bug 1138: Avoid double escaping of $_SESSION['_config']['OU'] and fix XSS
[cacert-devel.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once("../includes/lib/check_weak_key.php");
21 require_once("../includes/notary.inc.php");
22
23 loadem("account");
24
25 /**
26 * Build a subject string as needed by the signer
27 *
28 * @param array(string) $domains
29 * First domain is used as CN and repeated in subjectAltName. Duplicates
30 * should already been removed
31 *
32 * @param bool $include_xmpp_addr
33 * [default: true] Whether to include the XmppAddr in the subjectAltName.
34 * This is needed if the Jabber server is jabber.example.com but a Jabber ID
35 * on that server would be alice@example.com
36 *
37 * @return string
38 */
39 function buildSubject(array $domains, $include_xmpp_addr = true) {
40 $subject = "/CN=${domains[0]}";
41
42 foreach ($domains as $domain) {
43 $subject .= "/subjectAltName=DNS:$domain";
44
45 if ($include_xmpp_addr) {
46 $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
47 }
48 }
49
50 return $subject;
51 }
52
53 /**
54 * Builds the subject string from the session variables
55 * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
56 *
57 * @return string
58 */
59 function buildSubjectFromSession() {
60 $domains = array();
61
62 if (is_array($_SESSION['_config']['rows'])) {
63 $domains = array_merge($domains, $_SESSION['_config']['rows']);
64 }
65
66 if (is_array($_SESSION['_config']['altrows']))
67 foreach ($_SESSION['_config']['altrows'] as $row) {
68 if (substr($row, 0, 4) === "DNS:") {
69 $domains[] = substr($row, 4);
70 }
71 }
72
73 return buildSubject(array_unique($domains));
74 }
75
76 $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0;
77 $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
78 $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : "";
79 // $showdetalis refers to Secret Question and Answers from account/13.php
80 $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0;
81
82 $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0;
83 $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0;
84 $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0;
85 $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0;
86
87 $actionrequest = array_key_exists('action',$_REQUEST) ? $_REQUEST['action'] : "";
88
89 $ticketno = array_key_exists('ticketno',$_REQUEST) ? $_REQUEST['ticketno'] : "";
90 $ticketvalidation = FALSE;
91
92
93 if(!$_SESSION['mconn'])
94 {
95 echo _("Several CAcert Services are currently unavailable. Please try again later.");
96 exit;
97 }
98
99 if ($process == _("Cancel"))
100 {
101 // General reset CANCEL process requests
102 $process = "";
103 }
104
105
106 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
107 {
108 $id = 1;
109 $oldid=0;
110 }
111
112 if($process != "" && $oldid == 1)
113 {
114 $id = 1;
115 csrf_check('addemail');
116 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
117 {
118 showheader(_("My CAcert.org Account!"));
119 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
120 showfooter();
121 exit;
122 }
123 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
124 {
125 showheader(_("My CAcert.org Account!"));
126 printf(_("Not a valid email address. Can't continue."));
127 showfooter();
128 exit;
129 }
130 $oldid=0;
131 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
132 if(check_email_exists($_REQUEST['email'])==true)
133 {
134 showheader(_("My CAcert.org Account!"));
135 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
136 showfooter();
137 exit;
138 }
139 $checkemail = checkEmail($_REQUEST['newemail']);
140 if($checkemail != "OK")
141 {
142 showheader(_("My CAcert.org Account!"));
143 if (substr($checkemail, 0, 1) == "4")
144 {
145 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
146 } else {
147 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
148 }
149 echo "<p>$checkemail</p>\n";
150 showfooter();
151 exit;
152 }
153 $hash = make_hash();
154 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
155 mysql_query($query);
156 $emailid = mysql_insert_id();
157
158 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
159 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
160 $body .= _("Best regards")."\n"._("CAcert.org Support!");
161
162 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
163
164 showheader(_("My CAcert.org Account!"));
165 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
166 showfooter();
167 exit;
168 }
169
170 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
171 {
172 $id = 2;
173 $emailid = intval($_REQUEST['emailid']);
174 $query = "select * from `email` where `id`='$emailid' and `memid`='".intval($_SESSION['profile']['id'])."' and `hash` = '' and `deleted`=0";
175 $res = mysql_query($query);
176 if(mysql_num_rows($res) <= 0)
177 {
178 showheader(_("Error!"));
179 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
180 showfooter();
181 exit;
182 }
183 $row = mysql_fetch_assoc($res);
184 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
185 $body .= _("You are receiving this email because you or someone else ".
186 "has changed the default email on your account.")."\n\n";
187
188 $body .= _("Best regards")."\n"._("CAcert.org Support!");
189
190 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
191 "support@cacert.org", "", "", "CAcert Support");
192
193 $_SESSION['profile']['email'] = $row['email'];
194 $query = "update `users` set `email`='".mysql_real_escape_string($row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
195 mysql_query($query);
196 showheader(_("My CAcert.org Account!"));
197 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
198 showfooter();
199 exit;
200 }
201
202 if($process != "" && $oldid == 2)
203 {
204 $id = 2;
205 csrf_check("chgdef");
206 showheader(_("My CAcert.org Account!"));
207 $delcount = 0;
208 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
209 {
210 $deltitle=false;
211 foreach($_REQUEST['delid'] as $id)
212 {
213 if (!$deltitle) {
214 echo _('The following email addresses have been removed:')."<br>\n";
215 $deltitle=true;
216 }
217 $id = intval($id);
218 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
219 `email`!='".mysql_real_escape_string($_SESSION['profile']['email'])."'";
220 $res = mysql_query($query);
221 if(mysql_num_rows($res) > 0)
222 {
223 $row = mysql_fetch_assoc($res);
224 echo $row['email']."<br>\n";
225 account_email_delete($row['id']);
226 $delcount++;
227 }
228 }
229 }
230 else
231 {
232 echo _("You did not select any email accounts for removal.");
233 }
234 if(0 == $delcount)
235 {
236 echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
237 }
238
239 showfooter();
240 exit;
241 }
242
243 if($process != "" && $oldid == 3)
244 {
245 if(!array_key_exists('CCA',$_REQUEST))
246 {
247 showheader(_("My CAcert.org Account!"));
248 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
249 showfooter();
250 exit;
251 }
252
253 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
254 {
255 showheader(_("My CAcert.org Account!"));
256 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
257 showfooter();
258 exit;
259 }
260
261 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
262
263 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
264 if($_SESSION['profile']['points'] >= 50)
265 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
266 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
267 {
268 $_REQUEST['codesign'] = 0;
269 }
270 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
271 {
272 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
273 $_SESSION['_config']['incname'] = 1;
274 }
275 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
276 $_SESSION['_config']['codesign'] = 1;
277 else
278 $_SESSION['_config']['codesign'] = 0;
279
280 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
281 $_SESSION['_config']['disablelogin'] = 0;
282 else
283 $_SESSION['_config']['disablelogin'] = 1;
284
285 $_SESSION['_config']['rootcert'] = 1;
286 if($_SESSION['profile']['points'] >= 50)
287 {
288 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
289 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
290 $_SESSION['_config']['rootcert'] = 1;
291 }
292 $csr = "";
293 if(trim($_REQUEST['optionalCSR']) == "")
294 {
295 $id = 4;
296 } else {
297 $oldid = 4;
298 $_REQUEST['keytype'] = "MS";
299 $csr = clean_csr($_REQUEST['optionalCSR']);
300 }
301
302 $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
303 }
304
305 if($oldid == 4)
306 {
307 if($_REQUEST['keytype'] == "NS")
308 {
309 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
310
311 if($spkac=="" || $spkac == "deadbeef")
312 {
313 $id = 4;
314 showheader(_("My CAcert.org Account!"));
