bug 448: Inline the static string in printf() and add a note to translators
[cacert-devel.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once("../includes/lib/check_weak_key.php");
21 require_once("../includes/notary.inc.php");
22
23 loadem("account");
24
25 /**
26 * Build a subject string as needed by the signer
27 *
28 * @param array(string) $domains
29 * First domain is used as CN and repeated in subjectAltName. Duplicates
30 * should already been removed
31 *
32 * @param bool $include_xmpp_addr
33 * [default: true] Whether to include the XmppAddr in the subjectAltName.
34 * This is needed if the Jabber server is jabber.example.com but a Jabber ID
35 * on that server would be alice@example.com
36 *
37 * @return string
38 */
39 function buildSubject(array $domains, $include_xmpp_addr = true) {
40 $subject = "/CN=${domains[0]}";
41
42 foreach ($domains as $domain) {
43 $subject .= "/subjectAltName=DNS:$domain";
44
45 if ($include_xmpp_addr) {
46 $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
47 }
48 }
49
50 return $subject;
51 }
52
53 /**
54 * Builds the subject string from the session variables
55 * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
56 *
57 * @return string
58 */
59 function buildSubjectFromSession() {
60 $domains = array();
61
62 if (is_array($_SESSION['_config']['rows'])) {
63 $domains = array_merge($domains, $_SESSION['_config']['rows']);
64 }
65
66 if (is_array($_SESSION['_config']['altrows']))
67 foreach ($_SESSION['_config']['altrows'] as $row) {
68 if (substr($row, 0, 4) === "DNS:") {
69 $domains[] = substr($row, 4);
70 }
71 }
72
73 return buildSubject(array_unique($domains));
74 }
75
76 $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0;
77 $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
78 $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : "";
79 // $showdetalis refers to Secret Question and Answers from account/13.php
80 $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0;
81
82 $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0;
83 $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0;
84 $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0;
85 $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0;
86
87
88 if(!$_SESSION['mconn'])
89 {
90 echo _("Several CAcert Services are currently unavailable. Please try again later.");
91 exit;
92 }
93
94 if ($process == _("Cancel"))
95 {
96 // General reset CANCEL process requests
97 $process = "";
98 }
99
100
101 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
102 {
103 $id = 1;
104 $oldid=0;
105 }
106
107 if($process != "" && $oldid == 1)
108 {
109 $id = 1;
110 csrf_check('addemail');
111 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
112 {
113 showheader(_("My CAcert.org Account!"));
114 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
115 showfooter();
116 exit;
117 }
118 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
119 {
120 showheader(_("My CAcert.org Account!"));
121 printf(_("Not a valid email address. Can't continue."));
122 showfooter();
123 exit;
124 }
125 $oldid=0;
126 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
127 if(check_email_exists($_REQUEST['email'])==true)
128 {
129 showheader(_("My CAcert.org Account!"));
130 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
131 showfooter();
132 exit;
133 }
134 $checkemail = checkEmail($_REQUEST['newemail']);
135 if($checkemail != "OK")
136 {
137 showheader(_("My CAcert.org Account!"));
138 if (substr($checkemail, 0, 1) == "4")
139 {
140 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
141 } else {
142 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
143 }
144 echo "<p>$checkemail</p>\n";
145 showfooter();
146 exit;
147 }
148 $hash = make_hash();
149 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
150 mysql_query($query);
151 $emailid = mysql_insert_id();
152
153 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
154 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
155 $body .= _("Best regards")."\n"._("CAcert.org Support!");
156
157 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
158
159 showheader(_("My CAcert.org Account!"));
160 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
161 showfooter();
162 exit;
163 }
164
165 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
166 {
167 $id = 2;
168 $emailid = intval($_REQUEST['emailid']);
169 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
170 $res = mysql_query($query);
171 if(mysql_num_rows($res) <= 0)
172 {
173 showheader(_("Error!"));
174 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
175 showfooter();
176 exit;
177 }
178 $row = mysql_fetch_assoc($res);
179 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
180 $body .= _("You are receiving this email because you or someone else ".
181 "has changed the default email on your account.")."\n\n";
182
183 $body .= _("Best regards")."\n"._("CAcert.org Support!");
184
185 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
186 "support@cacert.org", "", "", "CAcert Support");
187
188 $_SESSION['profile']['email'] = $row['email'];
189 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
190 mysql_query($query);
191 showheader(_("My CAcert.org Account!"));
192 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
193 showfooter();
194 exit;
195 }
196
197 if($process != "" && $oldid == 2)
198 {
199 $id = 2;
200 csrf_check("chgdef");
201 showheader(_("My CAcert.org Account!"));
202 $delcount = 0;
203 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
204 {
205 $deltitle=false;
206 foreach($_REQUEST['delid'] as $id)
207 {
208 if (!$deltitle) {
209 echo _('The following email addresses have been removed:')."<br>\n";
210 $deltitle=true;
211 }
212 $id = intval($id);
213 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
214 `email`!='".$_SESSION['profile']['email']."'";
215 $res = mysql_query($query);
216 if(mysql_num_rows($res) > 0)
217 {
218 $row = mysql_fetch_assoc($res);
219 echo $row['email']."<br>\n";
220 account_email_delete($row['id']);
221 $delcount++;
222 }
223 }
224 }
225 else
226 {
227 echo _("You did not select any email accounts for removal.");
228 }
229 if(0 == $delcount)
230 {
231 echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
232 }
233
234 showfooter();
235 exit;
236 }
237
238 if($process != "" && $oldid == 3)
239 {
240 if(!array_key_exists('CCA',$_REQUEST))
241 {
242 showheader(_("My CAcert.org Account!"));
243 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
244 showfooter();
245 exit;
246 }
247
248 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
249 {
250 showheader(_("My CAcert.org Account!"));
251 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
252 showfooter();
253 exit;
254 }
255
256 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
257
258 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
259 if($_SESSION['profile']['points'] >= 50)
260 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
261 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
262 {
263 $_REQUEST['codesign'] = 0;
264 }
265 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
266 {
267 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
268 $_SESSION['_config']['incname'] = 1;
269 }
270 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
271 $_SESSION['_config']['codesign'] = 1;
272 else
273 $_SESSION['_config']['codesign'] = 0;
274
275 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
276 $_SESSION['_config']['disablelogin'] = 0;
277 else
278 $_SESSION['_config']['disablelogin'] = 1;
279
280 $_SESSION['_config']['rootcert'] = 1;
281 if($_SESSION['profile']['points'] >= 50)
282 {
283 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
284 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
285 $_SESSION['_config']['rootcert'] = 1;
286 }
287 $csr = "";
288 if(trim($_REQUEST['optionalCSR']) == "")
289 {
290 $id = 4;
291 } else {
292 $oldid = 4;
293 $_REQUEST['keytype'] = "MS";
294 $csr = clean_csr($_REQUEST['optionalCSR']);
295 }
296 if(trim($_REQUEST['description']) != ""){
