From df92c83b625715f223070d5d9c9e3f5b814560ec Mon Sep 17 00:00:00 2001 From: Markus Warg Date: Thu, 11 Mar 2010 15:19:46 +0100 Subject: source code taken from cacert-20100204.tar.bz2 --- cacert/CommModule/client.pl | 226 +++++++++--- cacert/CommModule/readme.txt | 6 +- cacert/includes/account.php | 56 +-- cacert/includes/account_stuff.php | 18 +- cacert/includes/general.php | 34 ++ cacert/includes/mysql.php.sample | 28 +- cacert/locale/ar.po | 139 +++++--- cacert/locale/bg.po | 141 +++++--- cacert/locale/cs.po | 159 ++++++--- cacert/locale/da.po | 143 +++++--- cacert/locale/de.po | 479 ++++++++++++++----------- cacert/locale/el.po | 141 +++++--- cacert/locale/es.po | 149 +++++--- cacert/locale/fa.po | 139 +++++--- cacert/locale/fi.po | 143 +++++--- cacert/locale/fr.po | 629 +++++++++++++++++--------------- cacert/locale/he.po | 139 +++++--- cacert/locale/hr.po | 139 +++++--- cacert/locale/hu.po | 245 ++++++++----- cacert/locale/is.po | 139 +++++--- cacert/locale/it.po | 145 +++++--- cacert/locale/ja.po | 143 +++++--- cacert/locale/ka.po | 139 +++++--- cacert/locale/ko.po | 139 +++++--- cacert/locale/nb.po | 139 +++++--- cacert/locale/nl.po | 165 ++++++--- cacert/locale/pl.po | 459 +++++++++++++----------- cacert/locale/pt.po | 141 +++++--- cacert/locale/ro.po | 139 +++++--- cacert/locale/ru.po | 139 +++++--- cacert/locale/sv.po | 191 ++++++---- cacert/locale/tl.po | 139 +++++--- cacert/locale/tr.po | 163 ++++++--- cacert/locale/zh.po | 143 +++++--- cacert/messages.po | 734 ++++++++++++++++++++------------------ cacert/pages/account/0.php | 4 +- cacert/pages/account/13.php | 36 +- cacert/pages/account/40.php | 2 +- cacert/pages/index/1.php | 2 +- cacert/pages/index/11.php | 2 +- cacert/pages/index/19.php | 5 + cacert/pages/index/8.php | 11 +- cacert/pages/wot/1.php | 11 +- cacert/pages/wot/2.php | 7 +- cacert/pages/wot/4.php | 5 + cacert/pages/wot/6.php | 12 +- cacert/scripts/updatesort.php | 2 +- cacert/www/.htaccess | 2 + cacert/www/api/ccsr.php | 2 +- cacert/www/gpg.php | 20 +- cacert/www/index.php | 24 +- cacert/www/stats.php | 445 ++++++++++++++--------- cacert/www/styles/default.css | 11 + 53 files changed, 4368 insertions(+), 2645 deletions(-) diff --git a/cacert/CommModule/client.pl b/cacert/CommModule/client.pl index 1073ccc..7b417d1 100755 --- a/cacert/CommModule/client.pl +++ b/cacert/CommModule/client.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl -w # CommModule - CAcert Communication Module -# Copyright (C) 2006-2008 CAcert Inc. +# Copyright (C) 2006-2009 CAcert Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -50,8 +50,9 @@ my $opensslbin="/usr/bin/openssl"; my $mysqlphp="/home/cacert/www/includes/mysql.php"; -my %revokefile=(2=>"../www/class3-revoke.crl",1=>"../www/revoke.crl",0=>"../www/revoke.crl"); +my %revokefile=(2=>"../www/class3-revoke.crl",1=>"../www/revoke.crl"); +my $newlayout=1; #End of configurations @@ -64,14 +65,19 @@ my %monarr = ("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" my $password=""; if(open IN,"<$mysqlphp") { -my $content=""; + my $content=""; undef $/; $content=; -$password=$1 if($content=~m/mysql_connect\("[^"]+",\s*"\w+",\s*"(\w+)"/); +$password=$1 if($content=~m/mysql_connect\s*\("[^"]+",\s*"\w+",\s*"(\w+)"/); close IN; $/="\n"; } +else +{ + die "Could not read file: $!