315 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
316 showfooter();
317 exit;
318 }
319 $count = 0;
320 $emails = "";
321 $addys = array();
322 $defaultemail="";
323 if(is_array($_SESSION['_config']['addid']))
324 foreach($_SESSION['_config']['addid'] as $id)
325 {
326 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
327 if(mysql_num_rows($res) > 0)
328 {
329 $row = mysql_fetch_assoc($res);
330 if(!$emails)
331 $defaultemail = $row['email'];
332 $emails .= "$count.emailAddress = ".$row['email']."\n";
333 $count++;
334 $addys[] = intval($row['id']);
335 }
336 }
337 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
338 {
339 $id = 4;
340 showheader(_("My CAcert.org Account!"));
341 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
342 showfooter();
343 exit;
344 }
345 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
346 if($_SESSION['_config']['SSO'] == 1)
347 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
348
349 if(strlen($user['mname']) == 1)
350 $user['mname'] .= '.';
351 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
352 {
353 $emails .= "commonName = CAcert WoT User\n";
354 }
355 else
356 {
357 if($_SESSION['_config']['incname'] == 1)
358 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
359 if($_SESSION['_config']['incname'] == 2)
360 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
361 if($_SESSION['_config']['incname'] == 3)
362 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
363 if($_SESSION['_config']['incname'] == 4)
364 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
365 }
366 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
367 $_SESSION['_config']['rootcert'] = 1;
368
369 $emails .= "SPKAC = $spkac";
370 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
371 {
372 $id = 4;
373 showheader(_("My CAcert.org Account!"));
374 echo $weakKey;
375 showfooter();
376 exit;
377 }
378
379 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
380
381 $query = "insert into emailcerts set
382 `CN`='$defaultemail',
383 `keytype`='NS',
384 `memid`='".intval($_SESSION['profile']['id'])."',
385 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
386 `codesign`='".intval($_SESSION['_config']['codesign'])."',
387 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
388 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
389 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
390 mysql_query($query);
391 $emailid = mysql_insert_id();
392 if(is_array($addys))
393 foreach($addys as $addy)
394 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
395 $CSRname=generatecertpath("csr","client",$emailid);
396 $fp = fopen($CSRname, "w");
397 fputs($fp, $emails);
398 fclose($fp);
399 $challenge=$_SESSION['spkac_hash'];
400 $CSRname_esc = escapeshellarg($CSRname);
401 $res=`openssl spkac -verify -in $CSRname_esc`;
402 if(!strstr($res,"Challenge String: ".$challenge))
403 {
404 $id = $oldid;
405 showheader(_("My CAcert.org Account!"));
406 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
407 showfooter();
408 exit;
409 }
410 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
411 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
412 if($csr == "")
413 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
414
415 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
416 {
417 $id = 4;
418 showheader(_("My CAcert.org Account!"));
419 echo $weakKey;
420 showfooter();
421 exit;
422 }
423
424 $tmpfname = tempnam("/tmp", "id4CSR");
425 $fp = fopen($tmpfname, "w");
426 fputs($fp, $csr);
427 fclose($fp);
428
429 $addys = array();
430 $defaultemail = "";
431 $csrsubject="";
432
433 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
434 if(strlen($user['mname']) == 1)
435 $user['mname'] .= '.';
436 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
437 $csrsubject = "/CN=CAcert WoT User";
438 if($_SESSION['_config']['incname'] == 1)
439 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
440 if($_SESSION['_config']['incname'] == 2)
441 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
442 if($_SESSION['_config']['incname'] == 3)
443 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
444 if($_SESSION['_config']['incname'] == 4)
445 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
446 if(is_array($_SESSION['_config']['addid']))
447 foreach($_SESSION['_config']['addid'] as $id)
448 {
449 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
450 if(mysql_num_rows($res) > 0)
451 {
452 $row = mysql_fetch_assoc($res);
453 if($defaultemail == "")
454 $defaultemail = $row['email'];
455 $csrsubject .= "/emailAddress=".$row['email'];
456 $addys[] = $row['id'];
457 }
458 }
459 if($_SESSION['_config']['SSO'] == 1)
460 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
461
462 $tmpname = tempnam("/tmp", "id4csr");
463 $tmpfname_esc = escapeshellarg($tmpfname);
464 $tmpname_esc = escapeshellarg($tmpname);
465 $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`;
466 @unlink($tmpfname);
467 $csr = "";
468 $fp = fopen($tmpname, "r");
469 while($data = fgets($fp, 4096))
470 $csr .= $data;
471 fclose($fp);
472 @unlink($tmpname);
473 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
474 $_SESSION['_config']['rootcert'] = 1;
475
476 if($csr == "")
477 {
478 $id = 4;
479 showheader(_("My CAcert.org Account!"));
480 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
481 showfooter();
482 exit;
483 }
484 $query = "insert into emailcerts set
485 `CN`='$defaultemail',
486 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
487 `memid`='".intval($_SESSION['profile']['id'])."',
488 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
489 `subject`='".mysql_real_escape_string($csrsubject)."',
490 `codesign`='".intval($_SESSION['_config']['codesign'])."',
491 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
492 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
493 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
494 mysql_query($query);
495 $emailid = mysql_insert_id();
496 if(is_array($addys))
497 foreach($addys as $addy)
498 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
499 $CSRname=generatecertpath("csr","client",$emailid);
500 $fp = fopen($CSRname, "w");
501 fputs($fp, $csr);
502 fclose($fp);
503 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
504 }
505 waitForResult("emailcerts", $emailid, 4);
506 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
507 $res = mysql_query($query);
508 if(mysql_num_rows($res) <= 0)
509 {
510 $id = 4;
511 showheader(_("My CAcert.org Account!"));
512 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
513 showfooter();
514 exit;
515 } else {
516 $id = 6;
517 $cert = $emailid;
518 $_REQUEST['cert']=$emailid;
519 }
520 }
521
522 if($oldid == 7)
523 {
524 csrf_check("adddomain");
525 if(strstr($_REQUEST['newdomain'],"\x00"))
526 {
527 showheader(_("My CAcert.org Account!"));
528 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
529 showfooter();
530 exit;
531 }
532
533 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
534 while($newdomain['0'] == '-')
535 $newdomain = substr($newdomain, 1);
536 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
537 {
538 showheader(_("My CAcert.org Account!"));
539 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
540 showfooter();
541 exit;
542 }
543
544 $newdom = trim(escapeshellarg($newdomain));
545 $newdomain = mysql_real_escape_string(trim($newdomain));
546
547 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
548 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
549 $res2 = mysql_query($query);
550 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
551 {
552 $oldid=0;
553 $id = 7;
554 showheader(_("My CAcert.org Account!"));
555 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
556 showfooter();
557 exit;
558 }
559 }
560
561 if($oldid == 7)
562 {
563 $oldid=0;
564 $id = 8;
565 $addy = array();
566 $adds = array();
567 if(strtolower(substr($newdom, -4, 3)) != ".jp")
568 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
569 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
570 {
571 if(is_array($adds))
572 foreach($adds as $line)
573 {
574 $bits = explode(":", $line, 2);
575 $line = trim($bits[1]);
576 if(!in_array($line, $addy) && $line != "")
577 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
578 }
579 } else {
580 if(is_array($adds))
581 foreach($adds as $line)
582 {
583 $line = trim(str_replace("\t", " ", $line));
584 $line = trim(str_replace("(", "", $line));
585 $line = trim(str_replace(")", " ", $line));
586 $line = trim(str_replace(":", " ", $line));
587
588 $bits = explode(" ", $line);
589 foreach($bits as $bit)
590 {
591 if(strstr($bit, "@"))
592 $line = $bit;
593 }
594 if(!in_array($line, $addy) && $line != "")
595 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
