This file is part of CAcert. CAcert has been released under a CAcert Source license which can be found included with these source files or can be downloaded from the internet from the following address: CAcert is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License for more details. */ require_once("../includes/loggedin.php"); loadem("account"); if($process != "" && $oldid == 1) { $id = 1; if(strstr($newemail, "xn--") && $_SESSION['profile']['codesign'] <= 0) { showheader(_("My Account!")); echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."); showfooter(); exit; } if(trim(mysql_escape_string(stripslashes($newemail))) == "") { showheader(_("My Account!")); printf(_("Not a valid email address. Can't continue."), $email); showfooter(); exit; } unset($oldid); $email = trim(mysql_escape_string(stripslashes($newemail))); $query = "select * from `email` where `email`='$email' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { showheader(_("My Account!")); printf(_("The email address '%s' is already in the system. Can't continue."), $email); showfooter(); exit; } if(!checkEmail($newemail)) { showheader(_("My Account!")); echo _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid"); showfooter(); exit; } $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); $query = "insert into `email` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $emailid = mysql_insert_id(); $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._(" Support!"); sendmail($email, "[] "._("Email Probe"), $body, "", "", "", "CAcert Support"); showheader(_("My Account!")); printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email); showfooter(); exit; } if($makedefault != "" && $oldid == 2) { $id = 2; $emailid = intval($emailid); $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("Error!")); echo _("You currently don't have access to the email address you selected, or you haven't verified it yet."); showfooter(); exit; } $row = mysql_fetch_assoc($res); $_SESSION['profile']['email'] = $row['email']; $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); showheader(_("My Account!")); printf(_("Your default email address has been updated to '%s'."), $row['email']); showfooter(); exit; } if($process != "" && $oldid == 2) { $id = 2; showheader(_("My Account!")); echo _("The following accounts have been removed:")."
\n"; if(is_array($delid)) foreach($delid as $id) { $id = intval($id); $query = "select * from `email` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."' and `email`!='".$_SESSION['profile']['email']."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); echo $row['email']."
\n"; $query = "select `emailcerts`.`id` from `emaillink`,`emailcerts` where `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 group by `emailcerts`.`id`"; $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); $query = "update `email` set `deleted`=NOW() where `id`='$id'"; mysql_query($query); } } showfooter(); exit; } if($process != "" && $oldid == 3) { if(!is_array($addid)) { showheader(_("My Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $_SESSION['_config']['addid'] = $addid; if($_SESSION['profile']['points'] >= 50) $_SESSION['_config']['incname'] = intval($incname); if($_POST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100)) { $_POST['codesign'] = 0; } if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && $_POST['codesign'] == 1) { if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4) $_SESSION['_config']['incname'] = 1; } if($_POST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100) $_SESSION['_config']['codesign'] = 1; else $_SESSION['_config']['codesign'] = 0; $_SESSION['_config']['rootcert'] = 1; if($_SESSION['profile']['points'] >= 50) { $_SESSION['_config']['rootcert'] = intval($_POST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } $csr = ""; if(trim($_POST['optionalCSR']) == "") { $id = 4; } else { $oldid = 4; $_POST['keytype'] = "MS"; $csr = $_POST['optionalCSR']; } } if($oldid == 4) { if($_POST['keytype'] == "NS") { if($_POST['SPKAC'] == "" || $_POST['SPKAC'] == "deadbeef") { $id = 4; showheader(_("My Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $emailcount = 0; $emails = ""; $addys = array(); if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='$id'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); if(!$emails) $defaultemail = $row['email']; $emails .= "$emailcount.emailAddress = ".$row['email']."\n"; $emailcount++; $addys[] = $row['id']; } } if($emailcount <= 0) { $id = 4; showheader(_("My Account!")); echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request."); showfooter(); exit; } if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) $emails .= "commonName = CAcert WoT User\n"; if($_SESSION['_config']['incname'] == 1) $emails .= "commonName = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."\n"; if($_SESSION['_config']['incname'] == 2) $emails .= "commonName = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']."\n"; if($_SESSION['_config']['incname'] == 3) $emails .= "commonName = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']."\n"; if($_SESSION['_config']['incname'] == 4) $emails .= "commonName = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']."\n"; $emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC'])); $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr"; $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_POST['keytype'] == "MS") { if($csr == "") $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n"; $tmpfname = tempnam("/tmp", "CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); fclose($fp); $addys = array(); $defaultemail = ""; if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) $csrsubject = "/CN=CAcert WoT User"; if($_SESSION['_config']['incname'] == 1) $csrsubject = "/CN=".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']; if($_SESSION['_config']['incname'] == 2) $csrsubject = "/CN = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']."\n"; if($_SESSION['_config']['incname'] == 3) $csrsubject = "/CN = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']."\n"; if($_SESSION['_config']['incname'] == 4) $csrsubject = "/CN = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']."\n"; if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='$id'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); if($defaultemail == "") $defaultemail = $row['email']; $csrsubject .= "/emailAddress=".$row['email']; $addys[] = $row['id']; } } $tmpname = tempnam("/tmp", "CSR"); $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); while($data = fgets($fp, 4096)) $csr .