summaryrefslogtreecommitdiff
path: root/cacert/includes/account.php
diff options
context:
space:
mode:
Diffstat (limited to 'cacert/includes/account.php')
-rw-r--r--cacert/includes/account.php56
1 files changed, 35 insertions, 21 deletions
diff --git a/cacert/includes/account.php b/cacert/includes/account.php
index 6488574..c264a09 100644
--- a/cacert/includes/account.php
+++ b/cacert/includes/account.php
@@ -67,7 +67,7 @@
if(mysql_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
- printf(_("The email address '%s' is already in the system. Can't continue."), sanitizeHTML($_REQUEST['email']));
+ printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
showfooter();
exit;
}
@@ -295,6 +295,9 @@
if($_SESSION['_config']['incname'] == 4)
$emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
}
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
+
$emails .= "SPKAC = $spkac";
$query = "insert into emailcerts set
`CN`='$defaultemail',
@@ -309,7 +312,7 @@
if(is_array($addys))
foreach($addys as $addy)
mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
- $CSRname = $_SESSION['_config']['filepath']."/csr/client-".intval($emailid).".csr";
+ $CSRname=generatecertpath("csr","client",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $emails);
fclose($fp);
@@ -374,6 +377,8 @@
$csr .= $data;
fclose($fp);
@unlink($tmpname);
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
if($csr == "")
{
@@ -396,7 +401,7 @@
if(is_array($addys))
foreach($addys as $addy)
mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
- $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr";
+ $CSRname=generatecertpath("csr","client",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
@@ -452,7 +457,7 @@
$oldid=0;
$id = 7;
showheader(_("My CAcert.org Account!"));
- printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
+ printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
showfooter();
exit;
}
@@ -532,7 +537,7 @@
if(mysql_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
- printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
+ printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
showfooter();
exit;
}
@@ -690,6 +695,8 @@
if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
}
}
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
@@ -722,7 +729,7 @@
foreach($_SESSION['_config']['altid'] as $dom)
mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
- $CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr";
+ $CSRname=generatecertpath("csr","server",$CSRid);
if(!file_exists($_SESSION['_config']['tmpfname']))
{
showheader(_("My CAcert.org Account!"));
@@ -786,7 +793,7 @@
`pkhash`='".$row['pkhash']."'";
mysql_query($query);
$newid = mysql_insert_id();
- $newfile = $_SESSION['_config']['filepath']."/csr/server-$newid.csr";
+ $newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
@@ -953,7 +960,7 @@
`rootcert`='".$row['rootcert']."'";
mysql_query($query);
$newid = mysql_insert_id();
- $newfile = $_SESSION['_config']['filepath']."/csr/client-$newid.csr";
+ $newfile=generatecertpath("csr","client",$newid);
copy($row['csr_name'], $newfile);
mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
$res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
@@ -970,14 +977,14 @@
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
printf(_("Certificate for '%s' has been renewed."), $row['CN']);
- echo "<a href='account.php?id=6&cert=$newid' target='_new'>".
- _("Click here")."</a> "._("to install your certificate.");
+ echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
+ _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
}
}
}
else
{
- echo _("You did not select any certificates for renewal.");
+ echo _("You did not select any certificates for renewal.")."<br/>";
}
showfooter();
@@ -1366,6 +1373,8 @@
$emails .= "stateOrProvinceName = ".$org['ST']."\n";
if($org['C'])
$emails .= "countryName = ".$org['C']."\n";
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
$emails .= "SPKAC = $spkac";
$query = "insert into `orgemailcerts` set
@@ -1381,7 +1390,7 @@
foreach($_SESSION['_config']['domids'] as $addy)
mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
- $CSRname = $_SESSION['_config']['filepath']."/csr/orgclient-$emailid.csr";
+ $CSRname=generatecertpath("csr","orgclient",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $emails);
fclose($fp);
@@ -1444,6 +1453,9 @@
showfooter();
exit;
}
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
+
$query = "insert into `orgemailcerts` set
`CN`='$defaultemail',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
@@ -1458,7 +1470,7 @@
foreach($_SESSION['_config']['domids'] as $addy)
mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
- $CSRname = $_SESSION['_config']['filepath']."/csr/orgclient-$emailid.csr";
+ $CSRname=generatecertpath("csr","orgclient",$emailid);
$fp = fopen($CSRname, "w");
fputs($fp, $csr);
fclose($fp);
@@ -1520,7 +1532,7 @@
`rootcert`='".$row['rootcert']."'";
mysql_query($query);
$newid = mysql_insert_id();
- $newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr";
+ $newfile=generatecertpath("csr","orgclient",$newid);
copy($row['csr_name'], $newfile);
mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
waitForResult("orgemailcerts", $newid,$oldid,0);
@@ -1715,6 +1727,8 @@
$type="";
if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
+ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
+ $_SESSION['_config']['rootcert'] = 1;
if($_SESSION['_config']['rowid']['0'] > 0)
{
@@ -1737,7 +1751,7 @@
mysql_query($query);
$CSRid = mysql_insert_id();
- $CSRname = $_SESSION['_config']['filepath']."/csr/orgserver-$CSRid.csr";
+ $CSRname=generatecertpath("csr","orgserver",$CSRid);
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
@@ -1803,7 +1817,7 @@
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
- $newfile = $_SESSION['_config']['filepath']."/csr/orgserver-$newid.csr";
+ $newfile=generatecertpath("csr","orgserver",$newid);
copy($row['csr_name'], $newfile);
mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
echo _("Renewing").": ".$row['CN']."<br>\n";
@@ -1973,7 +1987,7 @@
$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
if(mysql_num_rows($res1) > 0)
{
- $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain));
+ $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
$oldid=0;
}
@@ -2003,7 +2017,7 @@
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
- $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain));
+ $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
$oldid=0;
}
@@ -2275,8 +2289,8 @@
$newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0);
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
- $long = array_key_exists('longitude',$_REQUEST)?doubleval($_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude', $_REQUEST)?doubleval($_REQUEST['latitude']):"";
+ $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
+ $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2496,7 +2510,7 @@
foreach($_SESSION['_config']['altid'] as $dom)
mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
- $CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr";
+ $CSRname=generatecertpath("csr","server",$CSRid);
$fp = fopen($CSRname, "w");
fputs($fp, $_SESSION['_config']['CSR']);
fclose($fp);