summaryrefslogtreecommitdiff
path: root/pages/account
diff options
context:
space:
mode:
Diffstat (limited to 'pages/account')
-rw-r--r--pages/account/13.php27
-rw-r--r--pages/account/15.php2
-rw-r--r--pages/account/16.php1
-rw-r--r--pages/account/17.php9
-rw-r--r--pages/account/19.php6
-rw-r--r--pages/account/23.php2
-rw-r--r--pages/account/24.php62
-rw-r--r--pages/account/27.php50
-rw-r--r--pages/account/41.php2
-rw-r--r--pages/account/43.php5
-rw-r--r--pages/account/48.php3
-rw-r--r--pages/account/49.php19
-rw-r--r--pages/account/53.php2
-rw-r--r--pages/account/54.php2
-rw-r--r--pages/account/6.php8
15 files changed, 84 insertions, 116 deletions
diff --git a/pages/account/13.php b/pages/account/13.php
index 080e277..767e721 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -14,8 +14,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
+*/
+
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
$res = mysql_query($query);
$user = mysql_fetch_assoc($res);
@@ -27,16 +27,23 @@
if($showdetails){
$body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
- $body .= _("You receive this automatic mail since you yourself or someone ".
+ $ip = anonymizeIp($_SERVER['REMOTE_ADDR']);
+ if($ip === false) {
+ $ip = _("Error anonymising IP/network information");
+ }
+ $body .= sprintf(_("You receive this automatic mail since you yourself or someone ".
"else looked up your secret questions and answers for a forgotten ".
"password.\n\n".
+ "Network: %s\nTime: %s\n\n".
"If it was you who looked up or changed that data, or clicked ".
"through the menu in your account, everything is in best order ".
"and you can ignore this mail.\n\n".
"But if you received this mail without a recognisable reason, ".
"there is a danger that an unauthorised person accessed your ".
"account, and you should promptly change your password and your ".
- "secret questions and answers.")."\n\n";
+ "secret questions and answers."),
+ $ip,
+ date("Y-m-d H:i:s T"))."\n\n";
$body .= _("Best regards")."\n"._("CAcert Support");
@@ -127,20 +134,10 @@
<td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
- <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
+ <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td>
</tr>
<? if($showdetails){ ?>
<tr>
- <td class="DataTD"><?=_("OTP Hash")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otphash"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("OTP PIN")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otppin"></td>
- </tr>
- <tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
diff --git a/pages/account/15.php b/pages/account/15.php
index 6cd3115..405cb44 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/16.php b/pages/account/16.php
index 8783bc5..829897f 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -104,6 +104,7 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
+<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>
<script language="javascript">
function showExpert(a)
diff --git a/pages/account/17.php b/pages/account/17.php
index 8ac8b65..0d5c2c7 100644
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -17,3 +17,12 @@
*/
require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
+
+?>
+ -- <?=_("or")?> --
+ <form method="post" action="account.php">
+ <input type="hidden" name="keytype" value="VI">
+ <textarea rows="20" cols="40" name="CSR"></textarea>
+ <input type="submit" name="submit" value="<?=_("Submit CSR")?>">
+ <input type="hidden" name="oldid" value="17">
+ </form>
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..d7259f3 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -31,7 +31,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
if($row['keytype'] == "NS")
{
@@ -52,6 +52,10 @@
showfooter();
exit;
}
+ } else if($row['keytype'] == "VI"){
+ showheader(_("My CAcert.org Account!"));
+ echo "<pre>".$cert."</pre>";
+ showfooter();
} else {
showheader(_("My CAcert.org Account!"));
?>
diff --git a/pages/account/23.php b/pages/account/23.php
index 4ec56c3..4255b47 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/24.php b/pages/account/24.php
index 14a47c0..2ad526e 100644
--- a/pages/account/24.php
+++ b/pages/account/24.php
@@ -16,51 +16,25 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- // Reset session variables regarding Org's, present empty form
- if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = "";
- if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = "";
- if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = "";
- if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = "";
- if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = "";
- if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = "";
-
+$orgname = '';
+$contactmail = '';
+$town = '';
+$state = '';
+$country = '';
+$comment = '';
+
+ // Reset session variables regarding Org's, present empty form
+if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = "";
+if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = "";
+if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = "";
+if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = "";
+if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = "";
+if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = "";
+
?>
<form method="post" action="account.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("New Organisation")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Organisation Name")?>:</td>
- <td class="DataTD"><input type="text" name="O" value="" maxlength="50" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Contact Email")?>:</td>
- <td class="DataTD"><input type="text" name="contact" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Town/Suburb")?>:</td>
- <td class="DataTD"><input type="text" name="L" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("State/Province")?>:</td>
- <td class="DataTD"><input type="text" name="ST" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="" size="5">
- <?php printf(_('(2 letter %s ISO code %s )'),
- '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
- '</a>')?>
- </td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><textarea name="comments" cols="60" rows="10"></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
- </tr>
-</table>
+<?