\n"; +} + my $dbh = DBI->connect("DBI:mysql:cacert:localhost","cacert",$password, { RaiseError => 1, AutoCommit => 1 }) || die ("Error with the database connection.\n"); @@ -87,13 +93,6 @@ sub readfile($) } -#mkdir "revokehashes"; -foreach (keys %revokefile) -{ - my $revokehash=sha1_hex(readfile($revokefile{$_})); - print "Root $_: Hash $revokefile{$_} = $revokehash\n"; -} - #Logging functions: my $lastdate = ""; @@ -124,6 +123,15 @@ die $_[0]; my $timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime); +#mkdir "revokehashes"; +foreach (keys %revokefile) +{ + next unless (-f $revokefile{$_}); + my $revokehash=sha1_hex(readfile($revokefile{$_})); + SysLog "Root $_: Hash $revokefile{$_} = $revokehash\n"; +} + + sub mysql_query($) { @@ -292,7 +300,7 @@ sub SendHandshaked($) SysLog "Shaking hands ...\n" if($debug); SendIt("\x02"); - Error "Handshake uncompleted. Connection lost2!\n" if(!scalar($sel->can_read(20))); + Error "Handshake uncompleted. Connection lost2! $!\n" if(!scalar($sel->can_read(20))); my $data=""; my $length=read SER,$data,1; if($length && $data eq "\x10") @@ -363,12 +371,12 @@ my $tries=100000; while(!$blockfinished) { Error("Tried reading too often\n") if(($tries--)<=0); -print ("tries: $tries\n") if(!($tries%10)); +# SysLog ("tries: $tries") if(!($tries%10)); $data=""; if(!scalar($sel->can_read(5))) { -Error "Handshake uncompleted. Connection lost variant2!\n" ; +Error "Handshake uncompleted. Connection lost variant3! $!\n" ; return; } $length=read SER,$data,100,0; @@ -483,6 +491,30 @@ sub X509extractExpiryDate($) } return ""; } + +sub CRLuptodate($) +{ + return 0 unless(-f $_[0]); + my $data=`$opensslbin crl -in "$_[0]" -noout -lastupdate -inform der`; + SysLog "CRL: $data\n"; + #lastUpdate=Aug 8 10:26:34 2007 GMT + # Is the timezone handled properly? + if($data=~m/lastUpdate=(\w{2,4}) *(\d{1,2}) *(\d{1,2}:\d{1,2}:\d{1,2}) (\d{4}) GMT/) + { + my $date=sprintf("%04d-%02d-%02d",$4,$monarr{$1},$2); + SysLog "CRL Issueing Date found: $date\n" if($debug); + my $compare = strftime("%Y-%m-%d", localtime); + SysLog "Comparing $date with $compare\n" if($debug); + return $date eq $compare; + } + else + { + SysLog "Expiry Date not found. Perhaps DER format is necessary? Hint: $data\n"; + } + return 0; +} + + sub X509extractSerialNumber($) { # TIMEZONE ?!? @@ -583,6 +615,7 @@ sub setUsersLanguage($) sub getUserData($) { + return() unless($_[0]=~m/^\d+$/); my $sth = $dbh->prepare("select * from users where id='$_[0]'"); $sth->execute(); #SysLog "USER DUMP:\n"; @@ -673,7 +706,9 @@ sub sendmail($$$$$$$) { print $smtp "Content-Type: text/plain; charset=\"utf-8\"\r\n"; print $smtp "Content-Transfer-Encoding: 8bit\r\n"; - } else { + } + else + { print $smtp "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n"; print $smtp "Content-Transfer-Encoding: quoted-printable\r\n"; print $smtp "Content-Disposition: inline\r\n"; @@ -705,10 +740,17 @@ sub HandleCerts($$) while ( my $rowdata = $sth->fetchrow_hashref() ) { my %row=%{$rowdata}; - - my $csrname = "../csr/".$org.($server?"server-":"client-").$row{'id'}.".csr"; - my $crtname = "../crt/".$org.($server?"server-":"client-").$row{'id'}.".crt"; - + my $prefix=$org.