cacert-webdb/includes/account.php
2004-10-21 04:22:14 +00:00

1745 lines
61 KiB
PHP

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
if($_SERVER['HTTP_HOST'] == "secure.cacert.org")
{
$query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
$_SESSION['profile']['loggedin'] = 1;
} else {
$_SESSION['profile']['loggedin'] = 0;
unset($_SESSION['_config']['oldlocation']);
foreach($_GET as $key => $val)
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
$_SESSION['_config']['oldlocation'] = "account.php?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
exit;
}
} else if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && $_SESSION['profile']['id'] > 0) {
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
}
if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
{
header("location: https://www.cacert.org");
exit;
}
if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && $_SESSION['profile']['id'] > 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".$_SESSION['_config']['language']."'
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
} else {
$_SESSION['_config']['language'] = $_SESSION['profile']['language'];
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$domain = 'messages';
bindtextdomain("$domain", "/home/cacert/locale");
textdomain("$domain");
}
}
if($id == "logout")
{
$_SESSION['profile']['loggedin'] = 0;
header("location: https://".$_SERVER['HTTP_HOST']."/index.php");
exit;
}
if($_SESSION['profile']['loggedin'] < 1)
{
unset($_SESSION['_config']['oldlocation']);
foreach($_GET as $key => $val)
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
$_SESSION['_config']['oldlocation'] = "account.php?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
exit;
}
loadem("account");
if($process == _("Add") && $oldid == 1)
{
$id = 1;
if(trim(mysql_escape_string(stripslashes($newemail))) == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Not a valid email address. Can't continue."), $email);
showfooter();
exit;
}
unset($oldid);
$email = trim(mysql_escape_string(stripslashes($newemail)));
$query = "select * from `email` where `email`='$email' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in the system. Can't continue."), $email);
showfooter();
exit;
}
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
$query = "insert into `email` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
mysql_query($query);
$emailid = mysql_insert_id();
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support <duane@cacert.org>");
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email);
showfooter();
exit;
}
if($process == _("Make Default") && $oldid == 2)
{
$id = 2;
$emailid = intval($emailid);
$query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"));
echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['email'] = $row['email'];
$query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
printf(_("Your default email address has been updated to '%s'."), $row['email']);
showfooter();
exit;
}
if($process == _("Delete") && $oldid == 2)
{
$id = 2;
showheader(_("My CAcert.org Account!"));
echo _("The following accounts have been removed:")."<br>\n";
if(is_array($delid))
foreach($delid as $id)
{
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."' and
`email`!='".$_SESSION['profile']['email']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
$query = "update `email` set `deleted`=NOW() where `id`='$id'";
mysql_query($query);
}
}
showfooter();
exit;
}
if($process == _("Next") && $oldid == 3)
{
if(!is_array($addid))
{
showheader(_("My CAcert.org Account!"));
echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
showfooter();
exit;
}
$_SESSION['_config']['addid'] = $addid;
if($_SESSION['profile']['points'] > 50)
$_SESSION['_config']['incname'] = intval($incname);
$id = 4;
}
if($oldid == 4)
{
if($_POST['keytype'] == "NS")
{
if($_POST['SPKAC'] == "" || $_POST['SPKAC'] == "deadbeef")
{
$id = 4;
showheader(_("My CAcert.org Account!"));
echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
showfooter();
exit;
}
$emailcount = 0;
$emails = "";
$addys = array();
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
$res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='$id'");
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
if(!$emails)
$defaultemail = $row['email'];
$emails .= "$emailcount.emailAddress = ".$row['email']."\n";
$emailcount++;
$addys[] = $row['id'];
}
}
if($emailcount <= 0)
{
$id = 4;
showheader(_("My CAcert.org Account!"));
echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
showfooter();
exit;
}
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 5)
$emails .= "commonName = CAcert WoT User\n";
if($_SESSION['_config']['incname'] == 1)
$emails .= "commonName = ".$_SESSION['profile']['fname']."\n";
if($_SESSION['_config']['incname'] == 2)
$emails .= "commonName = ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."\n";
$emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC']));
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP())";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
foreach($addys as $addy)
mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname = $_SESSION['_config']['filepath']."/csr/email-$emailid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $emails);
fclose($fp);
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_POST['keytype'] == "MS") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
$tmpfname = tempnam("/tmp", "CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
fclose($fp);
$addys = array();
$defaultemail = "";