297 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
298 }else{
299 $_SESSION['_config']['description']= "";
300 }
301 }
302
303 if($oldid == 4)
304 {
305 if($_REQUEST['keytype'] == "NS")
306 {
307 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
308
309 if($spkac=="" || $spkac == "deadbeef")
310 {
311 $id = 4;
312 showheader(_("My CAcert.org Account!"));
313 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
314 showfooter();
315 exit;
316 }
317 $count = 0;
318 $emails = "";
319 $addys = array();
320 $defaultemail="";
321 if(is_array($_SESSION['_config']['addid']))
322 foreach($_SESSION['_config']['addid'] as $id)
323 {
324 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
325 if(mysql_num_rows($res) > 0)
326 {
327 $row = mysql_fetch_assoc($res);
328 if(!$emails)
329 $defaultemail = $row['email'];
330 $emails .= "$count.emailAddress = ".$row['email']."\n";
331 $count++;
332 $addys[] = intval($row['id']);
333 }
334 }
335 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
336 {
337 $id = 4;
338 showheader(_("My CAcert.org Account!"));
339 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
340 showfooter();
341 exit;
342 }
343 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
344 if($_SESSION['_config']['SSO'] == 1)
345 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
346
347 if(strlen($user['mname']) == 1)
348 $user['mname'] .= '.';
349 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
350 {
351 $emails .= "commonName = CAcert WoT User\n";
352 }
353 else
354 {
355 if($_SESSION['_config']['incname'] == 1)
356 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
357 if($_SESSION['_config']['incname'] == 2)
358 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
359 if($_SESSION['_config']['incname'] == 3)
360 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
361 if($_SESSION['_config']['incname'] == 4)
362 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
363 }
364 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
365 $_SESSION['_config']['rootcert'] = 1;
366
367 $emails .= "SPKAC = $spkac";
368 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
369 {
370 $id = 4;
371 showheader(_("My CAcert.org Account!"));
372 echo $weakKey;
373 showfooter();
374 exit;
375 }
376
377 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
378
379 $query = "insert into emailcerts set
380 `CN`='$defaultemail',
381 `keytype`='NS',
382 `memid`='".intval($_SESSION['profile']['id'])."',
383 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
384 `codesign`='".intval($_SESSION['_config']['codesign'])."',
385 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
386 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
387 `description`='".$_SESSION['_config']['description']."'";
388 mysql_query($query);
389 $emailid = mysql_insert_id();
390 if(is_array($addys))
391 foreach($addys as $addy)
392 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
393 $CSRname=generatecertpath("csr","client",$emailid);
394 $fp = fopen($CSRname, "w");
395 fputs($fp, $emails);
396 fclose($fp);
397 $challenge=$_SESSION['spkac_hash'];
398 $res=`openssl spkac -verify -in $CSRname`;
399 if(!strstr($res,"Challenge String: ".$challenge))
400 {
401 $id = $oldid;
402 showheader(_("My CAcert.org Account!"));
403 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
404 showfooter();
405 exit;
406 }
407 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
408 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
409 if($csr == "")
410 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
411
412 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
413 {
414 $id = 4;
415 showheader(_("My CAcert.org Account!"));
416 echo $weakKey;
417 showfooter();
418 exit;
419 }
420
421 $tmpfname = tempnam("/tmp", "id4CSR");
422 $fp = fopen($tmpfname, "w");
423 fputs($fp, $csr);
424 fclose($fp);
425
426 $addys = array();
427 $defaultemail = "";
428 $csrsubject="";
429
430 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
431 if(strlen($user['mname']) == 1)
432 $user['mname'] .= '.';
433 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
434 $csrsubject = "/CN=CAcert WoT User";
435 if($_SESSION['_config']['incname'] == 1)
436 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
437 if($_SESSION['_config']['incname'] == 2)
438 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
439 if($_SESSION['_config']['incname'] == 3)
440 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
441 if($_SESSION['_config']['incname'] == 4)
442 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
443 if(is_array($_SESSION['_config']['addid']))
444 foreach($_SESSION['_config']['addid'] as $id)
445 {
446 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
447 if(mysql_num_rows($res) > 0)
448 {
449 $row = mysql_fetch_assoc($res);
450 if($defaultemail == "")
451 $defaultemail = $row['email'];
452 $csrsubject .= "/emailAddress=".$row['email'];
453 $addys[] = $row['id'];
454 }
455 }
456 if($_SESSION['_config']['SSO'] == 1)
457 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
458
459 $tmpname = tempnam("/tmp", "id4csr");
460 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
461 @unlink($tmpfname);
462 $csr = "";
463 $fp = fopen($tmpname, "r");
464 while($data = fgets($fp, 4096))
465 $csr .= $data;
466 fclose($fp);
467 @unlink($tmpname);
468 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
469 $_SESSION['_config']['rootcert'] = 1;
470
471 if($csr == "")
472 {
473 $id = 4;
474 showheader(_("My CAcert.org Account!"));
475 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
476 showfooter();
477 exit;
478 }
479 $query = "insert into emailcerts set
480 `CN`='$defaultemail',
481 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
482 `memid`='".$_SESSION['profile']['id']."',
483 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
484 `subject`='".mysql_real_escape_string($csrsubject)."',
485 `codesign`='".$_SESSION['_config']['codesign']."',
486 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
487 `rootcert`='".$_SESSION['_config']['rootcert']."',
488 `description`='".$_SESSION['_config']['description']."'";
489 mysql_query($query);
490 $emailid = mysql_insert_id();
491 if(is_array($addys))
492 foreach($addys as $addy)
493 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
494 $CSRname=generatecertpath("csr","client",$emailid);
495 $fp = fopen($CSRname, "w");
496 fputs($fp, $csr);
497 fclose($fp);
498 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
499 }
500 waitForResult("emailcerts", $emailid, 4);
501 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
502 $res = mysql_query($query);
503 if(mysql_num_rows($res) <= 0)
504 {
505 $id = 4;
506 showheader(_("My CAcert.org Account!"));
507 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
508 showfooter();
509 exit;
510 } else {
511 $id = 6;
512 $cert = $emailid;
513 $_REQUEST['cert']=$emailid;
514 }
515 }
516
517 if($oldid == 7)
518 {
519 csrf_check("adddomain");
520 if(strstr($_REQUEST['newdomain'],"\x00"))
521 {
522 showheader(_("My CAcert.org Account!"));
523 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
524 showfooter();
525 exit;
526 }
527
528 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
529 while($newdomain['0'] == '-')
530 $newdomain = substr($newdomain, 1);
531 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
532 {
533 showheader(_("My CAcert.org Account!"));
534 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
535 showfooter();
536 exit;
537 }
538
539 $newdom = trim(escapeshellarg($newdomain));
540 $newdomain = mysql_real_escape_string(trim($newdomain));
541
542 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
543 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
544 $res2 = mysql_query($query);
545 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
546 {
547 $oldid=0;
548 $id = 7;
549 showheader(_("My CAcert.org Account!"));
550 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
551 showfooter();
552 exit;
553 }
554 }
555
556 if($oldid == 7)
557 {
558 $oldid=0;
559 $id = 8;
