Commit graph

24 commits

Author SHA1 Message Date
560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
Wytze van der Raay
ca2fe0bc16 Fix for https://bugs.cacert.org/view.php?id=1192
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
2014-11-24 09:54:09 +00:00
Wytze van der Raay
ccc2a6f534 Combined fixes for
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
2014-06-07 09:16:26 +00:00
Wytze van der Raay
5fb83cec32 Fix for http://bugs.cacert.org/view.php?id=1176
fix deprecation messages due to PHP update.
2013-07-15 08:32:06 +00:00
root
2679d75dfc Fix for https://bugs.cacert.org/view.php?id=985
"Move from translingo to pootle"
2012-01-24 14:26:05 +00:00
Wytze van der Raay
d98d23ff5b Fix for https://bugs.cacert.org/view.php?id=841
(Problems on cert login with "duplicate" serial numbers)
2011-09-07 10:30:32 +00:00
Wytze van der Raay
b37255299d Fix for https://bugs.cacert.org/view.php?id=963
(Logout Session not completely reset)
2011-08-03 10:11:39 +00:00
root
8262bb0d93 Improved XSS prevention 2008-11-23 04:21:14 +00:00
root
72c9fa43d1 Improved register_globals handling 2008-08-17 23:25:30 +00:00
root
95d46015b4 Redirected logout to www.cacert.org 2008-06-09 09:48:51 +00:00
root
afccfceb56 Changed license to GPLv2 2008-04-06 19:45:09 +00:00
root
74e4b951b9 Added the feature to disable certificate-login for certain client certificates 2008-02-19 23:09:11 +00:00
root
b95cca2ca8 Fixed a Header attack 2007-08-21 16:32:23 +00:00
root
3e32cf1ca6 bug #80 2006-08-16 05:56:39 +00:00
root
caff89d6ba bug fixes 2006-08-04 22:05:11 +00:00
root
7f48f75874 bug fixes 2006-08-03 13:20:55 +00:00
root
029a3b9f89 update 2006-02-03 18:45:23 +00:00
root
bb7b042f57 updates 2005-12-04 21:04:05 +00:00
root
13a851559a updates 2005-07-24 13:56:10 +00:00
root
060a4762cf updates 2005-07-14 19:56:28 +00:00
root
d89c90943e new code + updates and bug fixes 2005-03-12 19:40:24 +00:00
root
1f48e78e65 removed hard path configs 2004-12-06 21:53:35 +00:00
root
c6b8a11ccb added sql schema + bug fixes 2004-12-06 14:02:02 +00:00
root
2e0fce259e some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00