+org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 0);
+?>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
diff --git a/pages/account/27.php b/pages/account/27.php
index a1086d4..d07a781 100644
--- a/pages/account/27.php
+++ b/pages/account/27.php
@@ -16,46 +16,20 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+ $orgid = intval($_REQUEST['orgid']);
+ $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='" . $orgid . "'"));
+ $orgname = $row['O'];
+ $contactmail = $row['contact'];
+ $town = $row['L'];
+ $state = $row['ST'];
+ $country = $row['C'];
+ $comment = $row['comments'];
?>
<form method="post" action="account.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Edit Organisation")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Organisation Name")?>:</td>
- <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Contact Email")?>:</td>
- <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Town/Suburb")?>:</td>
- <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("State/Province")?>:</td>
- <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5">
- <?php printf(_('(2 letter %s ISO code %s )'),
- '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
- '</a>')?>
- </td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><textarea name="comments" cols=60 rows=10><?=($row['comments'])?></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
- </tr>
-</table>
+<?
+ org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 1);
+?>
<input type="hidden" name="oldid" value="<?=intval($id)?>">
-<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="orgid" value="<?=$orgid?>">
<input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" />
</form>
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..f644025 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/pages/account/43.php b/pages/account/43.php
index c889ce3..b876330 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -136,8 +136,7 @@ if(intval($_REQUEST['userid']) > 0) {
if ($res) {
$trow = mysql_fetch_assoc($res);
if ($trow) {
- mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
- fix_assurer_flag($trow['to']);
+ revoke_assurance(intval($assurance),$trow['to']);
}
}
}
diff --git a/pages/account/48.php b/pages/account/48.php
index 8cdd7ac..67f2520 100644
--- a/pages/account/48.php
+++ b/pages/account/48.php
@@ -26,6 +26,9 @@
<td class="DataTD"><input type="text" name="domain" value="<?=array_key_exists('domain',$_POST)?sanitizeHTML($_POST['domain']):''?>"></td>
</tr>
<tr>
+ <td class="DataTD" colspan="2"><?=_("For search by ID use # prefix e.g. #123456")?></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..9802917 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,14 +19,22 @@
$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
if($userid <= 0)
{
- $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
- if(!strstr($domain, "%"))
+ $domainsearch = $domain = mysql_real_escape_string(trim(stripslashes($_POST['domain'])));
+ if(!strstr($domain, "%")) {
$domainsearch = "%$domain%";
- if(preg_match("/^\d+$/",$domain))
+ }
+
+ //check if request is id if not set search ID to -1
+ if(preg_match('/^#(\d+)$/', $domain, $match)) {
$domainsearch = "";
+ $domainid = intval($match[1]);
+ } else {
+ $domainid = -1;
+ }
+
$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
where `users`.`id`=`domains`.`memid` and
- (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
+ (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domainid') and
`domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";
@@ -64,8 +72,7 @@
</tr>
</table><br><br><?
}
-
- $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
+ $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domainid' limit 100";
$res = mysql_query($query);
if(mysql_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..1ec04b2 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):"";
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..35dce33 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
- $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+ $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):"";
if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
diff --git a/pages/account/6.php b/pages/account/6.php
index 305fccb..fc21d39 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) {
}
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname $outform`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform");
header("Content-Type: application/pkix-cert");
header("Content-Length: ".strlen($cert));
@@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) {
} else {
// All other browsers
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER");
header("Content-Type: application/x-x509-user-cert");
header("Content-Length: ".strlen($cert));
@@ -111,10 +111,10 @@ if (array_key_exists('format', $_REQUEST)) {
// Allow to directly copy and paste the cert in PEM format
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
echo "<pre>$cert</pre>";
+?>
- ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Information about the certificate")?></td>