($server?"server":"client"); + my $short=int($row{'id'}/1000); + my $csrname = "../csr/$prefix-".$row{'id'}.".csr"; + $csrname = "../csr/$prefix/$short/$prefix-".$row{'id'}.".csr" if($newlayout); + SysLog("New Layout: "."../csr/$prefix/$short/$prefix-".$row{'id'}.".csr\n"); + + #my $crtname = "../crt/$prefix-".$row{'id'}.".crt"; + my $crtname=$csrname; $crtname=~s/^\.\.\/csr/..\/crt/; $crtname=~s/\.csr$/.crt/; + my $dirname=$crtname; $dirname=~s/\/[^\/]*\.crt//; + mkdir $dirname,0777; + SysLog("New Layout: $crtname\n"); if($server) { @@ -851,8 +893,9 @@ sub HandleCerts($$) $body .= "Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); - } else { - + } + else + { SysLog("Could not find the issued certificate. $crtname ".$row{"id"}."\n"); $dbh->do("update `$table` set warning=warning+1 where `id`='".$row{'id'}."'"); } @@ -860,6 +903,75 @@ sub HandleCerts($$) } +sub DoCRL($$) +{ + my $crl=$_[0]; + my $crlname=$_[1]; + + if(length($crl)) + { + if($crl=~m/^-----BEGIN X509 CRL-----/) + { + open OUT,">$crlname.pem"; + print OUT $crl; + close OUT; + system "$opensslbin crl -in $crlname.pem -outform der -out $crlname.tmp"; + } + else + { + open OUT,">$crlname.patch"; + print OUT $crl; + close OUT; + my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp"; + #print "xdelta res: $res\n"; + if($res==512) + { + open OUT,">$crlname.tmp"; + print OUT $crl; + close OUT; + } + } + + my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`; + SysLog "verify: $res\n"; + if($res=~m/verify OK/) + { + rename "$crlname.tmp","$crlname"; + } + else + { + SysLog "VERIFICATION OF NEW CRL DID NOT SUCCEED! PLEASE REPAIR!\n"; + SysLog "Broken CRL is available as $crlname.tmp\n"; + #Override for testing: + rename "$crlname.tmp","$crlname"; + } + return 1; + } + else + { + SysLog("RECEIVED AN EMPTY CRL!\n"); + } + return 0; +} + + +sub RefreshCRLs() +{ + foreach my $rootcert (keys %revokefile) + { + if(!CRLuptodate($revokefile{$rootcert})) + { + SysLog "Update of the CRL $rootcert is necessary!\n"; + my $crlname = $revokefile{$rootcert}; + my $revokehash=sha1_hex(readfile($crlname)); + my $crl=Request($ver,2,1,$rootcert-1,0,0,365,0,"","",$revokehash); + #print "Received ".length($crl)." ".hexdump($crl)."\n"; + DoCRL($crl,$crlname); + } + } +} + + sub RevokeCerts($$) { my $org=$_[0]?"org":""; @@ -874,8 +986,19 @@ sub RevokeCerts($$) { my %row=%{$rowdata}; - my $csrname = "../csr/".$org.($server?"server-":"client-").$row{'id'}.".csr"; - my $crtname = "../crt/".$org.($server?"server-":"client-").$row{'id'}.".crt"; + my $prefix=$org.($server?"server":"client"); + my $short=int($row{'id'}/1000); + + my $csrname = "../csr/$prefix-".$row{'id'}.".csr"; + $csrname = "../csr/$prefix/$short/$prefix-".$row{'id'}.".csr" if($newlayout); + SysLog("New Layout: "."../csr/$prefix/$short/$prefix-".$row{'id'}.".csr\n"); + + #my $crtname = "../crt/$prefix-".$row{'id'}.".crt"; + my $crtname=$csrname; $crtname=~s/^\.\.\/csr/..\/crt/; $crtname=~s/\.csr$/.crt/; + SysLog("New Layout: $crtname\n"); + + #my $csrname = "../csr/".$org.($server?"server-":"client-").$row{'id'}.".csr"; + #my $crtname = "../crt/".$org.($server?"server-":"client-").