2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once("../includes/lib/check_weak_key.php");
21 require_once("../includes/notary.inc.php");
26 * Build a subject string as needed by the signer
28 * @param array(string) $domains
29 * First domain is used as CN and repeated in subjectAltName. Duplicates
30 * should already been removed
32 * @param bool $include_xmpp_addr
33 * [default: true] Whether to include the XmppAddr in the subjectAltName.
34 * This is needed if the Jabber server is jabber.example.com but a Jabber ID
35 * on that server would be alice@example.com
39 function buildSubject(array $domains, $include_xmpp_addr = true
) {
40 $subject = "/CN=${domains[0]}";
42 foreach ($domains as $domain) {
43 $subject .= "/subjectAltName=DNS:$domain";
45 if ($include_xmpp_addr) {
46 $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
54 * Builds the subject string from the session variables
55 * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
59 function buildSubjectFromSession() {
62 if (is_array($_SESSION['_config']['rows'])) {
63 $domains = array_merge($domains, $_SESSION['_config']['rows']);
66 if (is_array($_SESSION['_config']['altrows']))
67 foreach ($_SESSION['_config']['altrows'] as $row) {
68 if (substr($row, 0, 4) === "DNS:") {
69 $domains[] = substr($row, 4);
73 return buildSubject(array_unique($domains));
76 $id = array_key_exists("id",$_REQUEST) ?
intval($_REQUEST['id']) : 0;
77 $oldid = array_key_exists("oldid",$_REQUEST) ?
intval($_REQUEST['oldid']) : 0;
78 $process = array_key_exists("process",$_REQUEST) ?
$_REQUEST['process'] : "";
79 // $showdetalis refers to Secret Question and Answers from account/13.php
80 $showdetails = array_key_exists("showdetails",$_REQUEST) ?
intval($_REQUEST['showdetails']) : 0;
82 $cert = array_key_exists('cert',$_REQUEST) ?
intval($_REQUEST['cert']) : 0;
83 $orgid = array_key_exists('orgid',$_REQUEST) ?
intval($_REQUEST['orgid']) : 0;
84 $memid = array_key_exists('memid',$_REQUEST) ?
intval($_REQUEST['memid']) : 0;
85 $domid = array_key_exists('domid',$_REQUEST) ?
intval($_REQUEST['domid']) : 0;
87 $actionrequest = array_key_exists('action',$_REQUEST) ?
$_REQUEST['action'] : "";
89 $ticketno = array_key_exists('ticketno',$_REQUEST) ?
$_REQUEST['ticketno'] : "";
90 $ticketvalidation = FALSE
;
93 if(!$_SESSION['mconn'])
95 echo _("Several CAcert Services are currently unavailable. Please try again later.");
99 if ($process == _("Cancel"))
101 // General reset CANCEL process requests
106 if($id == 45 ||
$id == 46 ||
$oldid == 45 ||
$oldid == 46)
112 if($process != "" && $oldid == 1)
115 csrf_check('addemail');
116 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
118 showheader(_("My CAcert.org Account!"));
119 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
123 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
125 showheader(_("My CAcert.org Account!"));
126 printf(_("Not a valid email address. Can't continue."));
131 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
132 if(check_email_exists($_REQUEST['email'])==true
)
134 showheader(_("My CAcert.org Account!"));
135 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
139 $checkemail = checkEmail($_REQUEST['newemail']);
140 if($checkemail != "OK")
142 showheader(_("My CAcert.org Account!"));
143 if (substr($checkemail, 0, 1) == "4")
145 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
147 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
149 echo "<p>$checkemail</p>\n";
154 $query = "insert into `email` set `email`='".mysql_real_escape_string($_REQUEST['email'])."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
156 $emailid = mysql_insert_id();
158 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
159 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
160 $body .= _("Best regards")."\n"._("CAcert.org Support!");
162 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
164 showheader(_("My CAcert.org Account!"));
165 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
170 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
173 $emailid = intval($_REQUEST['emailid']);
174 $query = "select * from `email` where `id`='$emailid' and `memid`='".intval($_SESSION['profile']['id'])."' and `hash` = '' and `deleted`=0";
175 $res = mysql_query($query);
176 if(mysql_num_rows($res) <= 0)
178 showheader(_("Error!"));
179 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
183 $row = mysql_fetch_assoc($res);
184 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
185 $body .= _("You are receiving this email because you or someone else ".
186 "has changed the default email on your account.")."\n\n";
188 $body .= _("Best regards")."\n"._("CAcert.org Support!");
190 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
191 "support@cacert.org", "", "", "CAcert Support");
193 $_SESSION['profile']['email'] = $row['email'];
194 $query = "update `users` set `email`='".mysql_real_escape_string($row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
196 showheader(_("My CAcert.org Account!"));
197 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
202 if($process != "" && $oldid == 2)
205 csrf_check("chgdef");
206 showheader(_("My CAcert.org Account!"));
208 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
211 foreach($_REQUEST['delid'] as $id)
214 echo _('The following email addresses have been removed:')."<br>\n";
218 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
219 `email`!='".mysql_real_escape_string($_SESSION['profile']['email'])."'";
220 $res = mysql_query($query);
221 if(mysql_num_rows($res) > 0)
223 $row = mysql_fetch_assoc($res);
224 echo $row['email']."<br>\n";
225 account_email_delete($row['id']);
232 echo _("You did not select any email accounts for removal.");
236 echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
243 if($process != "" && $oldid == 3)
245 if(!array_key_exists('CCA',$_REQUEST))
247 showheader(_("My CAcert.org Account!"));
248 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
253 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
255 showheader(_("My CAcert.org Account!"));
256 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
261 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
263 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