596 }
597 }
598
599 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
600 foreach($rfc as $sub)
601 if(!in_array($sub, $addy))
602 $addy[] = $sub;
603 $_SESSION['_config']['addy'] = $addy;
604 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
605 }
606
607 if($process != "" && $oldid == 8)
608 {
609 csrf_check('ctcinfo');
610 $oldid=0;
611 $id = 8;
612
613 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
614
615 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
616 {
617 showheader(_("My CAcert.org Account!"));
618 echo _("The address you submitted isn't a valid authority address for the domain.");
619 showfooter();
620 exit;
621 }
622
623 if(!in_array($authaddy, $_SESSION['_config']['addy']))
624 {
625 showheader(_("My CAcert.org Account!"));
626 echo _("The address you submitted isn't a valid authority address for the domain.");
627 showfooter();
628 exit;
629 }
630
631 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
632 $res = mysql_query($query);
633 if(mysql_num_rows($res) > 0)
634 {
635 showheader(_("My CAcert.org Account!"));
636 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
637 showfooter();
638 exit;
639 }
640 $checkemail = checkEmail($authaddy);
641 if($checkemail != "OK")
642 {
643 showheader(_("My CAcert.org Account!"));
644 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
645 if (substr($checkemail, 0, 1) == "4")
646 {
647 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
648 } else {
649 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
650 }
651 echo "<p>$checkemail</p>\n";
652 showfooter();
653 exit;
654 }
655
656 $hash = make_hash();
657 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
658 `memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
659 mysql_query($query);
660 $domainid = mysql_insert_id();
661
662 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
663 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
664 $body .= _("Best regards")."\n"._("CAcert.org Support!");
665
666 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
667
668 showheader(_("My CAcert.org Account!"));
669 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
670 showfooter();
671 exit;
672 }
673
674 if($process != "" && $oldid == 9)
675 {
676 $id = 9;
677 showheader(_("My CAcert.org Account!"));
678 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
679 {
680 echo _("The following domains have been removed:")."<br>
681 ("._("Any valid certificates will be revoked as well").")<br>\n";
682
683 foreach($_REQUEST['delid'] as $id)
684 {
685 $id = intval($id);
686 $query = "select * from `domains` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
687 $res = mysql_query($query);
688 if(mysql_num_rows($res) > 0)
689 {
690 $row = mysql_fetch_assoc($res);
691 echo $row['domain']."<br>\n";
692 account_domain_delete($row['id']);
693 }
694
695 }
696 }
697 else
698 {
699 echo _("You did not select any domains for removal.");
700 }
701
702 showfooter();
703 exit;
704 }
705
706 if($process != "" && $oldid == 10)
707 {
708 if(!array_key_exists('CCA',$_REQUEST))
709 {
710 showheader(_("My CAcert.org Account!"));
711 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
712 showfooter();
713 exit;
714 }
715
716 $CSR = clean_csr($_REQUEST['CSR']);
717 if(strpos($CSR,"---BEGIN")===FALSE)
718 {
719 // In case the CSR is missing the ---BEGIN lines, add them automatically:
720 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
721 }
722
723 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
724 {
725 showheader(_("My CAcert.org Account!"));
726 echo $weakKey;
727 showfooter();
728 exit;
729 }
730
731 $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
732
733 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
734 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
735 fputs($fp, $CSR);
736 fclose($fp);
737 $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
738 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
739 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
740 foreach($bits as $val)
741 {
742 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
743 }
744 $id = 11;
745
746 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
747 extractit();
748 getcn();
749 getalt();
750
751 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
752 {
753 showheader(_("My CAcert.org Account!"));
754 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
755 showfooter();
756 exit;
757 }
758
759 $_SESSION['_config']['rootcert'] = 1;
760 if($_SESSION['profile']['points'] >= 50)
761 {
762 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
763 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
764 $_SESSION['_config']['rootcert'] = 1;
765 }
766 }
767
768 if($process != "" && $oldid == 11)
769 {
770 if(!file_exists($_SESSION['_config']['tmpfname']))
771 {
772 showheader(_("My CAcert.org Account!"));
773 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
774 showfooter();
775 exit;
776 }
777
778 if (($weakKey = checkWeakKeyCSR(file_get_contents(
779 $_SESSION['_config']['tmpfname']))) !== "")
780 {
781 showheader(_("My CAcert.org Account!"));
782 echo $weakKey;
783 showfooter();
784 exit;
785 }
786
787 $id = 11;
788 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
789 {
790 showheader(_("My CAcert.org Account!"));
791 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
792 showfooter();
793 exit;
794 }
795
796 $subject = buildSubjectFromSession();
797
798 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
799 $_SESSION['_config']['rootcert'] = 1;
800
801 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
802
803 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
804 {
805 $query = "insert into `domaincerts` set
806 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
807 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
808 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
809 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
810 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
811 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
812 $query = "insert into `domaincerts` set
813 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
814 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
815 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
816 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
817 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
818 } else {
819 showheader(_("My CAcert.org Account!"));
820 echo _("Domain not verified.");
821 showfooter();
822 exit;
823 }
824
825 mysql_query($query);
826 $CSRid = mysql_insert_id();
827
828 if(is_array($_SESSION['_config']['rowid']))
829 foreach($_SESSION['_config']['rowid'] as $dom)
830 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
831 if(is_array($_SESSION['_config']['altid']))
832 foreach($_SESSION['_config']['altid'] as $dom)
833 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
834
835 $CSRname=generatecertpath("csr","server",$CSRid);
836 rename($_SESSION['_config']['tmpfname'], $CSRname);
837 chmod($CSRname,0644);
838 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
839 waitForResult("domaincerts", $CSRid, 11);
840 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
841 $res = mysql_query($query);
842 if(mysql_num_rows($res) <= 0)
843 {
844 $id = 11;
845 showheader(_("My CAcert.org Account!"));
846 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
847 showfooter();
848 exit;
849 } else {
850 $id = 15;
851 $cert = $CSRid;
852 $_REQUEST['cert']=$CSRid;
853 }
854 }
855
856 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
857 {
858 csrf_check('srvcerchange');
859 $id = 12;
860 showheader(_("My CAcert.org Account!"));
861 if(is_array($_REQUEST['revokeid']))
862 {
863 echo _("Now renewing the following certificates:")."<br>\n";
864 foreach($_REQUEST['revokeid'] as $id)
865 {
866 $id = intval($id);
867 echo _("Processing request")." $id:<br/>";
868 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
869 where `domaincerts`.`id`='$id' and
870 `domaincerts`.`domid`=`domains`.`id` and
871 `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
872 $res = mysql_query($query);
873 if(mysql_num_rows($res) <= 0)
874 {
875 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
876 continue;
877 }
878
879 $row = mysql_fetch_assoc($res);
880
881 if (($weakKey = checkWeakKeyX509(file_get_contents(
882 $row['crt_name']))) !== "")
883 {
884 echo $weakKey, "<br/>\n";
885 continue;
886 }
887
888 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
889 $query = "insert into `domaincerts` set
890 `domid`='".intval($row['domid'])."',
891 `CN`='".mysql_real_escape_string($row['CN'])."',
892 `subject`='".mysql_real_escape_string($row['subject'])."',".
