2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once('lib/check_weak_key.php');
24 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
25 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
26 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
28 $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
29 $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
30 $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
31 $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
34 if(!$_SESSION['mconn'])
36 echo _("Several CAcert Services are currently unavailable. Please try again later.");
40 if ($process == _("Cancel"))
42 // General reset CANCEL process requests
47 if($id == 45 ||
$id == 46 ||
$oldid == 45 ||
$oldid == 46)
53 if($process != "" && $oldid == 1)
56 csrf_check('addemail');
57 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
59 showheader(_("My CAcert.org Account!"));
60 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
64 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
66 showheader(_("My CAcert.org Account!"));
67 printf(_("Not a valid email address. Can't continue."));
72 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
73 $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
74 $res = mysql_query($query);
75 if(mysql_num_rows($res) > 0)
77 showheader(_("My CAcert.org Account!"));
78 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
82 $checkemail = checkEmail($_REQUEST['newemail']);
83 if($checkemail != "OK")
85 showheader(_("My CAcert.org Account!"));
86 if (substr($checkemail, 0, 1) == "4")
88 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
90 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
92 echo "<p>$checkemail</p>\n";
97 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
99 $emailid = mysql_insert_id();
101 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
102 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
103 $body .= _("Best regards")."\n"._("CAcert.org Support!");
105 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
107 showheader(_("My CAcert.org Account!"));
108 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
113 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
116 $emailid = intval($_REQUEST['emailid']);
117 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
118 $res = mysql_query($query);
119 if(mysql_num_rows($res) <= 0)
121 showheader(_("Error!"));
122 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
126 $row = mysql_fetch_assoc($res);
127 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
128 $body .= _("You are receiving this email because you or someone else ".
129 "has changed the default email on your account.")."\n\n";
131 $body .= _("Best regards")."\n"._("CAcert.org Support!");
133 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
134 "support@cacert.org", "", "", "CAcert Support");
136 $_SESSION['profile']['email'] = $row['email'];
137 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
139 showheader(_("My CAcert.org Account!"));
140 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
145 if($process != "" && $oldid == 2)
148 csrf_check("chgdef");
149 showheader(_("My CAcert.org Account!"));
151 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
153 foreach($_REQUEST['delid'] as $id)
156 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
157 `email`!='".$_SESSION['profile']['email']."'";
158 $res = mysql_query($query);
159 if(mysql_num_rows($res) > 0)
161 $row = mysql_fetch_assoc($res);
162 echo $row['email']."<br>\n";
163 $query = "select `emailcerts`.`id`
164 from `emaillink`,`emailcerts` where
165 `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
166 `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
167 group by `emailcerts`.`id`";
168 $dres = mysql_query($query);
169 while($drow = mysql_fetch_assoc($dres))
170 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
172 $query = "update `email` set `deleted`=NOW() where `id`='$id'";
180 echo _("You did not select any email accounts for removal.");
184 echo _("The following accounts have been removed:")."<br>\n";
186 echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
193 if($process != "" && $oldid == 3)
195 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
197 showheader(_("My CAcert.org Account!"));
198 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
203 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
205 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
206 if($_SESSION['profile']['points'] >= 50)
207 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
208 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 ||
$_SESSION['profile']['points'] < 100))
210 $_REQUEST['codesign'] = 0;
212 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
214 if($_SESSION['_config']['incname'] < 1 ||
$_SESSION['_config']['incname'] > 4)
215 $_SESSION['_config']['incname'] = 1;
217 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
218 $_SESSION['_config']['codesign'] = 1;
220 $_SESSION['_config']['codesign'] = 0;
222 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
223 $_SESSION['_config']['disablelogin'] = 0;
225 $_SESSION['_config']['disablelogin'] = 1;
227 $_SESSION['_config']['rootcert'] = 1;
228 if($_SESSION['profile']['points'] >= 50)
230 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
231 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
232 $_SESSION['_config']['rootcert'] = 1;
235 if(trim($_REQUEST['optionalCSR']) == "")
240 $_REQUEST['keytype'] = "MS";
241 $csr = clean_csr($_REQUEST['optionalCSR']);
247 if($_REQUEST['keytype'] == "NS")
249 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
251 if($spkac=="" ||
$spkac == "deadbeef")
254 showheader(_("My CAcert.org Account!"));
255 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
263 if(is_array($_SESSION['_config']['addid']))
264 foreach($_SESSION['_config']['addid'] as $id)
266 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
267 if(mysql_num_rows($res) > 0)
269 $row = mysql_fetch_assoc($res);
271 $defaultemail = $row['email'];
272 $emails .= "$count.emailAddress = ".$row['email']."\n";
274 $addys[] = intval($row['id']);
277 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
280 showheader(_("My CAcert.org Account!"));
281 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
285 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
286 if($_SESSION['_config']['SSO'] == 1)
287 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
289 if(strlen($user['mname']) == 1)
290 $user['mname'] .= '.';
291 if(!array_key_exists('incname',$_SESSION['_config']) ||
$_SESSION['_config']['incname'] <= 0 ||
$_SESSION['_config']['incname'] > 4)
293 $emails .= "commonName = CAcert WoT User\n";
297 if($_SESSION['_config']['incname'] == 1)
298 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
299 if($_SESSION['_config']['incname'] == 2)
300 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
301 if($_SESSION['_config']['incname'] == 3)
302 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
303 if($_SESSION['_config']['incname'] == 4)
304 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
306 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
307 $_SESSION['_config']['rootcert'] = 1;
309 $emails .= "SPKAC = $spkac";
310 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
313 showheader(_("My CAcert.org Account!"));
319 $query = "insert into emailcerts set
320 `CN`='$defaultemail',
322 `memid`='".intval($_SESSION['profile']['id'])."',
323 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
324 `codesign`='".intval($_SESSION['_config']['codesign'])."',
325 `disablelogin`='".($_SESSION['_config']['disablelogin']?