560 $addy = array();
561 $adds = array();
562 if(strtolower(substr($newdom, -4, 3)) != ".jp")
563 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
564 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
565 {
566 if(is_array($adds))
567 foreach($adds as $line)
568 {
569 $bits = explode(":", $line, 2);
570 $line = trim($bits[1]);
571 if(!in_array($line, $addy) && $line != "")
572 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
573 }
574 } else {
575 if(is_array($adds))
576 foreach($adds as $line)
577 {
578 $line = trim(str_replace("\t", " ", $line));
579 $line = trim(str_replace("(", "", $line));
580 $line = trim(str_replace(")", " ", $line));
581 $line = trim(str_replace(":", " ", $line));
582
583 $bits = explode(" ", $line);
584 foreach($bits as $bit)
585 {
586 if(strstr($bit, "@"))
587 $line = $bit;
588 }
589 if(!in_array($line, $addy) && $line != "")
590 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
591 }
592 }
593
594 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
595 foreach($rfc as $sub)
596 if(!in_array($sub, $addy))
597 $addy[] = $sub;
598 $_SESSION['_config']['addy'] = $addy;
599 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
600 }
601
602 if($process != "" && $oldid == 8)
603 {
604 csrf_check('ctcinfo');
605 $oldid=0;
606 $id = 8;
607
608 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
609
610 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
611 {
612 showheader(_("My CAcert.org Account!"));
613 echo _("The address you submitted isn't a valid authority address for the domain.");
614 showfooter();
615 exit;
616 }
617
618 if(!in_array($authaddy, $_SESSION['_config']['addy']))
619 {
620 showheader(_("My CAcert.org Account!"));
621 echo _("The address you submitted isn't a valid authority address for the domain.");
622 showfooter();
623 exit;
624 }
625
626 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
627 $res = mysql_query($query);
628 if(mysql_num_rows($res) > 0)
629 {
630 showheader(_("My CAcert.org Account!"));
631 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
632 showfooter();
633 exit;
634 }
635 $checkemail = checkEmail($authaddy);
636 if($checkemail != "OK")
637 {
638 showheader(_("My CAcert.org Account!"));
639 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
640 if (substr($checkemail, 0, 1) == "4")
641 {
642 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
643 } else {
644 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
645 }
646 echo "<p>$checkemail</p>\n";
647 showfooter();
648 exit;
649 }
650
651 $hash = make_hash();
652 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
653 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
654 mysql_query($query);
655 $domainid = mysql_insert_id();
656
657 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
658 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
659 $body .= _("Best regards")."\n"._("CAcert.org Support!");
660
661 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
662
663 showheader(_("My CAcert.org Account!"));
664 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
665 showfooter();
666 exit;
667 }
668
669 if($process != "" && $oldid == 9)
670 {
671 $id = 9;
672 showheader(_("My CAcert.org Account!"));
673 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
674 {
675 echo _("The following domains have been removed:")."<br>
676 ("._("Any valid certificates will be revoked as well").")<br>\n";
677
678 foreach($_REQUEST['delid'] as $id)
679 {
680 $id = intval($id);
681 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
682 $res = mysql_query($query);
683 if(mysql_num_rows($res) > 0)
684 {
685 $row = mysql_fetch_assoc($res);
686 echo $row['domain']."<br>\n";
687 account_domain_delete($row['id']);
688 }
689
690 }
691 }
692 else
693 {
694 echo _("You did not select any domains for removal.");
695 }
696
697 showfooter();
698 exit;
699 }
700
701 if($process != "" && $oldid == 10)
702 {
703 if(!array_key_exists('CCA',$_REQUEST))
704 {
705 showheader(_("My CAcert.org Account!"));
706 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
707 showfooter();
708 exit;
709 }
710
711 $CSR = clean_csr($_REQUEST['CSR']);
712 if(strpos($CSR,"---BEGIN")===FALSE)
713 {
714 // In case the CSR is missing the ---BEGIN lines, add them automatically:
715 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
716 }
717
718 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
719 {
720 showheader(_("My CAcert.org Account!"));
721 echo $weakKey;
722 showfooter();
723 exit;
724 }
725
726 if(trim($_REQUEST['description']) != ""){
727 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
728 }else{
729 $_SESSION['_config']['description']= "";
730 }
731
732 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
733 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
734 fputs($fp, $CSR);
735 fclose($fp);
736 $CSR = $_SESSION['_config']['tmpfname'];
737 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
738 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
739 foreach($bits as $val)
740 {
741 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
742 }
743 $id = 11;
744
745 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
746 extractit();
747 getcn();
748 getalt();
749
750 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
751 {
752 showheader(_("My CAcert.org Account!"));
753 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
754 showfooter();
755 exit;
756 }
757
758 $_SESSION['_config']['rootcert'] = 1;
759 if($_SESSION['profile']['points'] >= 50)
760 {
761 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
762 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
763 $_SESSION['_config']['rootcert'] = 1;
764 }
765 }
766
767 if($process != "" && $oldid == 11)
768 {
769 if(!file_exists($_SESSION['_config']['tmpfname']))
770 {
771 showheader(_("My CAcert.org Account!"));
772 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
773 showfooter();
774 exit;
775 }
776
777 if (($weakKey = checkWeakKeyCSR(file_get_contents(
778 $_SESSION['_config']['tmpfname']))) !== "")
779 {
780 showheader(_("My CAcert.org Account!"));
781 echo $weakKey;
782 showfooter();
783 exit;
784 }
785
786 $id = 11;
787 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
788 {
789 showheader(_("My CAcert.org Account!"));
790 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
791 showfooter();
792 exit;
793 }
794
795 $subject = buildSubjectFromSession();
796
797 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
798 $_SESSION['_config']['rootcert'] = 1;
799
800 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
801
802 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
803 {
804 $query = "insert into `domaincerts` set
805 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
806 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
807 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
808 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
809 `description`='".$_SESSION['_config']['description']."'";
810 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
811 $query = "insert into `domaincerts` set
812 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
813 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
814 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
815 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
816 `description`='".$_SESSION['_config']['description']."'";
817 } else {
818 showheader(_("My CAcert.org Account!"));
819 echo _("Domain not verified.");
820 showfooter();
821 exit;
822 }
823
824 mysql_query($query);
825 $CSRid = mysql_insert_id();
826
827 if(is_array($_SESSION['_config']['rowid']))
828 foreach($_SESSION['_config']['rowid'] as $dom)
829 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
830 if(is_array($_SESSION['_config']['altid']))
831 foreach($_SESSION['_config']['altid'] as $dom)
832 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
833
834 $CSRname=generatecertpath("csr","server",$CSRid);
835 rename($_SESSION['_config']['tmpfname'], $CSRname);
836 chmod($CSRname,0644);
