diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/account.php | 7 | ||||
-rw-r--r-- | includes/notary.inc.php | 106 |
2 files changed, 75 insertions, 38 deletions
diff --git a/includes/account.php b/includes/account.php index e3dbc9e..76de567 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2665,6 +2665,13 @@ mysql_query($query); } + if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + { + $userid = intval($_REQUEST['userid']); + revoke_all_private_cert($userid); + $id=43; + } + if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; diff --git a/includes/notary.inc.php b/includes/notary.inc.php index f703087..8b7c0a5 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -791,15 +791,7 @@ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept") //called from account_delete $mailid = intval($mailid); - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)){ - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); - } + revoke_all_client_cert($mailid); $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; mysql_query($query); } @@ -811,23 +803,7 @@ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept") //called from account_delete $domainid = intval($domainid); - $query = "select distinct `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`domid` = '$domainid' - or ( - `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$domainid')"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } + revoke_all_server_cert($domainid); mysql_query( "update `domains` set `deleted`=NOW() @@ -943,7 +919,7 @@ // called from includes/account.php if($process != "" && $oldid == 1) // called from includes/account.php if($oldid == 50 && $process != "") $email = mysql_real_escape_string($email); - $query = "select 1 from `email` where `email`='$email' and `deleted`=0"; + $query = "select * from `email` where `email`='$email' and `deleted`=0"; $res = mysql_query($query); return mysql_num_rows($res) > 0; } @@ -953,9 +929,9 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()"; + $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()"; }else{ - $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)"; + $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()+90*86400"; } $res = mysql_query($query); return mysql_num_rows($res) > 0; @@ -966,11 +942,11 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()"; - $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()"; + $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()"; + $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()"; }else{ - $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; - $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400"; } $res = mysql_query($query1); $r1 = mysql_num_rows($res)>0; @@ -984,11 +960,11 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW()"; - $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()"; + $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()"; + $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()"; }else{ - $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; - $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400"; + $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400"; } $res = mysql_query($query1); $r1 = mysql_num_rows($res)>0; @@ -1000,7 +976,61 @@ function check_is_orgadmin($uid){ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); - $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0"; + $query = "select * from `org` where `memid`='$uid' and `deleted`=0"; $res = mysql_query($query); return mysql_num_rows($res) > 0; } + + + // revokation of certificates + function revoke_all_client_cert($mailid){ + //revokes all client certificates for an email address + $mailid = intval($mailid); + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + } + } + + function revoke_all_server_cert($domainid){ + //revokes all server certs for an domain + $domainid = intval($domainid); + $query = "select distinct `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`domid` = '$domainid' + or ( + `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid')"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0"); + } + } + + function revoke_all_private_cert($uid){ + //revokes all certificates linked to a personal accounts + //gpg revokation needs to be added to a later point + $uid=intval($uid); + $query = "select `id` from `email` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_client_cert($row['id']); + } + + + $query = "select `id` from `domains` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_server_cert($row['id']); + } + + } |