1:0)."',
326 `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
328 $emailid = mysql_insert_id();
330 foreach($addys as $addy)
331 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
332 $CSRname=generatecertpath("csr","client",$emailid);
333 $fp = fopen($CSRname, "w");
336 $challenge=$_SESSION['spkac_hash'];
337 $res=`openssl spkac
-verify
-in
$CSRname`
;
338 if(!strstr($res,"Challenge String: ".$challenge))
341 showheader(_("My CAcert.org Account!"));
342 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
346 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
347 } else if($_REQUEST['keytype'] == "MS" ||
$_REQUEST['keytype'] == "VI") {
349 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
351 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
354 showheader(_("My CAcert.org Account!"));
360 $tmpfname = tempnam("/tmp", "id4CSR");
361 $fp = fopen($tmpfname, "w");
369 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
370 if(strlen($user['mname']) == 1)
371 $user['mname'] .= '.';
372 if($_SESSION['_config']['incname'] <= 0 ||
$_SESSION['_config']['incname'] > 4)
373 $csrsubject = "/CN=CAcert WoT User";
374 if($_SESSION['_config']['incname'] == 1)
375 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
376 if($_SESSION['_config']['incname'] == 2)
377 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
378 if($_SESSION['_config']['incname'] == 3)
379 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
380 if($_SESSION['_config']['incname'] == 4)
381 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
382 if(is_array($_SESSION['_config']['addid']))
383 foreach($_SESSION['_config']['addid'] as $id)
385 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
386 if(mysql_num_rows($res) > 0)
388 $row = mysql_fetch_assoc($res);
389 if($defaultemail == "")
390 $defaultemail = $row['email'];
391 $csrsubject .= "/emailAddress=".$row['email'];
392 $addys[] = $row['id'];
395 if($_SESSION['_config']['SSO'] == 1)
396 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
398 $tmpname = tempnam("/tmp", "id4csr");
399 $do = `
/usr
/bin
/openssl req
-in
$tmpfname -out
$tmpname`
; // -subj "$csr"`;
402 $fp = fopen($tmpname, "r");
403 while($data = fgets($fp, 4096))
407 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
408 $_SESSION['_config']['rootcert'] = 1;
413 showheader(_("My CAcert.org Account!"));
414 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
418 $query = "insert into emailcerts set
419 `CN`='$defaultemail',
420 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
421 `memid`='".$_SESSION['profile']['id']."',
422 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
423 `subject`='".mysql_real_escape_string($csrsubject)."',
424 `codesign`='".$_SESSION['_config']['codesign']."',
425 `rootcert`='".$_SESSION['_config']['rootcert']."'";
427 $emailid = mysql_insert_id();
429 foreach($addys as $addy)
430 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
431 $CSRname=generatecertpath("csr","client",$emailid);
432 $fp = fopen($CSRname, "w");
435 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
437 waitForResult("emailcerts", $emailid, 4);
438 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
439 $res = mysql_query($query);
440 if(mysql_num_rows($res) <= 0)
443 showheader(_("My CAcert.org Account!"));
444 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
450 $_REQUEST['cert']=$emailid;
456 csrf_check("adddomain");
457 if(strstr($_REQUEST['newdomain'],"\x00"))
459 showheader(_("My CAcert.org Account!"));
460 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
465 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
466 while($newdomain['0'] == '-')
467 $newdomain = substr($newdomain, 1);
468 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
470 showheader(_("My CAcert.org Account!"));
471 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
476 $newdom = trim(escapeshellarg($newdomain));
477 $newdomain = mysql_real_escape_string(trim($newdomain));
479 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
480 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
481 $res2 = mysql_query($query);
482 if(mysql_num_rows($res1) > 0 ||
mysql_num_rows($res2))
486 showheader(_("My CAcert.org Account!"));
487 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
499 if(strtolower(substr($newdom, -4, 3)) != ".jp")
500 $adds = explode("\n", trim(`
/usr
/bin
/whois
$newdom|grep
"@"`
));
501 if(substr($newdomain, -4) == ".org" ||
substr($newdomain, -5) == ".info")
504 foreach($adds as $line)
506 $bits = explode(":", $line, 2);
507 $line = trim($bits[1]);
508 if(!in_array($line, $addy) && $line != "")
509 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
513 foreach($adds as $line)
515 $line = trim(str_replace("\t", " ", $line));
516 $line = trim(str_replace("(", "", $line));
517 $line = trim(str_replace(")", " ", $line));
518 $line = trim(str_replace(":", " ", $line));
520 $bits = explode(" ", $line);
521 foreach($bits as $bit)
523 if(strstr($bit, "@"))
526 if(!in_array($line, $addy) && $line != "")
527 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
531 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
532 foreach($rfc as $sub)
533 if(!in_array($sub, $addy))
535 $_SESSION['_config']['addy'] = $addy;
536 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
539 if($process != "" && $oldid == 8)
541 csrf_check('ctcinfo');
545 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
547 if($authaddy == "" ||
!is_array($_SESSION['_config']['addy']))
549 showheader(_("My CAcert.org Account!"));
550 echo _("The address you submitted isn't a valid authority address for the domain.");
555 if(!in_array($authaddy, $_SESSION['_config']['addy']))
557 showheader(_("My CAcert.org Account!"));
558 echo _("The address you submitted isn't a valid authority address for the domain.");
563 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
564 $res = mysql_query($query);
565 if(mysql_num_rows($res) > 0)
567 showheader(_("My CAcert.org Account!"));
568 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
572 $checkemail = checkEmail($authaddy);
573 if($checkemail != "OK")
575 showheader(_("My CAcert.org Account!"));
576 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
577 if (substr($checkemail, 0, 1) == "4")
579 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
581 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
583 echo "<p>$checkemail</p>\n";
589 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
590 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
592 $domainid = mysql_insert_id();
594 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
595 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
596 $body .= _("Best regards")."\n"._("CAcert.org Support!");
598 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
600 showheader(_("My CAcert.org Account!"));
601 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
606 if($process != "" && $oldid == 9)
609 showheader(_("My CAcert.org Account!"));
610 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
612 echo _("The following domains have been removed:")."<br>
613 ("._("Any valid certificates will be revoked as well").")<br>\n";
615 foreach($_REQUEST['delid'] as $id)
618 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
619 $res = mysql_query($query);
620 if(mysql_num_rows($res) > 0)
622 $row = mysql_fetch_assoc($res);
623 echo $row['domain']."<br>\n";
626 "select distinct `domaincerts`.`id`
627 from `domaincerts`, `domlink`
628 where `domaincerts`.`domid` = '$id'
630 `domaincerts`.`id` = `domlink`.`certid`
631 and `domlink`.`domid` = '$id'
633 while($drow = mysql_fetch_assoc($dres))
636 "update `domaincerts`
637 set `revoked`='1970-01-01 10:00:01'
638 where `id` = '".$drow['id']."'