= $data; fclose($fp); @unlink($tmpname); if($csr == "") { $id = 4; showheader(_("My Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='$csrsubject', `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr"; $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } $do = `../scripts/runclient`; $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $id = 4; showheader(_("My Account!")); echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); showfooter(); exit; } else { $id = 6; $cert = $emailid; } } if($oldid == 7) { if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0) { showheader(_("My Account!")); echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."); showfooter(); exit; } $newdom = trim(escapeshellarg($newdomain)); $newdomain = mysql_escape_string(trim($newdomain)); $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'"); $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0"; $res2 = mysql_query($query); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2)) { $id = $oldid; unset($oldid); $id = 7; showheader(_("My Account!")); printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $newdomain); showfooter(); exit; } } if($oldid == 7) { unset($oldid); $id = 8; $addy = array(); $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`)); if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info") { if(is_array($adds)) foreach($adds as $line) { $bits = explode(":", $line, 2); $line = trim($bits[1]); if(!in_array($line, $addy) && $line != "") $addy[] = trim(mysql_escape_string(stripslashes($line))); } } else { if(is_array($adds)) foreach($adds as $line) { $line = trim(str_replace("\t", " ", $line)); $line = trim(str_replace("(", "", $line)); $line = trim(str_replace(")", " ", $line)); $bits = explode(" ", $line); foreach($bits as $bit) { if(strstr($bit, "@")) $line = $bit; } if(!in_array($line, $addy) && $line != "") $addy[] = trim(mysql_escape_string(stripslashes($line))); } } $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain"); foreach($rfc as $sub) if(!in_array($sub, $addy)) $addy[] = $sub; $_SESSION['_config']['addy'] = $addy; $_SESSION['_config']['domain'] = mysql_escape_string($newdomain); } if($process != "" && $oldid == 8) { unset($oldid); $id = 8; $authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy']))); if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "") { showheader(_("My Account!")); echo _("The address you submitted isn't a valid authority address for the domain."); showfooter(); exit; } $query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { showheader(_("My Account!")); printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $_SESSION['_config']['domain']); showfooter(); exit; } if(!checkEmail($authaddy)) { showheader(_("My Account!")); echo _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid"); showfooter(); exit; } $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); $query = "insert into `domains` set `domain`='".$_SESSION['_config']['domain']."', `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $domainid = mysql_insert_id(); $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._(" Support!"); sendmail($authaddy, "[] "._("Email Probe"), $body, "", "", "", "CAcert Support"); showheader(_("My Account!")); printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']); showfooter(); exit; } if($process != "" && $oldid == 9) { $id = 9; showheader(_("My Account!")); echo _("The following domains have been removed:")."
("._("Any valid certificates will be revoked as well").")
\n"; if(is_array($delid)) foreach($delid as $id) { $id = intval($id); $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); echo $row['domain']."
\n"; mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'"); $dres = mysql_query("select * from `domlink` where `domid`='$id'"); while($drow = mysql_fetch_assoc($dres)) mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); } } showfooter(); exit; } if($process != "" && $oldid == 10) { $CSR = trim($CSR); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "FOO"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); fclose($fp); $CSR = $_SESSION['_config']['tmpfname']; $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep Subject:`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 11; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $_SESSION['_config']['rootcert'] = 1; if($_SESSION['profile']['points'] >= 50) { $_SESSION['_config']['rootcert'] = intval($_POST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } } if($process != "" && $oldid == 11) { $id = 11; if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $subject = ""; $count = 0; if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) { $count++; if($count <= 1) { $subject .= "/CN=$row"; if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; } else { if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; } } if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $row) if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; if($_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."', `domid`='".$_SESSION['_config']['rowid']['0']."', `created`=NOW(),`subject`='$subject', `rootcert`='".$_SESSION['_config']['rootcert']."'"; } else { $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."', `domid`='".$_SESSION['_config']['altid']['0']."', `created`=NOW(),`subject`='$subject', `rootcert`='".$_SESSION['_config']['rootcert']."'"; } mysql_query($query); $CSRid = mysql_insert_id(); if(is_array($_SESSION['_config']['rowid'])) foreach($_SESSION['_config']['rowid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); $CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr"; if(!file_exists($_SESSION['_config']['tmpfname'])) { showheader(_("My Account!")); echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); showfooter(); exit; } rename($_SESSION['_config']['tmpfname'], $CSRname); mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); $do = `../scripts/runserver`; $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("My Account!")); echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); showfooter(); exit; } else { $id = 15; $cert = $CSRid; } } if($oldid == 12 && $renew != "") { $id = 12; showheader(_("My Account!")); if(is_array($revokeid)) { echo _("Now renewing the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); $row = mysql_fetch_assoc($res); $query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".$row['CN']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `rootcert`='".$row['rootcert']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile = $_SESSION['_config']['filepath']."/csr/server-$newid.csr"; copy($row['csr_name'], $newfile); $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|grep Subject:`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $subject = ""; $count = 0; if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) { $count++; if($count <= 1) { $subject .= "/CN=$row"; if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; } else { if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; } } if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $row) if(!strstr($subject, "=$row/") && substr($subject, -strlen("=$row")) != "=$row") $subject .= "/subjectAltName=$row"; mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".$_SESSION['_config']['0.CN']."