$row{'id'}.".crt"; my $crlname = $revokefile{$row{'rootcert'}}; my $crt=""; @@ -889,34 +1012,9 @@ sub RevokeCerts($$) my $revokehash=sha1_hex(readfile($crlname)); my $crl=Request($ver,2,1,$row{'rootcert'}-1,0,0,365,0,$content,"",$revokehash); - if(length($crl)) - { - if(1) - { - open OUT,">$crlname.patch"; - print OUT $crl; - close OUT; - system "xdelta patch $crlname.patch $crlname $crlname.tmp"; - - } - #if($crl=~m/^-----BEGIN X509 CRL-----/) - #{ - # open OUT,">$crlname.pem"; - # print OUT $crl; - # close OUT; - # system "$opensslbin crl -in $crlname.pem -outform der -out $crlname.tmp"; - #} - #else - #{ - # open OUT,">$crlname.tmp"; - # print OUT $crl; - # close OUT; - #} - rename "$crlname.tmp","$crlname"; + my $result=DoCRL($crl,$crlname); - } - - if(-s $crlname) + if($result) { setUsersLanguage($row{memid}); @@ -934,7 +1032,7 @@ sub RevokeCerts($$) } else { - SysLog("Error: $crtname $!\n") if($debug); + SysLog("Error in RevokeCerts: $crtname $!\n") if($debug); } } @@ -944,7 +1042,6 @@ sub RevokeCerts($$) - sub HandleGPG() { my $sth = $dbh->prepare("select * from gpg where crt='' and csr!='' "); @@ -954,8 +1051,19 @@ sub HandleGPG() { my %row=%{$rowdata}; - my $csrname = "../csr/gpg-".$row{'id'}.".csr"; - my $crtname = "../crt/gpg-".$row{'id'}.".crt"; + my $prefix="gpg"; + my $short=int($row{'id'}/1000); + my $csrname = "../csr/$prefix-".$row{'id'}.".csr"; + $csrname = "../csr/$prefix/$short/$prefix-".$row{'id'}.".csr" if($newlayout); + SysLog("New Layout: "."../csr/$prefix/$short/$prefix-".$row{'id'}.".csr\n"); + + #my $crtname = "../crt/$prefix-".$row{'id'}.".crt"; + my $crtname=$csrname; $crtname=~s/^\.\.\/csr/..\/crt/; $crtname=~s/\.csr$/.crt/; + SysLog("New Layout: $crtname\n"); + + + #my $csrname = "../csr/gpg-".$row{'id'}.".csr"; + #my $crtname = "../crt/gpg-".$row{'id'}.".crt"; SysLog "Opening $csrname\n"; @@ -1010,7 +1118,9 @@ sub HandleGPG() # Main program loop -while(1) +my $crlcheck=0; + +while ( -f "./client.pl-active" ) { SysLog("Handling GPG database ...\n"); HandleGPG(); @@ -1025,6 +1135,9 @@ while(1) RevokeCerts(1,0); #org client certs RevokeCerts(1,1); #org server certs + $crlcheck++; + RefreshCRLs() if(($crlcheck%100) == 1); + #print "Sign Request X.509, Root0\n"; #my $reqcontent=""; #Request($ver,1,1,0,5,2,365,0,$reqcontent,"","/CN=supertest.cacert.at"); @@ -1032,5 +1145,6 @@ while(1) SysLog("NUL Request:\n"); my $timestamp=strftime("%m%d%H%M%Y.%S",gmtime); Request($ver,0,0,0,0,0,0,0,$timestamp,"",""); - usleep(700000); + sleep(1); + usleep(1700000); } diff --git a/cacert/CommModule/readme.txt b/cacert/CommModule/readme.txt index 206f09d..d832491 100644 --- a/cacert/CommModule/readme.txt +++ b/cacert/CommModule/readme.txt @@ -1,4 +1,6 @@ client.pl The real client, running on the webserver +commdaemon Script to run client.pl or server.pl +commmodule Script for startup/shutdown of CommModule from /etc/init.d +logclean.sh Maintenance script for logfiles generated by CommModule serial.conf Serial Port configuration file -SerialPort.so A part of the serial port module -error.txt Textfile with the error message for sending emails +usbclient.pl Obsoleted USB version of client.pl above diff --git a/cacert/includes/account.php b/cacert/includes/account.php index 6488574..c264a09 100644 --- a/cacert/includes/account.php +++ b/cacert/includes/account.php @@ -67,7 +67,7 @@ if(mysql_num_rows($res) > 0) { showheader(_("My CAcert.org Account!")); - printf(_("The email address '%s' is already in the system. Can't continue."), sanitizeHTML($_REQUEST['email'])); + printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email'])); showfooter(); exit; } @@ -295,6 +295,9 @@ if($_SESSION['_config']['incname'] == 4) $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n"; } + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) + $_SESSION['_config']['rootcert'] = 1; + $emails .= "SPKAC = $spkac"; $query = "insert into emailcerts set `CN`='$defaultemail', @@ -309,7 +312,7 @@ if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/client-".intval($emailid).".csr"; + $CSRname=generatecertpath("csr","client",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); @@ -374,6 +377,8 @@ $csr .= $data; fclose($fp); @unlink($tmpname); + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) + $_SESSION['_config']['rootcert'] = 1; if($csr == "") { @@ -396,7 +401,7 @@ if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr"; + $CSRname=generatecertpath("csr","client",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); @@ -452,7 +457,7 @@ $oldid=0; $id = 7; showheader(_("My CAcert.org Account!")); - printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($newdomain)); + printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain)); showfooter(); exit; } @@ -532,7 +537,7 @@ if(mysql_num_rows($res) > 0) { showheader(_("My CAcert.org Account!")); - printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain'])); + printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain'])); showfooter(); exit; } @@ -690,6 +695,8 @@ if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; } } + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) + $_SESSION['_config']['rootcert'] = 1; if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { @@ -722,7 +729,7 @@ foreach($_SESSION['_config']['altid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr"; + $CSRname=generatecertpath("csr","server",$CSRid); if(!file_exists($_SESSION['_config']['tmpfname'])) { showheader(_("My CAcert.org Account!")); @@ -786,7 +793,7 @@ `pkhash`='".$row['pkhash']."'"; mysql_query($query); $newid = mysql_insert_id(); - $newfile = $_SESSION['_config']['filepath']."/csr/server-$newid.csr"; + $newfile=generatecertpath("csr","server",$newid); copy($row['csr_name'], $newfile); $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`); $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); @@ -953,7 +960,7 @@ `rootcert`='".$row['rootcert']."'"; mysql_query($query); $newid = mysql_insert_id(); - $newfile = $_SESSION['_config']['filepath']."/csr/client-$newid.csr"; + $newfile=generatecertpath("csr","client",$newid); copy($row['csr_name'], $newfile); mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'"); $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'"); @@ -970,14 +977,14 @@ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "", ""); } else { printf(_("Certificate for '%s' has been renewed."), $row['CN']); - echo "". - _("Click here")." "._("to install your certificate."); + echo "
\n". + _("Click here")." "._("to install your certificate.")."