640 and UNIX_TIMESTAMP(`expire`) -
641 UNIX_TIMESTAMP() > 0");
647 where `id` = '$id'");
653 echo _("You did not select any domains for removal.");
660 if($process != "" && $oldid == 10)
662 $CSR = clean_csr($_REQUEST['CSR']);
663 if(strpos($CSR,"---BEGIN")===FALSE
)
665 // In case the CSR is missing the ---BEGIN lines, add them automatically:
666 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
669 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
671 showheader(_("My CAcert.org Account!"));
677 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
678 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
681 $CSR = $_SESSION['_config']['tmpfname'];
682 $_SESSION['_config']['subject'] = trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
"Subject:"`
);
683 $bits = explode(",", trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
-A1
'X509v3 Subject Alternative Name:'|grep DNS
:`
));
684 foreach($bits as $val)
686 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
690 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
695 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
697 showheader(_("My CAcert.org Account!"));
698 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
703 $_SESSION['_config']['rootcert'] = 1;
704 if($_SESSION['profile']['points'] >= 50)
706 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
707 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
708 $_SESSION['_config']['rootcert'] = 1;
712 if($process != "" && $oldid == 11)
714 if(!file_exists($_SESSION['_config']['tmpfname']))
716 showheader(_("My CAcert.org Account!"));
717 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
722 if (($weakKey = checkWeakKeyCSR(file_get_contents(
723 $_SESSION['_config']['tmpfname']))) !== "")
725 showheader(_("My CAcert.org Account!"));
732 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
734 showheader(_("My CAcert.org Account!"));
735 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
743 if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
745 if(is_array($_SESSION['_config']['rows']))
746 foreach($_SESSION['_config']['rows'] as $row)
751 $subject .= "/CN=$row";
752 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
753 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
755 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
756 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
759 if(is_array($_SESSION['_config']['altrows']))
760 foreach($_SESSION['_config']['altrows'] as $row)
762 if(substr($row, 0, 4) == "DNS:")
764 $row = substr($row, 4);
765 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
766 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
769 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
770 $_SESSION['_config']['rootcert'] = 1;
772 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
774 $query = "insert into `domaincerts` set
775 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
776 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
777 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
778 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
779 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
780 $query = "insert into `domaincerts` set
781 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
782 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
783 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
784 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
786 showheader(_("My CAcert.org Account!"));
787 echo _("Domain not verified.");
794 $CSRid = mysql_insert_id();
796 if(is_array($_SESSION['_config']['rowid']))
797 foreach($_SESSION['_config']['rowid'] as $dom)
798 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
799 if(is_array($_SESSION['_config']['altid']))
800 foreach($_SESSION['_config']['altid'] as $dom)
801 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
803 $CSRname=generatecertpath("csr","server",$CSRid);
804 rename($_SESSION['_config']['tmpfname'], $CSRname);
805 chmod($CSRname,0644);
806 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
807 waitForResult("domaincerts", $CSRid, 11);
808 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
809 $res = mysql_query($query);
810 if(mysql_num_rows($res) <= 0)
813 showheader(_("My CAcert.org Account!"));
814 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
820 $_REQUEST['cert']=$CSRid;
824 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
826 csrf_check('srvcerchange');
828 showheader(_("My CAcert.org Account!"));
829 if(is_array($_REQUEST['revokeid']))
831 echo _("Now renewing the following certificates:")."<br>\n";
832 foreach($_REQUEST['revokeid'] as $id)
835 echo _("Processing request")." $id:<br/>";
836 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
837 where `domaincerts`.`id`='$id' and
838 `domaincerts`.`domid`=`domains`.`id` and
839 `domains`.`memid`='".$_SESSION['profile']['id']."'";
840 $res = mysql_query($query);
841 if(mysql_num_rows($res) <= 0)
843 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
847 $row = mysql_fetch_assoc($res);
849 if (($weakKey = checkWeakKeyX509(file_get_contents(
850 $row['crt_name']))) !== "")
852 echo $weakKey, "<br/>\n";
856 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
857 $query = "insert into `domaincerts` set
858 `domid`='".$row['domid']."',
859 `CN`='".mysql_real_escape_string($row['CN'])."',
860 `subject`='".mysql_real_escape_string($row['subject'])."',".
