summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php7
-rw-r--r--includes/notary.inc.php106
2 files changed, 75 insertions, 38 deletions
diff --git a/includes/account.php b/includes/account.php
index e3dbc9e..76de567 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2665,6 +2665,13 @@
mysql_query($query);
}
+ if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
+ {
+ $userid = intval($_REQUEST['userid']);
+ revoke_all_private_cert($userid);
+ $id=43;
+ }
+
if($oldid == 48 && $_REQUEST['domain'] == "")
{
$id = $oldid;
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index f703087..8b7c0a5 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -791,15 +791,7 @@
//called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
//called from account_delete
$mailid = intval($mailid);
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres)){
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
- }
+ revoke_all_client_cert($mailid);
$query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
mysql_query($query);
}
@@ -811,23 +803,7 @@
//called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
//called from account_delete
$domainid = intval($domainid);
- $query = "select distinct `domaincerts`.`id`
- from `domaincerts`, `domlink`
- where `domaincerts`.`domid` = '$domainid'
- or (
- `domaincerts`.`id` = `domlink`.`certid`
- and `domlink`.`domid` = '$domainid')";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- {
- mysql_query(
- "update `domaincerts`
- set `revoked`='1970-01-01 10:00:01'
- where `id` = '".$drow['id']."'
- and `revoked` = 0
- and UNIX_TIMESTAMP(`expire`) -
- UNIX_TIMESTAMP() > 0");
- }
+ revoke_all_server_cert($domainid);
mysql_query(
"update `domains`
set `deleted`=NOW()
@@ -943,7 +919,7 @@
// called from includes/account.php if($process != "" && $oldid == 1)
// called from includes/account.php if($oldid == 50 && $process != "")
$email = mysql_real_escape_string($email);
- $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
+ $query = "select * from `email` where `email`='$email' and `deleted`=0";
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
@@ -953,9 +929,9 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
- $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
+ $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()";
}else{
- $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
+ $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()+90*86400";
}
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
@@ -966,11 +942,11 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
- $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()";
- $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
+ $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
+ $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
}else{
- $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
- $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
@@ -984,11 +960,11 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
- $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW()";
- $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()";
+ $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
+ $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
}else{
- $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
- $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+ $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
+ $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
@@ -1000,7 +976,61 @@
function check_is_orgadmin($uid){
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
- $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
+ $query = "select * from `org` where `memid`='$uid' and `deleted`=0";
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
+
+
+ // revokation of certificates
+ function revoke_all_client_cert($mailid){
+ //revokes all client certificates for an email address
+ $mailid = intval($mailid);
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres)){
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ }
+ }
+
+ function revoke_all_server_cert($domainid){
+ //revokes all server certs for an domain
+ $domainid = intval($domainid);
+ $query = "select distinct `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`domid` = '$domainid'
+ or (
+ `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$domainid')";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0");
+ }
+ }
+
+ function revoke_all_private_cert($uid){
+ //revokes all certificates linked to a personal accounts
+ //gpg revokation needs to be added to a later point
+ $uid=intval($uid);
+ $query = "select `id` from `email` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_client_cert($row['id']);
+ }
+
+
+ $query = "select `id` from `domains` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_server_cert($row['id']);
+ }
+
+ }
generated by cgit v1.2.1 (git 2.18.0) at 2021-04-11 01:20:24 +0000