summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernhard Fröhlich <bernhard@cacert.org>2011-09-06 18:25:47 +0200
committerBernhard Fröhlich <bernhard@cacert.org>2011-09-06 18:25:47 +0200
commited99f6f3cd1132c508d76b31260e0fd0a080f702 (patch)
tree91257496b0eaf72fc49aecd9f79d0ee91bc8f84e
parent665977338fa53f2a929b09e783f2a7986c70df37 (diff)
downloadcacert-devel-ed99f6f3cd1132c508d76b31260e0fd0a080f702.tar.gz
cacert-devel-ed99f6f3cd1132c508d76b31260e0fd0a080f702.tar.xz
cacert-devel-ed99f6f3cd1132c508d76b31260e0fd0a080f702.zip
Changes proposed by Uli on https://bugs.cacert.org/view.php?id=824
-rw-r--r--includes/account.php207
-rw-r--r--pages/account/16.php19
-rwxr-xr-x[-rw-r--r--]pages/account/17.php70
-rwxr-xr-x[-rw-r--r--]pages/account/19.php2
4 files changed, 282 insertions, 16 deletions
diff --git a/includes/account.php b/includes/account.php
index 24c61d8..98b5850 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -136,6 +136,46 @@
if($process != "" && $oldid == 2)
{
+
+/* sample code from id=29
+ if($oldid == 29 && $process != "")
+ {
+ $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
+
+ $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
+ $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
+ if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+ {
+ $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
+ $id = $oldid;
+ $oldid=0;
+ // reset domid into its original state
+ $domid = $_SESSION['_config']['domid'];
+ $_REQUEST['domid'] = $domid;
+ }
+ }
+ */
+ // $_REQUEST['delid'] exist
+ $id = 2;
+ csrf_check("chgdef");
+ $id = 60;
+ if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
+ {
+ // $_SESSION['profile']['id']
+ // $_SESSION['profile']['email']
+ $oldid=0;
+ }
+ else
+ {
+ showheader(_("My CAcert.org Account!"));
+ $delcount = 0;
+ echo _("You did not select any email accounts for removal.");
+ echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
+ showfooter();
+ exit;
+ }
+
+/*
$id = 2;
csrf_check("chgdef");
showheader(_("My CAcert.org Account!"));
@@ -180,6 +220,8 @@
showfooter();
exit;
+ */
+
}
if($process != "" && $oldid == 3)
@@ -187,7 +229,7 @@
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
- echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 1);
showfooter();
exit;
}
@@ -244,7 +286,7 @@
{
$id = 4;
showheader(_("My CAcert.org Account!"));
- echo _("I didn't receive a valid Certificate Request, please try a different browser.");
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 2);
showfooter();
exit;
}
@@ -403,7 +445,7 @@
{
$id = 4;
showheader(_("My CAcert.org Account!"));
- echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 3);
showfooter();
exit;
}
@@ -1339,10 +1381,83 @@
}
if($oldid == 16)
+/* merge 3 handling and 16 handling together to new 16
+
+ if($process != "" && $oldid == 3)
+ {
+ if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
+ {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 4);
+ showfooter();
+ exit;
+ }
+
+ $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
+
+ $_SESSION['_config']['addid'] = $_REQUEST['addid'];
+
+
+ if($_SESSION['profile']['points'] >= 50)
+ $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
+ if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
+ {
+ $_REQUEST['codesign'] = 0;
+ }
+ if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
+ {
+ if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
+ $_SESSION['_config']['incname'] = 1;
+ }
+ if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
+ $_SESSION['_config']['codesign'] = 1;
+ else
+ $_SESSION['_config']['codesign'] = 0;
+
+ if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
+ $_SESSION['_config']['disablelogin'] = 0;
+ else
+ $_SESSION['_config']['disablelogin'] = 1;
+
+ $_SESSION['_config']['rootcert'] = 1;
+ if($_SESSION['profile']['points'] >= 50)
+ {
+ $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
+ }
+ $csr = "";
+ if(trim($_REQUEST['optionalCSR']) == "")
+ {
+ $id = 4;
+ } else {
+ $oldid = 4;
+ $_REQUEST['keytype'] = "MS";
+ $csr = clean_csr($_REQUEST['optionalCSR']);
+ }
+ }
+
+ */
+
+
+
{
$id = 16;
$_SESSION['_config']['emails'] = array();
+/* This worked in id=3 with all email addresses known by the account, but
+ is handled under id=16 in a different way thru -> Another Email
+
+ if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
+ {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 5);
+ showfooter();
+ exit;
+ }
+ */
+
+
foreach($_REQUEST['emails'] as $val)
{
$val = mysql_real_escape_string(stripslashes(trim($val)));
@@ -1389,12 +1504,33 @@
$_SESSION['_config']['codesign'] = 0;
}
+ // added bug-824
+ if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
+ $_SESSION['_config']['disablelogin'] = 0;
+ else
+ $_SESSION['_config']['disablelogin'] = 1;
+
+
+
$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
+
+ $csr = "";
+ if(trim($_REQUEST['optionalCSR']) == "")
+ {
+ $id = 17;
+ } else {
+ $oldid = 17;
+ $_REQUEST['keytype'] = "MS"; // why MS and not NS ?