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 5)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
$csrsubject = "/CN=".$_SESSION['profile']['fname'];
if($_SESSION['_config']['incname'] == 2)
$csrsubject = "/CN=".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
$res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='$id'");
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
if($defaultemail == "")
$defaultemail = $row['email'];
$csrsubject .= "/emailAddress=".$row['email'];
$addys[] = $row['id'];
}
}
$tmpname = tempnam("/tmp", "CSR");
$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
while($data = fgets($fp, 4096))
$csr .= $data;
fclose($fp);
@unlink($tmpname);
if($csr == "")
{
$id = 4;
showheader(_("My CAcert.org Account!"));
echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
showfooter();
exit;
}
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
foreach($addys as $addy)
mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname = $_SESSION['_config']['filepath']."/csr/email-$emailid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
$do = `../scripts/runclient`;
$query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$id = 4;
showheader(_("My CAcert.org Account!"));
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
showfooter();
exit;
} else {
$id = 6;
$cert = $emailid;
}
}
if($oldid == 7)
{
$newdomain = trim(mysql_escape_string(stripslashes($newdomain)));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
$query = "select * from `domains` where `domain`='".$newdomain."' and `deleted`=0";
$res2 = mysql_query($query);
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
{
$id = $oldid;
unset($oldid);
$id = 7;
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $newdomain);
showfooter();
exit;
}
}
if($oldid == 7)
{
unset($oldid);
$id = 8;
$addy = array();
$adds = explode("\n", trim(`whois $newdomain|grep \@`));
if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
{
if(is_array($adds))
foreach($adds as $line)
{
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
$addy[] = $line;
}
} else {
if(is_array($adds))
foreach($adds as $line)
{
$line = trim($line);
$bits = explode(" ", $line);
foreach($bits as $bit)
{
if(strstr($bit, "@"))
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
$addy[] = $line;
}
}
$rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
foreach($rfc as $sub)
if(!in_array($sub, $addy))
$addy[] = $sub;
$_SESSION['_config']['addy'] = $addy;
$_SESSION['_config']['domain'] = $newdomain;
}
if($process == _("Probe") && $oldid == 8)
{
unset($oldid);
$id = 8;
$authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy'])));
if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "")
{
showheader(_("My CAcert.org Account!"));
echo _("The address you submitted isn't a valid authority address for the domain.");
showfooter();
exit;
}
$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $_SESSION['_config']['domain']);
showfooter();
exit;
}
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
$query = "insert into `domains` set `domain`='".$_SESSION['_config']['domain']."',
`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
mysql_query($query);
$domainid = mysql_insert_id();
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://$hostname/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support <duane@cacert.org>");
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
showfooter();
exit;
}
if($process == _("Delete") && $oldid == 9)
{
$id = 9;
showheader(_("My CAcert.org Account!"));
echo _("The following domains have been removed:")."<br>
("._("Any valid certificates will be revoked as well").")<br>\n";
if(is_array($delid))
foreach($delid as $id)
{
$id = intval($id);
$query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
$dres = mysql_query("select * from `domaincerts` where `domid`='$id' and `expire`=0");
while($drow = mysql_fetch_assoc($dres))
{
@unlink($row['csr_name']);
@unlink($row['crt_name']);
mysql_query("delete from `domaincerts` where `id`='".$drow['id']."'");
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `domid`='$id' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
}
}
showfooter();
exit;
}
if($process == _("Submit") && $oldid == 10)
{
$CSR = trim($CSR);
$_SESSION['_config']['CSR'] = $CSR;
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text|grep Subject:`);
$id = 11;
extractit();
getcn();
getalt();
if($_SESSION['_config']["0.CN"] == "")
{
showheader(_("My CAcert.org Account!"));
echo _("CommonName field was blank. Can't continue.");
showfooter();
exit;
}
}
if($process == _("Submit") && $oldid == 11)
{
$CSR = $_SESSION['_config']['CSR'];
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text|grep Subject:`);
$id = 11;
extractit();
getcn();
getalt();
if($_SESSION['_config']["0.CN"] == "")
{
showheader(_("My CAcert.org Account!"));
echo _("CommonName field was blank. Can't continue.");
showfooter();
exit;
}
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']["0.CN"]."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
mysql_query($query);
$CSRid = mysql_insert_id();
foreach($_SESSION['_config']['rowid'] as $dom)
mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
$CSRname = $_SESSION['_config']['filepath']."/csr/$CSRid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $_SESSION['_config']['CSR']);
fclose($fp);
mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
$do = `../scripts/runserver`;
$query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
showfooter();
exit;
} else {
$id = 15;
$cert = $CSRid;
}