893 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
894 "`created`='".mysql_real_escape_string($row['created'])."',
895 `modified`=NOW(),
896 `rootcert`='".intval($row['rootcert'])."',
897 `type`='".intval($row['type'])."',
898 `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
899 `description`='".mysql_real_escape_string($row['description'])."'";
900 mysql_query($query);
901 $newid = mysql_insert_id();
902 $newfile=generatecertpath("csr","server",$newid);
903 copy($row['csr_name'], $newfile);
904 $newfile_esc = escapeshellarg($newfile);
905 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`);
906 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
907 foreach($bits as $val)
908 {
909 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
910 }
911 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
912 extractit();
913 getcn();
914 getalt();
915
916 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
917 {
918 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
919 continue;
920 }
921
922 $subject = buildSubjectFromSession();
923 $subject = mysql_real_escape_string($subject);
924 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
925
926 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
927 waitForResult("domaincerts", $newid,$oldid,0);
928 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
929 $res = mysql_query($query);
930 if(mysql_num_rows($res) <= 0)
931 {
932 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
933 } else {
934 $drow = mysql_fetch_assoc($res);
935 $crt_name = escapeshellarg($drow['crt_name']);
936 $cert = `/usr/bin/openssl x509 -in $crt_name`;
937 echo "<pre>\n$cert\n</pre>\n";
938 }
939 }
940 }
941 else
942 {
943 echo _("You did not select any certificates for renewal.");
944 }
945
946 showfooter();
947 exit;
948 }
949
950 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
951 {
952 csrf_check('srvcerchange');
953 $id = 12;
954 showheader(_("My CAcert.org Account!"));
955 if(is_array($_REQUEST['revokeid']))
956 {
957 echo _("Now revoking the following certificates:")."<br>\n";
958 foreach($_REQUEST['revokeid'] as $id)
959 {
960 $id = intval($id);
961 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
962 where `domaincerts`.`id`='$id' and
963 `domaincerts`.`domid`=`domains`.`id` and
964 `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
965 $res = mysql_query($query);
966 if(mysql_num_rows($res) <= 0)
967 {
968 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
969 continue;
970 }
971 $row = mysql_fetch_assoc($res);
972 if($row['revoke'] > 0)
973 {
974 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
975 continue;
976 }
977 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
978 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
979 }
980
981 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
982 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
983
984 }
985 else
986 {
987 echo _("You did not select any certificates for revocation.");
988 }
989
990 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
991 {
992 echo _("Now deleting the following pending requests:")."<br>\n";
993 foreach($_REQUEST['delid'] as $id)
994 {
995 $id = intval($id);
996 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
997 where `domaincerts`.`id`='$id' and
998 `domaincerts`.`domid`=`domains`.`id` and
999 `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
1000 $res = mysql_query($query);
1001 if(mysql_num_rows($res) <= 0)
1002 {
1003 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1004 continue;
1005 }
1006 $row = mysql_fetch_assoc($res);
1007 if($row['expired'] > 0)
1008 {
1009 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1010 continue;
1011 }
1012 mysql_query("delete from `domaincerts` where `id`='$id'");
1013 @unlink($row['csr_name']);
1014 @unlink($row['crt_name']);
1015 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1016 }
1017 }
1018 showfooter();
1019 exit;
1020 }
1021
1022 if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1023 {
1024 showheader(_("My CAcert.org Account!"));
1025 foreach($_REQUEST as $id => $val)
1026 {
1027 if(substr($id,0,14)=="check_comment_")
1028 {
1029 $cid = intval(substr($id,14));
1030 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1031 mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
1032 }
1033 }
1034 echo(_("Certificate settings have been changed.")."<br/>\n");
1035 showfooter();
1036 exit;
1037 }
1038
1039
1040 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1041 {
1042 showheader(_("My CAcert.org Account!"));
1043 if(is_array($_REQUEST['revokeid']))
1044 {
1045 echo _("Now renewing the following certificates:")."<br>\n";
1046 foreach($_REQUEST['revokeid'] as $id)
1047 {
1048 $id = intval($id);
1049 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1050 where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
1051 $res = mysql_query($query);
1052 if(mysql_num_rows($res) <= 0)
1053 {
1054 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1055 continue;
1056 }
1057
1058 $row = mysql_fetch_assoc($res);
1059
1060 if (($weakKey = checkWeakKeyX509(file_get_contents(
1061 $row['crt_name']))) !== "")
1062 {
1063 echo $weakKey, "<br/>\n";
1064 continue;
1065 }
1066
1067 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1068 $query = "insert into emailcerts set
1069 `memid`='".intval($row['memid'])."',
1070 `CN`='".mysql_real_escape_string($row['CN'])."',
1071 `subject`='".mysql_real_escape_string($row['subject'])."',
1072 `keytype`='".mysql_real_escape_string($row['keytype'])."',
1073 `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
1074 `created`='".mysql_real_escape_string($row['created'])."',
1075 `modified`=NOW(),
1076 `disablelogin`='".intval($row['disablelogin'])."',
1077 `codesign`='".intval($row['codesign'])."',
1078 `rootcert`='".intval($row['rootcert'])."',
1079 `description`='".mysql_real_escape_string($row['description'])."'";
1080 mysql_query($query);
1081 $newid = mysql_insert_id();
1082 $newfile=generatecertpath("csr","client",$newid);
1083 copy($row['csr_name'], $newfile);
1084 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1085 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1086 while($r2 = mysql_fetch_assoc($res))
1087 {
1088 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1089 `emailcertsid`='$newid'");
1090 }
1091 waitForResult("emailcerts", $newid,$oldid,0);
1092 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1093 $res = mysql_query($query);
1094 if(mysql_num_rows($res) <= 0)
1095 {
1096 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1097 } else {
1098 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1099 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1100 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1101 }
1102 }
1103 }
1104 else
1105 {
1106 echo _("You did not select any certificates for renewal.")."<br/>";
1107 }
1108
1109 showfooter();
1110 exit;
1111 }
1112
1113 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1114 {
1115 $id = 5;
1116 showheader(_("My CAcert.org Account!"));
1117 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1118 {
1119 echo _("Now revoking the following certificates:")."<br>\n";
1120 foreach($_REQUEST['revokeid'] as $id)
1121 {
1122 $id = intval($id);
1123 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1124 where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
1125 $res = mysql_query($query);
1126 if(mysql_num_rows($res) <= 0)
1127 {
1128 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1129 continue;
1130 }
1131 $row = mysql_fetch_assoc($res);
1132 if($row['revoke'] > 0)
1133 {
1134 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1135 continue;
1136 }
1137 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1138 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
1139 }
1140
1141 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
1142 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
1143 }
1144 else
1145 {
1146 echo _("You did not select any certificates for revocation.");
1147 }
1148
1149 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1150 {
1151 echo _("Now deleting the following pending requests:")."<br>\n";
1152 foreach($_REQUEST['delid'] as $id)
1153 {
1154 $id = intval($id);
1155 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1156 where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
1157 $res = mysql_query($query);
1158 if(mysql_num_rows($res) <= 0)
1159 {
1160 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1161 continue;
1162 }
1163 $row = mysql_fetch_assoc($res);
1164 if($row['expired'] > 0)
1165 {
1166 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1167 continue;
1168 }
1169 mysql_query("delete from `emailcerts` where `id`='$id'");
1170 @unlink($row['csr_name']);
1171 @unlink($row['crt_name']);
1172 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1173 }
1174 }
1175 showfooter();
1176 exit;
1177 }
1178
1179 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1180 {
1181 showheader(_("My CAcert.org Account!"));
1182 foreach($_REQUEST as $id => $val)
1183 {
1184 if(substr($id,0,5)=="cert_")
1185 {
1186 $cid = intval(substr($id,5));
1187 $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
1188 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
1189 }
1190 if(substr($id,0,14)=="check_comment_")
1191 {
1192 $cid = intval(substr($id,14));
1193 if(!empty($_REQUEST['check_comment_'.$cid])) {
