summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2013-05-01 22:20:26 +0200
committerINOPIAE <inopiae@cacert.org>2013-05-01 22:20:26 +0200
commit494eb5923b8a682e2de786c284344b504211da8d (patch)
tree3fa322e412570bf95940501e62749a45285c9a2f
parentc5e49e00672f85a2f2133f14f177b4a2604a14e4 (diff)
downloadcacert-devel-494eb5923b8a682e2de786c284344b504211da8d.tar.gz
cacert-devel-494eb5923b8a682e2de786c284344b504211da8d.tar.xz
cacert-devel-494eb5923b8a682e2de786c284344b504211da8d.zip
bug 782: adjusted comment handling for client certs
-rw-r--r--includes/account.php201
-rw-r--r--pages/account/5.php17
2 files changed, 113 insertions, 105 deletions
diff --git a/includes/account.php b/includes/account.php
index 232bbac..898c58c 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -10,7 +10,7 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
@@ -18,7 +18,7 @@
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once("../includes/lib/check_weak_key.php");
-
+
loadem("account");
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
@@ -83,7 +83,7 @@
if($checkemail != "OK")
{
showheader(_("My CAcert.org Account!"));
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -160,7 +160,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
+ $query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
@@ -168,7 +168,7 @@
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-
+
$query = "update `email` set `deleted`=NOW() where `id`='$id'";
mysql_query($query);
$delcount++;
@@ -320,15 +320,15 @@
showfooter();
exit;
}
-
+
$query = "insert into emailcerts set
- `CN`='$defaultemail',
+ `CN`='$defaultemail',
`keytype`='NS',
`memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -353,7 +353,7 @@
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
-
+
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 4;
@@ -362,7 +362,7 @@
showfooter();
exit;
}
-
+
$tmpfname = tempnam("/tmp", "id4CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -421,14 +421,14 @@
showfooter();
exit;
}
- $query = "insert into emailcerts set
- `CN`='$defaultemail',
+ $query = "insert into emailcerts set
+ `CN`='$defaultemail',
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -581,7 +581,7 @@
{
showheader(_("My CAcert.org Account!"));
//echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -652,7 +652,7 @@
// In case the CSR is missing the ---BEGIN lines, add them automatically:
$CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
showheader(_("My CAcert.org Account!"));
@@ -660,13 +660,13 @@
showfooter();
exit;
}
-
+
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
-
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -711,7 +711,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
{
@@ -720,7 +720,7 @@
showfooter();
exit;
}
-
+
$id = 11;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
@@ -764,18 +764,18 @@
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
} else {
showheader(_("My CAcert.org Account!"));
@@ -838,27 +838,27 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
- $query = "insert into `domaincerts` set
- `domid`='".$row['domid']."',
+ $query = "insert into `domaincerts` set
+ `domid`='".$row['domid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
"`created`='".$row['created']."',
- `modified`=NOW(),
+ `modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."',
+ `pkhash`='".$row['pkhash']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -940,7 +940,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@@ -971,7 +971,7 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@@ -1006,7 +1006,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1014,28 +1014,28 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
- $query = "insert into emailcerts set
- `memid`='".$row['memid']."',
+ $query = "insert into emailcerts set
+ `memid`='".$row['memid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
+ `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -1080,7 +1080,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1109,7 +1109,7 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1148,6 +1148,13 @@
mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
//$row = mysql_fetch_assoc($res);
}
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $id = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$id])));
+ mysql_query("update `emailcerts` set `description`='$comment' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
+ //$row = mysql_fetch_assoc($res);
+ }
}
echo(_("Certificate settings have been changed.")."<br/>\n");
showfooter();
@@ -1241,7 +1248,7 @@
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
-
+
if($_SESSION['profile']['points'] == 0)
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
@@ -1293,7 +1300,7 @@
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
- //!!!Should be rewritten
+ //!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
@@ -1406,8 +1413,8 @@
}
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
-
-
+
+
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
@@ -1447,7 +1454,7 @@
}else{
$_SESSION['_config']['description']= "";
}
-
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1493,8 +1500,8 @@
$emails .= "countryName = ".$org['C']."\n";
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
-
-
+
+
$emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{
@@ -1504,14 +1511,14 @@
showfooter();
exit;
}
-
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