861 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
862 "`created`='".$row['created']."',
864 `rootcert`='".$row['rootcert']."',
865 `type`='".$row['type']."',
866 `pkhash`='".$row['pkhash']."'";
868 $newid = mysql_insert_id();
869 $newfile=generatecertpath("csr","server",$newid);
870 copy($row['csr_name'], $newfile);
871 $_SESSION['_config']['subject'] = trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$newfile"|tr
-d
"\\0"|grep
"Subject:"`
);
872 $bits = explode(",", trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$newfile"|tr
-d
"\\0"|grep
-A1
'X509v3 Subject Alternative Name:'|grep DNS
:`
));
873 foreach($bits as $val)
875 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
877 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
882 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
884 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
890 if(is_array($_SESSION['_config']['rows']))
891 foreach($_SESSION['_config']['rows'] as $row)
896 $subject .= "/CN=$row";
897 if(!strstr($subject, "=$row/") &&
898 substr($subject, -strlen("=$row")) != "=$row")
899 $subject .= "/subjectAltName=$row";
901 if(!strstr($subject, "=$row/") &&
902 substr($subject, -strlen("=$row")) != "=$row")
903 $subject .= "/subjectAltName=$row";
906 if(is_array($_SESSION['_config']['altrows']))
907 foreach($_SESSION['_config']['altrows'] as $row)
908 if(!strstr($subject, "=$row/") &&
909 substr($subject, -strlen("=$row")) != "=$row")
910 $subject .= "/subjectAltName=$row";
911 $subject = mysql_real_escape_string($subject);
912 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
914 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
915 waitForResult("domaincerts", $newid,$oldid,0);
916 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
917 $res = mysql_query($query);
918 if(mysql_num_rows($res) <= 0)
920 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
922 $drow = mysql_fetch_assoc($res);
923 $cert = `
/usr
/bin
/openssl x509
-in
$drow[crt_name
]`
;
924 echo "<pre>\n$cert\n</pre>\n";
930 echo _("You did not select any certificates for renewal.");
936 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
938 csrf_check('srvcerchange');
940 showheader(_("My CAcert.org Account!"));
941 if(is_array($_REQUEST['revokeid']))
943 echo _("Now revoking the following certificates:")."<br>\n";
944 foreach($_REQUEST['revokeid'] as $id)
947 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
948 where `domaincerts`.`id`='$id' and
949 `domaincerts`.`domid`=`domains`.`id` and
950 `domains`.`memid`='".$_SESSION['profile']['id']."'";
951 $res = mysql_query($query);
952 if(mysql_num_rows($res) <= 0)
954 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
957 $row = mysql_fetch_assoc($res);
958 if($row['revoke'] > 0)
960 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
963 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
964 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
969 echo _("You did not select any certificates for revocation.");
972 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
974 echo _("Now deleting the following pending requests:")."<br>\n";
975 foreach($_REQUEST['delid'] as $id)
978 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
979 where `domaincerts`.`id`='$id' and
980 `domaincerts`.`domid`=`domains`.`id` and
981 `domains`.`memid`='".$_SESSION['profile']['id']."'";
982 $res = mysql_query($query);
983 if(mysql_num_rows($res) <= 0)
985 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
988 $row = mysql_fetch_assoc($res);
989 if($row['expired'] > 0)
991 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
994 mysql_query("delete from `domaincerts` where `id`='$id'");
995 @unlink
($row['csr_name']);
996 @unlink
($row['crt_name']);
997 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1004 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1006 showheader(_("My CAcert.org Account!"));
1007 if(is_array($_REQUEST['revokeid']))
1009 echo _("Now renewing the following certificates:")."<br>\n";
1010 foreach($_REQUEST['revokeid'] as $id)
1013 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1014 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1015 $res = mysql_query($query);
1016 if(mysql_num_rows($res) <= 0)
1018 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1022 $row = mysql_fetch_assoc($res);
1024 if (($weakKey = checkWeakKeyX509(file_get_contents(
1025 $row['crt_name']))) !== "")
1027 echo $weakKey, "<br/>\n";
1031 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1032 $query = "insert into emailcerts set
1033 `memid`='".$row['memid']."',
1034 `CN`='".mysql_real_escape_string($row['CN'])."',
1035 `subject`='".mysql_real_escape_string($row['subject'])."',
1036 `keytype`='".$row['keytype']."',
1037 `csr_name`='".$row['csr_name']."',
1038 `created`='".$row['created']."',
1040 `disablelogin`='".$row['disablelogin']."',
1041 `codesign`='".$row['codesign']."',
1042 `rootcert`='".$row['rootcert']."'";
1043 mysql_query($query);
1044 $newid = mysql_insert_id();
1045 $newfile=generatecertpath("csr","client",$newid);
1046 copy($row['csr_name'], $newfile);
1047 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1048 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1049 while($r2 = mysql_fetch_assoc($res))
1051 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1052 `emailcertsid`='$newid'");
1054 waitForResult("emailcerts", $newid,$oldid,0);
1055 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1056 $res = mysql_query($query);
1057 if(mysql_num_rows($res) <= 0)
1059 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1061 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1062 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1063 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1069 echo _("You did not select any certificates for renewal.")."<br/>";
1076 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1079 showheader(_("My CAcert.org Account!"));
1080 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1082 echo _("Now revoking the following certificates:")."<br>\n";
1083 foreach($_REQUEST['revokeid'] as $id)
1086 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1087 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1088 $res = mysql_query($query);
1089 if(mysql_num_rows($res) <= 0)
1091 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1094 $row = mysql_fetch_assoc($res);
1095 if($row['revoke'] > 0)
1097 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1100 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1101 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1106 echo _("You did not select any certificates for revocation.");
1109 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1111 echo _("Now deleting the following pending requests:")."<br>\n";
1112 foreach($_REQUEST['delid'] as $id)
1115 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1116 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1117 $res = mysql_query($query);
1118 if(mysql_num_rows($res) <= 0)
1120 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1123 $row = mysql_fetch_assoc($res);
1124 if($row['expired'] > 0)
1126 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1129 mysql_query("delete from `emailcerts` where `id`='$id'");
1130 @unlink
($row['csr_name']);
1131 @unlink
($row['crt_name']);
1132 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1139 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1141 showheader(_("My CAcert.org Account!"));
1142 //echo _("Now changing the settings for the following certificates:")."<br>\n";
1143 foreach($_REQUEST as $id => $val)
1146 if(substr($id,0,5)=="cert_")
1148 $id = intval(substr($id,5));
1149 $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?
