diff options
| -rw-r--r-- | includes/account.php | 7 | ||||
| -rw-r--r-- | includes/notary.inc.php | 106 | ||||
| -rw-r--r-- | pages/account/43.php | 17 |
3 files changed, 89 insertions, 41 deletions
diff --git a/includes/account.php b/includes/account.php index e3dbc9e..76de567 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2665,6 +2665,13 @@ mysql_query($query); } + if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + { + $userid = intval($_REQUEST['userid']); + revoke_all_private_cert($userid); + $id=43; + } + if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; diff --git a/includes/notary.inc.php b/includes/notary.inc.php index f703087..8b7c0a5 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -791,15 +791,7 @@ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept") //called from account_delete $mailid = intval($mailid); - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)){ - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); - } + revoke_all_client_cert($mailid); $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; mysql_query($query); } @@ -811,23 +803,7 @@ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept") //called from account_delete $domainid = intval($domainid); - $query = "select distinct `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`domid` = '$domainid' - or ( - `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$domainid')"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } + revoke_all_server_cert($domainid); mysql_query( "update `domains` set `deleted`=NOW() @@ -943,7 +919,7 @@ // called from includes/account.php if($process != "" && $oldid == 1) // called from includes/account.php if($oldid == 50 && $process != "") $email = mysql_real_escape_string($email); - $query = "select 1 from `email` where `email`='$email' and `deleted`=0"; + $query = "select * from `email` where `email`='$email' and `deleted`=0"; $res = mysql_query($query); return mysql_num_rows($res) > 0; } @@ -953,9 +929,9 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()"; + $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()"; }else{ - $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)"; + $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()+90*86400"; } $res = mysql_query($query); return mysql_num_rows($res) > 0; @@ -966,11 +942,11 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()"; - $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()"; + $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()"; + $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()"; }else{ - $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; - $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400"; } $res = mysql_query($query1); $r1 = mysql_num_rows($res)>0; @@ -984,11 +960,11 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW()"; - $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()"; + $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()"; + $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()"; }else{ - $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; - $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400"; + $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400"; } $res = mysql_query($query1); $r1 = mysql_num_rows($res)>0; @@ -1000,7 +976,61 @@ function check_is_orgadmin($uid){ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); - $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0"; + $query = "select * from `org` where `memid`='$uid' and `deleted`=0"; $res = mysql_query($query); return mysql_num_rows($res) > 0; } + + + // revokation of certificates + function revoke_all_client_cert($mailid){ + //revokes all client certificates for an email address + $mailid = intval($mailid); + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + } + } + + function revoke_all_server_cert($domainid){ + //revokes all server certs for an domain + $domainid = intval($domainid); + $query = "select distinct `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`domid` = '$domainid' + or ( + `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid')"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0"); + } + } + + function revoke_all_private_cert($uid){ + //revokes all certificates linked to a personal accounts + //gpg revokation needs to be added to a later point + $uid=intval($uid); + $query = "select `id` from `email` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_client_cert($row['id']); + } + + + $query = "select `id` from `domains` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_server_cert($row['id']); + } + + } diff --git a/pages/account/43.php b/pages/account/43.php index 234e01a..1bdbdbc 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval($_REQUEST['userid']) > 0) { - $id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; + $userid = intval($_REQUEST['userid']); + $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td class="DataTD"><?=_("Last Name")?>:</td> <td class="DataTD"> <input type="hidden" name="oldid" value="43"> <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($id)?>"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> </tr> <tr> @@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <? } ?> </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + </form> + </td> + </tr> </table> <br> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) <br /> |