837 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
838 waitForResult("domaincerts", $CSRid, 11);
839 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
840 $res = mysql_query($query);
841 if(mysql_num_rows($res) <= 0)
842 {
843 $id = 11;
844 showheader(_("My CAcert.org Account!"));
845 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
846 showfooter();
847 exit;
848 } else {
849 $id = 15;
850 $cert = $CSRid;
851 $_REQUEST['cert']=$CSRid;
852 }
853 }
854
855 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
856 {
857 csrf_check('srvcerchange');
858 $id = 12;
859 showheader(_("My CAcert.org Account!"));
860 if(is_array($_REQUEST['revokeid']))
861 {
862 echo _("Now renewing the following certificates:")."<br>\n";
863 foreach($_REQUEST['revokeid'] as $id)
864 {
865 $id = intval($id);
866 echo _("Processing request")." $id:<br/>";
867 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
868 where `domaincerts`.`id`='$id' and
869 `domaincerts`.`domid`=`domains`.`id` and
870 `domains`.`memid`='".$_SESSION['profile']['id']."'";
871 $res = mysql_query($query);
872 if(mysql_num_rows($res) <= 0)
873 {
874 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
875 continue;
876 }
877
878 $row = mysql_fetch_assoc($res);
879
880 if (($weakKey = checkWeakKeyX509(file_get_contents(
881 $row['crt_name']))) !== "")
882 {
883 echo $weakKey, "<br/>\n";
884 continue;
885 }
886
887 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
888 $query = "insert into `domaincerts` set
889 `domid`='".$row['domid']."',
890 `CN`='".mysql_real_escape_string($row['CN'])."',
891 `subject`='".mysql_real_escape_string($row['subject'])."',".
892 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
893 "`created`='".$row['created']."',
894 `modified`=NOW(),
895 `rootcert`='".$row['rootcert']."',
896 `type`='".$row['type']."',
897 `pkhash`='".$row['pkhash']."',
898 `description`='".$row['description']."'";
899 mysql_query($query);
900 $newid = mysql_insert_id();
901 $newfile=generatecertpath("csr","server",$newid);
902 copy($row['csr_name'], $newfile);
903 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
904 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
905 foreach($bits as $val)
906 {
907 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
908 }
909 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
910 extractit();
911 getcn();
912 getalt();
913
914 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
915 {
916 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
917 continue;
918 }
919
920 $subject = buildSubjectFromSession();
921 $subject = mysql_real_escape_string($subject);
922 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
923
924 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
925 waitForResult("domaincerts", $newid,$oldid,0);
926 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
927 $res = mysql_query($query);
928 if(mysql_num_rows($res) <= 0)
929 {
930 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
931 } else {
932 $drow = mysql_fetch_assoc($res);
933 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
934 echo "<pre>\n$cert\n</pre>\n";
935 }
936 }
937 }
938 else
939 {
940 echo _("You did not select any certificates for renewal.");
941 }
942
943 showfooter();
944 exit;
945 }
946
947 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
948 {
949 csrf_check('srvcerchange');
950 $id = 12;
951 showheader(_("My CAcert.org Account!"));
952 if(is_array($_REQUEST['revokeid']))
953 {
954 echo _("Now revoking the following certificates:")."<br>\n";
955 foreach($_REQUEST['revokeid'] as $id)
956 {
957 $id = intval($id);
958 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
959 where `domaincerts`.`id`='$id' and
960 `domaincerts`.`domid`=`domains`.`id` and
961 `domains`.`memid`='".$_SESSION['profile']['id']."'";
962 $res = mysql_query($query);
963 if(mysql_num_rows($res) <= 0)
964 {
965 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
966 continue;
967 }
968 $row = mysql_fetch_assoc($res);
969 if($row['revoke'] > 0)
970 {
971 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
972 continue;
973 }
974 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
975 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
976 }
977
978 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
979 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
980
981 }
982 else
983 {
984 echo _("You did not select any certificates for revocation.");
985 }
986
987 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
988 {
989 echo _("Now deleting the following pending requests:")."<br>\n";
990 foreach($_REQUEST['delid'] as $id)
991 {
992 $id = intval($id);
993 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
994 where `domaincerts`.`id`='$id' and
995 `domaincerts`.`domid`=`domains`.`id` and
996 `domains`.`memid`='".$_SESSION['profile']['id']."'";
997 $res = mysql_query($query);
998 if(mysql_num_rows($res) <= 0)
999 {
1000 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1001 continue;
1002 }
1003 $row = mysql_fetch_assoc($res);
1004 if($row['expired'] > 0)
1005 {
1006 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1007 continue;
1008 }
1009 mysql_query("delete from `domaincerts` where `id`='$id'");
1010 @unlink($row['csr_name']);
1011 @unlink($row['crt_name']);
1012 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1013 }
1014 }
1015 showfooter();
1016 exit;
1017 }
1018
1019 if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1020 {
1021 showheader(_("My CAcert.org Account!"));
1022 foreach($_REQUEST as $id => $val)
1023 {
1024 if(substr($id,0,14)=="check_comment_")
1025 {
1026 $cid = intval(substr($id,14));
1027 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1028 mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
1029 }
1030 }
1031 echo(_("Certificate settings have been changed.")."<br/>\n");
1032 showfooter();
1033 exit;
1034 }
1035
1036
1037 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1038 {
1039 showheader(_("My CAcert.org Account!"));
1040 if(is_array($_REQUEST['revokeid']))
1041 {
1042 echo _("Now renewing the following certificates:")."<br>\n";
1043 foreach($_REQUEST['revokeid'] as $id)
1044 {
1045 $id = intval($id);
1046 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1047 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1048 $res = mysql_query($query);
1049 if(mysql_num_rows($res) <= 0)
1050 {
1051 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1052 continue;
1053 }
1054
1055 $row = mysql_fetch_assoc($res);
1056
1057 if (($weakKey = checkWeakKeyX509(file_get_contents(
1058 $row['crt_name']))) !== "")
1059 {
1060 echo $weakKey, "<br/>\n";
1061 continue;
1062 }
1063
1064 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1065 $query = "insert into emailcerts set
1066 `memid`='".$row['memid']."',
1067 `CN`='".mysql_real_escape_string($row['CN'])."',
1068 `subject`='".mysql_real_escape_string($row['subject'])."',
1069 `keytype`='".$row['keytype']."',
1070 `csr_name`='".$row['csr_name']."',
1071 `created`='".$row['created']."',
1072 `modified`=NOW(),
1073 `disablelogin`='".$row['disablelogin']."',
1074 `codesign`='".$row['codesign']."',
1075 `rootcert`='".$row['rootcert']."',
1076 `description`='".$row['description']."'";
1077 mysql_query($query);
1078 $newid = mysql_insert_id();
1079 $newfile=generatecertpath("csr","client",$newid);
1080 copy($row['csr_name'], $newfile);
1081 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1082 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1083 while($r2 = mysql_fetch_assoc($res))
1084 {
1085 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1086 `emailcertsid`='$newid'");
1087 }
1088 waitForResult("emailcerts", $newid,$oldid,0);
1089 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1090 $res = mysql_query($query);
1091 if(mysql_num_rows($res) <= 0)
1092 {
1093 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1094 } else {
1095 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1096 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1097 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1098 }
