cacert-webdb/www
Jan Dittberner 560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
..
api Fix for https://bugs.cacert.org/view.php?id=1273 2014-11-24 09:56:38 +00:00
cats cats fix 1072 2012-06-10 09:10:54 +00:00
certs Add class 3 certificates signed in 2021 2024-05-03 19:58:42 +02:00
docs Updated CAcert Rules 2008-04-29 14:13:43 +00:00
iistutorial update 2004-11-18 23:21:15 +00:00
images Fix for https://bugs.cacert.org/view.php?id=1198 2013-08-29 10:18:16 +00:00
logos Add missing logo files to CVS tree. 2011-06-16 07:55:46 +00:00
policy Fix for https://bugs.cacert.org/view.php?id=1345 2015-01-15 10:50:06 +00:00
siteimages *** empty log message *** 2004-10-16 00:28:17 +00:00
styles Intermediate patch for https://bugs.cacert.org/view.php?id=807 2014-06-13 16:00:16 +00:00
tverify Changed license to GPLv2 2008-04-06 19:45:09 +00:00
utf8_to_ascii Added utf8_to_ascii for the new CAP form 2009-11-25 23:43:42 +00:00
.htaccess Fix for https://bugs.cacert.org/view.php?id=1131 2015-01-08 15:02:47 +00:00
ac.js updates 2005-12-04 21:04:05 +00:00
ac.php Added XSS prevention 2008-11-24 12:43:19 +00:00
account.php Fix for https://bugs.cacert.org/view.php?id=795 2013-01-17 15:08:07 +00:00
advertising.php Fix for https://bugs.cacert.org/view.php?id=1011 2012-04-29 18:32:43 +00:00
alert_hash_collision.php Added SQL Injection prevention 2008-11-24 20:02:48 +00:00
analyse.php Fixed XSS, reported by alexander@klink.name 2008-09-27 16:11:02 +00:00
cap.html.php Fixes for https://bugs.cacert.org/view.php?id=1305: 2019-04-10 09:37:24 +00:00
cap.php Fixes for https://bugs.cacert.org/view.php?id=1305: 2019-04-10 09:37:24 +00:00
capnew.php Fixes for https://bugs.cacert.org/view.php?id=1305: 2019-04-10 09:37:24 +00:00
coap.html.php Fixes for https://bugs.cacert.org/view.php?id=1305: 2019-04-10 09:37:24 +00:00
coapnew.php Fixes for https://bugs.cacert.org/view.php?id=1305: 2019-04-10 09:37:24 +00:00
disputes.php Fix for https://bugs.cacert.org/view.php?id=28 2014-11-24 09:59:19 +00:00
error403.php Added missing error403.php 2007-01-28 18:41:58 +00:00
error404.php Changed license to GPLv2 2008-04-06 19:45:09 +00:00
favicon.ico Add image referenced by current application but missing from the CVS repository, 2010-01-31 20:50:33 +00:00
gpg.php Fix for https://bugs.cacert.org/view.php?id=1273 2014-11-24 09:56:38 +00:00
help.php Improved register_globals 2008-09-25 22:22:50 +00:00
index.php Fix client certificate login 2024-05-05 20:08:53 +02:00
keygenIE.js Fix for https://bugs.cacert.org/view.php?id=1218 2014-02-06 15:52:57 +00:00
logos.php Changed the Logos page on demand from Henrik Heigl 2008-10-24 14:27:40 +00:00
news.php Changed license to GPLv2 2008-04-06 19:45:09 +00:00
rss.php Fixed URL 2008-09-03 18:43:25 +00:00
sealgen.php Improved register_globals 2008-09-03 18:43:37 +00:00
sqldump.php Fix for http://bugs.cacert.org/view.php?id=1182 2013-10-16 10:42:36 +00:00
src-lic.php Redirect to code.cacert.org for source code 2023-09-17 11:11:03 +02:00
stats.php Combined fixes for 2014-06-07 09:14:52 +00:00
ttp.php Fix for https://bugs.cacert.org/view.php?id=985 2012-01-24 14:26:05 +00:00
verify.php Back out previous change because it breaks the website, as indicated by these 2010-01-27 11:17:54 +00:00
wot.php Fix for https://bugs.cacert.org/view.php?id=28 2014-11-24 09:59:19 +00:00