diff options
| -rw-r--r-- | includes/account.php | 124 | ||||
| -rw-r--r-- | pages/account/11.php | 86 | ||||
| -rw-r--r-- | pages/account/21.php | 74 |
3 files changed, 155 insertions, 129 deletions
diff --git a/includes/account.php b/includes/account.php index 5be932b..7c3748d 100644 --- a/includes/account.php +++ b/includes/account.php @@ -22,6 +22,57 @@ loadem("account"); +/** + * Build a subject string as needed by the signer + * + * @param array(string) $domains + * First domain is used as CN and repeated in subjectAltName. Duplicates + * should already been removed + * + * @param bool $include_xmpp_addr + * [default: true] Whether to include the XmppAddr in the subjectAltName. + * This is needed if the Jabber server is jabber.example.com but a Jabber ID + * on that server would be alice@example.com + * + * @return string + */ +function buildSubject(array $domains, $include_xmpp_addr = true) { + $subject = "/CN=${domains[0]}"; + + foreach ($domains as $domain) { + $subject .= "/subjectAltName=DNS:$domain"; + + if ($include_xmpp_addr) { + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain"; + } + } + + return $subject; +} + +/** + * Builds the subject string from the session variables + * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows'] + * + * @return string + */ +function buildSubjectFromSession() { + $domains = array(); + + if (is_array($_SESSION['_config']['rows'])) { + $domains = array_merge($domains, $_SESSION['_config']['rows']); + } + + if (is_array($_SESSION['_config']['altrows'])) + foreach ($_SESSION['_config']['altrows'] as $row) { + if (substr($row, 0, 4) === "DNS:") { + $domains[] = substr($row, 4); + } + } + + return buildSubject(array_unique($domains)); +} + $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0; $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0; $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : ""; @@ -741,35 +792,8 @@ exit; } - $subject = ""; - $count = 0; - $supressSAN=0; - if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; + $subject = buildSubjectFromSession(); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } else { - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - { - if(substr($row, 0, 4) == "DNS:") - { - $row = substr($row, 4); - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; @@ -795,7 +819,6 @@ echo _("Domain not verified."); showfooter(); exit; - } mysql_query($query); @@ -894,29 +917,7 @@ continue; } - $subject = ""; - $count = 0; - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } else { - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + $subject = buildSubjectFromSession(); $subject = mysql_real_escape_string($subject); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); @@ -938,6 +939,7 @@ { echo _("You did not select any certificates for renewal."); } + showfooter(); exit; } @@ -1445,7 +1447,6 @@ if($oldid == 16 && $process != "") { - if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100)) { $_REQUEST['codesign'] = 1; @@ -1948,20 +1949,7 @@ //if($org['contact']) // $csrsubject .= "/emailAddress=".trim($org['contact']); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - $csrsubject .= "/commonName=$row"; - $SAN=""; - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $subalt) - { - if($SAN != "") - $SAN .= ","; - $SAN .= "$subalt"; - } - - if($SAN != "") - $csrsubject .= "/subjectAltName=".$SAN; + $csrsubject .= buildSubjectFromSession(); $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; @@ -2757,8 +2745,8 @@ sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); - } + showfooter(); exit; } diff --git a/pages/account/11.php b/pages/account/11.php index 4e070cb..5f94122 100644 --- a/pages/account/11.php +++ b/pages/account/11.php @@ -15,39 +15,61 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> + <p> -<?=_("Please make sure the following details are correct before proceeding any further.")?> +<?=_("Please make sure the following details are correct before proceeding ". + "any further.")?> </p> -<?// print_r($_SESSION['_config']['altrows']); ?> + +<p><? +if (is_array($_SESSION['_config']['rows'])) { + foreach ($_SESSION['_config']['rows'] as $row) { + echo _("CommonName"), ": $row<br>\n"; + } +} + +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row<br>\n"; + } +} +?></p> + <p> -<? if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) { ?> -<?