cacert-webdb/www/api/ccsr.php

81 lines
2.8 KiB
PHP

<?
$username = mysql_escape_string($_REQUEST['username']);
$password = mysql_escape_string($_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and `password`=password('$password')";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
die("403,That username couldn't be found\n");
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
$emails = "";
foreach($_REQUEST['email'] as $email)
{
$email = mysql_escape_string(trim($email));
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$id = $row['id'];
$emails[$id] = $email;
}
}
if(count($emails) <= 0)
die("404,Wasn't able to match any emails sent against your account");
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
$name = "CAcert WoT User\n";
if($points >= 50)
{
if($_REQUEST['name'] == $user['fname']." ".$user['lname'] ||
$_REQUEST['name'] == $user['fname']." ".$user['mname']." ".$user['lname'] ||
$_REQUEST['name'] == $user['fname']." ".$user['lname']." ".$user['suffix'] ||
$_REQUEST['name'] == $user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])
$name = $_REQUEST['name'];
}
$codesign = 0;
if($user['codesign'] == "1" && $_REQUEST['codesign'] == "1" && $points >= 100)
$codesign = 1;
$CSR = trim($_REQUEST['optionalCSR']);
$tmpname = tempnam("/tmp", "CSR");
$tempnam = tempnam("/tmp", "CSR");
$fp = fopen($tmpname, "w");
fputs($fp, $CSR);
fclose($fp);
$do = `/usr/bin/openssl req -in $tmpname -out $tempnam`;
@unlink($tmpfname);
if(filesize($tempnam) <= 0)
die("404,Invalid or missing CSR");
$csrsubject = "/CN=$name";
foreach($emails as $id => $email)
$csrsubject .= "/emailAddress=".$email;
$query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS',
`memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject', `codesign`='$codesign'";
mysql_query($query);
$certid = mysql_insert_id();
$CSRname = "/www/csr/client-$certid.csr";
rename($tempnam, $CSRname);
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
foreach($emails as $emailid => $email)
mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");
$do = `../../scripts/runclient`;
sleep(1);
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
die("404,Your certificate request has failed");
$cert = mysql_fetch_assoc($res);
echo "200,Authentication Ok\n";
readfile($cert['crt_name']);
?>