\n"; $do = `../scripts/runserver`; $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); } else { $drow = mysql_fetch_assoc($res); $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; echo "
\n"; } } } showfooter(); exit; } if($oldid == 12 && $revoke != "") { $id = 12; showheader(_("My Account!")); if(is_array($revokeid)) { echo _("Now revoking the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row[revoke] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); $do = `../scripts/runserver`; printf(_("Certificate for '%s' has been revoked.")."
\n", $row['CN']); } } if(is_array($delid)) { echo _("Now deleting the following pending requests:")."
\n"; foreach($delid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."
\n", $row['CN']); continue; } mysql_query("delete from `domaincerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."
\n", $row['CN']); } } showfooter(); exit; } if($oldid == 5 && $renew != "") { showheader(_("My Account!")); if(is_array($revokeid)) { echo _("Now renewing the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); $row = mysql_fetch_assoc($res); $query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".$row['CN']."', `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `rootcert`='".$row['rootcert']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile = $_SESSION['_config']['filepath']."/csr/client-$newid.csr"; copy($row['csr_name'], $newfile); mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'"); $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'"); while($r2 = mysql_fetch_assoc($res)) { mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."', `emailcertsid`='$newid'"); } $do = `../scripts/runclient`; $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); } else { printf(_("Certificate for '%s' has been renewed."), $row['CN']); echo "". _("Click here")." "._("to install your certificate."); } } } showfooter(); exit; } if($oldid == 5 && $revoke != "") { $id = 5; showheader(_("My Account!")); if(is_array($revokeid)) { echo _("Now revoking the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row[revoke] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); $do = `../scripts/runclient`; printf(_("Certificate for '%s' has been revoked.")."
\n", $row['CN']); } } if(is_array($delid)) { echo _("Now deleting the following pending requests:")."
\n"; foreach($delid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."
\n", $row['CN']); continue; } mysql_query("delete from `emailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."
\n", $row['CN']); } } showfooter(); exit; } if($id == 13 && $_SESSION['_config']['user']['set'] != 1) { $_SESSION['_config']['user'] = $_SESSION['profile']; $_SESSION['_config']['user']['set'] = 1; } if($oldid == 13 && $process != "") { $_SESSION['_config']['user']['fname'] = trim(mysql_escape_string(stripslashes($fname))); $_SESSION['_config']['user']['mname'] = trim(mysql_escape_string(stripslashes($mname))); $_SESSION['_config']['user']['lname'] = trim(mysql_escape_string(stripslashes($lname))); $_SESSION['_config']['user']['suffix'] = trim(mysql_escape_string(stripslashes($suffix))); $_SESSION['_config']['user']['day'] = intval($day); $_SESSION['_config']['user']['month'] = intval($month); $_SESSION['_config']['user']['year'] = intval($year); $_SESSION['_config']['user']['Q1'] = trim(mysql_escape_string(stripslashes($Q1))); $_SESSION['_config']['user']['Q2'] = trim(mysql_escape_string(stripslashes($Q2))); $_SESSION['_config']['user']['Q3'] = trim(mysql_escape_string(stripslashes($Q3))); $_SESSION['_config']['user']['Q4'] = trim(mysql_escape_string(stripslashes($Q4))); $_SESSION['_config']['user']['Q5'] = trim(mysql_escape_string(stripslashes($Q5))); $_SESSION['_config']['user']['A1'] = trim(mysql_escape_string(stripslashes($A1))); $_SESSION['_config']['user']['A2'] = trim(mysql_escape_string(stripslashes($A2))); $_SESSION['_config']['user']['A3'] = trim(mysql_escape_string(stripslashes($A3))); $_SESSION['_config']['user']['A4'] = trim(mysql_escape_string(stripslashes($A4))); $_SESSION['_config']['user']['A5'] = trim(mysql_escape_string(stripslashes($A5))); if($_SESSION['profile']['points'] < 100) { if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "") { $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."
"; $id = $oldid; unset($oldid); } if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 || $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31) { $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."