1099 }
1100 }
1101 else
1102 {
1103 echo _("You did not select any certificates for renewal.")."<br/>";
1104 }
1105
1106 showfooter();
1107 exit;
1108 }
1109
1110 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1111 {
1112 $id = 5;
1113 showheader(_("My CAcert.org Account!"));
1114 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1115 {
1116 echo _("Now revoking the following certificates:")."<br>\n";
1117 foreach($_REQUEST['revokeid'] as $id)
1118 {
1119 $id = intval($id);
1120 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1121 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1122 $res = mysql_query($query);
1123 if(mysql_num_rows($res) <= 0)
1124 {
1125 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1126 continue;
1127 }
1128 $row = mysql_fetch_assoc($res);
1129 if($row['revoke'] > 0)
1130 {
1131 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1132 continue;
1133 }
1134 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1135 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
1136 }
1137
1138 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
1139 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
1140 }
1141 else
1142 {
1143 echo _("You did not select any certificates for revocation.");
1144 }
1145
1146 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1147 {
1148 echo _("Now deleting the following pending requests:")."<br>\n";
1149 foreach($_REQUEST['delid'] as $id)
1150 {
1151 $id = intval($id);
1152 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1153 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1154 $res = mysql_query($query);
1155 if(mysql_num_rows($res) <= 0)
1156 {
1157 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1158 continue;
1159 }
1160 $row = mysql_fetch_assoc($res);
1161 if($row['expired'] > 0)
1162 {
1163 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1164 continue;
1165 }
1166 mysql_query("delete from `emailcerts` where `id`='$id'");
1167 @unlink($row['csr_name']);
1168 @unlink($row['crt_name']);
1169 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1170 }
1171 }
1172 showfooter();
1173 exit;
1174 }
1175
1176 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1177 {
1178 showheader(_("My CAcert.org Account!"));
1179 foreach($_REQUEST as $id => $val)
1180 {
1181 if(substr($id,0,5)=="cert_")
1182 {
1183 $cid = intval(substr($id,5));
1184 $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
1185 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
1186 }
1187 if(substr($id,0,14)=="check_comment_")
1188 {
1189 $cid = intval(substr($id,14));
1190 if(!empty($_REQUEST['check_comment_'.$cid])) {
1191 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1192 mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
1193 }
1194 }
1195 }
1196 echo(_("Certificate settings have been changed.")."<br/>\n");
1197 showfooter();
1198 exit;
1199 }
1200
1201 if($oldid == 13 && $process != "" && $showdetails!="")
1202 {
1203 csrf_check("perschange");
1204 $_SESSION['_config']['user'] = $_SESSION['profile'];
1205
1206 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1207 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1208 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1209 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1210 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1211 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1212 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1213 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1214 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1215 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1216
1217 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1218 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1219 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1220 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1221 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1222 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1223 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1224 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1225 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1226 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1227 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1228 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1229 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1230 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1231 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1232 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1233 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1234 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1235 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1236 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1237 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1238 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1239 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1240 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1241 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1242 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1243 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1244 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1245 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1246 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1247 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1248 {
1249 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1250 $id = $oldid;
1251 $oldid=0;
1252 }
1253
1254 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1255 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1256 $_SESSION['_config']['user']['Q5'] == "")
1257 {
1258 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1259 $id = $oldid;
1260 $oldid=0;
1261 }
1262 }
1263
1264 if($oldid == 13 && $process != "")
1265 {
1266 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1267 $ddres = mysql_query($ddquery);
1268 $ddrow = mysql_fetch_assoc($ddres);
1269 $_SESSION['profile']['points'] = $ddrow['total'];
1270
1271 if($_SESSION['profile']['points'] == 0)
1272 {
1273 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1274 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1275 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1276 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1277 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1278 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1279 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1280
1281 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1282 {
1283 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1284 $id = $oldid;
1285 $oldid=0;
1286 }
1287 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1288 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1289 {
1290 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1291 $id = $oldid;
1292 $oldid=0;
1293 }
1294 }
1295 }
1296
1297 if($oldid == 13 && $process != "")
1298 {
1299 if($_SESSION['profile']['points'] == 0)
1300 {
1301 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1302 `mname`='".$_SESSION['_config']['user']['mname']."',
1303 `lname`='".$_SESSION['_config']['user']['lname']."',
1304 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1305 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1306 where `id`='".$_SESSION['profile']['id']."'";
1307 mysql_query($query);
1308 }
1309 if ($showdetails!="") {
1310 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1311 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1312 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1313 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1314 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1315 `A1`='".$_SESSION['_config']['user']['A1']."',
1316 `A2`='".$_SESSION['_config']['user']['A2']."',
1317 `A3`='".$_SESSION['_config']['user']['A3']."',
1318 `A4`='".$_SESSION['_config']['user']['A4']."',
1319 `A5`='".$_SESSION['_config']['user']['A5']."'