`keytype`='NS',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1536,7 +1543,7 @@
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
-
+
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 17;
@@ -1545,7 +1552,7 @@
showfooter();
exit;
}
-
+
$tmpfname = tempnam("/tmp", "id17CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -1595,14 +1602,14 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1653,32 +1660,32 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgemailcerts` set
- `orgid`='".$row['orgid']."',
+ $query = "insert into `orgemailcerts` set
+ `orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
`subject`='".$row['subject']."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
`modified`=NOW(),
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
+ `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -1774,7 +1781,7 @@
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
$id = 20;
@@ -1783,13 +1790,13 @@
showfooter();
exit;
}
-
+
if(trim($_REQUEST['description']) != ""){
$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$_SESSION['_config']['description']= "";
}
-
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1839,7 +1846,7 @@
if($process != "" && $oldid == 21)
{
$id = 21;
-
+
if(!file_exists($_SESSION['_config']['tmpfname']))
{
showheader(_("My CAcert.org Account!"));
@@ -1847,7 +1854,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
{
@@ -1896,7 +1903,7 @@
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
$csrsubject .= "/commonName=$row";
- $SAN="";
+ $SAN="";
if(is_array($_SESSION['_config']['altrows']))
foreach($_SESSION['_config']['altrows'] as $subalt)
{
@@ -1915,7 +1922,7 @@
if($_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `orgdomaincerts` set
+ $query = "insert into `orgdomaincerts` set
`CN`='".$_SESSION['_config']['rows']['0']."',
`orgid`='".$org['id']."',
`created`=NOW(),
@@ -1923,13 +1930,13 @@
`rootcert`='".$_SESSION['_config']['rootcert']."',
`type`='$type'";
} else {
- $query = "insert into `orgdomaincerts` set
+ $query = "insert into `orgdomaincerts` set
`CN`='".$_SESSION['_config']['altrows']['0']."',
`orgid`='".$org['id']."',
`created`=NOW(),
`subject`='$csrsubject',
`rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type',
+ `type`='$type',
`description`='".$_SESSION['_config']['description']."'";
}
mysql_query($query);
@@ -1982,31 +1989,31 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgdomaincerts` set
- `orgid`='".$row['orgid']."',
+ $query = "insert into `orgdomaincerts` set
+ `orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."',
+ `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."',
- `modified`=NOW(),
- `subject`='".$row['subject']."',
+ `modified`=NOW(),
+ `subject`='".$row['subject']."',
`type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."',
+ `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -2219,7 +2226,7 @@
if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($domid)."'";
@@ -2227,7 +2234,7 @@
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($domid)."'";
@@ -2271,7 +2278,7 @@
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2283,7 +2290,7 @@
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2498,7 +2505,7 @@
exit;
}
- if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
+ if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
@@ -2715,7 +2722,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
showheader(_("My CAcert.org Account!"));
@@ -2724,7 +2731,7 @@
exit;
}
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
@@ -2788,7 +2795,7 @@
if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
{
- csrf_check('admactlock');
+ csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
@@ -3013,7 +3020,7 @@
while($row = mysql_fetch_assoc($res))
$body .= $row['comment']."\n";
$body .= "\n";
-
+
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
@@ -3034,7 +3041,7 @@
$body .= "\n";
$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
-
+
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
diff --git a/pages/account/5.php b/pages/account/5.php
index f8e9190..7ef8933 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="9" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@@ -29,20 +29,20 @@
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td>
- <td class="DataTD"><?=_("Comment *")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
- `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`expire` as `expires`,
`emailcerts`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
emailcerts.disablelogin as `disablelogin`,
`emailcerts`.`description`
- from `emailcerts`
+ from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
";
if($viewall != 1)
@@ -94,7 +94,8 @@
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
<input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
</td>
- <td class="DataTD"><?=htmlspecialchars($row['description'])?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"><?=htmlspecialchars($row['description'])?></input></td>
+ <td><input type="checkbox" name="check_comment_<?=$row['id']?>" value="0"/></td>
</tr>
<? } ?>
<tr>
@@ -108,12 +109,12 @@
<?=_("* Comment is NOT included in the certificate as it is inteded for your personal reference only. To change the comment go to the certificate view with hitting email address.")?>
</td>
</tr>
-
+
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
- <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
</tr>
<? } ?>