\n"; $id = $oldid; unset($oldid); } } } if($oldid == 13 && $process != "") { if($_SESSION['profile']['points'] < 100) { $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."', `mname`='".$_SESSION['_config']['user']['mname']."', `lname`='".$_SESSION['_config']['user']['lname']."', `suffix`='".$_SESSION['_config']['user']['suffix']."', `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', `Q2`='".$_SESSION['_config']['user']['Q2']."', `Q3`='".$_SESSION['_config']['user']['Q3']."', `Q4`='".$_SESSION['_config']['user']['Q4']."', `Q5`='".$_SESSION['_config']['user']['Q5']."', `A1`='".$_SESSION['_config']['user']['A1']."', `A2`='".$_SESSION['_config']['user']['A2']."', `A3`='".$_SESSION['_config']['user']['A3']."', `A4`='".$_SESSION['_config']['user']['A4']."', `A5`='".$_SESSION['_config']['user']['A5']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); $_SESSION['_config']['user']['set'] = 0; $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); $_SESSION['profile']['loggedin'] = 1; $id = 13; showheader(_("My Account!")); echo _("Your details have been updated with the database."); showfooter(); exit; } if($oldid == 14 && $process != "") { $_SESSION['_config']['user']['oldpass'] = trim(mysql_escape_string(stripslashes($oldpassword))); $_SESSION['_config']['user']['pword1'] = trim(mysql_escape_string(stripslashes($pword1))); $_SESSION['_config']['user']['pword2'] = trim(mysql_escape_string(stripslashes($pword2))); $id = 14; showheader(_("My Account!")); if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2']) { echo _("New Pass Phrases specified don't match or were blank."); } else { $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']); $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and `password`=password('".$_SESSION['_config']['user']['oldpass']."')"); if(strlen($_SESSION['_config']['user']['pword1']) < 6) { echo _("The Pass Phrase you submitted was too short."); } else if($score < 3) { printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else if(mysql_num_rows($match) <= 0) { echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=password('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); } } showfooter(); exit; } if($oldid == 16) { $id = 16; $_SESSION['_config']['emails'] = array(); foreach($_POST['emails'] as $val) { $val = mysql_escape_string(stripslashes(trim($val))); $bits = explode("@", $val); $count = count($bits); if($count != 2) continue; if(checkownership($bits[1]) == false) continue; if(!is_array($_SESSION['_config']['row'])) continue; else if($_SESSION['_config']['row']['id'] > 0) $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id']; if($val != "") $_SESSION['_config']['emails'][] = $val; } $_SESSION['_config']['name'] = mysql_escape_string(stripslashes(trim($name))); } if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) { $id = 16; showheader(_("My Account!")); echo _("I couldn't match any emails against your organisational account."); showfooter(); exit; } if($oldid == 16 && $process != "") { $_SESSION['_config']['rootcert'] = intval($_POST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; if(@count($_SESSION['_config']['emails']) > 0) $id = 17; } if($oldid == 17) { $org = $_SESSION['_config']['row']; if($_POST['keytype'] == "NS") { if($_POST['SPKAC'] == "" || strlen($_POST['SPKAC']) < 128) { $id = 17; showheader(_("My Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $emailcount = 0; $emails = ""; $addys = array(); if(is_array($_SESSION['_config']['emails'])) foreach($_SESSION['_config']['emails'] as $email) { if(!$emails) $defaultemail = $email; $emails .= "$emailcount.emailAddress = $email\n"; $emailcount++; } if($_SESSION['_config']['name'] != "") $emails .= "commonName = ".$_SESSION['_config']['name']."\n"; if($org['OU']) $emails .= "organizationalUnitName = ".$org['OU']."\n"; if($org['O']) $emails .= "organizationName = ".$org['O']."\n"; if($org['L']) $emails .= "localityName = ".$org['L']."\n"; if($org['ST']) $emails .= "stateOrProvinceName = ".$org['ST']."\n"; if($org['C']) $emails .= "countryName = ".$org['C']."\n"; $emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC'])); $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='NS', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `rootcert`='".$_SESSION['_config']['rootcert']."'"; mysql_query($query); $emailid = mysql_insert_id(); foreach($_SESSION['_config']['domids'] as $addy) mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname = $_SESSION['_config']['filepath']."/csr/orgclient-$emailid.csr"; $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_POST['keytype'] == "MS") { $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n"; $tmpfname = tempnam("/tmp", "CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); fclose($fp); $addys = array(); $defaultemail = ""; if($_SESSION['_config']['name'] != "") $csrsubject = "/CN=".$_SESSION['_config']['name']; if(is_array($_SESSION['_config']['emails'])) foreach($_SESSION['_config']['emails'] as $email) { if($defaultemail == "") $defaultemail = $email; $csrsubject .= "/emailAddress=$email"; } if($org['OU']) $csrsubject .= "/organizationalUnitName=".$org['OU']; if($org['O']) $csrsubject .= "/organizationName=".$org['O']; if($org['L']) $csrsubject .= "/localityName=".$org['L']; if($org['ST']) $csrsubject .= "/stateOrProvinceName=".$org['ST']; if($org['C']) $csrsubject .= "/countryName=".$org['C']; $tmpname = tempnam("/tmp", "CSR"); $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); while($data = fgets($fp, 4096)) $csr .= $data; fclose($fp); @unlink($tmpname); if($csr == "") { showheader(_("My Account!")); echo _("I didn't receive a valid Certificate Request, hit the back button and try again."); showfooter(); exit; } $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='MS', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='$csrsubject', `rootcert`='".