264 if($_SESSION['profile']['points'] >= 50)
265 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
266 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 ||
$_SESSION['profile']['points'] < 100))
268 $_REQUEST['codesign'] = 0;
270 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
272 if($_SESSION['_config']['incname'] < 1 ||
$_SESSION['_config']['incname'] > 4)
273 $_SESSION['_config']['incname'] = 1;
275 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
276 $_SESSION['_config']['codesign'] = 1;
278 $_SESSION['_config']['codesign'] = 0;
280 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
281 $_SESSION['_config']['disablelogin'] = 0;
283 $_SESSION['_config']['disablelogin'] = 1;
285 $_SESSION['_config']['rootcert'] = 1;
286 if($_SESSION['profile']['points'] >= 50)
288 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
289 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
290 $_SESSION['_config']['rootcert'] = 1;
293 if(trim($_REQUEST['optionalCSR']) == "")
298 $_REQUEST['keytype'] = "MS";
299 $csr = clean_csr($_REQUEST['optionalCSR']);
301 if(trim($_REQUEST['description']) != ""){
302 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
304 $_SESSION['_config']['description']= "";
310 if($_REQUEST['keytype'] == "NS")
312 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
314 if($spkac=="" ||
$spkac == "deadbeef")
317 showheader(_("My CAcert.org Account!"));
318 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
326 if(is_array($_SESSION['_config']['addid']))
327 foreach($_SESSION['_config']['addid'] as $id)
329 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
330 if(mysql_num_rows($res) > 0)
332 $row = mysql_fetch_assoc($res);
334 $defaultemail = $row['email'];
335 $emails .= "$count.emailAddress = ".$row['email']."\n";
337 $addys[] = intval($row['id']);
340 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
343 showheader(_("My CAcert.org Account!"));
344 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
348 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
349 if($_SESSION['_config']['SSO'] == 1)
350 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
352 if(strlen($user['mname']) == 1)
353 $user['mname'] .= '.';
354 if(!array_key_exists('incname',$_SESSION['_config']) ||
$_SESSION['_config']['incname'] <= 0 ||
$_SESSION['_config']['incname'] > 4)
356 $emails .= "commonName = CAcert WoT User\n";
360 if($_SESSION['_config']['incname'] == 1)
361 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
362 if($_SESSION['_config']['incname'] == 2)
363 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
364 if($_SESSION['_config']['incname'] == 3)
365 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
366 if($_SESSION['_config']['incname'] == 4)
367 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
369 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
370 $_SESSION['_config']['rootcert'] = 1;
372 $emails .= "SPKAC = $spkac";
373 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
376 showheader(_("My CAcert.org Account!"));
382 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
384 $query = "insert into emailcerts set
385 `CN`='$defaultemail',
387 `memid`='".intval($_SESSION['profile']['id'])."',
388 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
389 `codesign`='".intval($_SESSION['_config']['codesign'])."',
390 `disablelogin`='".($_SESSION['_config']['disablelogin']?
1:0)."',
391 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
392 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
394 $emailid = mysql_insert_id();
396 foreach($addys as $addy)
397 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
398 $CSRname=generatecertpath("csr","client",$emailid);
399 $fp = fopen($CSRname, "w");
402 $challenge=$_SESSION['spkac_hash'];
403 $res=`openssl spkac
-verify
-in
$CSRname`
;
404 if(!strstr($res,"Challenge String: ".$challenge))
407 showheader(_("My CAcert.org Account!"));
408 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
412 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
413 } else if($_REQUEST['keytype'] == "MS" ||
$_REQUEST['keytype'] == "VI") {
415 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
417 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
420 showheader(_("My CAcert.org Account!"));
426 $tmpfname = tempnam("/tmp", "id4CSR");
427 $fp = fopen($tmpfname, "w");
435 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
436 if(strlen($user['mname']) == 1)
437 $user['mname'] .= '.';
438 if($_SESSION['_config']['incname'] <= 0 ||
$_SESSION['_config']['incname'] > 4)
439 $csrsubject = "/CN=CAcert WoT User";
440 if($_SESSION['_config']['incname'] == 1)
441 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
442 if($_SESSION['_config']['incname'] == 2)
443 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
444 if($_SESSION['_config']['incname'] == 3)
445 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
446 if($_SESSION['_config']['incname'] == 4)
447 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
448 if(is_array($_SESSION['_config']['addid']))
449 foreach($_SESSION['_config']['addid'] as $id)
451 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
452 if(mysql_num_rows($res) > 0)
454 $row = mysql_fetch_assoc($res);
455 if($defaultemail == "")
456 $defaultemail = $row['email'];
457 $csrsubject .= "/emailAddress=".$row['email'];
458 $addys[] = $row['id'];
461 if($_SESSION['_config']['SSO'] == 1)
462 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
464 $tmpname = tempnam("/tmp", "id4csr");
465 $do = `
/usr
/bin
/openssl req
-in
$tmpfname -out
$tmpname`
; // -subj "$csr"`;
468 $fp = fopen($tmpname, "r");
469 while($data = fgets($fp, 4096))
473 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
474 $_SESSION['_config']['rootcert'] = 1;
479 showheader(_("My CAcert.org Account!"));
480 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
484 $query = "insert into emailcerts set
485 `CN`='$defaultemail',
486 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
487 `memid`='".intval($_SESSION['profile']['id'])."',
488 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
489 `subject`='".mysql_real_escape_string($csrsubject)."',
490 `codesign`='".intval($_SESSION['_config']['codesign'])."',
491 `disablelogin`='".($_SESSION['_config']['disablelogin']?