1194 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1195 mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
1196 }
1197 }
1198 }
1199 echo(_("Certificate settings have been changed.")."<br/>\n");
1200 showfooter();
1201 exit;
1202 }
1203
1204 if($oldid == 13 && $process != "" && $showdetails!="")
1205 {
1206 csrf_check("perschange");
1207 $_SESSION['_config']['user'] = $_SESSION['profile'];
1208
1209 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1210 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1211 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1212 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1213 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1214 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1215 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1216 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1217 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1218 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1219
1220 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1221 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1222 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1223 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1224 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1225 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1226 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1227 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1228 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1229 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1230 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1231 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1232 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1233 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1234 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1235 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1236 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1237 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1238 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1239 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1240 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1241 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1242 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1243 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1244 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1245 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1246 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1247 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1248 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1249 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1250 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1251 {
1252 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1253 $id = $oldid;
1254 $oldid=0;
1255 }
1256
1257 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1258 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1259 $_SESSION['_config']['user']['Q5'] == "")
1260 {
1261 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1262 $id = $oldid;
1263 $oldid=0;
1264 }
1265 }
1266
1267 if($oldid == 13 && $process != "")
1268 {
1269 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
1270 $ddres = mysql_query($ddquery);
1271 $ddrow = mysql_fetch_assoc($ddres);
1272 $_SESSION['profile']['points'] = $ddrow['total'];
1273
1274 if($_SESSION['profile']['points'] == 0)
1275 {
1276 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1277 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1278 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1279 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1280 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1281 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1282 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1283
1284 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1285 {
1286 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1287 $id = $oldid;
1288 $oldid=0;
1289 }
1290 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1291 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1292 {
1293 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1294 $id = $oldid;
1295 $oldid=0;
1296 }
1297 }
1298 }
1299
1300 if($oldid == 13 && $process != "")
1301 {
1302 if($_SESSION['profile']['points'] == 0)
1303 {
1304 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1305 `mname`='".$_SESSION['_config']['user']['mname']."',
1306 `lname`='".$_SESSION['_config']['user']['lname']."',
1307 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1308 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1309 where `id`='".intval($_SESSION['profile']['id'])."'";
1310 mysql_query($query);
1311 }
1312 if ($showdetails!="") {
1313 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1314 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1315 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1316 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1317 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1318 `A1`='".$_SESSION['_config']['user']['A1']."',
1319 `A2`='".$_SESSION['_config']['user']['A2']."',
1320 `A3`='".$_SESSION['_config']['user']['A3']."',
1321 `A4`='".$_SESSION['_config']['user']['A4']."',
1322 `A5`='".$_SESSION['_config']['user']['A5']."'
1323 where `id`='".intval($_SESSION['profile']['id'])."'";
1324 mysql_query($query);
1325 }
1326
1327 //!!!Should be rewritten
1328 $_SESSION['_config']['user']['otphash'] = trim(stripslashes(strip_tags($_REQUEST['otphash'])));
1329 $_SESSION['_config']['user']['otppin'] = trim(stripslashes(strip_tags($_REQUEST['otppin'])));
1330 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1331 {
1332 $query = "update `users` set `otphash`='".mysql_real_escape_string($_SESSION['_config']['user']['otphash'])."',
1333 `otppin`='".mysql_real_escape_string($_SESSION['_config']['user']['otppin'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
1334 mysql_query($query);
1335 }
1336
1337 $_SESSION['_config']['user']['set'] = 0;
1338 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
1339 $_SESSION['profile']['loggedin'] = 1;
1340
1341 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
1342 $ddres = mysql_query($ddquery);
1343 $ddrow = mysql_fetch_assoc($ddres);
1344 $_SESSION['profile']['points'] = $ddrow['total'];
1345
1346
1347 $id = 13;
1348 showheader(_("My CAcert.org Account!"));
1349 echo _("Your details have been updated with the database.");
1350 showfooter();
1351 exit;
1352 }
1353
1354 if($oldid == 14 && $process != "")
1355 {
1356 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1357 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1358 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1359
1360 $id = 14;
1361 csrf_check("pwchange");
1362
1363 showheader(_("My CAcert.org Account!"));
1364 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1365 {
1366 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1367 '</h3>', "\n";
1368 echo _("New Pass Phrases specified don't match or were blank.");
1369 } else {
1370 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1371 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1372
1373 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1374 {
1375 $match = mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
1376 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1377 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1378 $rc = mysql_num_rows($match);
1379 } else {
1380 $rc = 1;
1381 }
1382
1383 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1384 echo '<h3 style="color:red">',
1385 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1386 echo _("The Pass Phrase you submitted was too short.");
1387 } else if($score < 3) {
1388 echo '<h3 style="color:red">',
1389 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1390 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1391 } else if($rc <= 0) {
1392 echo '<h3 style="color:red">',
1393 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1394 echo _("You failed to correctly enter your current Pass Phrase.");
1395 } else {
1396 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1397 where `id`='".intval($_SESSION['profile']['id'])."'");
1398 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1399 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1400 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
1401 $body .= _("You are receiving this email because you or someone else ".
1402 "has changed the password on your account.")."\n\n";
1403
1404 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1405
1406 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1407 "support@cacert.org", "", "", "CAcert Support");
1408 }
1409 }
1410 showfooter();
1411 exit;
1412 }
1413
1414 if($oldid == 16)
1415 {
1416 $id = 16;
1417 $_SESSION['_config']['emails'] = array();
1418
1419 foreach($_REQUEST['emails'] as $val)
1420 {
1421 $val = mysql_real_escape_string(stripslashes(trim($val)));
1422 $bits = explode("@", $val);
1423 $count = count($bits);
1424 if($count != 2)
1425 continue;
1426
1427 if(checkownership($bits[1]) == false)
1428 continue;
1429
1430 if(!is_array($_SESSION['_config']['row']))
1431 continue;
1432 else if($_SESSION['_config']['row']['id'] > 0)
1433 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1434
1435 if($val != "")
1436 $_SESSION['_config']['emails'][] = $val;
1437 }