=_("CommonName")?>: <?=$row?><br> -<? } ?> -<? if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) { ?> -<?=_("subjectAltName")?>: <?=$row?><br> -<? } ?> -<? if(1 == 0) { ?> -<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br> -<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br> -<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br> -<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br> -<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br> -<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br> -<? } ?> -<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?> -<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?> -<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br> -<? foreach($_SESSION['_config']['rejected'] as $row) { ?> -<?=_("Rejected")?>: <a href="account.php?id=7&newdomain=<?=$row?>"><?=$row?></a><br> -<? } } ?> -<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?> -<form method="post" action="account.php"> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -<? } else { ?> -<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b> -<? } ?> +<?=_("No additional information will be included on certificates because it ". + "can not be automatically checked by the system.")?> </p> + +<p><? +if (array_key_exists('rejected',$_SESSION['_config']) && + is_array($_SESSION['_config']['rejected'])) { + echo _("The following hostnames were rejected because the system couldn't ". + "link them to your account, if they are valid please verify the ". + "domains against your account."), "<br>\n"; + + foreach ($_SESSION['_config']['rejected'] as $row) { + echo _("Rejected"); + echo ": <a href='account.php?id=7&newdomain=$row'>$row</a><br>\n"; + } +} +?></p> + +<? +if (is_array($_SESSION['_config']['rows']) || + is_array($_SESSION['_config']['altrows'])) { + ?> + <form method="post" action="account.php"> + <p> + <input type="submit" name="process" value="<?=_("Submit")?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </p> + </form> + <? +} else { + ?> + <p> + <b><?=_("Unable to continue as no valid commonNames or ". + "subjectAltNames were present on your certificate request.")?></b> + </p> + <? +} diff --git a/pages/account/21.php b/pages/account/21.php index 6c3786b..75827fb 100644 --- a/pages/account/21.php +++ b/pages/account/21.php @@ -14,41 +14,57 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $org = $_SESSION['_config']['row']; - if($org['id'] <= 0) - $org = $_SESSION['_config']['altrow']; +*/ + +$org = $_SESSION['_config']['row']; +if ($org['id'] <= 0) { + $org = $_SESSION['_config']['altrow']; +} ?> -<p> -<?=_("Please make sure the following details are correct before proceeding any further.")?> -</p> <p> -<? if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) { ?> -<?=_("CommonName")?>: <?=$row?><br> -<? } ?> -<? if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) { ?> -<?=_("subjectAltName")?>: <?=$row?><br> -<? } ?> -<?=_("Organisation")?>: <?=$org['O']?><br> -<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br> -<?=_("Location")?>: <?=$org['L']?><br> -<?=_("State/Province")?>: <?=$org['ST']?><br> -<?=_("Country")?>: <?=$org['C']?><br> +<?=_("Please make sure the following details are correct before proceeding ". + "any further.")?> +</p> +<p><? +if (is_array($_SESSION['_config']['rows'])) { + foreach ($_SESSION['_config']['rows'] as $row) { + echo _("CommonName"), ": $row<br>\n"; + } +} -<form method="post" action="account.php"> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row<br>\n"; + } +} +echo _("Organisation"), ": {$org['O']}<br>\n"; +echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n"; +echo _("Location"), ": {$org['L']}<br>\n"; +echo _("State/Province"), ": {$org['ST']}<br>\n"; +echo _("Country"), ": {$org['C']}<br>\n"; +?> -<? if($_SESSION['profile']['admin'] == 1) { ?> -<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> -<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?> -<? } ?> +<form method="post" action="account.php"> + <p> + <input type="submit" name="process" value="<?=_("Submit")?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </p> + + <? + if ($_SESSION['profile']['admin'] == 1) { + ?> + <p> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <input type="checkbox" name="ocspcert" value="OCSPCert"/> + <?=_("OCSP certificate")?> + </p> + <? + } + ?> </form> -</p> |