1:0)."',
492 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
493 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
495 $emailid = mysql_insert_id();
497 foreach($addys as $addy)
498 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
499 $CSRname=generatecertpath("csr","client",$emailid);
500 $fp = fopen($CSRname, "w");
503 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
505 waitForResult("emailcerts", $emailid, 4);
506 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
507 $res = mysql_query($query);
508 if(mysql_num_rows($res) <= 0)
511 showheader(_("My CAcert.org Account!"));
512 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
518 $_REQUEST['cert']=$emailid;
524 csrf_check("adddomain");
525 if(strstr($_REQUEST['newdomain'],"\x00"))
527 showheader(_("My CAcert.org Account!"));
528 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
533 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
534 while($newdomain['0'] == '-')
535 $newdomain = substr($newdomain, 1);
536 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
538 showheader(_("My CAcert.org Account!"));
539 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
544 $newdom = trim(escapeshellarg($newdomain));
545 $newdomain = mysql_real_escape_string(trim($newdomain));
547 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
548 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
549 $res2 = mysql_query($query);
550 if(mysql_num_rows($res1) > 0 ||
mysql_num_rows($res2))
554 showheader(_("My CAcert.org Account!"));
555 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
567 if(strtolower(substr($newdom, -4, 3)) != ".jp")
568 $adds = explode("\n", trim(`
/usr
/bin
/whois
$newdom|grep
"@"`
));
569 if(substr($newdomain, -4) == ".org" ||
substr($newdomain, -5) == ".info")
572 foreach($adds as $line)
574 $bits = explode(":", $line, 2);
575 $line = trim($bits[1]);
576 if(!in_array($line, $addy) && $line != "")
577 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
581 foreach($adds as $line)
583 $line = trim(str_replace("\t", " ", $line));
584 $line = trim(str_replace("(", "", $line));
585 $line = trim(str_replace(")", " ", $line));
586 $line = trim(str_replace(":", " ", $line));
588 $bits = explode(" ", $line);
589 foreach($bits as $bit)
591 if(strstr($bit, "@"))
594 if(!in_array($line, $addy) && $line != "")
595 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
599 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
600 foreach($rfc as $sub)
601 if(!in_array($sub, $addy))
603 $_SESSION['_config']['addy'] = $addy;
604 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
607 if($process != "" && $oldid == 8)
609 csrf_check('ctcinfo');
613 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
615 if($authaddy == "" ||
!is_array($_SESSION['_config']['addy']))
617 showheader(_("My CAcert.org Account!"));
618 echo _("The address you submitted isn't a valid authority address for the domain.");
623 if(!in_array($authaddy, $_SESSION['_config']['addy']))
625 showheader(_("My CAcert.org Account!"));
626 echo _("The address you submitted isn't a valid authority address for the domain.");
631 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
632 $res = mysql_query($query);
633 if(mysql_num_rows($res) > 0)
635 showheader(_("My CAcert.org Account!"));
636 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
640 $checkemail = checkEmail($authaddy);
641 if($checkemail != "OK")
643 showheader(_("My CAcert.org Account!"));
644 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
645 if (substr($checkemail, 0, 1) == "4")
647 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
649 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
651 echo "<p>$checkemail</p>\n";
657 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
658 `memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
660 $domainid = mysql_insert_id();
662 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
663 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
664 $body .= _("Best regards")."\n"._("CAcert.org Support!");
666 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
668 showheader(_("My CAcert.org Account!"));
669 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
674 if($process != "" && $oldid == 9)
677 showheader(_("My CAcert.org Account!"));
678 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
680 echo _("The following domains have been removed:")."<br>
681 ("._("Any valid certificates will be revoked as well").")<br>\n";
683 foreach($_REQUEST['delid'] as $id)
686 $query = "select * from `domains` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
687 $res = mysql_query($query);
688 if(mysql_num_rows($res) > 0)
690 $row = mysql_fetch_assoc($res);
691 echo $row['domain']."<br>\n";
692 account_domain_delete($row['id']);
699 echo _("You did not select any domains for removal.");
706 if($process != "" && $oldid == 10)
708 if(!array_key_exists('CCA',$_REQUEST))
710 showheader(_("My CAcert.org Account!"));
711 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
716 $CSR = clean_csr($_REQUEST['CSR']);
717 if(strpos($CSR,"---BEGIN")===FALSE
)
719 // In case the CSR is missing the ---BEGIN lines, add them automatically:
720 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
723 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
725 showheader(_("My CAcert.org Account!"));
731 if(trim($_REQUEST['description']) != ""){
732 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
734 $_SESSION['_config']['description']= "";
737 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
738 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
741 $CSR = $_SESSION['_config']['tmpfname'];
742 $_SESSION['_config']['subject'] = trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
"Subject:"`
);
743 $bits = explode(",", trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
-A1
'X509v3 Subject Alternative Name:'|grep DNS
:`
));
744 foreach($bits as $val)
746 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
750 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
755 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
757 showheader(_("My CAcert.org Account!"));
758 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
763 $_SESSION['_config']['rootcert'] = 1;
764 if($_SESSION['profile']['points'] >= 50)
766 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
767 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
768 $_SESSION['_config']['rootcert'] = 1;
772 if($process != "" && $oldid == 11)
774 if(!file_exists($_SESSION['_config']['tmpfname']))
776 showheader(_("My CAcert.org Account!"));
777 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
782 if (($weakKey = checkWeakKeyCSR(file_get_contents(
783 $_SESSION['_config']['tmpfname']))) !== "")
785 showheader(_("My CAcert.org Account!"));
792 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
794 showheader(_("My CAcert.org Account!"));
795 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
800 $subject = buildSubjectFromSession();
802 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
803 $_SESSION['_config']['rootcert'] = 1;
805 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
807 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
809 $query = "insert into `domaincerts` set
810 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
811 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
812 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
813 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
814 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
815 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
816 $query = "insert into `domaincerts` set
817 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
818 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
819 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
820 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
821 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
823 showheader(_("My CAcert.org Account!"));
824 echo _("Domain not verified.");
830 $CSRid = mysql_insert_id();
832 if(is_array($_SESSION['_config']['rowid']))
833 foreach($_SESSION['_config']['rowid'] as $dom)
834 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
835 if(is_array($_SESSION['_config']['altid']))
836 foreach($_SESSION['_config']['altid'] as $dom)
837 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
839 $CSRname=generatecertpath("csr","server",$CSRid);
840 rename($_SESSION['_config']['tmpfname'], $CSRname);
841 chmod($CSRname,0644);
842 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
843 waitForResult("domaincerts", $CSRid, 11);
844 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
845 $res = mysql_query($query);
846 if(mysql_num_rows($res) <= 0)
849 showheader(_("My CAcert.org Account!"));
850 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
856 $_REQUEST['cert']=$CSRid;
860 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
862 csrf_check('srvcerchange');
864 showheader(_("My CAcert.org Account!"));
865 if(is_array($_REQUEST['revokeid']))
867 echo _("Now renewing the following certificates:")."<br>\n";
868 foreach($_REQUEST['revokeid'] as $id)
871 echo _("Processing request")." $id:<br/>";
872 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
873 where `domaincerts`.`id`='$id' and
874 `domaincerts`.`domid`=`domains`.`id` and
875 `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
876 $res = mysql_query($query);
877 if(mysql_num_rows($res) <= 0)
879 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
883 $row = mysql_fetch_assoc($res);
885 if (($weakKey = checkWeakKeyX509(file_get_contents(
886 $row['crt_name']))) !== "")
888 echo $weakKey, "<br/>\n";
892 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
893 $query = "insert into `domaincerts` set
894 `domid`='".$row['domid']."',
895 `CN`='".mysql_real_escape_string($row['CN'])."',
896 `subject`='".mysql_real_escape_string($row['subject'])."',".