1438 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1439 $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
1440
1441 $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
1442 }
1443
1444 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1445 {
1446 $id = 16;
1447 showheader(_("My CAcert.org Account!"));
1448 echo _("I couldn't match any emails against your organisational account.");
1449 showfooter();
1450 exit;
1451 }
1452
1453 if($oldid == 16 && $process != "")
1454 {
1455 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1456 {
1457 $_REQUEST['codesign'] = 1;
1458 $_SESSION['_config']['codesign'] = 1;
1459 }
1460 else
1461 {
1462 $_REQUEST['codesign'] = 0;
1463 $_SESSION['_config']['codesign'] = 0;
1464 }
1465
1466 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1467 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1468 $_SESSION['_config']['rootcert'] = 1;
1469
1470 $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
1471
1472 if(@count($_SESSION['_config']['emails']) > 0)
1473 $id = 17;
1474 }
1475
1476 if($oldid == 17)
1477 {
1478 $org = $_SESSION['_config']['row'];
1479 if($_REQUEST['keytype'] == "NS")
1480 {
1481 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1482
1483 if($spkac == "" || strlen($spkac) < 128)
1484 {
1485 $id = 17;
1486 showheader(_("My CAcert.org Account!"));
1487 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1488 showfooter();
1489 exit;
1490 }
1491
1492 $count = 0;
1493 $emails = "";
1494 $addys = array();
1495 if(is_array($_SESSION['_config']['emails']))
1496 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1497 {
1498 if(!$emails)
1499 $defaultemail = $_REQUEST['email'];
1500 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1501 $count++;
1502 }
1503 if($_SESSION['_config']['name'] != "")
1504 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1505 if($_SESSION['_config']['OU'])
1506 $emails .= "organizationalUnitName = ".mysql_real_escape_string($_SESSION['_config']['OU'])."\n";
1507 if($org['O'])
1508 $emails .= "organizationName = ".$org['O']."\n";
1509 if($org['L'])
1510 $emails .= "localityName = ".$org['L']."\n";
1511 if($org['ST'])
1512 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1513 if($org['C'])
1514 $emails .= "countryName = ".$org['C']."\n";
1515 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1516 $_SESSION['_config']['rootcert'] = 1;
1517
1518
1519 $emails .= "SPKAC = $spkac";
1520 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1521 {
1522 $id = 17;
1523 showheader(_("My CAcert.org Account!"));
1524 echo $weakKey;
1525 showfooter();
1526 exit;
1527 }
1528
1529 $query = "insert into `orgemailcerts` set
1530 `CN`='$defaultemail',
1531 `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
1532 `keytype`='NS',
1533 `orgid`='".intval($org['orgid'])."',
1534 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1535 `codesign`='".intval($_SESSION['_config']['codesign'])."',
1536 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1537 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1538 mysql_query($query);
1539 $emailid = mysql_insert_id();
1540
1541 foreach($_SESSION['_config']['domids'] as $addy)
1542 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1543
1544 $CSRname=generatecertpath("csr","orgclient",$emailid);
1545 $fp = fopen($CSRname, "w");
1546 fputs($fp, $emails);
1547 fclose($fp);
1548 $challenge=$_SESSION['spkac_hash'];
1549 $CSRname_esc = escapeshellarg($CSRname);
1550 $res=`openssl spkac -verify -in $CSRname_esc`;
1551 if(!strstr($res,"Challenge String: ".$challenge))
1552 {
1553 $id = $oldid;
1554 showheader(_("My CAcert.org Account!"));
1555 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1556 showfooter();
1557 exit;
1558 }
1559 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1560 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1561 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1562
1563 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1564 {
1565 $id = 17;
1566 showheader(_("My CAcert.org Account!"));
1567 echo $weakKey;
1568 showfooter();
1569 exit;
1570 }
1571
1572 $tmpfname = tempnam("/tmp", "id17CSR");
1573 $fp = fopen($tmpfname, "w");
1574 fputs($fp, $csr);
1575 fclose($fp);
1576
1577 $addys = array();
1578 $defaultemail = "";
1579 $csrsubject="";
1580
1581 if($_SESSION['_config']['name'] != "")
1582 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1583 if(is_array($_SESSION['_config']['emails']))
1584 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1585 {
1586 if($defaultemail == "")
1587 $defaultemail = $_REQUEST['email'];
1588 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1589 }
1590 if($_SESSION['_config']['OU'])
1591 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1592 if($org['O'])
1593 $csrsubject .= "/organizationName=".$org['O'];
1594 if($org['L'])
1595 $csrsubject .= "/localityName=".$org['L'];
1596 if($org['ST'])
1597 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1598 if($org['C'])
1599 $csrsubject .= "/countryName=".$org['C'];
1600
1601 $tmpname = tempnam("/tmp", "id17csr");
1602 $tmpfname_esc = escapeshellarg($tmpfname);
1603 $tmpname_esc = escapeshellarg($tmpname);
1604 $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`;
1605 @unlink($tmpfname);
1606 $csr = "";
1607 $fp = fopen($tmpname, "r");
1608 while($data = fgets($fp, 4096))
1609 $csr .= $data;
1610 fclose($fp);
1611 @unlink($tmpname);
1612
1613 if($csr == "")
1614 {
1615 showheader(_("My CAcert.org Account!"));
1616 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1617 showfooter();
1618 exit;
1619 }
1620 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1621 $_SESSION['_config']['rootcert'] = 1;
1622
1623 $query = "insert into `orgemailcerts` set
1624 `CN`='$defaultemail',
1625 `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
1626 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1627 `orgid`='".intval($org['orgid'])."',
1628 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1629 `subject`='".mysql_real_escape_string($csrsubject)."',
1630 `codesign`='".intval($_SESSION['_config']['codesign'])."',
1631 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1632 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1633 mysql_query($query);
1634 $emailid = mysql_insert_id();
1635
1636 foreach($_SESSION['_config']['domids'] as $addy)
1637 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1638
1639 $CSRname=generatecertpath("csr","orgclient",$emailid);
1640 $fp = fopen($CSRname, "w");
1641 fputs($fp, $csr);
1642 fclose($fp);
1643 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1644 }
1645 waitForResult("orgemailcerts", $emailid,$oldid);
1646 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1647 $res = mysql_query($query);
1648 if(mysql_num_rows($res) <= 0)
1649 {
1650 showheader(_("My CAcert.org Account!"));
1651 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1652 showfooter();
1653 exit;
1654 } else {
1655 $id = 19;
1656 $cert = $emailid;
1657 $_REQUEST['cert']=$emailid;
1658 }
1659 }
1660
1661 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1662 {
1663 csrf_check('clicerchange');
1664 showheader(_("My CAcert.org Account!"));
1665 if(is_array($_REQUEST['revokeid']))
1666 {
1667 $id = 18;
1668 echo _("Now renewing the following certificates:")."<br>\n";
1669 foreach($_REQUEST['revokeid'] as $id)
1670 {
1671 echo "Renewing certificate #$id ...\n<br/>";
1672 $id = intval($id);
1673 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1674 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1675 `org`.`orgid`=`orgemailcerts`.`orgid`";
1676 $res = mysql_query($query);
1677 if(mysql_num_rows($res) <= 0)
1678 {
1679 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1680 continue;
1681 }
1682
1683 $row = mysql_fetch_assoc($res);
1684
1685 if (($weakKey = checkWeakKeyX509(file_get_contents(
1686 $row['crt_name']))) !== "")
1687 {
1688 echo $weakKey, "<br/>\n";
1689 continue;
1690 }
1691
1692 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1693 if($row['revoke'] > 0)
1694 {
1695 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1696 continue;
1697 }
1698 $query = "insert into `orgemailcerts` set
1699 `orgid`='".intval($row['orgid'])."',
1700 `CN`='".mysql_real_escape_string($row['CN'])."',
1701 `ou`='".mysql_real_escape_string($row['ou'])."',
1702 `subject`='".mysql_real_escape_string($row['subject'])."',
1703 `keytype`='".mysql_real_escape_string($row['keytype'])."',
1704 `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
1705 `created`='".mysql_real_escape_string($row['created'])."',
1706 `modified`=NOW(),
1707 `codesign`='".intval($row['codesign'])."',
1708 `rootcert`='".intval($row['rootcert'])."',
1709 `description`='".mysql_real_escape_string($row['description'])."'";
1710 mysql_query($query);
1711 $newid = mysql_insert_id();
1712 $newfile=generatecertpath("csr","orgclient",$newid);
1713 copy($row['csr_name'], $newfile);
1714 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1715 waitForResult("orgemailcerts", $newid,$oldid,0);
1716 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1717 $res = mysql_query($query);
1718 if(mysql_num_rows($res) > 0)
1719 {
1720 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1721 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1722 _("Click here")."</a> "._("to install your certificate.");
1723 }
1724 echo("<br/>");
1725 }
1726 }
1727 else
1728 {
1729 echo _("You did not select any certificates for renewal.");