$_SESSION['_config']['rootcert']."'"; mysql_query($query); $emailid = mysql_insert_id(); foreach($_SESSION['_config']['domids'] as $addy) mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname = $_SESSION['_config']['filepath']."/csr/orgclient-$emailid.csr"; $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } $do = `../scripts/runclient`; $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("My Account!")); echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); showfooter(); exit; } else { $id = 19; $cert = $emailid; } } if($oldid == 18 && $renew != "") { showheader(_("My Account!")); if(is_array($revokeid)) { $id = 18; echo _("Now renewing the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'"); $row = mysql_fetch_assoc($res); if($row[revoke] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } $query = "insert into `orgemailcerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `subject`='".$row['subject']."', `rootcert`='".$row['rootcert']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr"; copy($row['csr_name'], $newfile); mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); $do = `../scripts/runclient`; $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); } else { printf(_("Certificate for '%s' has been renewed."), $row['CN']); echo "". _("Click here")." "._("to install your certificate."); } } } showfooter(); exit; } if($oldid == 18 && $revoke != "") { $id = 18; showheader(_("My Account!")); if(is_array($revokeid)) { echo _("Now revoking the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row[revoke] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); $do = `../scripts/runclient`; printf(_("Certificate for '%s' has been revoked.")."
\n", $row['CN']); } } if(is_array($delid)) { echo _("Now deleting the following pending requests:")."
\n"; foreach($delid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org` where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."
\n", $row['CN']); continue; } mysql_query("delete from `orgemailcerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."
\n", $row['CN']); } } showfooter(); exit; } if($process != "" && $oldid == 20) { $CSR = trim($CSR); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "FOO"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); fclose($fp); $CSR = $_SESSION['_config']['tmpfname']; $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep Subject:`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 21; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn2(); getalt2(); $query = "select * from `orginfo`,`org`,`orgdomains` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'"; $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query)); $query = "select * from `orginfo`,`org`,`orgdomains` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'"; $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query)); //echo "
"; print_r($_SESSION['_config']); die;

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
			$id = 20;
			showheader(_("My Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");

		$_SESSION['_config']['rootcert'] = intval($_POST['rootcert']);
		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
			$_SESSION['_config']['rootcert'] = 1;

	if($process != "" && $oldid == 21)
		$id = 21;

		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
			showheader(_("My Account!"));
			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");

                if($_SESSION['_config']['rowid']['0'] > 0)
			$query = "select * from `org`,`orginfo` where
					`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
					`orginfo`.`id`=`org`.`orgid` and
		} else {
			$query = "select * from `org`,`orginfo` where
					`orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
					`orginfo`.`id`=`org`.`orgid` and
		$org = mysql_fetch_assoc(mysql_query($query));

			$csrsubject .= "/organizationalUnitName=".$org['OU'];
			$csrsubject .= "/organizationName=".$org['O'];
			$csrsubject .= "/localityName=".$org['L'];
			$csrsubject .= "/stateOrProvinceName=".$org['ST'];
			$csrsubject .= "/countryName=".$org['C'];
			$csrsubject .= "/emailAddress=".trim($org['contact']);

			foreach($_SESSION['_config']['rows'] as $row)
				$csrsubject .= "/commonName=$row";
			foreach($_SESSION['_config']['altrows'] as $subalt)
				if($SAN != "")
					$SAN .= ",";
				$SAN .= "$subalt";

		if($SAN != "")
			$csrsubject .= "/subjectAltName=".$SAN."/commonName=*";

                if($_SESSION['_config']['rowid']['0'] > 0)
                        $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
                } else {
                        $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."',
		$CSRid = mysql_insert_id();
		$CSRname = $_SESSION['_config']['filepath']."/csr/orgserver-$CSRid.csr";
		rename($_SESSION['_config']['tmpfname'], $CSRname);
		mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
			foreach($_SESSION['_config']['rowid'] as $id)
				mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
			foreach($_SESSION['_config']['altid'] as $id)
				mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
		$do = `../scripts/runserver`;
		$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
			showheader(_("My Account!"));
			echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
		} else {
			$id = 23;
			$cert = $CSRid;

	if($oldid == 22 && $renew != "")
		showheader(_("My Account!"));
			echo _("Now renewing the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'"); $row = mysql_fetch_assoc($res); if($row[revoke] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } $query = "insert into `orgdomaincerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', `modified`=NOW(), `subject`='".$row['subject']."', `rootcert`='".$row['rootcert']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile = $_SESSION['_config']['filepath']."/csr/orgserver-$newid.csr"; copy($row['csr_name'], $newfile); mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".$row['CN']."