897 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
898 "`created`='".$row['created']."',
900 `rootcert`='".$row['rootcert']."',
901 `type`='".$row['type']."',
902 `pkhash`='".$row['pkhash']."',
903 `description`='".$row['description']."'";
905 $newid = mysql_insert_id();
906 $newfile=generatecertpath("csr","server",$newid);
907 copy($row['csr_name'], $newfile);
908 $_SESSION['_config']['subject'] = trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$newfile"|tr
-d
"\\0"|grep
"Subject:"`
);
909 $bits = explode(",", trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$newfile"|tr
-d
"\\0"|grep
-A1
'X509v3 Subject Alternative Name:'|grep DNS
:`
));
910 foreach($bits as $val)
912 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
914 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
919 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
921 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
925 $subject = buildSubjectFromSession();
926 $subject = mysql_real_escape_string($subject);
927 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
929 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
930 waitForResult("domaincerts", $newid,$oldid,0);
931 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
932 $res = mysql_query($query);
933 if(mysql_num_rows($res) <= 0)
935 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
937 $drow = mysql_fetch_assoc($res);
938 $cert = `
/usr
/bin
/openssl x509
-in
$drow[crt_name
]`
;
939 echo "<pre>\n$cert\n</pre>\n";
945 echo _("You did not select any certificates for renewal.");
952 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
954 csrf_check('srvcerchange');
956 showheader(_("My CAcert.org Account!"));
957 if(is_array($_REQUEST['revokeid']))
959 echo _("Now revoking the following certificates:")."<br>\n";
960 foreach($_REQUEST['revokeid'] as $id)
963 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
964 where `domaincerts`.`id`='$id' and
965 `domaincerts`.`domid`=`domains`.`id` and
966 `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
967 $res = mysql_query($query);
968 if(mysql_num_rows($res) <= 0)
970 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
973 $row = mysql_fetch_assoc($res);
974 if($row['revoke'] > 0)
976 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
979 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
980 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
983 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
984 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
989 echo _("You did not select any certificates for revocation.");
992 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
994 echo _("Now deleting the following pending requests:")."<br>\n";
995 foreach($_REQUEST['delid'] as $id)
998 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
999 where `domaincerts`.`id`='$id' and
1000 `domaincerts`.`domid`=`domains`.`id` and
1001 `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
1002 $res = mysql_query($query);
1003 if(mysql_num_rows($res) <= 0)
1005 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1008 $row = mysql_fetch_assoc($res);
1009 if($row['expired'] > 0)
1011 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1014 mysql_query("delete from `domaincerts` where `id`='$id'");
1015 @unlink
($row['csr_name']);
1016 @unlink
($row['crt_name']);
1017 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1024 if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1026 showheader(_("My CAcert.org Account!"));
1027 foreach($_REQUEST as $id => $val)
1029 if(substr($id,0,14)=="check_comment_")
1031 $cid = intval(substr($id,14));
1032 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1033 mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
1036 echo(_("Certificate settings have been changed.")."<br/>\n");
1042 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1044 showheader(_("My CAcert.org Account!"));
1045 if(is_array($_REQUEST['revokeid']))
1047 echo _("Now renewing the following certificates:")."<br>\n";
1048 foreach($_REQUEST['revokeid'] as $id)
1051 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1052 where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
1053 $res = mysql_query($query);
1054 if(mysql_num_rows($res) <= 0)
1056 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1060 $row = mysql_fetch_assoc($res);
1062 if (($weakKey = checkWeakKeyX509(file_get_contents(
1063 $row['crt_name']))) !== "")
1065 echo $weakKey, "<br/>\n";
1069 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1070 $query = "insert into emailcerts set
1071 `memid`='".$row['memid']."',
1072 `CN`='".mysql_real_escape_string($row['CN'])."',
1073 `subject`='".mysql_real_escape_string($row['subject'])."',
1074 `keytype`='".$row['keytype']."',
1075 `csr_name`='".$row['csr_name']."',
1076 `created`='".$row['created']."',
1078 `disablelogin`='".$row['disablelogin']."',
1079 `codesign`='".$row['codesign']."',
1080 `rootcert`='".$row['rootcert']."',
1081 `description`='".$row['description']."'";
1082 mysql_query($query);
1083 $newid = mysql_insert_id();
1084 $newfile=generatecertpath("csr","client",$newid);
1085 copy($row['csr_name'], $newfile);
1086 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1087 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1088 while($r2 = mysql_fetch_assoc($res))
1090 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1091 `emailcertsid`='$newid'");
1093 waitForResult("emailcerts", $newid,$oldid,0);
1094 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1095 $res = mysql_query($query);
1096 if(mysql_num_rows($res) <= 0)
1098 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1100 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1101 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1102 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1108 echo _("You did not select any certificates for renewal.")."<br/>";
1115 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1118 showheader(_("My CAcert.org Account!"));
1119 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1121 echo _("Now revoking the following certificates:")."<br>\n";
1122 foreach($_REQUEST['revokeid'] as $id)
1125 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1126 where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
1127 $res = mysql_query($query);
1128 if(mysql_num_rows($res) <= 0)
1130 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1133 $row = mysql_fetch_assoc($res);
1134 if($row['revoke'] > 0)
1136 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1139 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1140 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
1143 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
1144 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
1148 echo _("You did not select any certificates for revocation.");
1151 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1153 echo _("Now deleting the following pending requests:")."<br>\n";
1154 foreach($_REQUEST['delid'] as $id)
1157 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1158 where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
1159 $res = mysql_query($query);
1160 if(mysql_num_rows($res) <= 0)
1162 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1165 $row = mysql_fetch_assoc($res);
1166 if($row['expired'] > 0)
1168 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1171 mysql_query("delete from `emailcerts` where `id`='$id'");
1172 @unlink
($row['csr_name']);
1173 @unlink
($row['crt_name']);
1174 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1181 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1183 showheader(_("My CAcert.org Account!"));
1184 foreach($_REQUEST as $id => $val)
1186 if(substr($id,0,5)=="cert_")
1188 $cid = intval(substr($id,5));
1189 $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?