}
if($oldid == 12 && $process == _("Renew"))
{
$id = 12;
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now renewing the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
$query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".$row['CN']."',
`csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
`modified`=NOW()";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/$newid.csr";
copy($row['csr_name'], $newfile);
mysql_query("update `domaincerts` set `csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$row['CN']."<br>\n";
$do = `../scripts/runserver`;
$query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
} else {
$drow = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
echo "<pre>\n$cert\n</pre>\n";
}
}
}
showfooter();
exit;
}
if($oldid == 12 && $process == _("Revoke/Delete"))
{
$id = 12;
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now revoking the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runserver`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
if(is_array($delid))
{
echo _("Now deleting the following pending requests:")."<br>\n";
foreach($delid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
mysql_query("delete from `domaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
}
}
showfooter();
exit;
}
if($oldid == 5 && $process == _("Renew"))
{
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now renewing the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
$query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".$row['CN']."',
`keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."', `modified`=NOW()";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/email-$newid.csr";
copy($row['csr_name'], $newfile);
mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
$res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
while($r2 = mysql_fetch_assoc($res))
{
mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
`emailcertsid`='$newid'");
}
$do = `../scripts/runclient`;
$query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
} else {
printf(_("Certificate for '%s' has been renewed."), $row['CN']);
echo "<a href='account.php?id=6&cert=$newid' target='_new'>".
_("Click here")."</a> "._("to install your certificate.");
}
}
}
showfooter();
exit;
}
if($oldid == 5 && $process == _("Revoke/Delete"))
{
$id = 5;
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now revoking the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runclient`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
if(is_array($delid))
{
echo _("Now deleting the following pending requests:")."<br>\n";
foreach($delid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
mysql_query("delete from `emailcerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
}
}
showfooter();
exit;
}
if($id == 13 && $_SESSION['_config']['user']['set'] != 1)
{
$_SESSION['_config']['user'] = $_SESSION['profile'];
$_SESSION['_config']['user']['set'] = 1;
}
if($oldid == 13 && $process == _("Update"))
{
$_SESSION['_config']['user']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
$_SESSION['_config']['user']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
$_SESSION['_config']['user']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
$_SESSION['_config']['user']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
$_SESSION['_config']['user']['day'] = intval($day);
$_SESSION['_config']['user']['month'] = intval($month);
$_SESSION['_config']['user']['year'] = intval($year);
$_SESSION['_config']['user']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
$_SESSION['_config']['user']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
$_SESSION['_config']['user']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
$_SESSION['_config']['user']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
$_SESSION['_config']['user']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
$_SESSION['_config']['user']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
$_SESSION['_config']['user']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
$_SESSION['_config']['user']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
$_SESSION['_config']['user']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
$_SESSION['_config']['user']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
if($_SESSION['profile']['points'] < 100)
{
if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
{
$_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
$id = $oldid;
unset($oldid);
}
if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
$_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
{
$_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
$id = $oldid;
unset($oldid);
}
}
}
if($oldid == 13 && $process == _("Update"))
{
if($_SESSION['profile']['points'] < 100)
{
$query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
`mname`='".$_SESSION['_config']['user']['mname']."',
`lname`='".$_SESSION['_config']['user']['lname']."',
`suffix`='".$_SESSION['_config']['user']['suffix']."',
`dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
}
$query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
`Q2`='".$_SESSION['_config']['user']['Q2']."',
`Q3`='".$_SESSION['_config']['user']['Q3']."',
`Q4`='".$_SESSION['_config']['user']['Q4']."',
`Q5`='".$_SESSION['_config']['user']['Q5']."',
`A1`='".$_SESSION['_config']['user']['A1']."',
`A2`='".$_SESSION['_config']['user']['A2']."',
`A3`='".$_SESSION['_config']['user']['A3']."',
`A4`='".$_SESSION['_config']['user']['A4']."',
`A5`='".$_SESSION['_config']['user']['A5']."'