1320 where `id`='".$_SESSION['profile']['id']."'";
1321 mysql_query($query);
1322 }
1323
1324 //!!!Should be rewritten
1325 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1326 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1327 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1328 {
1329 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1330 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1331 mysql_query($query);
1332 }
1333
1334 $_SESSION['_config']['user']['set'] = 0;
1335 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1336 $_SESSION['profile']['loggedin'] = 1;
1337
1338 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1339 $ddres = mysql_query($ddquery);
1340 $ddrow = mysql_fetch_assoc($ddres);
1341 $_SESSION['profile']['points'] = $ddrow['total'];
1342
1343
1344 $id = 13;
1345 showheader(_("My CAcert.org Account!"));
1346 echo _("Your details have been updated with the database.");
1347 showfooter();
1348 exit;
1349 }
1350
1351 if($oldid == 14 && $process != "")
1352 {
1353 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1354 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1355 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1356
1357 $id = 14;
1358 csrf_check("pwchange");
1359
1360 showheader(_("My CAcert.org Account!"));
1361 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1362 {
1363 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1364 '</h3>', "\n";
1365 echo _("New Pass Phrases specified don't match or were blank.");
1366 } else {
1367 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1368 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1369
1370 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1371 {
1372 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1373 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1374 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1375 $rc = mysql_num_rows($match);
1376 } else {
1377 $rc = 1;
1378 }
1379
1380 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1381 echo '<h3 style="color:red">',
1382 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1383 echo _("The Pass Phrase you submitted was too short.");
1384 } else if($score < 3) {
1385 echo '<h3 style="color:red">',
1386 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1387 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1388 } else if($rc <= 0) {
1389 echo '<h3 style="color:red">',
1390 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1391 echo _("You failed to correctly enter your current Pass Phrase.");
1392 } else {
1393 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1394 where `id`='".$_SESSION['profile']['id']."'");
1395 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1396 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1397 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
1398 $body .= _("You are receiving this email because you or someone else ".
1399 "has changed the password on your account.")."\n\n";
1400
1401 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1402
1403 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1404 "support@cacert.org", "", "", "CAcert Support");
1405 }
1406 }
1407 showfooter();
1408 exit;
1409 }
1410
1411 if($oldid == 16)
1412 {
1413 $id = 16;
1414 $_SESSION['_config']['emails'] = array();
1415
1416 foreach($_REQUEST['emails'] as $val)
1417 {
1418 $val = mysql_real_escape_string(stripslashes(trim($val)));
1419 $bits = explode("@", $val);
1420 $count = count($bits);
1421 if($count != 2)
1422 continue;
1423
1424 if(checkownership($bits[1]) == false)
1425 continue;
1426
1427 if(!is_array($_SESSION['_config']['row']))
1428 continue;
1429 else if($_SESSION['_config']['row']['id'] > 0)
1430 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1431
1432 if($val != "")
1433 $_SESSION['_config']['emails'][] = $val;
1434 }
1435 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1436 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1437
1438
1439 if(trim($_REQUEST['description']) != ""){
1440 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1441 }else{
1442 $_SESSION['_config']['description']= "";
1443 }
1444 }
1445
1446 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1447 {
1448 $id = 16;
1449 showheader(_("My CAcert.org Account!"));
1450 echo _("I couldn't match any emails against your organisational account.");
1451 showfooter();
1452 exit;
1453 }
1454
1455 if($oldid == 16 && $process != "")
1456 {
1457 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1458 {
1459 $_REQUEST['codesign'] = 1;
1460 $_SESSION['_config']['codesign'] = 1;
1461 }
1462 else
1463 {
1464 $_REQUEST['codesign'] = 0;
1465 $_SESSION['_config']['codesign'] = 0;
1466 }
1467
1468 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1469 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1470 $_SESSION['_config']['rootcert'] = 1;
1471
1472 if(trim($_REQUEST['description']) != ""){
1473 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1474 }else{
1475 $_SESSION['_config']['description']= "";
1476 }
1477
1478 if(@count($_SESSION['_config']['emails']) > 0)
1479 $id = 17;
1480 }
1481
1482 if($oldid == 17)
1483 {
1484 $org = $_SESSION['_config']['row'];
1485 if($_REQUEST['keytype'] == "NS")
1486 {
1487 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1488
1489 if($spkac == "" || strlen($spkac) < 128)
1490 {
1491 $id = 17;
1492 showheader(_("My CAcert.org Account!"));
1493 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1494 showfooter();
1495 exit;
1496 }
1497
1498 $count = 0;
1499 $emails = "";
1500 $addys = array();
1501 if(is_array($_SESSION['_config']['emails']))
1502 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1503 {
1504 if(!$emails)
1505 $defaultemail = $_REQUEST['email'];
1506 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1507 $count++;
1508 }
1509 if($_SESSION['_config']['name'] != "")
1510 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1511 if($_SESSION['_config']['OU'])
1512 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1513 if($org['O'])
1514 $emails .= "organizationName = ".$org['O']."\n";
1515 if($org['L'])
1516 $emails .= "localityName = ".$org['L']."\n";
1517 if($org['ST'])
1518 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1519 if($org['C'])
1520 $emails .= "countryName = ".$org['C']."\n";
1521 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1522 $_SESSION['_config']['rootcert'] = 1;
1523
1524
1525 $emails .= "SPKAC = $spkac";
1526 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1527 {
1528 $id = 17;
1529 showheader(_("My CAcert.org Account!"));
1530 echo $weakKey;
1531 showfooter();
1532 exit;
1533 }
1534
1535 $query = "insert into `orgemailcerts` set
1536 `CN`='$defaultemail',
1537 `ou`='".$_SESSION['_config']['OU']."',
1538 `keytype`='NS',
1539 `orgid`='".$org['orgid']."',
1540 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1541 `codesign`='".$_SESSION['_config']['codesign']."',
1542 `rootcert`='".$_SESSION['_config']['rootcert']."',
1543 `description`='".$_SESSION['_config']['description']."'";
1544 mysql_query($query);
1545 $emailid = mysql_insert_id();
1546
1547 foreach($_SESSION['_config']['domids'] as $addy)
1548 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1549
1550 $CSRname=generatecertpath("csr","orgclient",$emailid);
1551 $fp = fopen($CSRname, "w");
1552 fputs($fp, $emails);
1553 fclose($fp);