1730 }
1731 showfooter();
1732 exit;
1733 }
1734
1735 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1736 {
1737 csrf_check('clicerchange');
1738 $id = 18;
1739 showheader(_("My CAcert.org Account!"));
1740 if(is_array($_REQUEST['revokeid']))
1741 {
1742 echo _("Now revoking the following certificates:")."<br>\n";
1743 foreach($_REQUEST['revokeid'] as $id)
1744 {
1745 $id = intval($id);
1746 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1747 where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1748 `org`.`orgid`=`orgemailcerts`.`orgid`";
1749 $res = mysql_query($query);
1750 if(mysql_num_rows($res) <= 0)
1751 {
1752 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1753 continue;
1754 }
1755 $row = mysql_fetch_assoc($res);
1756 if($row['revoke'] > 0)
1757 {
1758 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1759 continue;
1760 }
1761 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1762 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
1763 }
1764
1765 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
1766 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
1767 }
1768 else
1769 {
1770 echo _("You did not select any certificates for revocation.");
1771 }
1772
1773 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1774 {
1775 echo _("Now deleting the following pending requests:")."<br>\n";
1776 foreach($_REQUEST['delid'] as $id)
1777 {
1778 $id = intval($id);
1779 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1780 where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1781 `org`.`orgid`=`orgemailcerts`.`orgid`";
1782 $res = mysql_query($query);
1783 if(mysql_num_rows($res) <= 0)
1784 {
1785 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1786 continue;
1787 }
1788 $row = mysql_fetch_assoc($res);
1789 if($row['expired'] > 0)
1790 {
1791 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1792 continue;
1793 }
1794 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1795 @unlink($row['csr_name']);
1796 @unlink($row['crt_name']);
1797 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1798 }
1799 }
1800 showfooter();
1801 exit;
1802 }
1803
1804 if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1805 {
1806 showheader(_("My CAcert.org Account!"));
1807 foreach($_REQUEST as $id => $val)
1808 {
1809 if(substr($id,0,14)=="check_comment_")
1810 {
1811 $cid = intval(substr($id,14));
1812 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1813 mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
1814 }
1815 }
1816 echo(_("Certificate settings have been changed.")."<br/>\n");
1817 showfooter();
1818 exit;
1819 }
1820
1821 if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
1822 {
1823 $id=18;
1824 $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid'];
1825 $_SESSION['_config']['sorting']=$_REQUEST['sorting'];
1826 $_SESSION['_config']['status']=$_REQUEST['status'];
1827 }
1828
1829 if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
1830 {
1831 $id=18;
1832 $_SESSION['_config']['orgfilterid']=0;
1833 $_SESSION['_config']['sorting']=0;
1834 $_SESSION['_config']['status']=0;
1835 }
1836
1837 if($process != "" && $oldid == 20)
1838 {
1839 $CSR = clean_csr($_REQUEST['CSR']);
1840
1841 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1842 {
1843 $id = 20;
1844 showheader(_("My CAcert.org Account!"));
1845 echo $weakKey;
1846 showfooter();
1847 exit;
1848 }
1849
1850 $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
1851
1852 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1853 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1854 fputs($fp, $CSR);
1855 fclose($fp);
1856 $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
1857 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
1858 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1859 foreach($bits as $val)
1860 {
1861 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1862 }
1863 $id = 21;
1864
1865 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1866 extractit();
1867 getcn2();
1868 getalt2();
1869
1870 $query = "select * from `orginfo`,`org`,`orgdomains` where
1871 `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1872 `org`.`orgid`=`orginfo`.`id` and
1873 `org`.`orgid`=`orgdomains`.`orgid` and
1874 `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'";
1875 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1876 $query = "select * from `orginfo`,`org`,`orgdomains` where
1877 `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
1878 `org`.`orgid`=`orginfo`.`id` and
1879 `org`.`orgid`=`orgdomains`.`orgid` and
1880 `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'";
1881 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1882 //echo "<pre>"; print_r($_SESSION['_config']); die;
1883
1884 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1885 {
1886 $id = 20;
1887 showheader(_("My CAcert.org Account!"));
1888 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1889 showfooter();
1890 exit;
1891 }
1892
1893 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1894 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1895 $_SESSION['_config']['rootcert'] = 1;
1896 }
1897
1898 if($process != "" && $oldid == 21)
1899 {
1900 $id = 21;
1901
1902 if(!file_exists($_SESSION['_config']['tmpfname']))
1903 {
1904 showheader(_("My CAcert.org Account!"));
1905 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1906 showfooter();
1907 exit;
1908 }
1909
1910 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1911 $_SESSION['_config']['tmpfname']))) !== "")
1912 {
1913 showheader(_("My CAcert.org Account!"));
1914 echo $weakKey;
1915 showfooter();
1916 exit;
1917 }
1918
1919 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1920 {
1921 showheader(_("My CAcert.org Account!"));
1922 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1923 showfooter();
1924 exit;
1925 }
1926
1927 if($_SESSION['_config']['rowid']['0'] > 0)
1928 {
1929 $query = "select * from `org`,`orginfo` where
1930 `orginfo`.`id`='".intval($_SESSION['_config']['rowid']['0'])."' and
1931 `orginfo`.`id`=`org`.`orgid` and
1932 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
1933 } else {
1934 $query = "select * from `org`,`orginfo` where
1935 `orginfo`.`id`='".intval($_SESSION['_config']['altid']['0'])."' and
1936 `orginfo`.`id`=`org`.`orgid` and
1937 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
1938 }
1939 $org = mysql_fetch_assoc(mysql_query($query));
1940 $csrsubject = "";
1941
1942 if($_SESSION['_config']['OU'])
1943 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1944 if($org['O'])
1945 $csrsubject .= "/organizationName=".$org['O'];
1946 if($org['L'])
1947 $csrsubject .= "/localityName=".$org['L'];
1948 if($org['ST'])
1949 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1950 if($org['C'])
1951 $csrsubject .= "/countryName=".$org['C'];
1952 //if($org['contact'])
1953 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1954
1955 $csrsubject .= buildSubjectFromSession();
1956
1957 $type="";
1958 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1959 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1960 $_SESSION['_config']['rootcert'] = 1;
1961
1962 if($_SESSION['_config']['rowid']['0'] > 0)
1963 {
1964 $query = "insert into `orgdomaincerts` set
1965 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
1966 `orgid`='".intval($org['id'])."',
1967 `created`=NOW(),
1968 `subject`='".mysql_real_escape_string($csrsubject)."',
1969 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1970 `type`='".$type."',
1971 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1972 } else {
1973 $query = "insert into `orgdomaincerts` set
1974 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
1975 `orgid`='".intval($org['id'])."',
1976 `created`=NOW(),
1977 `subject`='".mysql_real_escape_string($csrsubject)."',
1978 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
1979 `type`='".$type."',
1980 `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
1981 }
1982 mysql_query($query);
1983 $CSRid = mysql_insert_id();
1984
1985 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1986 rename($_SESSION['_config']['tmpfname'], $CSRname);
1987 chmod($CSRname,0644);
1988 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1989 if(is_array($_SESSION['_config']['rowid']))
1990 foreach($_SESSION['_config']['rowid'] as $id)
1991 mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
1992 if(is_array($_SESSION['_config']['altid']))
1993 foreach($_SESSION['_config']['altid'] as $id)
1994 mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
1995 waitForResult("orgdomaincerts", $CSRid,$oldid);
1996 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1997 $res = mysql_query($query);
1998 if(mysql_num_rows($res) <= 0)
1999 {
2000 showheader(_("My CAcert.org Account!"));
2001 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2002 showfooter();
2003 exit;
2004 } else {
2005 $id = 23;
2006 $cert = $CSRid;
2007 $_REQUEST['cert']=$CSRid;
2008 }
2009 }
2010
2011 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
2012 {
2013 csrf_check('orgsrvcerchange');
2014 showheader(_("My CAcert.org Account!"));
2015 if(is_array($_REQUEST['revokeid']))
2016 {
2017 echo _("Now renewing the following certificates:")."<br>\n";
2018 foreach($_REQUEST['revokeid'] as $id)
2019 {
2020 $id = intval($id);
2021 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2022 `orgdomaincerts`,`org`
2023 where `orgdomaincerts`.`id`='$id' and