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
$_SESSION['_config']['user']['set'] = 0;
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
$_SESSION['profile']['loggedin'] = 1;
$id = 13;
showheader(_("My CAcert.org Account!"));
echo _("Your details have been updated with the database.");
showfooter();
exit;
}
if($oldid == 14 && $process == _("Update Pass Phrase"))
{
$_SESSION['_config']['user']['oldpass'] = trim(mysql_escape_string(stripslashes($oldpassword)));
$_SESSION['_config']['user']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
$_SESSION['_config']['user']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
$id = 14;
showheader(_("My CAcert.org Account!"));
if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
{
echo _("New Pass Phrases specified don't match or were blank.");
} else {
$score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
$_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
$match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
`password`=password('".$_SESSION['_config']['user']['oldpass']."')");
if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
echo _("The Pass Phrase you submitted was too short.");
} else if($score < 3) {
echo _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
} else if(mysql_num_rows($match) <= 0) {
echo _("You failed to correctly enter your current Pass Phrase.");
} else {
mysql_query("update `users` set `password`=password('".$_SESSION['_config']['user']['pword1']."')
where `id`='".$_SESSION['profile']['id']."'");
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
}
}
showfooter();
exit;
}
if($oldid == 16)
{
$id = 16;
$_SESSION['_config']['emails'] = array();
foreach($_POST['emails'] as $val)
{
$val = mysql_escape_string(stripslashes(trim($val)));
$bits = explode("@", $val);
$count = count($bits);
if($count != 2)
continue;
if(checkownership($bits[1]) == false)
continue;
if(!is_array($_SESSION['_config']['row']))
continue;
else if($_SESSION['_config']['row']['id'] > 0)
$_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
if($val != "")
$_SESSION['_config']['emails'][] = $val;
}
$_SESSION['_config']['name'] = mysql_escape_string(stripslashes(trim($name)));
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
{
$id = 16;
showheader(_("My CAcert.org Account!"));
echo _("I couldn't match any emails against your organisational account.");
showfooter();
exit;
}
if($oldid == 16 && $process == _("Next"))
{
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
if($oldid == 17)
{
$org = $_SESSION['_config']['row'];
if($_POST['keytype'] == "NS")
{
if($_POST['SPKAC'] == "" || $_POST['SPKAC'] == "deadbeef")
{
$id = 17;
showheader(_("My CAcert.org Account!"));
echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
showfooter();
exit;
}
$emailcount = 0;
$emails = "";
$addys = array();
if(is_array($_SESSION['_config']['emails']))
foreach($_SESSION['_config']['emails'] as $email)
{
if(!$emails)
$defaultemail = $email;
$emails .= "$emailcount.emailAddress = $email\n";
$emailcount++;
}
if($_SESSION['_config']['name'] != "")
$emails .= "commonName = ".$_SESSION['_config']['name']."\n";
if($org['OU'])
$emails .= "organizationalUnitName = ".$org['OU']."\n";
if($org['O'])
$emails .= "organizationName = ".$org['O']."\n";
if($org['L'])
$emails .= "localityName = ".$org['L']."\n";
if($org['ST'])
$emails .= "stateOrProvinceName = ".$org['ST']."\n";
if($org['C'])
$emails .= "countryName = ".$org['C']."\n";
$emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC']));
$query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='NS',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP())";
mysql_query($query);
$emailid = mysql_insert_id();
foreach($_SESSION['_config']['domids'] as $addy)
mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname = $_SESSION['_config']['filepath']."/csr/orgemail-$emailid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $emails);
fclose($fp);
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_POST['keytype'] == "MS") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."-----END CERTIFICATE REQUEST-----\n";
$tmpfname = tempnam("/tmp", "CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
fclose($fp);
$addys = array();
$defaultemail = "";
if($_SESSION['_config']['name'] != "")
$csrsubject = "/CN=".$_SESSION['_config']['name'];
if(is_array($_SESSION['_config']['emails']))
foreach($_SESSION['_config']['emails'] as $email)
{
if($defaultemail == "")
$defaultemail = $email;
$csrsubject .= "/emailAddress=$email";
}
if($org['OU'])
$csrsubject .= "/organizationalUnitName=".$org['OU'];
if($org['O'])
$csrsubject .= "/organizationName=".$org['O'];
if($org['L'])
$csrsubject .= "/localityName=".$org['L'];
if($org['ST'])
$csrsubject .= "/stateOrProvinceName=".$org['ST'];
if($org['C'])
$csrsubject .= "/countryName=".$org['C'];
$tmpname = tempnam("/tmp", "CSR");
$do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
while($data = fgets($fp, 4096))
$csr .= $data;
fclose($fp);
@unlink($tmpname);
if($csr == "")
{
showheader(_("My CAcert.org Account!"));
echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
showfooter();