"0":"1";
1150 //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
1151 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
1152 //$row = mysql_fetch_assoc($res);
1155 echo(_("Certificate settings have been changed.")."<br/>\n");
1161 if($oldid == 13 && $process != "")
1163 csrf_check("perschange");
1164 $_SESSION['_config']['user'] = $_SESSION['profile'];
1166 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1167 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1168 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1169 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1170 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1171 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1172 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1173 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1174 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1175 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1177 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1178 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1179 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1180 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1181 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1182 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1183 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1184 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1185 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1186 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1187 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1188 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1189 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1190 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1191 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1192 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1193 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1194 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1195 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1196 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1197 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1198 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1199 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1200 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1201 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1202 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1203 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1204 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1205 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1206 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1207 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1209 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1214 if($_SESSION['_config']['user']['Q1'] == "" ||
$_SESSION['_config']['user']['Q2'] == "" ||
1215 $_SESSION['_config']['user']['Q3'] == "" ||
$_SESSION['_config']['user']['Q4'] == "" ||
1216 $_SESSION['_config']['user']['Q5'] == "")
1218 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1224 if($oldid == 13 && $process != "")
1226 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1227 $ddres = mysql_query($ddquery);
1228 $ddrow = mysql_fetch_assoc($ddres);
1229 $_SESSION['profile']['points'] = $ddrow['total'];
1231 if($_SESSION['profile']['points'] == 0)
1233 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1234 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1235 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1236 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1237 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1238 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1239 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1241 if($_SESSION['_config']['user']['fname'] == "" ||
$_SESSION['_config']['user']['lname'] == "")
1243 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1247 if($_SESSION['_config']['user']['year'] < 1900 ||
$_SESSION['_config']['user']['month'] < 1 ||
$_SESSION['_config']['user']['month'] > 12 ||
1248 $_SESSION['_config']['user']['day'] < 1 ||
$_SESSION['_config']['user']['day'] > 31)
1250 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1257 if($oldid == 13 && $process != "")
1259 if($_SESSION['profile']['points'] == 0)
1261 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1262 `mname`='".$_SESSION['_config']['user']['mname']."',
1263 `lname`='".$_SESSION['_config']['user']['lname']."',
1264 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1265 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1266 where `id`='".$_SESSION['profile']['id']."'";
1267 mysql_query($query);
1269 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1270 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1271 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1272 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1273 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1274 `A1`='".$_SESSION['_config']['user']['A1']."',
1275 `A2`='".$_SESSION['_config']['user']['A2']."',
1276 `A3`='".$_SESSION['_config']['user']['A3']."',
1277 `A4`='".$_SESSION['_config']['user']['A4']."',
1278 `A5`='".$_SESSION['_config']['user']['A5']."'
1279 where `id`='".$_SESSION['profile']['id']."'";
1280 mysql_query($query);
1282 //!!!Should be rewritten
1283 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1284 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1285 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1287 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1288 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1289 mysql_query($query);
1292 $_SESSION['_config']['user']['set'] = 0;
1293 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1294 $_SESSION['profile']['loggedin'] = 1;
1296 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1297 $ddres = mysql_query($ddquery);
1298 $ddrow = mysql_fetch_assoc($ddres);
1299 $_SESSION['profile']['points'] = $ddrow['total'];
1303 showheader(_("My CAcert.org Account!"));
1304 echo _("Your details have been updated with the database.");
1309 if($oldid == 14 && $process != "")
1311 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1312 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1313 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1316 csrf_check("pwchange");
1318 showheader(_("My CAcert.org Account!"));
1319 if($_SESSION['_config']['user']['pword1'] == "" ||
$_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1321 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1323 echo _("New Pass Phrases specified don't match or were blank.");
1325 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1326 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1328 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1330 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1331 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1332 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1333 $rc = mysql_num_rows($match);
1338 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1339 echo '<h3 style="color:red">',
1340 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1341 echo _("The Pass Phrase you submitted was too short.");
1342 } else if($score < 3) {
1343 echo '<h3 style="color:red">',
1344 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1345 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1346 } else if($rc <= 0) {
1347 echo '<h3 style="color:red">',
1348 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1349 echo _("You failed to correctly enter your current Pass Phrase.");
1351 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1352 where `id`='".$_SESSION['profile']['id']."'");
1353 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1354 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1355 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
1356 $body .= _("You are receiving this email because you or someone else ".
1357 "has changed the password on your account.")."\n\n";
1359 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1361 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1362 "support@cacert.org", "", "", "CAcert Support");
1372 $_SESSION['_config']['emails'] = array();
1374 foreach($_REQUEST['emails'] as $val)
1376 $val = mysql_real_escape_string(stripslashes(trim($val)));
1377 $bits = explode("@", $val);
1378 $count = count($bits);
1382 if(checkownership($bits[1]) == false
