Commit graph

75 commits

Author SHA1 Message Date
560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
Wytze van der Raay
44a3943358 Fix for https://bugs.cacert.org/view.php?id=1341
"Rate limit for login attempts"
2015-03-13 09:02:26 +00:00
Wytze van der Raay
ca2fe0bc16 Fix for https://bugs.cacert.org/view.php?id=1192
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
2014-11-24 09:54:09 +00:00
Mendel Mobach
8be54e45e9 Fix for https://bugs.cacert.org/view.php?id=1339 2014-11-18 22:08:23 +00:00
Wytze van der Raay
81932bfd0a Combined fixes for
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
2014-06-07 09:14:52 +00:00
Wytze van der Raay
98c8c419c8 Fix for https://bugs.cacert.org/view.php?id=1121
"Record the CCA acception for the account creation"
2013-05-15 09:37:21 +00:00
Wytze van der Raay
ac71b58807 Fix for https://bugs.cacert.org/view.php?id=795
"contact form does not signal whether filed request is senstive or open"
2013-01-17 15:08:07 +00:00
root
2679d75dfc Fix for https://bugs.cacert.org/view.php?id=985
"Move from translingo to pootle"
2012-01-24 14:26:05 +00:00
Wytze van der Raay
31c1cd305f Fixes for https://bugs.cacert.org/view.php?id=965 :
Outsource / fix Webdb text pages id=12, 13, (17)
2011-11-25 11:28:37 +00:00
Mendel Mobach
6aec958273 Fix for https://bugs.cacert.org/view.php?id=910 2011-09-21 14:29:51 +00:00
Wytze van der Raay
d98d23ff5b Fix for https://bugs.cacert.org/view.php?id=841
(Problems on cert login with "duplicate" serial numbers)
2011-09-07 10:30:32 +00:00
Wytze van der Raay
f0c474f5d6 Fix for https://bugs.cacert.org/view.php?id=637
(password suggestion always the same).
2011-08-01 14:34:08 +00:00
Wytze van der Raay
6f50254e57 Fix for https://bugs.cacert.org/view.php?id=897 2011-07-22 13:49:41 +00:00
Philipp Dunkel
136f5e535c http://bugs.cacert.org/view.php?id=804#c1613 2010-08-05 12:40:21 +00:00
Philipp Dunkel
99c9b16cc1 Seperated Spam from Javascript/Cookie Handling to narrow down problems 2009-12-26 18:32:59 +00:00
Philipp Dunkel
4fde81d03c Improved confusing message 2009-12-02 22:00:58 +00:00
root
5f25174f52 http://bugs.cacert.org/view.php?id=618 2009-04-10 22:22:16 +00:00
root
364528b5cd ---------------------------------------------------------------------- 2009-03-10 01:47:06 +00:00
root
a04ee9ece1 Improved the error message 2009-01-11 02:29:16 +00:00
root
8db71b8858 *** empty log message *** 2009-01-04 23:43:04 +00:00
root
16d7b35bae Added SQL Injection prevention
The hash does not work with most email clients, needs more testing
2008-11-24 12:42:59 +00:00
root
d24c58c1f7 http://bugs.cacert.org/view.php?id=498 2008-11-03 20:56:01 +00:00
root
0bf13da212 Fixed a bug that allowed too many wrong answers 2008-10-02 14:02:40 +00:00
root
aa5e9432ab http://bugs.cacert.org/view.php?id=630 2008-09-22 15:41:39 +00:00
root
25c01c726f Improved register_globals 2008-09-19 21:32:17 +00:00
root
f3609ff15d Improved register_globals 2008-09-19 20:23:23 +00:00
root
7c70c7978a Improved register_globals 2008-09-03 16:12:53 +00:00
root
98fa1c3edf Improved register_globals 2008-08-31 22:27:03 +00:00
root
4982654f2c Improved register_globals handling 2008-08-27 23:07:21 +00:00
root
86af1fce0c Improved register_globals handling 2008-08-17 23:27:19 +00:00
root
b2f4b87ca7 Removed " from translation strings 2008-05-22 22:41:42 +00:00
root
afccfceb56 Changed license to GPLv2 2008-04-06 19:45:09 +00:00
root
d8396a0147 Added a feature to disable certificate-login for selected client certificates 2008-02-19 23:10:38 +00:00
root
244fc1179f https://bugs.cacert.org/view.php?id=436 2007-07-30 18:41:43 +00:00
root
0e06e36fa8 OTP changes 2007-02-23 21:21:03 +00:00
root
e893e66eaa Added OTP Handling 2007-02-07 13:50:54 +00:00
root
64cd470088 advertising admin code 2006-12-09 00:23:15 +00:00
root
72511360c4 updates 2006-11-23 22:22:31 +00:00
root
030797c081 bug #163 2006-08-16 17:25:19 +00:00
root
ab2db05cec bug #80 2006-08-16 06:08:12 +00:00
root
7cfe344b2c bug #147 2006-08-16 04:01:43 +00:00
root
6480e48fd5 bug #185 2006-08-14 08:19:38 +00:00
root
9363c70495 bug #288 2006-08-12 19:39:00 +00:00
root
7f48f75874 bug fixes 2006-08-03 13:20:55 +00:00
root
adf1cfe354 register_globals fix 2006-05-01 14:45:38 +00:00
root
1cc679b01b fix strip_tags for passwords 2006-04-30 08:40:21 +00:00
root
81ef702a6c updates 2006-04-30 08:30:54 +00:00
root
ddaf44e87f moved special files out of webroot 2006-04-20 20:08:31 +00:00
root
470031bed9 updates/bug fixes 2006-03-05 11:18:16 +00:00
root
029a3b9f89 update 2006-02-03 18:45:23 +00:00