\n"; $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'"); while($r2 = mysql_fetch_assoc($res)) mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'"); $do = `../scripts/runserver`; $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); } else { $drow = mysql_fetch_assoc($res); $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; echo "
\n"; } } } showfooter(); exit; } if($oldid == 22 && $revoke != "") { showheader(_("My Account!")); if(is_array($revokeid)) { echo _("Now revoking the following certificates:")."
\n"; foreach($revokeid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row[revoke] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."
\n", $row['CN']); continue; } mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); $do = `../scripts/runserver`; printf(_("Certificate for '%s' has been revoked.")."
\n", $row['CN']); } } if(is_array($delid)) { echo _("Now deleting the following pending requests:")."
\n"; foreach($delid as $id) { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and `org`.`memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { printf(_("Invalid ID '%s' presented, can't do anything with it.")."
\n", $id); continue; } $row = mysql_fetch_assoc($res); if($row['expired'] > 0) { printf(_("Couldn't remove the request for `%s`, request had already been processed.")."
\n", $row['CN']); continue; } mysql_query("delete from `orgdomaincerts` where `id`='$id'"); @unlink($row['csr_name']); @unlink($row['crt_name']); printf(_("Removed a pending request for '%s'")."
\n", $row['CN']); } } showfooter(); exit; } if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 || $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 || $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) && $_SESSION['profile']['admin'] != 1) { showheader(_("My Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if($oldid == 24 && $process != "") { $id = intval($oldid); $_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O))); $_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact))); $_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L))); $_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST))); $_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C))); $_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments))); if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "") { $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields."); } else { mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."', `contact`='".$_SESSION['_config']['contact']."', `L`='".$_SESSION['_config']['L']."', `ST`='".$_SESSION['_config']['ST']."', `C`='".$_SESSION['_config']['C']."', `comments`='".$_SESSION['_config']['comments']."'"); showheader(_("My Account!")); printf(_("'%s' has just been successfully added as an organisation to the database."), $_SESSION['_config']['O']); showfooter(); exit; } } if($oldid == 27 && $process != "") { $id = intval($oldid); $_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O))); $_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact))); $_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L))); $_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST))); $_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C))); $_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments))); if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "") { $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields."); } else { mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."', `contact`='".$_SESSION['_config']['contact']."', `L`='".$_SESSION['_config']['L']."', `ST`='".$_SESSION['_config']['ST']."', `C`='".$_SESSION['_config']['C']."', `comments`='".$_SESSION['_config']['comments']."' where `id`='".$_SESSION['_config']['orgid']."'"); showheader(_("My Account!")); printf(_("'%s' has just been successfully updated in the database."), $_SESSION['_config']['O']); showfooter(); exit; } } if($oldid == 28 && $process != "") { $domain = $_SESSION['_config']['domain'] = trim(mysql_escape_string(stripslashes($domainname))); $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'"); if(mysql_num_rows($res1) > 0) { $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain); $id = $oldid; unset($oldid); } } if($_SESSION['_config']['orgid'] <= 0 && $oldid == 28) { unset($oldid); $id = 25; } if($oldid == 28 && $process != "") { mysql_query("insert into `orgdomains` set `orgid`='".$_SESSION['_config']['orgid']."', `domain`='$domain'"); showheader(_("My Account!")); printf(_("'%s' has just been successfully added to the database."), $domain); echo "

"._("Click here")." "._("to continue."); showfooter(); exit; } if($oldid == 29 && $process != "") { $domain = mysql_escape_string(stripslashes(trim($domainname))); $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'"); $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain); $id = $oldid; unset($oldid); } } if(($oldid == 29 || $oldid == 30) && $process != _("Cancel")) { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".$_SESSION['_config']['domid']."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".$_SESSION['_config']['domid']."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $do = `../scripts/runserver`; $do = `../scripts/runclient`; } if($oldid == 29 && $process != "") { $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'")); mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".$_SESSION['_config']['domid']."'"); showheader(_("My Account!")); printf(_("'%s' has just been successfully updated in the database."), $domain); echo "

"._("Click here")." "._("to continue."); showfooter(); exit; } if($oldid == 30 && $process != "") { $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'")); $domain = $row['domain']; mysql_query("delete from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'"); showheader(_("My Account!")); printf(_("'%s' has just been successfully deleted from the database."), $domain); echo "