1554 $challenge=$_SESSION['spkac_hash'];
1555 $res=`openssl spkac -verify -in $CSRname`;
1556 if(!strstr($res,"Challenge String: ".$challenge))
1557 {
1558 $id = $oldid;
1559 showheader(_("My CAcert.org Account!"));
1560 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1561 showfooter();
1562 exit;
1563 }
1564 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1565 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1566 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1567
1568 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1569 {
1570 $id = 17;
1571 showheader(_("My CAcert.org Account!"));
1572 echo $weakKey;
1573 showfooter();
1574 exit;
1575 }
1576
1577 $tmpfname = tempnam("/tmp", "id17CSR");
1578 $fp = fopen($tmpfname, "w");
1579 fputs($fp, $csr);
1580 fclose($fp);
1581
1582 $addys = array();
1583 $defaultemail = "";
1584 $csrsubject="";
1585
1586 if($_SESSION['_config']['name'] != "")
1587 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1588 if(is_array($_SESSION['_config']['emails']))
1589 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1590 {
1591 if($defaultemail == "")
1592 $defaultemail = $_REQUEST['email'];
1593 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1594 }
1595 if($_SESSION['_config']['OU'])
1596 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1597 if($org['O'])
1598 $csrsubject .= "/organizationName=".$org['O'];
1599 if($org['L'])
1600 $csrsubject .= "/localityName=".$org['L'];
1601 if($org['ST'])
1602 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1603 if($org['C'])
1604 $csrsubject .= "/countryName=".$org['C'];
1605
1606 $tmpname = tempnam("/tmp", "id17csr");
1607 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
1608 @unlink($tmpfname);
1609 $csr = "";
1610 $fp = fopen($tmpname, "r");
1611 while($data = fgets($fp, 4096))
1612 $csr .= $data;
1613 fclose($fp);
1614 @unlink($tmpname);
1615
1616 if($csr == "")
1617 {
1618 showheader(_("My CAcert.org Account!"));
1619 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1620 showfooter();
1621 exit;
1622 }
1623 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1624 $_SESSION['_config']['rootcert'] = 1;
1625
1626 $query = "insert into `orgemailcerts` set
1627 `CN`='$defaultemail',
1628 `ou`='".$_SESSION['_config']['OU']."',
1629 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1630 `orgid`='".$org['orgid']."',
1631 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1632 `subject`='$csrsubject',
1633 `codesign`='".$_SESSION['_config']['codesign']."',
1634 `rootcert`='".$_SESSION['_config']['rootcert']."',
1635 `description`='".$_SESSION['_config']['description']."'";
1636 mysql_query($query);
1637 $emailid = mysql_insert_id();
1638
1639 foreach($_SESSION['_config']['domids'] as $addy)
1640 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1641
1642 $CSRname=generatecertpath("csr","orgclient",$emailid);
1643 $fp = fopen($CSRname, "w");
1644 fputs($fp, $csr);
1645 fclose($fp);
1646 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1647 }
1648 waitForResult("orgemailcerts", $emailid,$oldid);
1649 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1650 $res = mysql_query($query);
1651 if(mysql_num_rows($res) <= 0)
1652 {
1653 showheader(_("My CAcert.org Account!"));
1654 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1655 showfooter();
1656 exit;
1657 } else {
1658 $id = 19;
1659 $cert = $emailid;
1660 $_REQUEST['cert']=$emailid;
1661 }
1662 }
1663
1664 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1665 {
1666 csrf_check('clicerchange');
1667 showheader(_("My CAcert.org Account!"));
1668 if(is_array($_REQUEST['revokeid']))
1669 {
1670 $id = 18;
1671 echo _("Now renewing the following certificates:")."<br>\n";
1672 foreach($_REQUEST['revokeid'] as $id)
1673 {
1674 echo "Renewing certificate #$id ...\n<br/>";
1675 $id = intval($id);
1676 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1677 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1678 `org`.`orgid`=`orgemailcerts`.`orgid`";
1679 $res = mysql_query($query);
1680 if(mysql_num_rows($res) <= 0)
1681 {
1682 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1683 continue;
1684 }
1685
1686 $row = mysql_fetch_assoc($res);
1687
1688 if (($weakKey = checkWeakKeyX509(file_get_contents(
1689 $row['crt_name']))) !== "")
1690 {
1691 echo $weakKey, "<br/>\n";
1692 continue;
1693 }
1694
1695 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1696 if($row['revoke'] > 0)
1697 {
1698 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1699 continue;
1700 }
1701 $query = "insert into `orgemailcerts` set
1702 `orgid`='".$row['orgid']."',
1703 `CN`='".$row['CN']."',
1704 `ou`='".$row['ou']."',
1705 `subject`='".$row['subject']."',
1706 `keytype`='".$row['keytype']."',
1707 `csr_name`='".$row['csr_name']."',
1708 `created`='".$row['created']."',
1709 `modified`=NOW(),
1710 `codesign`='".$row['codesign']."',
1711 `rootcert`='".$row['rootcert']."',
1712 `description`='".$row['description']."'";
1713 mysql_query($query);
1714 $newid = mysql_insert_id();
1715 $newfile=generatecertpath("csr","orgclient",$newid);
1716 copy($row['csr_name'], $newfile);
1717 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1718 waitForResult("orgemailcerts", $newid,$oldid,0);
1719 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1720 $res = mysql_query($query);
1721 if(mysql_num_rows($res) > 0)
1722 {
1723 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1724 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1725 _("Click here")."</a> "._("to install your certificate.");
1726 }
1727 echo("<br/>");
1728 }
1729 }
1730 else
1731 {
1732 echo _("You did not select any certificates for renewal.");
1733 }
1734 showfooter();
1735 exit;
1736 }
1737
1738 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1739 {
1740 csrf_check('clicerchange');
1741 $id = 18;
1742 showheader(_("My CAcert.org Account!"));
1743 if(is_array($_REQUEST['revokeid']))
1744 {
1745 echo _("Now revoking the following certificates:")."<br>\n";
1746 foreach($_REQUEST['revokeid'] as $id)
1747 {
1748 $id = intval($id);
1749 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1750 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1751 `org`.`orgid`=`orgemailcerts`.`orgid`";
1752 $res = mysql_query($query);
1753 if(mysql_num_rows($res) <= 0)
1754 {
1755 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1756 continue;
1757 }
1758 $row = mysql_fetch_assoc($res);
1759 if($row['revoke'] > 0)
1760 {
1761 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1762 continue;
1763 }
1764 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1765 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
1766 }
1767
1768 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
1769 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
1770 }
1771 else
1772 {
1773 echo _("You did not select any certificates for revocation.");
1774 }
1775
1776 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1777 {
1778 echo _("Now deleting the following pending requests:")."<br>\n";
1779 foreach($_REQUEST['delid'] as $id)
1780 {
1781 $id = intval($id);
1782 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1783 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1784 `org`.`orgid`=`orgemailcerts`.`orgid`";
1785 $res = mysql_query($query);
1786 if(mysql_num_rows($res) <= 0)
1787 {
