`=NOW(),
`codesign`='".$row['codesign']."',
`codesign`='".$row['codesign']."',
`rootcert`='".$row['rootcert']."',
`rootcert`='".$row['rootcert']."',
@ -1822,7 +1825,7 @@
if($process != "" & & $oldid == 20)
if($process != "" & & $oldid == 20)
{
{
$CSR = clean_csr($_REQUEST['CSR']);
$CSR = clean_csr($_REQUEST['CSR']);
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
{
$id = 20;
$id = 20;
@ -1831,7 +1834,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
if(trim($_REQUEST['description']) != ""){
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
}else{
@ -1887,7 +1890,7 @@
if($process != "" & & $oldid == 21)
if($process != "" & & $oldid == 21)
{
{
$id = 21;
$id = 21;
if(!file_exists($_SESSION['_config']['tmpfname']))
if(!file_exists($_SESSION['_config']['tmpfname']))
{
{
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
@ -1895,7 +1898,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
if (($weakKey = checkWeakKeyCSR(file_get_contents(
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
$_SESSION['_config']['tmpfname']))) !== "")
{
{
@ -1944,7 +1947,7 @@
if(is_array($_SESSION['_config']['rows']))
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
foreach($_SESSION['_config']['rows'] as $row)
$csrsubject .= "/commonName=$row";
$csrsubject .= "/commonName=$row";
$SAN="";
$SAN="";
if(is_array($_SESSION['_config']['altrows']))
if(is_array($_SESSION['_config']['altrows']))
foreach($_SESSION['_config']['altrows'] as $subalt)
foreach($_SESSION['_config']['altrows'] as $subalt)
{
{
@ -2031,29 +2034,29 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br > \n", $id);
printf(_("Invalid ID '%s' presented, can't do anything with it.")."< br > \n", $id);
continue;
continue;
}
}
$row = mysql_fetch_assoc($res);
$row = mysql_fetch_assoc($res);
if (($weakKey = checkWeakKeyX509(file_get_contents(
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
$row['crt_name']))) !== "")
{
{
echo $weakKey, "< br / > \n";
echo $weakKey, "< br / > \n";
continue;
continue;
}
}
mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
if($row['revoke'] > 0)
{
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."< br > \n", $row['CN']);
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."< br > \n", $row['CN']);
continue;
continue;
}
}
$query = "insert into `orgdomaincerts` set
$query = "insert into `orgdomaincerts` set
`orgid`='".$row['orgid']."',
`orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
`CN`='".$row['CN']."',
`csr_name`='".$row['csr_name']."',
`csr_name`='".$row['csr_name']."',
`created`='".$row['created']."',
`created`='".$row['created']."',
`modified`=NOW(),
`modified`=NOW(),
`subject`='".$row['subject']."',
`subject`='".$row['subject']."',
`type`='".$row['type']."',
`type`='".$row['type']."',
`rootcert`='".$row['rootcert']."',
`rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
`description`='".$row['description']."'";
@ -2286,7 +2289,7 @@
if(($oldid == 29 || $oldid == 30) & & $process != "") // _("Cancel") is handled in front of account.php
if(($oldid == 29 || $oldid == 30) & & $process != "") // _("Cancel") is handled in front of account.php
{
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($domid)."'";
`orgdomains`.`id`='".intval($domid)."'";
@ -2294,7 +2297,7 @@
while($row = mysql_fetch_assoc($res))
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($domid)."'";
`orgdomains`.`id`='".intval($domid)."'";
@ -2338,7 +2341,7 @@
$dres = mysql_query($query);
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
while($drow = mysql_fetch_assoc($dres))
{
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
`orgdomains`.`id`='".intval($drow['id'])."'";
@ -2350,7 +2353,7 @@
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
}
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
`orgdomains`.`id`='".intval($drow['id'])."'";
@ -2430,8 +2433,8 @@
$row = mysql_fetch_assoc($res);
$row = mysql_fetch_assoc($res);
if ( !is_assurer(intval($row['id'])) )
if ( !is_assurer(intval($row['id'])) )
{
{
$id = $oldid;
$id = $oldid;
$oldid=0;
$oldid=0;
$_SESSION['_config']['errmsg'] =
$_SESSION['_config']['errmsg'] =
_("The user is not an Assurer yet");
_("The user is not an Assurer yet");
} else {
} else {
@ -2565,7 +2568,7 @@
exit;
exit;
}
}
if($oldid == 54 || ($id == 53 & & array_key_exists('action',$_REQUEST) & & $_REQUEST['action'] != "") ||
if($oldid == 54 || ($id == 53 & & array_key_exists('action',$_REQUEST) & & $_REQUEST['action'] != "") ||
($id == 54 & & array_key_exists('action',$_REQUEST) & & $_REQUEST['action'] != "" & &
($id == 54 & & array_key_exists('action',$_REQUEST) & & $_REQUEST['action'] != "" & &
$_REQUEST['action'] != "aliases" & & $_REQUEST['action'] != "edit" & & $_REQUEST['action'] != "add"))
$_REQUEST['action'] != "aliases" & & $_REQUEST['action'] != "edit" & & $_REQUEST['action'] != "add"))
{
{
@ -2789,7 +2792,7 @@
showfooter();
showfooter();
exit;
exit;
}
}
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
{
showheader(_("My CAcert.org Account!"));
showheader(_("My CAcert.org Account!"));
@ -2798,7 +2801,7 @@
exit;
exit;
}
}
$query = "insert into `domaincerts` set
$query = "insert into `domaincerts` set
`CN`='".$_SESSION['_config']['0.CN']."',
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
`created`=NOW()";
@ -2862,7 +2865,7 @@
if($id == 43 & & array_key_exists('locked',$_REQUEST) & & $_REQUEST['locked'] > 0)
if($id == 43 & & array_key_exists('locked',$_REQUEST) & & $_REQUEST['locked'] > 0)
{
{
csrf_check('admactlock');
csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
$query = "select * from `users` where `id`='$memid'";
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$row = mysql_fetch_assoc(mysql_query($query));
@ -3103,7 +3106,7 @@
while($row = mysql_fetch_assoc($res))
while($row = mysql_fetch_assoc($res))
$body .= $row['comment']."\n";
$body .= $row['comment']."\n";
$body .= "\n";
$body .= "\n";
$body .= _("Best regards")."\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
@ -3124,7 +3127,7 @@
$body .= "\n";
$body .= "\n";
$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
$body .= _("Best regards")."\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
Wytze van der Raay
11 years ago