"._("Click here")." "._("to continue."); showfooter(); exit; } if($oldid == 30) { $id = 26; $orgid = 0; } if($oldid == 31 && $process != _("Cancel")) { $query = "select * from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'"; $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".$drow['id']."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $do = `../scripts/runserver`; mysql_query("delete from `orgdomaincerts` where `orgid`='".$row['id']."'"); mysql_query("delete from `orgdomlink` where `domid`='".$row['id']."'"); } $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".$drow['id']."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $do = `../scripts/runclient`; mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'"); mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'"); } } mysql_query("delete from `org` where `orgid`='".$_SESSION['_config']['orgid']."'"); mysql_query("delete from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'"); mysql_query("delete from `orginfo` where `id`='".$_SESSION['_config']['orgid']."'"); } if($oldid == 31) { $id = 25; $orgid = 0; } if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 || $id == 35 || $oldid == 35) { $query = "select * from `org` where `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'"; $_macc = mysql_num_rows(mysql_query($query)); if($_SESSION['profile']['admin'] != 1 && $_macc <= 0) { showheader(_("My Account!")); echo _("You don't have access to this area."); showfooter(); exit; } } if($id == 33 && $_SESSION['profile']['admin'] != 1) { $orgid = $_SESSION['_config']['orgid']; $query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $id = 35; } } if($id == 34 && $_SESSION['profile']['admin'] != 1) { $orgid = intval($orgid); $memid = intval($memid); $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'"); $_macc2 = mysql_num_rows(mysql_query("select * from `org` where `memid`='$memid' and `masteracc`='1'")); if(mysql_num_rows($res) <= 0 || $_macc2 > 0) { $id = 32; } } if($oldid == 33 && $process != "") { if($_SESSION['profile']['admin'] == 1) $masteracc = $_SESSION['_config'][masteracc] = intval($masteracc); else $masteracc = $_SESSION['_config'][masteracc] = 0; $email = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($email))); $OU = $_SESSION['_config']['OU'] = mysql_escape_string(stripslashes(trim($OU))); $comments = $_SESSION['_config']['comments'] = mysql_escape_string(stripslashes(trim($comments))); $res = mysql_query("select * from `users` where `email`='$email'"); if(mysql_num_rows($res) <= 0) { $id = $oldid; unset($oldid); $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $email); } else { $row = mysql_fetch_assoc($res); mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".$_SESSION['_config']['orgid']."', `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'"); } } if($oldid == 34 && $process != "") { mysql_query("delete from `org` where `memid`='".$_SESSION['_config']['memid']."'"); } if($oldid == 34 || $oldid == 33) { unset($oldid); $id = 32; $orgid = 0; } if($oldid == 36) { $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".$_SESSION['profile']['id']."'")); if($rc > 0) { $query = "update `alerts` set `general`='".intval($_POST['general'])."', `country`='".intval($_POST['country'])."', `regional`='".intval($_POST['regional'])."', `radius`='".intval($_POST['radius'])."' where `memid`='".$_SESSION['profile']['id']."'"; } else { $query = "insert into `alerts` set `general`='".intval($_POST['general'])."', `country`='".intval($_POST['country'])."', `regional`='".intval($_POST['regional'])."', `radius`='".intval($_POST['radius'])."', `memid`='".$_SESSION['profile']['id']."'"; } mysql_query($query); $id = $oldid; unset($oldid); } if($id == 36) { $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".$_SESSION['profile']['id']."'")); $_POST['general'] = $row['general']; $_POST['country'] = $row['country']; $_POST['regional'] = $row['regional']; $_POST['radius'] = $row['radius']; } if($oldid == 41) { $lang = mysql_escape_string($_POST['lang']); foreach($_SESSION['_config']['translations'] as $key => $val) { if($key == $lang) { mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'"); showheader(_("My Account!")); echo _("Your language setting has been updated."); showfooter(); exit; } } showheader(_("My Account!")); echo _("You tried to use an invalid language."); showfooter(); exit; } if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 || $oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) && $_SESSION['profile']['admin'] != 1) { showheader(_("My Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if($oldid == 42 && $_POST['email'] == "") { $id = $oldid; unset($oldid); } if($oldid == 42) { $id = 43; unset($oldid); } if($oldid == 48 && $_POST['domain'] == "") { $id = $oldid; unset($oldid); } if($oldid == 48) { $id = 49; unset($oldid); } if($id == 44) { if($_GET['userid'] != "") $_POST['userid'] = intval($_GET['userid']); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); if($row['email'] == "") $id = 42; else $_POST['email'] = $row['email']; } if($oldid == 44) { showheader(_("My Account!")); if(intval($_POST['userid']) <= 0) { echo _("No such user found."); } else { mysql_query("update `users` set `password`=password('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); printf(_("The password for %s has been updated successfully in the system."), $row['email']); } showfooter(); exit; } if($process != "" && $oldid == 45) { $CSR = trim($CSR); $_SESSION['_config']['CSR'] = $CSR; $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep Subject:`); $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 46; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } } if($process != "" && $oldid == 46) { $CSR = $_SESSION['_config']['CSR']; $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep Subject:`); $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); } $id = 11; $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = ""; extractit(); getcn(); getalt(); if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My Account!")); echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."); showfooter(); exit; } $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['0.CN']."', `domid`='".