"0":"1";
1190 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
1192 if(substr($id,0,14)=="check_comment_")
1194 $cid = intval(substr($id,14));
1195 if(!empty($_REQUEST['check_comment_'.$cid])) {
1196 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1197 mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
1201 echo(_("Certificate settings have been changed.")."<br/>\n");
1206 if($oldid == 13 && $process != "" && $showdetails!="")
1208 csrf_check("perschange");
1209 $_SESSION['_config']['user'] = $_SESSION['profile'];
1211 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1212 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1213 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1214 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1215 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1216 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1217 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1218 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1219 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1220 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1222 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1223 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1224 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1225 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1226 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1227 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1228 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1229 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1230 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1231 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1232 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1233 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1234 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1235 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1236 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1237 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1238 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1239 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1240 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1241 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1242 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1243 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1244 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1245 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1246 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1247 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1248 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1249 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1250 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1251 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1252 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1254 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1259 if($_SESSION['_config']['user']['Q1'] == "" ||
$_SESSION['_config']['user']['Q2'] == "" ||
1260 $_SESSION['_config']['user']['Q3'] == "" ||
$_SESSION['_config']['user']['Q4'] == "" ||
1261 $_SESSION['_config']['user']['Q5'] == "")
1263 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1269 if($oldid == 13 && $process != "")
1271 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
1272 $ddres = mysql_query($ddquery);
1273 $ddrow = mysql_fetch_assoc($ddres);
1274 $_SESSION['profile']['points'] = $ddrow['total'];
1276 if($_SESSION['profile']['points'] == 0)
1278 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1279 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1280 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1281 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1282 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1283 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1284 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1286 if($_SESSION['_config']['user']['fname'] == "" ||
$_SESSION['_config']['user']['lname'] == "")
1288 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1292 if($_SESSION['_config']['user']['year'] < 1900 ||
$_SESSION['_config']['user']['month'] < 1 ||
$_SESSION['_config']['user']['month'] > 12 ||
1293 $_SESSION['_config']['user']['day'] < 1 ||
$_SESSION['_config']['user']['day'] > 31)
1295 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1302 if($oldid == 13 && $process != "")
1304 if($_SESSION['profile']['points'] == 0)
1306 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1307 `mname`='".$_SESSION['_config']['user']['mname']."',
1308 `lname`='".$_SESSION['_config']['user']['lname']."',
1309 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1310 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1311 where `id`='".intval($_SESSION['profile']['id'])."'";
1312 mysql_query($query);
1314 if ($showdetails!="") {
1315 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1316 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1317 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1318 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1319 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1320 `A1`='".$_SESSION['_config']['user']['A1']."',
1321 `A2`='".$_SESSION['_config']['user']['A2']."',
1322 `A3`='".$_SESSION['_config']['user']['A3']."',
1323 `A4`='".$_SESSION['_config']['user']['A4']."',
1324 `A5`='".$_SESSION['_config']['user']['A5']."'
1325 where `id`='".intval($_SESSION['profile']['id'])."'";
1326 mysql_query($query);
1329 //!!!Should be rewritten
1330 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1331 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1332 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1334 $query = "update `users` set `otphash`='".mysql_real_escape_string($_SESSION['_config']['user']['otphash'])."',
1335 `otppin`='".mysql_real_escape_string($_SESSION['_config']['user']['otppin'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
1336 mysql_query($query);
1339 $_SESSION['_config']['user']['set'] = 0;
1340 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
1341 $_SESSION['profile']['loggedin'] = 1;
1343 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
1344 $ddres = mysql_query($ddquery);
1345 $ddrow = mysql_fetch_assoc($ddres);
1346 $_SESSION['profile']['points'] = $ddrow['total'];
1350 showheader(_("My CAcert.org Account!"));
1351 echo _("Your details have been updated with the database.");
1356 if($oldid == 14 && $process != "")
1358 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1359 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1360 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1363 csrf_check("pwchange");
1365 showheader(_("My CAcert.org Account!"));
1366 if($_SESSION['_config']['user']['pword1'] == "" ||
$_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1368 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1370 echo _("New Pass Phrases specified don't match or were blank.");
1372 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1373 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1375 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1377 $match = mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
1378 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1379 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1380 $rc = mysql_num_rows($match);
1385 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1386 echo '<h3 style="color:red">',
1387 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1388 echo _("The Pass Phrase you submitted was too short.");
1389 } else if($score < 3) {
1390 echo '<h3 style="color:red">',
1391 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1392 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1393 } else if($rc <= 0) {
1394 echo '<h3 style="color:red">',
1395 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1396 echo _("You failed to correctly enter your current Pass Phrase.");
1398 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1399 where `id`='".intval($_SESSION['profile']['id'])."'");
1400 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1401 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1402 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
1403 $body .= _("You are receiving this email because you or someone else ".