+ $csr = clean_csr($_REQUEST['optionalCSR']);
+ $_REQUEST['CSR'] = $csr;
+ }
+
+
}
if($oldid == 17)
@@ -1408,7 +1544,7 @@
{
$id = 17;
showheader(_("My CAcert.org Account!"));
- echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 6);
showfooter();
exit;
}
@@ -1478,8 +1614,10 @@
}
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
- $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
-
+ if ($csr=="") {
+ $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+ // else use optional CSR
+ }
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 17;
@@ -1531,7 +1669,7 @@
if($csr == "")
{
showheader(_("My CAcert.org Account!"));
- echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
+ printf(_("I didn't receive a valid Certificate Request, hit the back button and try again. [%s]"), 7);
showfooter();
exit;
}
@@ -2147,6 +2285,9 @@
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
$oldid=0;
+ // reset domid into its original state
+ $domid = $_SESSION['_config']['domid'];
+ $_REQUEST['domid'] = $domid;
}
}
@@ -2954,6 +3095,58 @@
exit;
}
+ if($process != "" && $oldid == 60)
+ {
+ // delete user account email confirmed
+ $id = 60;
+ csrf_check("chgdefcnfd");
+ showheader(_("My CAcert.org Account!"));
+ $delcount = 0;
+ if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
+ {
+ echo _("The following email addresses and associated client certificates have been removed:")."<br><br>\n";
+ foreach($_REQUEST['delid'] as $id)
+ {
+ $id = intval($id);
+ $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
+ `email`!='".$_SESSION['profile']['email']."'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ echo $row['email']."<br>\n";
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
+ `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
+
+ $query = "update `email` set `deleted`=NOW() where `id`='$id'";
+ mysql_query($query);
+ $delcount++;
+ }
+ }
+ }
+ else
+ {
+ echo _("You did not select any email address for removal.");
+ }
+ if($delcount > 0)
+ {
+ echo "<br>\n";
+ printf(_("%s email address(es) and associated client certificates have been removed."), intval($delcount));
+ echo "<br>\n";
+ } else {
+ echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
+ }
+
+ showfooter();
+ exit;
+ }
+
if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert);
if(intval($orgid) > 0)
diff --git a/pages/account/16.php b/pages/account/16.php
index 3e582e3..4be458b 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -17,7 +17,9 @@
*/
include_once("../includes/shutdown.php");
?>
-<form method="post" action="account.php">
+<h3><?=_("New Organisation Client Certificate")?></h3>
+<br>
+<form name="manual" method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
@@ -56,6 +58,21 @@
<td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
</tr>
<? } ?>
+
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br>
+ <?=_("By allowing certificate login, this certificate can be used to login into websites with client cert login enabled.")?><br/>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
+ </tr>
+
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>">
<input type="submit" name="process" value="<?=_("Next")?>"></td>
diff --git a/pages/account/17.php b/pages/account/17.php
index 2ba5390..8262f60 100644..100755
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -17,7 +17,7 @@
*/ ?>
<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work.")?>
+<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
</object>
<form method="post" action="account.php" name="CertReqForm"><p>
<input type="hidden" name="session" value="UsedXenroll">
@@ -40,7 +40,23 @@ Function GetProviderList()
CspList = ""
ProviderName = ""
- For ProvType = 0 to 13
+ // Vista:
+ Set csps = CreateObject("X509Enrollment.CCspInformations")
+ If IsObject(csps) Then
+ csps.AddAvailableCsps()
+ Document.CertReqForm.keytype.value="VI"
+ For j = 0 to csps.Count-1
+ Set oOption = document.createElement("OPTION")
+ oOption.text = csps.ItemByIndex(j).Name
+ oOption.value = j
+ Document.CertReqForm.CspProvider.add(oOption)
+ Next
+
+ Else
+
+ // 2000,XP:
+
+ For ProvType = 0 to 13
cspIndex = 0
cec.ProviderType = ProvType
ProviderName = cec.enumProviders(cspIndex,0)
@@ -60,17 +76,55 @@ Function GetProviderList()
ProviderName = ""
ProviderName = cec.enumProviders(cspIndex,0)
count = count + 1
- wend
- Next
- Document.CertReqForm.CspProvider.selectedIndex = base
- if enhanced then
+ wend
+ Next
+ Document.CertReqForm.CspProvider.selectedIndex = base
+ if enhanced then
Document.CertReqForm.CspProvider.selectedIndex = enhanced
- end if
+ end if
+ End If
End Function
+
Function CSR(keyflags)
CSR = ""
szName = ""
+
+ // Vista
+ if Document.CertReqForm.keytype.value="VI" Then
+
+ Dim g_objClassFactory
+ Dim obj
+ Dim objPrivateKey
+ Dim g_objRequest
+ Dim g_objRequestCMC
+
+ Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
+ Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+ Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
+ Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
+ //Msgbox exit function
+ objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
+ // "Microsoft Enhanced RSA and AES Cryptographic Provider"
+ objPrivateKey.ProviderType = "24"
+ objPrivateKey.KeySpec = "1"
+ objPrivateKey.ExportPolicy = 1
+ objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
+ Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
+ objDN.Encode("CN=CAcertRequest")
+ objRequest.Subject = objDN
+
+ // obj.Initialize(1)
+ obj.InitializeFromRequest(objRequest)
+ obj.CertificateDescription="Description"
+ obj.CertificateFriendlyName="FriendlyName"
+ CSR=obj.CreateRequest(1)
+ If len(CSR)<>0 Then Exit Function
+ Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
+
+ else
+ // XP
+
cec.HashAlgorithm = "MD5"
err.clear
On Error Resume Next
@@ -104,6 +158,7 @@ Function CSR(keyflags)
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = 0
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ End if
End Function
Sub GenReq_OnClick
@@ -129,7 +184,6 @@ GetProviderList()
<input type="hidden" name="keytype" value="NS">
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
-
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..b803949 100644..100755
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -109,6 +109,8 @@
End Sub
</SCRIPT>
+<p><?=_("Your certificate:")?></p>
+<pre><?=$cert?></pre>
<?
showfooter();
exit;