exit;
}
$query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='MS',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject'";
mysql_query($query);
$emailid = mysql_insert_id();
foreach($_SESSION['_config']['domids'] as $addy)
mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
$CSRname = $_SESSION['_config']['filepath']."/csr/orgemail-$emailid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
$do = `../scripts/runclient`;
$query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
showfooter();
exit;
} else {
$id = 19;
$cert = $emailid;
}
}
if($oldid == 18 && $process == _("Renew"))
{
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
$id = 18;
echo _("Now renewing the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
$query = "insert into `orgemailcerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."',
`keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."', `modified`=NOW(), `subject`='".$row['subject']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/orgemail-$newid.csr";
copy($row['csr_name'], $newfile);
mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
$do = `../scripts/runclient`;
$query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
} else {
printf(_("Certificate for '%s' has been renewed."), $row['CN']);
echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
_("Click here")."</a> "._("to install your certificate.");
}
}
}
showfooter();
exit;
}
if($oldid == 18 && $process == _("Revoke/Delete"))
{
$id = 18;
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now revoking the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runclient`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
if(is_array($delid))
{
echo _("Now deleting the following pending requests:")."<br>\n";
foreach($delid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
mysql_query("delete from `orgemailcerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
}
}
showfooter();
exit;
}
if($process == _("Submit") && $oldid == 20)
{
$CSR = trim($CSR);
$_SESSION['_config']['CSR'] = $CSR;
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text|grep Subject:`);
$id = 21;
extractit();
getcn2();
getalt2();
$query = "select * from `orginfo`,`org`,`orgdomains` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
`orgdomains`.`domain`='".$_SESSION['_config']["0.CN"]."'";
$_SESSION['_config'][org] = mysql_fetch_assoc(mysql_query($query));
if($_SESSION['_config']["0.CN"] == "")
{
$id = 20;
showheader(_("My CAcert.org Account!"));
echo _("CommonName field was blank. Can't continue.");
showfooter();
exit;
}
}
if($process == _("Submit") && $oldid == 21)
{
$CSR = $_SESSION['_config']['CSR'];
$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text|grep Subject:`);
extractit();
getcn2();
getalt2();
if($_SESSION['_config']["0.CN"] == "")
{
showheader(_("My CAcert.org Account!"));
echo _("CommonName field was blank. Can't continue.");
showfooter();
exit;
}
$query = "select * from `orginfo`,`org`,`orgdomains` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`orgdomains`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='".$_SESSION['_config']["0.CN"]."'";
$org = mysql_fetch_assoc(mysql_query($query));
if($org['OU'])
$csrsubject .= "/organizationalUnitName=".$org['OU'];
if($org['O'])
$csrsubject .= "/organizationName=".$org['O'];
if($org['L'])
$csrsubject .= "/localityName=".$org['L'];
if($org['ST'])
$csrsubject .= "/stateOrProvinceName=".$org['ST'];
if($org['C'])
$csrsubject .= "/countryName=".$org['C'];
if($org['contact'])
$csrsubject .= "/emailAddress=".$org['contact'];
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
$csrsubject .= "/commonName=$row";
if(is_array($_SESSION['_config']['altrows']))
foreach($_SESSION['_config']['altrows'] as $subalt)
$csrsubject .= "/subjectAltName=$subalt";
$query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']["0.CN"]."',
`orgid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW(), `subject`='$csrsubject'";
mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname = $_SESSION['_config']['filepath']."/csr/org$CSRid.csr";
$fp = fopen($CSRname, "w");
fputs($fp, $_SESSION['_config']['CSR']);
fclose($fp);
mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
foreach($_SESSION['_config']['rowid'] as $id)
mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $id)
mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
$do = `../scripts/runserver`;
$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
showfooter();
exit;
} else {
$id = 23;
$cert = $CSRid;
}
}
if($oldid == 22 && $process == _("Renew"))
{
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now renewing the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
`orgdomaincerts`,`org`
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
$query = "insert into `orgdomaincerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."',
`csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
`modified`=NOW(), `subject`='".$row['subject']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile = $_SESSION['_config']['filepath']."/csr/$newid.csr";
copy($row['csr_name'], $newfile);
mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$row['CN']."<br>\n";
$res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
while($r2 = mysql_fetch_assoc($res))
mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
$do = `../scripts/runserver`;
$query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
} else {
$drow = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
echo "<pre>\n$cert\n</pre>\n";
}
}
}
showfooter();
exit;
}
if($oldid == 22 && $process == _("Revoke/Delete"))
{
showheader(_("My CAcert.org Account!"));
if(is_array($revokeid))
{
echo _("Now revoking the following certificates:")."<br>\n";
foreach($revokeid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
`orgdomaincerts`,`org`
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row[revoke] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runserver`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
if(is_array($delid))
{
echo _("Now deleting the following pending requests:")."<br>\n";
foreach($delid as $id)
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
`orgdomaincerts`,`org`
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
`org`.`memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
$row = mysql_fetch_assoc($res);
if($row['expired'] > 0)
{
printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
continue;
}
mysql_query("delete from `orgdomaincerts` where `id`='$id'");
@unlink($row['csr_name']);
@unlink($row['crt_name']);
printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
}
}
showfooter();
exit;
}
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
$_SESSION['profile']['id'] != 1 && $_SESSION['profile']['id'] != 5)
{
showheader(_("My CAcert.org Account!"));
echo _("You don't have access to this area.");
showfooter();
exit;
}
if($oldid == 24 && $process == _("Next"))
{
$id = intval($oldid);
$_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O)));
$_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact)));
$_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L)));
$_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST)));
$_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C)));
$_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments)));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
`C`='".$_SESSION['_config']['C']."',
`comments`='".$_SESSION['_config']['comments']."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added as an organisation to the database."), $_SESSION['_config']['O']);
showfooter();
exit;
}
}
if($oldid == 27 && $process == _("Update"))
{
$id = intval($oldid);
$_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O)));
$_SESSION['_config']['contact'] = trim(mysql_escape_string(stripslashes($contact)));
$_SESSION['_config']['L'] = trim(mysql_escape_string(stripslashes($L)));
$_SESSION['_config']['ST'] = trim(mysql_escape_string(stripslashes($ST)));
$_SESSION['_config']['C'] = trim(mysql_escape_string(stripslashes($C)));
$_SESSION['_config']['comments'] = trim(mysql_escape_string(stripslashes($comments)));
if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
{
$_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
} else {
mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
`contact`='".$_SESSION['_config']['contact']."',
`L`='".$_SESSION['_config']['L']."',
`ST`='".$_SESSION['_config']['ST']."',
`C`='".$_SESSION['_config']['C']."',
`comments`='".$_SESSION['_config']['comments']."'
where `id`='".$_SESSION['_config']['orgid']."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), $_SESSION['_config']['O']);
showfooter();
exit;
}
}
if($oldid == 28 && $process == _("Add"))
{
$domain = $_SESSION['_config']['domain'] = trim(mysql_escape_string(stripslashes($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
$res2 = mysql_query("select * from `domains` where `domain`='$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
$id = $oldid;
unset($oldid);
}
}
if($_SESSION['_config']['orgid'] <= 0 && $oldid == 28)
{
unset($oldid);
$id = 25;
}
if($oldid == 28 && $process == _("Add"))
{
mysql_query("insert into `orgdomains` set `orgid`='".$_SESSION['_config']['orgid']."', `domain`='$domain'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added to the database."), $domain);
echo "<br><br><a href='account.php?id=26&orgid=".$_SESSION['_config']['orgid']."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 29 && $process == _("Update"))
{
$domain = mysql_escape_string(stripslashes(trim($domainname)));
$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".$_SESSION['_config']['domid']."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
$id = $oldid;
unset($oldid);
}
}
if(($oldid == 29 || $oldid == 30) && $process != _("Cancel"))
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".$_SESSION['_config']['domid']."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".$_SESSION['_config']['domid']."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runserver`;
$do = `../scripts/runclient`;
}
if($oldid == 29 && $process == _("Update"))
{
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'"));
