Jan Dittberner
c61f0c4519
Merge branch 'main' into use-https-for-verification-links
4 months ago
Jan Dittberner
3bf254e237
Use https links instead of http for registration
5 months ago
Jan Dittberner
560be526c4
Fix client certificate login
...
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.
Email addresses from the client certificate are used as an additional
matching parameter.
- includes/lib/general.php got a new function
get_email_addresses_from_client_cert to create an array of email
addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
use a JOIN over the emailcerts, root_certs and email tables. All
parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
exactly one row in the result set
The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
5 months ago
Wytze van der Raay
44a3943358
Fix for https://bugs.cacert.org/view.php?id=1341
...
"Rate limit for login attempts"
10 years ago
Wytze van der Raay
ca2fe0bc16
Fix for https://bugs.cacert.org/view.php?id=1192
...
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
10 years ago
Mendel Mobach
8be54e45e9
Fix for https://bugs.cacert.org/view.php?id=1339
10 years ago
Wytze van der Raay
81932bfd0a
Combined fixes for
...
- https://bugs.cacert.org/view.php?id=413
"Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
"Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
"Inconsistency in Assurance Management"
10 years ago
Wytze van der Raay
98c8c419c8
Fix for https://bugs.cacert.org/view.php?id=1121
...
"Record the CCA acception for the account creation"
12 years ago
Wytze van der Raay
ac71b58807
Fix for https://bugs.cacert.org/view.php?id=795
...
"contact form does not signal whether filed request is senstive or open"
12 years ago
root
2679d75dfc
Fix for https://bugs.cacert.org/view.php?id=985
...
"Move from translingo to pootle"
13 years ago
Wytze van der Raay
31c1cd305f
Fixes for https://bugs.cacert.org/view.php?id=965 :
...
Outsource / fix Webdb text pages id=12, 13, (17)
13 years ago
Mendel Mobach
6aec958273
Fix for https://bugs.cacert.org/view.php?id=910
13 years ago
Wytze van der Raay
d98d23ff5b
Fix for https://bugs.cacert.org/view.php?id=841
...
(Problems on cert login with "duplicate" serial numbers)
13 years ago
Wytze van der Raay
f0c474f5d6
Fix for https://bugs.cacert.org/view.php?id=637
...
(password suggestion always the same).
13 years ago
Wytze van der Raay
6f50254e57
Fix for https://bugs.cacert.org/view.php?id=897
13 years ago
Philipp Dunkel
136f5e535c
http://bugs.cacert.org/view.php?id=804#c1613
14 years ago
Philipp Dunkel
99c9b16cc1
Seperated Spam from Javascript/Cookie Handling to narrow down problems
15 years ago
Philipp Dunkel
4fde81d03c
Improved confusing message
15 years ago
root
5f25174f52
http://bugs.cacert.org/view.php?id=618
16 years ago
root
364528b5cd
----------------------------------------------------------------------
16 years ago
root
a04ee9ece1
Improved the error message
16 years ago
root
8db71b8858
*** empty log message ***
16 years ago
root
16d7b35bae
Added SQL Injection prevention
...
The hash does not work with most email clients, needs more testing
16 years ago
root
d24c58c1f7
http://bugs.cacert.org/view.php?id=498
16 years ago
root
0bf13da212
Fixed a bug that allowed too many wrong answers
16 years ago
root
aa5e9432ab
http://bugs.cacert.org/view.php?id=630
16 years ago
root
25c01c726f
Improved register_globals
16 years ago
root
f3609ff15d
Improved register_globals
16 years ago
root
7c70c7978a
Improved register_globals
16 years ago
root
98fa1c3edf
Improved register_globals
16 years ago
root
4982654f2c
Improved register_globals handling
16 years ago
root
86af1fce0c
Improved register_globals handling
16 years ago
root
b2f4b87ca7
Removed " from translation strings
17 years ago
root
afccfceb56
Changed license to GPLv2
17 years ago
root
d8396a0147
Added a feature to disable certificate-login for selected client certificates
17 years ago
root
244fc1179f
https://bugs.cacert.org/view.php?id=436
17 years ago
root
0e06e36fa8
OTP changes
18 years ago
root
e893e66eaa
Added OTP Handling
18 years ago
root
64cd470088
advertising admin code
18 years ago
root
72511360c4
updates
18 years ago
root
030797c081
bug #163
18 years ago
root
ab2db05cec
bug #80
18 years ago
root
7cfe344b2c
bug #147
18 years ago
root
6480e48fd5
bug #185
18 years ago
root
9363c70495
bug #288
18 years ago
root
7f48f75874
bug fixes
18 years ago
root
adf1cfe354
register_globals fix
19 years ago
root
1cc679b01b
fix strip_tags for passwords
19 years ago
root
81ef702a6c
updates
19 years ago
root
ddaf44e87f
moved special files out of webroot
19 years ago