)
1385 if(!is_array($_SESSION['_config']['row']))
1387 else if($_SESSION['_config']['row']['id'] > 0)
1388 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1391 $_SESSION['_config']['emails'][] = $val;
1393 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1394 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1397 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) +
0) <= 0)
1400 showheader(_("My CAcert.org Account!"));
1401 echo _("I couldn't match any emails against your organisational account.");
1406 if($oldid == 16 && $process != "")
1409 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1411 $_REQUEST['codesign'] = 1;
1412 $_SESSION['_config']['codesign'] = 1;
1416 $_REQUEST['codesign'] = 0;
1417 $_SESSION['_config']['codesign'] = 0;
1420 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1421 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1422 $_SESSION['_config']['rootcert'] = 1;
1424 if(@count
($_SESSION['_config']['emails']) > 0)
1430 $org = $_SESSION['_config']['row'];
1431 if($_REQUEST['keytype'] == "NS")
1433 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1435 if($spkac == "" ||
strlen($spkac) < 128)
1438 showheader(_("My CAcert.org Account!"));
1439 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1447 if(is_array($_SESSION['_config']['emails']))
1448 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1451 $defaultemail = $_REQUEST['email'];
1452 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1455 if($_SESSION['_config']['name'] != "")
1456 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1457 if($_SESSION['_config']['OU'])
1458 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1460 $emails .= "organizationName = ".$org['O']."\n";
1462 $emails .= "localityName = ".$org['L']."\n";
1464 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1466 $emails .= "countryName = ".$org['C']."\n";
1467 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1468 $_SESSION['_config']['rootcert'] = 1;
1470 $emails .= "SPKAC = $spkac";
1471 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1474 showheader(_("My CAcert.org Account!"));
1480 $query = "insert into `orgemailcerts` set
1481 `CN`='$defaultemail',
1483 `orgid`='".$org['orgid']."',
1484 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1485 `codesign`='".$_SESSION['_config']['codesign']."',
1486 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1487 mysql_query($query);
1488 $emailid = mysql_insert_id();
1490 foreach($_SESSION['_config']['domids'] as $addy)
1491 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1493 $CSRname=generatecertpath("csr","orgclient",$emailid);
1494 $fp = fopen($CSRname, "w");
1495 fputs($fp, $emails);
1497 $challenge=$_SESSION['spkac_hash'];
1498 $res=`openssl spkac
-verify
-in
$CSRname`
;
1499 if(!strstr($res,"Challenge String: ".$challenge))
1502 showheader(_("My CAcert.org Account!"));
1503 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1507 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1508 } else if($_REQUEST['keytype'] == "MS" ||
$_REQUEST['keytype']=="VI") {
1509 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1511 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1514 showheader(_("My CAcert.org Account!"));
1520 $tmpfname = tempnam("/tmp", "id17CSR");
1521 $fp = fopen($tmpfname, "w");
1529 if($_SESSION['_config']['name'] != "")
1530 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1531 if(is_array($_SESSION['_config']['emails']))
1532 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1534 if($defaultemail == "")
1535 $defaultemail = $_REQUEST['email'];
1536 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1538 if($_SESSION['_config']['OU'])
1539 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1541 $csrsubject .= "/organizationName=".$org['O'];
1543 $csrsubject .= "/localityName=".$org['L'];
1545 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1547 $csrsubject .= "/countryName=".$org['C'];
1549 $tmpname = tempnam("/tmp", "id17csr");
1550 $do = `
/usr
/bin
/openssl req
-in
$tmpfname -out
$tmpname`
;
1553 $fp = fopen($tmpname, "r");
1554 while($data = fgets($fp, 4096))
1561 showheader(_("My CAcert.org Account!"));
1562 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1566 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1567 $_SESSION['_config']['rootcert'] = 1;
1569 $query = "insert into `orgemailcerts` set
1570 `CN`='$defaultemail',
1571 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1572 `orgid`='".$org['orgid']."',
1573 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1574 `subject`='$csrsubject',
1575 `codesign`='".$_SESSION['_config']['codesign']."',
1576 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1577 mysql_query($query);
1578 $emailid = mysql_insert_id();
1580 foreach($_SESSION['_config']['domids'] as $addy)
1581 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1583 $CSRname=generatecertpath("csr","orgclient",$emailid);
1584 $fp = fopen($CSRname, "w");
1587 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1589 waitForResult("orgemailcerts", $emailid,$oldid);
1590 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1591 $res = mysql_query($query);
1592 if(mysql_num_rows($res) <= 0)
1594 showheader(_("My CAcert.org Account!"));
1595 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1601 $_REQUEST['cert']=$emailid;
1605 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1607 csrf_check('clicerchange');
1608 showheader(_("My CAcert.org Account!"));
1609 if(is_array($_REQUEST['revokeid']))
1612 echo _("Now renewing the following certificates:")."<br>\n";
1613 foreach($_REQUEST['revokeid'] as $id)
1615 echo "Renewing certificate #$id ...\n<br/>";
1617 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1618 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1619 `org`.`orgid`=`orgemailcerts`.`orgid`";
1620 $res = mysql_query($query);
1621 if(mysql_num_rows($res) <= 0)
1623 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1627 $row = mysql_fetch_assoc($res);
1629 if (($weakKey = checkWeakKeyX509(file_get_contents(
1630 $row['crt_name']))) !== "")
1632 echo $weakKey, "<br/>\n";
1636 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1637 if($row['revoke'] > 0)
1639 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1642 $query = "insert into `orgemailcerts` set
1643 `orgid`='".$row['orgid']."',
1644 `CN`='".$row['CN']."',
1645 `subject`='".$row['subject']."',
1646 `keytype`='".$row['keytype']."',
1647 `csr_name`='".$row['csr_name']."',
1648 `created`='".$row['created']."',
1650 `codesign`='".$row['codesign']."',
1651 `rootcert`='".$row['rootcert']."'";
1652 mysql_query($query);
1653 $newid = mysql_insert_id();
1654 $newfile=generatecertpath("csr","orgclient",$newid);
1655 copy($row['csr_name'], $newfile);
1656 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1657 waitForResult("orgemailcerts", $newid,$oldid,0);
1658 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1659 $res = mysql_query($query);
1660 if(mysql_num_rows($res) > 0)
1662 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1663 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1664 _("Click here")."</a> "._("to install your certificate.");
1671 echo _("You did not select any certificates for renewal.");
1677 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1679 csrf_check('clicerchange');
1681 showheader(_("My CAcert.org Account!"));
1682 if(is_array($_REQUEST['revokeid']))
1684 echo _("Now revoking the following certificates:")."<br>\n";
1685 foreach($_REQUEST['revokeid'] as $id)
1688 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1689 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1690 `org`.`orgid`=`orgemailcerts`.`orgid`";
1691 $res = mysql_query($query);
1692 if(mysql_num_rows($res) <= 0)
1694 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1697 $row = mysql_fetch_assoc($res);
1698 if($row['revoke'] > 0)
1700 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1703 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1704 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1709 echo _("You did not select any certificates for revocation.");
1712 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1714 echo _("Now deleting the following pending requests:")."<br>\n";
1715 foreach($_REQUEST['delid'] as $id)
1718 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1719 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1720 `org`.`orgid`=`orgemailcerts`.`orgid`";