1404 "has changed the password on your account.")."\n\n";
1406 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1408 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1409 "support@cacert.org", "", "", "CAcert Support");
1419 $_SESSION['_config']['emails'] = array();
1421 foreach($_REQUEST['emails'] as $val)
1423 $val = mysql_real_escape_string(stripslashes(trim($val)));
1424 $bits = explode("@", $val);
1425 $count = count($bits);
1429 if(checkownership($bits[1]) == false
)
1432 if(!is_array($_SESSION['_config']['row']))
1434 else if($_SESSION['_config']['row']['id'] > 0)
1435 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1438 $_SESSION['_config']['emails'][] = $val;
1440 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1441 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1444 if(trim($_REQUEST['description']) != ""){
1445 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1447 $_SESSION['_config']['description']= "";
1451 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) +
0) <= 0)
1454 showheader(_("My CAcert.org Account!"));
1455 echo _("I couldn't match any emails against your organisational account.");
1460 if($oldid == 16 && $process != "")
1462 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1464 $_REQUEST['codesign'] = 1;
1465 $_SESSION['_config']['codesign'] = 1;
1469 $_REQUEST['codesign'] = 0;
1470 $_SESSION['_config']['codesign'] = 0;
1473 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1474 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1475 $_SESSION['_config']['rootcert'] = 1;
1477 if(trim($_REQUEST['description']) != ""){
1478 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1480 $_SESSION['_config']['description']= "";
1483 if(@count
($_SESSION['_config']['emails']) > 0)
1489 $org = $_SESSION['_config']['row'];
1490 if($_REQUEST['keytype'] == "NS")
1492 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1494 if($spkac == "" ||
strlen($spkac) < 128)
1497 showheader(_("My CAcert.org Account!"));
1498 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1506 if(is_array($_SESSION['_config']['emails']))
1507 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1510 $defaultemail = $_REQUEST['email'];
1511 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1514 if($_SESSION['_config']['name'] != "")
1515 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1516 if($_SESSION['_config']['OU'])
1517 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1519 $emails .= "organizationName = ".$org['O']."\n";
1521 $emails .= "localityName = ".$org['L']."\n";
1523 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1525 $emails .= "countryName = ".$org['C']."\n";
1526 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1527 $_SESSION['_config']['rootcert'] = 1;
1530 $emails .= "SPKAC = $spkac";
1531 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1534 showheader(_("My CAcert.org Account!"));
1540 $query = "insert into `orgemailcerts` set
1541 `CN`='$defaultemail',
1542 `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
1544 `orgid`='".intval($org['orgid'])."',
1545 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1546 `codesign`='".intval($_SESSION['_config']['codesign'])."',
1547 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1548 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1549 mysql_query($query);
1550 $emailid = mysql_insert_id();
1552 foreach($_SESSION['_config']['domids'] as $addy)
1553 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1555 $CSRname=generatecertpath("csr","orgclient",$emailid);
1556 $fp = fopen($CSRname, "w");
1557 fputs($fp, $emails);
1559 $challenge=$_SESSION['spkac_hash'];
1560 $res=`openssl spkac
-verify
-in
$CSRname`
;
1561 if(!strstr($res,"Challenge String: ".$challenge))
1564 showheader(_("My CAcert.org Account!"));
1565 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1569 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1570 } else if($_REQUEST['keytype'] == "MS" ||
$_REQUEST['keytype']=="VI") {
1571 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1573 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1576 showheader(_("My CAcert.org Account!"));
1582 $tmpfname = tempnam("/tmp", "id17CSR");
1583 $fp = fopen($tmpfname, "w");
1591 if($_SESSION['_config']['name'] != "")
1592 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1593 if(is_array($_SESSION['_config']['emails']))
1594 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1596 if($defaultemail == "")
1597 $defaultemail = $_REQUEST['email'];
1598 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1600 if($_SESSION['_config']['OU'])
1601 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1603 $csrsubject .= "/organizationName=".$org['O'];
1605 $csrsubject .= "/localityName=".$org['L'];
1607 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1609 $csrsubject .= "/countryName=".$org['C'];
1611 $tmpname = tempnam("/tmp", "id17csr");
1612 $do = `
/usr
/bin
/openssl req
-in
$tmpfname -out
$tmpname`
;
1615 $fp = fopen($tmpname, "r");
1616 while($data = fgets($fp, 4096))
1623 showheader(_("My CAcert.org Account!"));
1624 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1628 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1629 $_SESSION['_config']['rootcert'] = 1;
1631 $query = "insert into `orgemailcerts` set
1632 `CN`='$defaultemail',
1633 `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
1634 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1635 `orgid`='".intval($org['orgid'])."',
1636 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1637 `subject`='".mysql_real_escape_string($csrsubject)."',
1638 `codesign`='".intval($_SESSION['_config']['codesign'])."',
1639 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1640 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1641 mysql_query($query);
1642 $emailid = mysql_insert_id();
1644 foreach($_SESSION['_config']['domids'] as $addy)
1645 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1647 $CSRname=generatecertpath("csr","orgclient",$emailid);
1648 $fp = fopen($CSRname, "w");
1651 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1653 waitForResult("orgemailcerts", $emailid,$oldid);
1654 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1655 $res = mysql_query($query);
1656 if(mysql_num_rows($res) <= 0)
1658 showheader(_("My CAcert.org Account!"));
1659 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1665 $_REQUEST['cert']=$emailid;
1669 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1671 csrf_check('clicerchange');
1672 showheader(_("My CAcert.org Account!"));
1673 if(is_array($_REQUEST['revokeid']))
1676 echo _("Now renewing the following certificates:")."<br>\n";
1677 foreach($_REQUEST['revokeid'] as $id)
1679 echo "Renewing certificate #$id ...\n<br/>";
1681 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1682 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1683 `org`.`orgid`=`orgemailcerts`.`orgid`";
1684 $res = mysql_query($query);
1685 if(mysql_num_rows($res) <= 0)
1687 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1691 $row = mysql_fetch_assoc($res);
1693 if (($weakKey = checkWeakKeyX509(file_get_contents(
1694 $row['crt_name']))) !== "")
1696 echo $weakKey, "<br/>\n";
1700 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1701 if($row['revoke'] > 0)
1703 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1706 $query = "insert into `orgemailcerts` set
1707 `orgid`='".$row['orgid']."',
1708 `CN`='".$row['CN']."',
1709 `ou`='".$row['ou']."',
1710 `subject`='".$row['subject']."',
1711 `keytype`='".$row['keytype']."',
1712 `csr_name`='".$row['csr_name']."',
1713 `created`='".$row['created']."',
1715 `codesign`='".$row['codesign']."',
1716 `rootcert`='".$row['rootcert']."',
1717 `description`='".$row['description']."'";
1718 mysql_query($query);
1719 $newid = mysql_insert_id();
1720 $newfile=generatecertpath("csr","orgclient",$newid);
1721 copy($row['csr_name'], $newfile);
1722 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1723 waitForResult("orgemailcerts", $newid,$oldid,0);
1724 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1725 $res = mysql_query($query);
1726 if(mysql_num_rows($res) > 0)