2024 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2025 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
2026 $res = mysql_query($query);
2027 if(mysql_num_rows($res) <= 0)
2028 {
2029 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2030 continue;
2031 }
2032
2033 $row = mysql_fetch_assoc($res);
2034
2035 if (($weakKey = checkWeakKeyX509(file_get_contents(
2036 $row['crt_name']))) !== "")
2037 {
2038 echo $weakKey, "<br/>\n";
2039 continue;
2040 }
2041
2042 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
2043 if($row['revoke'] > 0)
2044 {
2045 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2046 continue;
2047 }
2048 $query = "insert into `orgdomaincerts` set
2049 `orgid`='".intval($row['orgid'])."',
2050 `CN`='".mysql_real_escape_string($row['CN'])."',
2051 `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
2052 `created`='".mysql_real_escape_string($row['created'])."',
2053 `modified`=NOW(),
2054 `subject`='".mysql_real_escape_string($row['subject'])."',
2055 `type`='".intval($row['type'])."',
2056 `rootcert`='".intval($row['rootcert'])."',
2057 `description`='".mysql_real_escape_string($row['description'])."'";
2058 mysql_query($query);
2059 $newid = mysql_insert_id();
2060 //echo "NewID: $newid<br/>\n";
2061 $newfile=generatecertpath("csr","orgserver",$newid);
2062 copy($row['csr_name'], $newfile);
2063 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
2064 echo _("Renewing").": ".$row['CN']."<br>\n";
2065 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
2066 while($r2 = mysql_fetch_assoc($res))
2067 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
2068 waitForResult("orgdomaincerts", $newid,$oldid,0);
2069 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
2070 $res = mysql_query($query);
2071 if(mysql_num_rows($res) <= 0)
2072 {
2073 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2074 } else {
2075 $drow = mysql_fetch_assoc($res);
2076 $crtname = escapeshellarg($drow['crt_name']);
2077 $cert = `/usr/bin/openssl x509 -in $crtname`;
2078 echo "<pre>\n$cert\n</pre>\n";
2079 }
2080 }
2081 }
2082 else
2083 {
2084 echo _("You did not select any certificates for renewal.");
2085 }
2086 showfooter();
2087 exit;
2088 }
2089
2090 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
2091 {
2092 csrf_check('orgsrvcerchange');
2093 showheader(_("My CAcert.org Account!"));
2094 if(is_array($_REQUEST['revokeid']))
2095 {
2096 echo _("Now revoking the following certificates:")."<br>\n";
2097 foreach($_REQUEST['revokeid'] as $id)
2098 {
2099 $id = intval($id);
2100 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2101 `orgdomaincerts`,`org`
2102 where `orgdomaincerts`.`id`='$id' and
2103 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2104 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
2105 $res = mysql_query($query);
2106 if(mysql_num_rows($res) <= 0)
2107 {
2108 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2109 continue;
2110 }
2111 $row = mysql_fetch_assoc($res);
2112 if($row['revoke'] > 0)
2113 {
2114 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2115 continue;
2116 }
2117 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2118 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
2119 }
2120
2121 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
2122 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
2123 }
2124 else
2125 {
2126 echo _("You did not select any certificates for revocation.");
2127 }
2128
2129 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2130 {
2131 echo _("Now deleting the following pending requests:")."<br>\n";
2132 foreach($_REQUEST['delid'] as $id)
2133 {
2134 $id = intval($id);
2135 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2136 `orgdomaincerts`,`org`
2137 where `orgdomaincerts`.`id`='$id' and
2138 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2139 `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
2140 $res = mysql_query($query);
2141 if(mysql_num_rows($res) <= 0)
2142 {
2143 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2144 continue;
2145 }
2146 $row = mysql_fetch_assoc($res);
2147 if($row['expired'] > 0)
2148 {
2149 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2150 continue;
2151 }
2152 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2153 @unlink($row['csr_name']);
2154 @unlink($row['crt_name']);
2155 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2156 }
2157 }
2158 showfooter();
2159 exit;
2160 }
2161
2162 if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
2163 {
2164 showheader(_("My CAcert.org Account!"));
2165 foreach($_REQUEST as $id => $val)
2166 {
2167 if(substr($id,0,14)=="check_comment_")
2168 {
2169 $cid = intval(substr($id,14));
2170 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
2171 mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
2172 }
2173 }
2174 echo(_("Certificate settings have been changed.")."<br/>\n");
2175 showfooter();
2176 exit;
2177 }
2178
2179 if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
2180 {
2181 $id=22;
2182 $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid'];
2183 $_SESSION['_config']['dsorting']=$_REQUEST['dsorting'];
2184 $_SESSION['_config']['dstatus']=$_REQUEST['dstatus'];
2185 }
2186
2187 if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
2188 {
2189 $id=22;
2190 $_SESSION['_config']['dorgfilterid']=0;
2191 $_SESSION['_config']['dsorting']=0;
2192 $_SESSION['_config']['dstatus']=0;
2193 }
2194
2195
2196 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2197 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2198 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2199 $_SESSION['profile']['orgadmin'] != 1)
2200 {
2201 showheader(_("My CAcert.org Account!"));
2202 echo _("You don't have access to this area.");
2203 showfooter();
2204 exit;
2205 }
2206
2207 if($oldid == 24 && $process != "")
2208 {
2209 $id = intval($oldid);
2210 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2211 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2212 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2213 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2214 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2215 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2216
2217 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2218 {
2219 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2220 } else {
2221 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2222 `contact`='".$_SESSION['_config']['contact']."',
2223 `L`='".$_SESSION['_config']['L']."',
2224 `ST`='".$_SESSION['_config']['ST']."',
2225 `C`='".$_SESSION['_config']['C']."',
2226 `comments`='".$_SESSION['_config']['comments']."'");
2227 showheader(_("My CAcert.org Account!"));
2228 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2229 showfooter();
2230 exit;
2231 }
2232 }
2233
2234 if($oldid == 27 && $process != "")
2235 {
2236 csrf_check('orgdetchange');
2237 $id = intval($oldid);
2238 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2239 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2240 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2241 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2242 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2243 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2244
2245 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2246 {
2247 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2248 } else {
2249 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2250 `contact`='".$_SESSION['_config']['contact']."',
2251 `L`='".$_SESSION['_config']['L']."',
2252 `ST`='".$_SESSION['_config']['ST']."',
2253 `C`='".$_SESSION['_config']['C']."',
2254 `comments`='".$_SESSION['_config']['comments']."'
2255 where `id`='".intval($_SESSION['_config']['orgid'])."'");
2256 showheader(_("My CAcert.org Account!"));
2257 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2258 showfooter();
2259 exit;
2260 }
2261 }
2262
2263 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2264 {
2265 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2266 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2267 if(mysql_num_rows($res1) > 0)
2268 {
2269 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2270 $id = $oldid;
2271 $oldid=0;
2272 }
2273 }
2274
2275 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2276 {
2277 $oldid=0;
2278 $id = 25;
2279 }
2280
2281 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2282 {
2283 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2284 showheader(_("My CAcert.org Account!"));
2285 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2286 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2287 showfooter();
2288 exit;
2289 }
2290
2291 if($oldid == 29 && $process != "")
2292 {
2293 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2294
2295 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2296 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2297 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2298 {
2299 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2300 $id = $oldid;
2301 $oldid=0;
2302 }
2303 }
2304
2305 if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2306 {
2307 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2308 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2309 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2310 `orgdomains`.`id`='".intval($domid)."'";
2311 $res = mysql_query($query);