1721 $res = mysql_query($query);
1722 if(mysql_num_rows($res) <= 0)
1724 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1727 $row = mysql_fetch_assoc($res);
1728 if($row['expired'] > 0)
1730 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1733 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1734 @unlink
($row['csr_name']);
1735 @unlink
($row['crt_name']);
1736 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1743 if($process != "" && $oldid == 20)
1745 $CSR = clean_csr($_REQUEST['CSR']);
1747 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1750 showheader(_("My CAcert.org Account!"));
1756 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1757 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1760 $CSR = $_SESSION['_config']['tmpfname'];
1761 $_SESSION['_config']['subject'] = trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
"Subject:"`
);
1762 $bits = explode(",", trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
-A1
'X509v3 Subject Alternative Name:'|grep DNS
:`
));
1763 foreach($bits as $val)
1765 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1769 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1774 $query = "select * from `orginfo`,`org`,`orgdomains` where
1775 `org`.`memid`='".$_SESSION['profile']['id']."' and
1776 `org`.`orgid`=`orginfo`.`id` and
1777 `org`.`orgid`=`orgdomains`.`orgid` and
1778 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1779 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1780 $query = "select * from `orginfo`,`org`,`orgdomains` where
1781 `org`.`memid`='".$_SESSION['profile']['id']."' and
1782 `org`.`orgid`=`orginfo`.`id` and
1783 `org`.`orgid`=`orgdomains`.`orgid` and
1784 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1785 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1786 //echo "<pre>"; print_r($_SESSION['_config']); die;
1788 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1791 showheader(_("My CAcert.org Account!"));
1792 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1797 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1798 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1799 $_SESSION['_config']['rootcert'] = 1;
1802 if($process != "" && $oldid == 21)
1806 if(!file_exists($_SESSION['_config']['tmpfname']))
1808 showheader(_("My CAcert.org Account!"));
1809 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1814 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1815 $_SESSION['_config']['tmpfname']))) !== "")
1817 showheader(_("My CAcert.org Account!"));
1823 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1825 showheader(_("My CAcert.org Account!"));
1826 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1831 if($_SESSION['_config']['rowid']['0'] > 0)
1833 $query = "select * from `org`,`orginfo` where
1834 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1835 `orginfo`.`id`=`org`.`orgid` and
1836 `org`.`memid`='".$_SESSION['profile']['id']."'";
1838 $query = "select * from `org`,`orginfo` where
1839 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1840 `orginfo`.`id`=`org`.`orgid` and
1841 `org`.`memid`='".$_SESSION['profile']['id']."'";
1843 $org = mysql_fetch_assoc(mysql_query($query));
1846 if($_SESSION['_config']['OU'])
1847 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1849 $csrsubject .= "/organizationName=".$org['O'];
1851 $csrsubject .= "/localityName=".$org['L'];
1853 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1855 $csrsubject .= "/countryName=".$org['C'];
1856 //if($org['contact'])
1857 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1859 if(is_array($_SESSION['_config']['rows']))
1860 foreach($_SESSION['_config']['rows'] as $row)
1861 $csrsubject .= "/commonName=$row";
1863 if(is_array($_SESSION['_config']['altrows']))
1864 foreach($_SESSION['_config']['altrows'] as $subalt)
1872 $csrsubject .= "/subjectAltName=".$SAN;
1875 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1876 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1877 $_SESSION['_config']['rootcert'] = 1;
1879 if($_SESSION['_config']['rowid']['0'] > 0)
1881 $query = "insert into `orgdomaincerts` set
1882 `CN`='".$_SESSION['_config']['rows']['0']."',
1883 `orgid`='".$org['id']."',
1885 `subject`='$csrsubject',
1886 `rootcert`='".$_SESSION['_config']['rootcert']."',
1889 $query = "insert into `orgdomaincerts` set
1890 `CN`='".$_SESSION['_config']['altrows']['0']."',
1891 `orgid`='".$org['id']."',
1893 `subject`='$csrsubject',
1894 `rootcert`='".$_SESSION['_config']['rootcert']."',
1897 mysql_query($query);
1898 $CSRid = mysql_insert_id();
1900 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1901 rename($_SESSION['_config']['tmpfname'], $CSRname);
1902 chmod($CSRname,0644);
1903 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1904 if(is_array($_SESSION['_config']['rowid']))
1905 foreach($_SESSION['_config']['rowid'] as $id)
1906 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1907 if(is_array($_SESSION['_config']['altid']))
1908 foreach($_SESSION['_config']['altid'] as $id)
1909 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1910 waitForResult("orgdomaincerts", $CSRid,$oldid);
1911 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1912 $res = mysql_query($query);
1913 if(mysql_num_rows($res) <= 0)
1915 showheader(_("My CAcert.org Account!"));
1916 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1922 $_REQUEST['cert']=$CSRid;
1926 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1928 csrf_check('orgsrvcerchange');
1929 showheader(_("My CAcert.org Account!"));
1930 if(is_array($_REQUEST['revokeid']))
1932 echo _("Now renewing the following certificates:")."<br>\n";
1933 foreach($_REQUEST['revokeid'] as $id)
1936 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1937 `orgdomaincerts`,`org`
1938 where `orgdomaincerts`.`id`='$id' and
1939 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1940 `org`.`memid`='".$_SESSION['profile']['id']."'";
1941 $res = mysql_query($query);
1942 if(mysql_num_rows($res) <= 0)
1944 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1948 $row = mysql_fetch_assoc($res);
1950 if (($weakKey = checkWeakKeyX509(file_get_contents(
1951 $row['crt_name']))) !== "")
1953 echo $weakKey, "<br/>\n";
1957 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
1958 if($row['revoke'] > 0)
1960 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1963 $query = "insert into `orgdomaincerts` set
1964 `orgid`='".$row['orgid']."',
1965 `CN`='".$row['CN']."',
1966 `csr_name`='".$row['csr_name']."',
1967 `created`='".$row['created']."',
1969 `subject`='".$row['subject']."',
1970 `type`='".$row['type']."',
1971 `rootcert`='".$row['rootcert']."'";
1972 mysql_query($query);
1973 $newid = mysql_insert_id();
1974 //echo "NewID: $newid<br/>\n";
1975 $newfile=generatecertpath("csr","orgserver",$newid);
1976 copy($row['csr_name'], $newfile);
1977 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
1978 echo _("Renewing").": ".$row['CN']."<br>\n";
1979 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
1980 while($r2 = mysql_fetch_assoc($res))
1981 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
1982 waitForResult("orgdomaincerts", $newid,$oldid,0);
1983 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
1984 $res = mysql_query($query);
1985 if(mysql_num_rows($res) <= 0)
1987 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1989 $drow = mysql_fetch_assoc($res);
1990 $cert = `
/usr
/bin
/openssl x509
-in
$drow[crt_name
]`
;
1991 echo "<pre>\n$cert\n</pre>\n";
1997 echo _("You did not select any certificates for renewal.");
2003 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
2005 csrf_check('orgsrvcerchange');
2006 showheader(_("My CAcert.org Account!"));
2007 if(is_array($_REQUEST['revokeid']))
2009 echo _("Now revoking the following certificates:")."<br>\n";
2010 foreach($_REQUEST['revokeid'] as $id)
2013 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2014 `orgdomaincerts`,`org`
2015 where `orgdomaincerts`.`id`='$id' and
2016 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2017 `org`.`memid`='".$_SESSION['profile']['id']."'";
2018 $res = mysql_query($query);
2019 if(mysql_num_rows($res) <= 0)
2021 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2024 $row = mysql_fetch_assoc($res);
2025 if($row['revoke'] > 0)
2027 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2030 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2031 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