1728 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1729 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1730 _("Click here")."</a> "._("to install your certificate.");
1737 echo _("You did not select any certificates for renewal.");
1743 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1745 csrf_check('clicerchange');
1747 showheader(_("My CAcert.org Account!"));
1748 if(is_array($_REQUEST['revokeid']))
1750 echo _("Now revoking the following certificates:")."<br>\n";
1751 foreach($_REQUEST['revokeid'] as $id)
1754 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1755 where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1756 `org`.`orgid`=`orgemailcerts`.`orgid`";
1757 $res = mysql_query($query);
1758 if(mysql_num_rows($res) <= 0)
1760 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1763 $row = mysql_fetch_assoc($res);
1764 if($row['revoke'] > 0)
1766 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1769 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1770 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
1773 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
1774 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
1778 echo _("You did not select any certificates for revocation.");
1781 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1783 echo _("Now deleting the following pending requests:")."<br>\n";
1784 foreach($_REQUEST['delid'] as $id)
1787 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1788 where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1789 `org`.`orgid`=`orgemailcerts`.`orgid`";
1790 $res = mysql_query($query);
1791 if(mysql_num_rows($res) <= 0)
1793 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1796 $row = mysql_fetch_assoc($res);
1797 if($row['expired'] > 0)
1799 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1802 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1803 @unlink
($row['csr_name']);
1804 @unlink
($row['crt_name']);
1805 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1812 if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1814 showheader(_("My CAcert.org Account!"));
1815 foreach($_REQUEST as $id => $val)
1817 if(substr($id,0,14)=="check_comment_")
1819 $cid = intval(substr($id,14));
1820 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1821 mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
1824 echo(_("Certificate settings have been changed.")."<br/>\n");
1829 if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
1832 $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid'];
1833 $_SESSION['_config']['sorting']=$_REQUEST['sorting'];
1834 $_SESSION['_config']['status']=$_REQUEST['status'];
1837 if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
1840 $_SESSION['_config']['orgfilterid']=0;
1841 $_SESSION['_config']['sorting']=0;
1842 $_SESSION['_config']['status']=0;
1845 if($process != "" && $oldid == 20)
1847 $CSR = clean_csr($_REQUEST['CSR']);
1849 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1852 showheader(_("My CAcert.org Account!"));
1858 if(trim($_REQUEST['description']) != ""){
1859 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1861 $_SESSION['_config']['description']= "";
1864 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1865 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1868 $CSR = $_SESSION['_config']['tmpfname'];
1869 $_SESSION['_config']['subject'] = trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
"Subject:"`
);
1870 $bits = explode(",", trim(`
/usr
/bin
/openssl req
-text
-noout
-in
"$CSR"|tr
-d
"\\0"|grep
-A1
'X509v3 Subject Alternative Name:'|grep DNS
:`
));
1871 foreach($bits as $val)
1873 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1877 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1882 $query = "select * from `orginfo`,`org`,`orgdomains` where
1883 `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1884 `org`.`orgid`=`orginfo`.`id` and
1885 `org`.`orgid`=`orgdomains`.`orgid` and
1886 `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'";
1887 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1888 $query = "select * from `orginfo`,`org`,`orgdomains` where
1889 `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1890 `org`.`orgid`=`orginfo`.`id` and
1891 `org`.`orgid`=`orgdomains`.`orgid` and
1892 `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'";
1893 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1894 //echo "<pre>"; print_r($_SESSION['_config']); die;
1896 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1899 showheader(_("My CAcert.org Account!"));
1900 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1905 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1906 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1907 $_SESSION['_config']['rootcert'] = 1;
1910 if($process != "" && $oldid == 21)
1914 if(!file_exists($_SESSION['_config']['tmpfname']))
1916 showheader(_("My CAcert.org Account!"));
1917 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1922 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1923 $_SESSION['_config']['tmpfname']))) !== "")
1925 showheader(_("My CAcert.org Account!"));
1931 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1933 showheader(_("My CAcert.org Account!"));
1934 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1939 if($_SESSION['_config']['rowid']['0'] > 0)
1941 $query = "select * from `org`,`orginfo` where
1942 `orginfo`.`id`='".intval($_SESSION['_config']['rowid']['0'])."' and
1943 `orginfo`.`id`=`org`.`orgid` and
1944 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
1946 $query = "select * from `org`,`orginfo` where
1947 `orginfo`.`id`='".intval($_SESSION['_config']['altid']['0'])."' and
1948 `orginfo`.`id`=`org`.`orgid` and
1949 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
1951 $org = mysql_fetch_assoc(mysql_query($query));
1954 if($_SESSION['_config']['OU'])
1955 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1957 $csrsubject .= "/organizationName=".$org['O'];
1959 $csrsubject .= "/localityName=".$org['L'];
1961 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1963 $csrsubject .= "/countryName=".$org['C'];
1964 //if($org['contact'])
1965 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1967 $csrsubject .= buildSubjectFromSession();
1970 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1971 if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
1972 $_SESSION['_config']['rootcert'] = 1;
1974 if($_SESSION['_config']['rowid']['0'] > 0)
1976 $query = "insert into `orgdomaincerts` set
1977 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
1978 `orgid`='".intval($org['id'])."',
1980 `subject`='".mysql_real_escape_string($csrsubject)."',
1981 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1983 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1985 $query = "insert into `orgdomaincerts` set
1986 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
1987 `orgid`='".intval($org['id'])."',
1989 `subject`='".mysql_real_escape_string($csrsubject)."',
1990 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1992 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1994 mysql_query($query);
1995 $CSRid = mysql_insert_id();
1997 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1998 rename($_SESSION['_config']['tmpfname'], $CSRname);
1999 chmod($CSRname,0644);
2000 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
2001 if(is_array($_SESSION['_config']['rowid']))
2002 foreach($_SESSION['_config']['rowid'] as $id)
2003 mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
2004 if(is_array($_SESSION['_config']['altid']))
2005 foreach($_SESSION['_config']['altid'] as $id)
2006 mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
2007 waitForResult("orgdomaincerts", $CSRid,$oldid);
2008 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
2009 $res = mysql_query($query);
2010 if(mysql_num_rows($res) <= 0)
2012 showheader(_("My CAcert.org Account!"));
2013 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2019 $_REQUEST['cert']=$CSRid;
2023 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
2025 csrf_check('orgsrvcerchange');
2026 showheader(_("My CAcert.org Account!"));
