2 files changed, 75 insertions, 38 deletions

diff --git a/includes/account.php b/includes/account.php
index e3dbc9e..76de567 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2665,6 +2665,13 @@
 		mysql_query($query);
 	}
 
+	if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
+	{
+		$userid = intval($_REQUEST['userid']);
+		revoke_all_private_cert($userid);
+		$id=43;
+	}
+
 	if($oldid == 48 && $_REQUEST['domain'] == "")
 	{
 		$id = $oldid;
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index f703087..8b7c0a5 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -791,15 +791,7 @@
 	//called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
 	//called from account_delete
 		$mailid = intval($mailid);
-		$query = "select `emailcerts`.`id`
-			from `emaillink`,`emailcerts` where
-			`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
-			`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
-				group by `emailcerts`.`id`";
-		$dres = mysql_query($query);
-		while($drow = mysql_fetch_assoc($dres)){
-			mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
-		}
+		revoke_all_client_cert($mailid);
 		$query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
 		mysql_query($query);
 	}
@@ -811,23 +803,7 @@
 	//called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
 	//called from account_delete
 		$domainid = intval($domainid);
-		$query = "select distinct `domaincerts`.`id`
-			from `domaincerts`, `domlink`
-			where `domaincerts`.`domid` = '$domainid'
-			or (
-			`domaincerts`.`id` = `domlink`.`certid`
-			and `domlink`.`domid` = '$domainid')";
-		$dres = mysql_query($query);
-		while($drow = mysql_fetch_assoc($dres))
-		{
-			mysql_query(
-				"update `domaincerts`
-				set `revoked`='1970-01-01 10:00:01'
-				where `id` = '".$drow['id']."'
-				and `revoked` = 0
-				and UNIX_TIMESTAMP(`expire`) -
-				UNIX_TIMESTAMP() > 0");
-		}
+		revoke_all_server_cert($domainid);
 		mysql_query(
 			"update `domains`
 			set `deleted`=NOW()
@@ -943,7 +919,7 @@
 	// called from includes/account.php if($process != "" && $oldid == 1)
 	// called from includes/account.php	if($oldid == 50 && $process != "")
 		$email = mysql_real_escape_string($email);
-		$query = "select 1 from `email` where `email`='$email' and `deleted`=0";
+		$query = "select * from `email` where `email`='$email' and `deleted`=0";
 		$res = mysql_query($query);
 		return mysql_num_rows($res) > 0;
 	}
@@ -953,9 +929,9 @@
 		// called from includes/account.php	if($oldid == 50 && $process != "")
 		$uid = intval($uid);
 		if (0==$cca) {
-			$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
+			$query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()";
 		}else{
-			$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
+			$query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()+90*86400";
 		}
 		$res = mysql_query($query);
 		return mysql_num_rows($res) > 0;
@@ -966,11 +942,11 @@
 		// called from includes/account.php	if($oldid == 50 && $process != "")
 		$uid = intval($uid);
 		if (0==$cca) {
-			$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()";
-			$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
+			$query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
+			$query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
 		}else{
-			$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
-			$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+			$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
+			$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
 		}
 		$res = mysql_query($query1);
 		$r1 = mysql_num_rows($res)>0;
@@ -984,11 +960,11 @@
 		// called from includes/account.php	if($oldid == 50 && $process != "")
 		$uid = intval($uid);
 		if (0==$cca) {
-			$query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW()";
-			$query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()";
+			$query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
+			$query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
 		}else{
-			$query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
-			$query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+			$query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
+			$query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
 		}
 		$res = mysql_query($query1);
 		$r1 = mysql_num_rows($res)>0;
@@ -1000,7 +976,61 @@
 	function check_is_orgadmin($uid){
 		// called from includes/account.php	if($oldid == 50 && $process != "")
 		$uid = intval($uid);
-		$query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
+		$query = "select * from `org` where `memid`='$uid' and `deleted`=0";
 		$res = mysql_query($query);
 		return mysql_num_rows($res) > 0;
 	}
+
+
+	// revokation of certificates
+	function revoke_all_client_cert($mailid){
+		//revokes all client certificates for an email address
+		$mailid = intval($mailid);
+		$query = "select `emailcerts`.`id`
+			from `emaillink`,`emailcerts` where
+			`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0
+			group by `emailcerts`.`id`";
+		$dres = mysql_query($query);
+		while($drow = mysql_fetch_assoc($dres)){
+			mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+		}
+	}
+
+	function revoke_all_server_cert($domainid){
+		//revokes all server certs for an domain
+		$domainid = intval($domainid);
+		$query = "select distinct `domaincerts`.`id`
+			from `domaincerts`, `domlink`
+			where `domaincerts`.`domid` = '$domainid'
+			or (
+			`domaincerts`.`id` = `domlink`.`certid`
+			and `domlink`.`domid` = '$domainid')";
+		$dres = mysql_query($query);
+		while($drow = mysql_fetch_assoc($dres))
+		{
+			mysql_query(
+			"update `domaincerts`
+				set `revoked`='1970-01-01 10:00:01'
+				where `id` = '".$drow['id']."'
+				and `revoked` = 0");
+		}
+	}
+
+	function revoke_all_private_cert($uid){
+		//revokes all certificates linked to a personal accounts
+		//gpg revokation needs to be added to a later point
+		$uid=intval($uid);
+		$query = "select `id` from `email` where `memid`='".$uid."'";
+		$res=mysql_query($query);
+		while($row = mysql_fetch_assoc($res)){
+			revoke_all_client_cert($row['id']);
+		}
+
+
+		$query = "select `id` from `domains` where `memid`='".$uid."'";
+		$res=mysql_query($query);
+		while($row = mysql_fetch_assoc($res)){
+			revoke_all_server_cert($row['id']);
+		}
+
+	}