summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2015-02-24 22:49:26 +0100
committerFelix Dörre <felix@dogcraft.de>2015-02-25 00:18:59 +0100
commitbab1c3c5fc605ce9d1f4191bbf2ac1f2b2ec2c08 (patch)
treec8c8358ac135a8777e9177918c8c14b403df8904
parent21a7023d57d54c2245a51814c91391abf0790b39 (diff)
downloadcacert-devel-bab1c3c5fc605ce9d1f4191bbf2ac1f2b2ec2c08.tar.gz
cacert-devel-bab1c3c5fc605ce9d1f4191bbf2ac1f2b2ec2c08.tar.xz
cacert-devel-bab1c3c5fc605ce9d1f4191bbf2ac1f2b2ec2c08.zip
bug-1048: removing api/ccsr.php because it's unusedbug-1048
-rw-r--r--www/api/ccsr.php109
1 files changed, 0 insertions, 109 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
deleted file mode 100644
index 3bfe55a..0000000
--- a/www/api/ccsr.php
+++ /dev/null
@@ -1,109 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-require_once '../../includes/lib/check_weak_key.php';
-
- $username = mysql_real_escape_string($_REQUEST['username']);
- $password = mysql_real_escape_string($_REQUEST['password']);
-
- $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
- $res = mysql_query($query);
- if(mysql_num_rows($res) != 1)
- die("403,That username couldn't be found\n");
- $user = mysql_fetch_assoc($res);
- $memid = $user['id'];
- $emails = array();
- foreach($_REQUEST['email'] as $email)
- {
- $email = mysql_real_escape_string(trim($email));
- $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- $row = mysql_fetch_assoc($res);
- $id = $row['id'];
- $emails[$id] = $email;
- }
- }
- if(count($emails) <= 0)
- die("404,Wasn't able to match any emails sent against your account");
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
- $row = mysql_fetch_assoc(mysql_query($query));
- $points = $row['points'];
-
- $name = "CAcert WoT User\n";
- $newname = mysql_real_escape_string(trim($_REQUEST['name']));
- if($points >= 50)
- {
- if($newname == $user['fname']." ".$user['lname'] ||
- $newname == $user['fname']." ".$user['mname']." ".$user['lname'] ||
- $newname == $user['fname']." ".$user['lname']." ".$user['suffix'] ||
- $newname == $user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])
- $name = $newname;
- }
-
- $codesign = 0;
- if($user['codesign'] == "1" && $_REQUEST['codesign'] == "1" && $points >= 100)
- $codesign = 1;
-
- $CSR = trim($_REQUEST['optionalCSR']);
-
- if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
- {
- die("403, $weakKey");
- }
-
- $incsr = tempnam("/tmp", "ccsrIn");
- $checkedcsr = tempnam("/tmp", "ccsrOut");
- $fp = fopen($incsr, "w");
- fputs($fp, $CSR);
- fclose($fp);
- $incsr_esc = escapeshellarg($incsr);
- $checkedcsr_esc = escapeshellarg($checkedcsr);
- $do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
- @unlink($incsr);
- if(filesize($checkedcsr) <= 0)
- die("404,Invalid or missing CSR");
-
- $csrsubject = "/CN=$name";
- foreach($emails as $id => $email)
- $csrsubject .= "/emailAddress=".$email;
-
- $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS',
- `memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'";
- mysql_query($query);
- $certid = mysql_insert_id();
- $CSRname = generatecertpath("csr","client",$certid);
- rename($checkedcsr, $CSRname);
-
- mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
-
- foreach($emails as $emailid => $email)
- mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
-
- $do = shell_exec("../../scripts/runclient");
- sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
- $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- die("404,Your certificate request has failed. ID: ".intval($certid));
- $cert = mysql_fetch_assoc($res);
- echo "200,Authentication Ok\n";
- readfile("../".$cert['crt_name']);
-?>