2027 if(is_array($_REQUEST['revokeid']))
2029 echo _("Now renewing the following certificates:")."<br>\n";
2030 foreach($_REQUEST['revokeid'] as $id)
2033 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2034 `orgdomaincerts`,`org`
2035 where `orgdomaincerts`.`id`='$id' and
2036 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2037 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
2038 $res = mysql_query($query);
2039 if(mysql_num_rows($res) <= 0)
2041 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2045 $row = mysql_fetch_assoc($res);
2047 if (($weakKey = checkWeakKeyX509(file_get_contents(
2048 $row['crt_name']))) !== "")
2050 echo $weakKey, "<br/>\n";
2054 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
2055 if($row['revoke'] > 0)
2057 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2060 $query = "insert into `orgdomaincerts` set
2061 `orgid`='".$row['orgid']."',
2062 `CN`='".$row['CN']."',
2063 `csr_name`='".$row['csr_name']."',
2064 `created`='".$row['created']."',
2066 `subject`='".$row['subject']."',
2067 `type`='".$row['type']."',
2068 `rootcert`='".$row['rootcert']."',
2069 `description`='".$row['description']."'";
2070 mysql_query($query);
2071 $newid = mysql_insert_id();
2072 //echo "NewID: $newid<br/>\n";
2073 $newfile=generatecertpath("csr","orgserver",$newid);
2074 copy($row['csr_name'], $newfile);
2075 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
2076 echo _("Renewing").": ".$row['CN']."<br>\n";
2077 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
2078 while($r2 = mysql_fetch_assoc($res))
2079 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
2080 waitForResult("orgdomaincerts", $newid,$oldid,0);
2081 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
2082 $res = mysql_query($query);
2083 if(mysql_num_rows($res) <= 0)
2085 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2087 $drow = mysql_fetch_assoc($res);
2088 $cert = `
/usr
/bin
/openssl x509
-in
$drow[crt_name
]`
;
2089 echo "<pre>\n$cert\n</pre>\n";
2095 echo _("You did not select any certificates for renewal.");
2101 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
2103 csrf_check('orgsrvcerchange');
2104 showheader(_("My CAcert.org Account!"));
2105 if(is_array($_REQUEST['revokeid']))
2107 echo _("Now revoking the following certificates:")."<br>\n";
2108 foreach($_REQUEST['revokeid'] as $id)
2111 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2112 `orgdomaincerts`,`org`
2113 where `orgdomaincerts`.`id`='$id' and
2114 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2115 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
2116 $res = mysql_query($query);
2117 if(mysql_num_rows($res) <= 0)
2119 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2122 $row = mysql_fetch_assoc($res);
2123 if($row['revoke'] > 0)
2125 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2128 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2129 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
2132 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
2133 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
2137 echo _("You did not select any certificates for revocation.");
2140 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2142 echo _("Now deleting the following pending requests:")."<br>\n";
2143 foreach($_REQUEST['delid'] as $id)
2146 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2147 `orgdomaincerts`,`org`
2148 where `orgdomaincerts`.`id`='$id' and
2149 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2150 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
2151 $res = mysql_query($query);
2152 if(mysql_num_rows($res) <= 0)
2154 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2157 $row = mysql_fetch_assoc($res);
2158 if($row['expired'] > 0)
2160 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2163 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2164 @unlink
($row['csr_name']);
2165 @unlink
($row['crt_name']);
2166 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2173 if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
2175 showheader(_("My CAcert.org Account!"));
2176 foreach($_REQUEST as $id => $val)
2178 if(substr($id,0,14)=="check_comment_")
2180 $cid = intval(substr($id,14));
2181 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
2182 mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
2185 echo(_("Certificate settings have been changed.")."<br/>\n");
2190 if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
2193 $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid'];
2194 $_SESSION['_config']['dsorting']=$_REQUEST['dsorting'];
2195 $_SESSION['_config']['dstatus']=$_REQUEST['dstatus'];
2198 if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
2201 $_SESSION['_config']['dorgfilterid']=0;
2202 $_SESSION['_config']['dsorting']=0;
2203 $_SESSION['_config']['dstatus']=0;
2207 if(($id == 24 ||
$oldid == 24 ||
$id == 25 ||
$oldid == 25 ||
$id == 26 ||
$oldid == 26 ||
2208 $id == 27 ||
$oldid == 27 ||
$id == 28 ||
$oldid == 28 ||
$id == 29 ||
$oldid == 29 ||
2209 $id == 30 ||
$oldid == 30 ||
$id == 31 ||
$oldid == 31) &&
2210 $_SESSION['profile']['orgadmin'] != 1)
2212 showheader(_("My CAcert.org Account!"));
2213 echo _("You don't have access to this area.");
2218 if($oldid == 24 && $process != "")
2220 $id = intval($oldid);
2221 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2222 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2223 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2224 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2225 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2226 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2228 if($_SESSION['_config']['O'] == "" ||
$_SESSION['_config']['contact'] == "")
2230 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2232 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2233 `contact`='".$_SESSION['_config']['contact']."',
2234 `L`='".$_SESSION['_config']['L']."',
2235 `ST`='".$_SESSION['_config']['ST']."',
2236 `C`='".$_SESSION['_config']['C']."',
2237 `comments`='".$_SESSION['_config']['comments']."'");
2238 showheader(_("My CAcert.org Account!"));
2239 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2245 if($oldid == 27 && $process != "")
2247 csrf_check('orgdetchange');
2248 $id = intval($oldid);
2249 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2250 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2251 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2252 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2253 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2254 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2256 if($_SESSION['_config']['O'] == "" ||
$_SESSION['_config']['contact'] == "")
2258 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2260 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2261 `contact`='".$_SESSION['_config']['contact']."',
2262 `L`='".$_SESSION['_config']['L']."',
2263 `ST`='".$_SESSION['_config']['ST']."',
2264 `C`='".$_SESSION['_config']['C']."',
2265 `comments`='".$_SESSION['_config']['comments']."'
2266 where `id`='".intval($_SESSION['_config']['orgid'])."'");
2267 showheader(_("My CAcert.org Account!"));
2268 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2274 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2276 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2277 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2278 if(mysql_num_rows($res1) > 0)
2280 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2286 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2292 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2294 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2295 showheader(_("My CAcert.org Account!"));
2296 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2297 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2302 if($oldid == 29 && $process != "")
2304 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2306 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2307 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2308 if(mysql_num_rows($res1) > 0 ||
mysql_num_rows($res2) > 0)
2310 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));