$_SESSION['_config']['row']['id']."', `created`=NOW()"; mysql_query($query); $CSRid = mysql_insert_id(); foreach($_SESSION['_config']['rowid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); $CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr"; $fp = fopen($CSRname, "w"); fputs($fp, $_SESSION['_config']['CSR']); fclose($fp); mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); $do = `../scripts/runserver`; $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { showheader(_("My Account!")); echo _("Your certificate request has failed to be processed correctly, please try submitting it again."); showfooter(); exit; } else { $id = 47; $cert = $CSRid; } } if($id == 43 && $_GET['tverify'] > 0) { $memid = $_GET['userid'] = intval($_GET['tverify']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['tverify']; mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'"); } if($id == 43 && $_GET['codesign'] > 0) { $memid = $_GET['userid'] = intval($_GET['codesign']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['codesign']; mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'"); } if($id == 50) { if($_GET['userid'] != "") $_POST['userid'] = intval($_GET['userid']); else $_POST['userid'] = intval($_POST['userid']); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); if($row['email'] == "") $id = 42; else $_POST['email'] = $row['email']; } if($oldid == 50) { $id = 43; $_GET['userid'] = intval($_POST['userid']); } if($oldid == 50 && $_POST['process'] != "") { $_POST['userid'] = intval($_POST['userid']); $res = mysql_query("select * from `users` where `id`='".$_POST['userid']."'"); if(mysql_num_rows($res) > 0) { $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`=NOW() WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".$_POST['userid']."'"; mysql_query($query); $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".$_POST['userid']."'"; mysql_query($query); $query = "update `emailcerts` SET `revoked`=NOW() WHERE `memid`='".$_POST['userid']."'"; mysql_query($query); $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".$_POST['userid']."'"; mysql_query($query); $query = "delete from `org` WHERE `memid`='".$_POST['userid']."'"; mysql_query($query); $query = "update `users` SET `deleted`=NOW() WHERE `id`='".$_POST['userid']."'"; mysql_query($query); } } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) { showheader(_("My Account!")); echo _("You don't have access to this area."); showfooter(); exit; } if($oldid == 52) { $uid = intval($_POST['uid']); $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; $rc = mysql_num_rows(mysql_query($query)); if($rc <= 0) { showheader(_("My Account!")); echo _("Unable to find a valid tverify request for this ID."); showfooter(); exit; } } if($oldid == 52) { $query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'"; $rc = mysql_num_rows(mysql_query($query)); if($rc > 0) { showheader(_("My Account!")); echo _("You have already voted on this request."); showfooter(); exit; } } if($oldid == 52 && ($_POST['agree'] != "" || $_POST['disagree'] != "")) { $vote = -1; if($_POST['agree'] != "") $vote = 1; $query = "insert into `tverify-vote` set `tverify`='$uid', `memid`='".$_SESSION['profile']['id']."', `when`=NOW(), `vote`='$vote', `comment`='".mysql_escape_string($_POST['comment'])."'"; mysql_query($query); $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'")); if($rc >= 4) { mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); $memid = $tverify['memid']; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'")); $points = 0; if($tverify['URL'] != "" && $tverify['photoid'] != "") $points = 150 - intval($tmp['points']); if($tverify['URL'] != "" && $tverify['photoid'] == "") $points = 90 - intval($tmp['points']); if($tverify['URL'] == "" && $tverify['photoid'] == "") $points = 50 - intval($tmp['points']); if($points < 0) $points = 0; if($points > 0) { mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points', `method`='Thawte Points Transfer', `when`=NOW()"); } $totalpoints = intval($tmp['points']) + $points; $body = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n"; $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"); while($row = mysql_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[] Thawte Notary Points Transfer", $body, "", "", "", "CAcert Tverify"); } $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'")); if($rc >= 4) { mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); $memid = $tverify['memid']; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); $body = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n"; $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"); while($row = mysql_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n"; $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[] Thawte Notary Points Transfer", $body, "", "", "", "CAcert Tverify"); } showheader(_("My Account!")); echo _("Your vote has been accepted."); showfooter(); exit; } if(intval($cert) > 0) $_SESSION['_config']['cert'] = intval($cert); if(intval($orgid) > 0) $_SESSION['_config']['orgid'] = intval($orgid); if(intval($memid) > 0) $_SESSION['_config']['memid'] = intval($memid); if(intval($domid) > 0) $_SESSION['_config']['domid'] = intval($domid); $_SESSION['_config']['agent'] = $HTTP_USER_AGENT; ?>