2036 echo _("You did not select any certificates for revocation.");
2039 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2041 echo _("Now deleting the following pending requests:")."<br>\n";
2042 foreach($_REQUEST['delid'] as $id)
2045 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2046 `orgdomaincerts`,`org`
2047 where `orgdomaincerts`.`id`='$id' and
2048 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2049 `org`.`memid`='".$_SESSION['profile']['id']."'";
2050 $res = mysql_query($query);
2051 if(mysql_num_rows($res) <= 0)
2053 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2056 $row = mysql_fetch_assoc($res);
2057 if($row['expired'] > 0)
2059 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2062 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2063 @unlink
($row['csr_name']);
2064 @unlink
($row['crt_name']);
2065 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2072 if(($id == 24 ||
$oldid == 24 ||
$id == 25 ||
$oldid == 25 ||
$id == 26 ||
$oldid == 26 ||
2073 $id == 27 ||
$oldid == 27 ||
$id == 28 ||
$oldid == 28 ||
$id == 29 ||
$oldid == 29 ||
2074 $id == 30 ||
$oldid == 30 ||
$id == 31 ||
$oldid == 31) &&
2075 $_SESSION['profile']['orgadmin'] != 1)
2077 showheader(_("My CAcert.org Account!"));
2078 echo _("You don't have access to this area.");
2083 if($oldid == 24 && $process != "")
2085 $id = intval($oldid);
2086 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2087 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2088 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2089 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2090 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2091 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2093 if($_SESSION['_config']['O'] == "" ||
$_SESSION['_config']['contact'] == "")
2095 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2097 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2098 `contact`='".$_SESSION['_config']['contact']."',
2099 `L`='".$_SESSION['_config']['L']."',
2100 `ST`='".$_SESSION['_config']['ST']."',
2101 `C`='".$_SESSION['_config']['C']."',
2102 `comments`='".$_SESSION['_config']['comments']."'");
2103 showheader(_("My CAcert.org Account!"));
2104 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2110 if($oldid == 27 && $process != "")
2112 csrf_check('orgdetchange');
2113 $id = intval($oldid);
2114 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2115 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2116 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2117 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2118 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2119 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2121 if($_SESSION['_config']['O'] == "" ||
$_SESSION['_config']['contact'] == "")
2123 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2125 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2126 `contact`='".$_SESSION['_config']['contact']."',
2127 `L`='".$_SESSION['_config']['L']."',
2128 `ST`='".$_SESSION['_config']['ST']."',
2129 `C`='".$_SESSION['_config']['C']."',
2130 `comments`='".$_SESSION['_config']['comments']."'
2131 where `id`='".$_SESSION['_config']['orgid']."'");
2132 showheader(_("My CAcert.org Account!"));
2133 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2139 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2141 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2142 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2143 if(mysql_num_rows($res1) > 0)
2145 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2151 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2157 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2159 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2160 showheader(_("My CAcert.org Account!"));
2161 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2162 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2167 if($oldid == 29 && $process != "")
2169 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2171 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2172 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2173 if(mysql_num_rows($res1) > 0 ||
mysql_num_rows($res2) > 0)
2175 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2181 if(($oldid == 29 ||
$oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2183 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2184 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2185 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2186 `orgdomains`.`id`='".intval($domid)."'";
2187 $res = mysql_query($query);
2188 while($row = mysql_fetch_assoc($res))
2189 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2191 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2192 `orgemaillink`.`domid`=`orgdomains`.`id` and
2193 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2194 `orgdomains`.`id`='".intval($domid)."'";
2195 $res = mysql_query($query);
2196 while($row = mysql_fetch_assoc($res))
2197 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2200 if($oldid == 29 && $process != "")
2202 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2203 mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
2204 showheader(_("My CAcert.org Account!"));
2205 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
2206 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2211 if($oldid == 30 && $process != "")
2213 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2214 $domain = $row['domain'];
2215 mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
2216 showheader(_("My CAcert.org Account!"));
2217 printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
2218 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2229 if($oldid == 31 && $process != "")
2231 $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
2232 $dres = mysql_query($query);
2233 while($drow = mysql_fetch_assoc($dres))
2235 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2236 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2237 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2238 `orgdomains`.`id`='".intval($drow['id'])."'";
2239 $res = mysql_query($query);
2240 while($row = mysql_fetch_assoc($res))
2242 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2243 mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
2244 mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
2247 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2248 `orgemaillink`.`domid`=`orgdomains`.`id` and
2249 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2250 `orgdomains`.`id`='".intval($drow['id'])."'";
2251 $res = mysql_query($query);
2252 while($row = mysql_fetch_assoc($res))
2254 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2255 mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
2256 mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
2259 mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2260 mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2261 mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
2270 if($id == 32 ||
$oldid == 32 ||
$id == 33 ||
$oldid == 33 ||
$id == 34 ||
$oldid == 34)
2272 $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2273 $_macc = mysql_num_rows(mysql_query($query));
2274 if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
2276 showheader(_("My CAcert.org Account!"));
2277 echo _("You don't have access to this area.");
2283 if($id == 35 ||
$oldid == 35)
2285 $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
2286 $is_orguser = mysql_num_rows(mysql_query($query));
2287 if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
2289 showheader(_("My CAcert.org Account!"));
2290 echo _("You don't have access to this area.");
2296 if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
2298 $orgid = intval($_SESSION['_config']['orgid']);
2299 $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2300 $res = mysql_query($query);
2301 if(mysql_num_rows($res) <= 0)
2307 if($oldid == 33 && $process != "")
2309 csrf_check('orgadmadd');
2310 if($_SESSION['profile']['orgadmin'] == 1)
2311 $masteracc = $_SESSION['_config'][masteracc
] = intval($_REQUEST['masteracc']);
2313 $masteracc = $_SESSION['_config'][masteracc
] = 0;
2314 $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
2315 $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
2316 $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
projects / cacert-devel.git / blob