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".$_SESSION['_config']['domid']."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), $domain);
echo "<br><br><a href='account.php?id=26&orgid=".$_SESSION['_config']['orgid']."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 30 && $process == _("Delete"))
{
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'"));
$domain = $row['domain'];
mysql_query("delete from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), $domain);
echo "<br><br><a href='account.php?id=26&orgid=".$_SESSION['_config']['orgid']."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 30)
{
$id = 26;
$orgid = 0;
}
if($oldid == 31 && $process != _("Cancel"))
{
$query = "select * from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".$drow['id']."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runserver`;
mysql_query("delete from `orgdomaincerts` where `orgid`='".$row['id']."'");
mysql_query("delete from `orgdomlink` where `domid`='".$row['id']."'");
}
$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".$drow['id']."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runclient`;
mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'");
mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'");
}
}
mysql_query("delete from `org` where `orgid`='".$_SESSION['_config']['orgid']."'");
mysql_query("delete from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'");
mysql_query("delete from `orginfo` where `id`='".$_SESSION['_config']['orgid']."'");
}
if($oldid == 31)
{
$id = 25;
$orgid = 0;
}
if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
$id == 35 || $oldid == 35)
{
$query = "select * from `org` where `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'";
$_macc = mysql_num_rows(mysql_query($query));
if($_SESSION['profile']['id'] != 1 && $_SESSION['profile']['id'] != 5 && $_macc <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("You don't have access to this area.");
showfooter();
exit;
}
}
if($id == 33 && $_SESSION['profile']['id'] != 1 && $_SESSION['profile']['id'] != 5)
{
$orgid = $_SESSION['_config']['orgid'];
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$id = 35;
}
}
if($id == 34 && $_SESSION['profile']['id'] != 1 && $_SESSION['profile']['id'] != 5)
{
$orgid = intval($orgid);
$memid = intval($memid);
$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'");
$_macc2 = mysql_num_rows(mysql_query("select * from `org` where `memid`='$memid' and `masteracc`='1'"));
if(mysql_num_rows($res) <= 0 || $_macc2 > 0)
{
$id = 32;
}
}
if($oldid == 33 && $process == _("Add"))
{
if($_SESSION['profile']['admin'] == 1)
$masteracc = $_SESSION['_config'][masteracc] = intval($masteracc);
else
$masteracc = $_SESSION['_config'][masteracc] = 0;
$email = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($email)));
$OU = $_SESSION['_config']['OU'] = mysql_escape_string(stripslashes(trim($OU)));
$comments = $_SESSION['_config']['comments'] = mysql_escape_string(stripslashes(trim($comments)));
$res = mysql_query("select * from `users` where `email`='$email'");
if(mysql_num_rows($res) <= 0)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $email);
} else {
$row = mysql_fetch_assoc($res);
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".$_SESSION['_config']['orgid']."',
`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
}
}
if($oldid == 34 && $process == _("Delete"))
{
mysql_query("delete from `org` where `memid`='".$_SESSION['_config']['memid']."'");
}
if($oldid == 34 || $oldid == 33)
{
unset($oldid);
$id = 32;
$orgid = 0;
}
if($oldid == 36)
{
$rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".$_SESSION['profile']['id']."'"));
if($rc > 0)
{
$query = "update `alerts` set `general`='".intval($_POST['general'])."',
`country`='".intval($_POST['country'])."',
`regional`='".intval($_POST['regional'])."',
`radius`='".intval($_POST['radius'])."'
where `memid`='".$_SESSION['profile']['id']."'";
} else {
$query = "insert into `alerts` set `general`='".intval($_POST['general'])."',
`country`='".intval($_POST['country'])."',
`regional`='".intval($_POST['regional'])."',
`radius`='".intval($_POST['radius'])."',
`memid`='".$_SESSION['profile']['id']."'";
}
mysql_query($query);
$id = $oldid;
unset($oldid);
}
if($id == 36)
{
$row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".$_SESSION['profile']['id']."'"));
$_POST['general'] = $row['general'];
$_POST['country'] = $row['country'];
$_POST['regional'] = $row['regional'];
$_POST['radius'] = $row['radius'];
}
if($oldid == 41)
{
$lang = mysql_escape_string($_POST['lang']);
foreach($_SESSION['_config']['translations'] as $key => $val)
{
if($key == $lang)
{
mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
showfooter();
exit;
}
}
showheader(_("My CAcert.org Account!"));
echo _("You tried to use an invalid language.");
showfooter();
exit;
}
if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert);
if(intval($orgid) > 0)
$_SESSION['_config']['orgid'] = intval($orgid);
if(intval($memid) > 0)
$_SESSION['_config']['memid'] = intval($memid);
if(intval($domid) > 0)
$_SESSION['_config']['domid'] = intval($domid);
$_SESSION['_config']['agent'] = $HTTP_USER_AGENT;
?>