\n"; } } } else { - echo _("You did not select any certificates for renewal."); + echo _("You did not select any certificates for renewal.")."
"; } showfooter(); @@ -1366,6 +1373,8 @@ $emails .= "stateOrProvinceName = ".$org['ST']."\n"; if($org['C']) $emails .= "countryName = ".$org['C']."\n"; + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) + $_SESSION['_config']['rootcert'] = 1; $emails .= "SPKAC = $spkac"; $query = "insert into `orgemailcerts` set @@ -1381,7 +1390,7 @@ foreach($_SESSION['_config']['domids'] as $addy) mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/orgclient-$emailid.csr"; + $CSRname=generatecertpath("csr","orgclient",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); @@ -1444,6 +1453,9 @@ showfooter(); exit; } + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) + $_SESSION['_config']['rootcert'] = 1; + $query = "insert into `orgemailcerts` set `CN`='$defaultemail', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "', @@ -1458,7 +1470,7 @@ foreach($_SESSION['_config']['domids'] as $addy) mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/orgclient-$emailid.csr"; + $CSRname=generatecertpath("csr","orgclient",$emailid); $fp = fopen($CSRname, "w"); fputs($fp, $csr); fclose($fp); @@ -1520,7 +1532,7 @@ `rootcert`='".$row['rootcert']."'"; mysql_query($query); $newid = mysql_insert_id(); - $newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr"; + $newfile=generatecertpath("csr","orgclient",$newid); copy($row['csr_name'], $newfile); mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); waitForResult("orgemailcerts", $newid,$oldid,0); @@ -1715,6 +1727,8 @@ $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; + if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) + $_SESSION['_config']['rootcert'] = 1; if($_SESSION['_config']['rowid']['0'] > 0) { @@ -1737,7 +1751,7 @@ mysql_query($query); $CSRid = mysql_insert_id(); - $CSRname = $_SESSION['_config']['filepath']."/csr/orgserver-$CSRid.csr"; + $CSRname=generatecertpath("csr","orgserver",$CSRid); rename($_SESSION['_config']['tmpfname'], $CSRname); chmod($CSRname,0644); mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); @@ -1803,7 +1817,7 @@ mysql_query($query); $newid = mysql_insert_id(); //echo "NewID: $newid
\n"; - $newfile = $_SESSION['_config']['filepath']."/csr/orgserver-$newid.csr"; + $newfile=generatecertpath("csr","orgserver",$newid); copy($row['csr_name'], $newfile); mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'"); echo _("Renewing").": ".$row['CN']."
\n"; @@ -1973,7 +1987,7 @@ $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'"); if(mysql_num_rows($res1) > 0) { - $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain)); + $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; $oldid=0; } @@ -2003,7 +2017,7 @@ $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { - $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain)); + $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; $oldid=0; } @@ -2275,8 +2289,8 @@ $newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0); $locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0); $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):""; - $long = array_key_exists('longitude',$_REQUEST)?doubleval($_REQUEST['longitude']):""; - $lat = array_key_exists('latitude', $_REQUEST)?doubleval($_REQUEST['latitude']):""; + $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):""; + $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):""; $action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:""; if($locid > 0 && $action == "edit") @@ -2496,7 +2510,7 @@ foreach($_SESSION['_config']['altid'] as $dom) mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); - $CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr"; + $CSRname=generatecertpath("csr","server",$CSRid); $fp = fopen($CSRname, "w"); fputs($fp, $_SESSION['_config']['CSR']); fclose($fp); diff --git a/cacert/includes/account_stuff.php b/cacert/includes/account_stuff.php index 832fe54..39ae5ed 100644 --- a/cacert/includes/account_stuff.php +++ b/cacert/includes/account_stuff.php @@ -220,7 +220,7 @@ function hideall() {