1788 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1789 continue;
1790 }
1791 $row = mysql_fetch_assoc($res);
1792 if($row['expired'] > 0)
1793 {
1794 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1795 continue;
1796 }
1797 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1798 @unlink($row['csr_name']);
1799 @unlink($row['crt_name']);
1800 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1801 }
1802 }
1803 showfooter();
1804 exit;
1805 }
1806
1807 if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1808 {
1809 showheader(_("My CAcert.org Account!"));
1810 foreach($_REQUEST as $id => $val)
1811 {
1812 if(substr($id,0,14)=="check_comment_")
1813 {
1814 $cid = intval(substr($id,14));
1815 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1816 mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
1817 }
1818 }
1819 echo(_("Certificate settings have been changed.")."<br/>\n");
1820 showfooter();
1821 exit;
1822 }
1823
1824 if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
1825 {
1826 $id=18;
1827 $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid'];
1828 $_SESSION['_config']['sorting']=$_REQUEST['sorting'];
1829 $_SESSION['_config']['status']=$_REQUEST['status'];
1830 }
1831
1832 if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
1833 {
1834 $id=18;
1835 $_SESSION['_config']['orgfilterid']=0;
1836 $_SESSION['_config']['sorting']=0;
1837 $_SESSION['_config']['status']=0;
1838 }
1839
1840 if($process != "" && $oldid == 20)
1841 {
1842 $CSR = clean_csr($_REQUEST['CSR']);
1843
1844 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1845 {
1846 $id = 20;
1847 showheader(_("My CAcert.org Account!"));
1848 echo $weakKey;
1849 showfooter();
1850 exit;
1851 }
1852
1853 if(trim($_REQUEST['description']) != ""){
1854 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1855 }else{
1856 $_SESSION['_config']['description']= "";
1857 }
1858
1859 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1860 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1861 fputs($fp, $CSR);
1862 fclose($fp);
1863 $CSR = $_SESSION['_config']['tmpfname'];
1864 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
1865 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1866 foreach($bits as $val)
1867 {
1868 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1869 }
1870 $id = 21;
1871
1872 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1873 extractit();
1874 getcn2();
1875 getalt2();
1876
1877 $query = "select * from `orginfo`,`org`,`orgdomains` where
1878 `org`.`memid`='".$_SESSION['profile']['id']."' and
1879 `org`.`orgid`=`orginfo`.`id` and
1880 `org`.`orgid`=`orgdomains`.`orgid` and
1881 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1882 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1883 $query = "select * from `orginfo`,`org`,`orgdomains` where
1884 `org`.`memid`='".$_SESSION['profile']['id']."' and
1885 `org`.`orgid`=`orginfo`.`id` and
1886 `org`.`orgid`=`orgdomains`.`orgid` and
1887 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1888 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1889 //echo "<pre>"; print_r($_SESSION['_config']); die;
1890
1891 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1892 {
1893 $id = 20;
1894 showheader(_("My CAcert.org Account!"));
1895 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1896 showfooter();
1897 exit;
1898 }
1899
1900 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1901 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1902 $_SESSION['_config']['rootcert'] = 1;
1903 }
1904
1905 if($process != "" && $oldid == 21)
1906 {
1907 $id = 21;
1908
1909 if(!file_exists($_SESSION['_config']['tmpfname']))
1910 {
1911 showheader(_("My CAcert.org Account!"));
1912 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1913 showfooter();
1914 exit;
1915 }
1916
1917 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1918 $_SESSION['_config']['tmpfname']))) !== "")
1919 {
1920 showheader(_("My CAcert.org Account!"));
1921 echo $weakKey;
1922 showfooter();
1923 exit;
1924 }
1925
1926 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1927 {
1928 showheader(_("My CAcert.org Account!"));
1929 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1930 showfooter();
1931 exit;
1932 }
1933
1934 if($_SESSION['_config']['rowid']['0'] > 0)
1935 {
1936 $query = "select * from `org`,`orginfo` where
1937 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1938 `orginfo`.`id`=`org`.`orgid` and
1939 `org`.`memid`='".$_SESSION['profile']['id']."'";
1940 } else {
1941 $query = "select * from `org`,`orginfo` where
1942 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1943 `orginfo`.`id`=`org`.`orgid` and
1944 `org`.`memid`='".$_SESSION['profile']['id']."'";
1945 }
1946 $org = mysql_fetch_assoc(mysql_query($query));
1947 $csrsubject = "";
1948
1949 if($_SESSION['_config']['OU'])
1950 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1951 if($org['O'])
1952 $csrsubject .= "/organizationName=".$org['O'];
1953 if($org['L'])
1954 $csrsubject .= "/localityName=".$org['L'];
1955 if($org['ST'])
1956 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1957 if($org['C'])
1958 $csrsubject .= "/countryName=".$org['C'];
1959 //if($org['contact'])
1960 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1961
1962 $csrsubject .= buildSubjectFromSession();
1963
1964 $type="";
1965 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1966 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1967 $_SESSION['_config']['rootcert'] = 1;
1968
1969 if($_SESSION['_config']['rowid']['0'] > 0)
1970 {
1971 $query = "insert into `orgdomaincerts` set
1972 `CN`='".$_SESSION['_config']['rows']['0']."',
1973 `orgid`='".$org['id']."',
1974 `created`=NOW(),
1975 `subject`='$csrsubject',
1976 `rootcert`='".$_SESSION['_config']['rootcert']."',
1977 `type`='$type',
1978 `description`='".$_SESSION['_config']['description']."'";
1979 } else {
1980 $query = "insert into `orgdomaincerts` set
1981 `CN`='".$_SESSION['_config']['altrows']['0']."',
1982 `orgid`='".$org['id']."',
1983 `created`=NOW(),
1984 `subject`='$csrsubject',
1985 `rootcert`='".$_SESSION['_config']['rootcert']."',
1986 `type`='$type',
1987 `description`='".$_SESSION['_config']['description']."'";
1988 }
1989 mysql_query($query);
1990 $CSRid = mysql_insert_id();
1991
1992 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1993 rename($_SESSION['_config']['tmpfname'], $CSRname);
1994 chmod($CSRname,0644);
1995 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1996 if(is_array($_SESSION['_config']['rowid']))
1997 foreach($_SESSION['_config']['rowid'] as $id)
1998 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1999 if(is_array($_SESSION['_config']['altid']))
2000 foreach($_SESSION['_config']['altid'] as $id)
2001 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
2002 waitForResult("orgdomaincerts", $CSRid,$oldid);
2003 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
2004 $res = mysql_query($query);
2005 if(mysql_num_rows($res) <= 0)
2006 {
2007 showheader(_("My CAcert.org Account!"));
2008 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2009 showfooter();
2010 exit;
2011 } else {
2012 $id = 23;
2013 $cert = $CSRid;
2014 $_REQUEST['cert']=$CSRid;
2015 }
2016 }
2017
2018 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
2019 {
2020 csrf_check('orgsrvcerchange');
2021 showheader(_("My CAcert.org Account!"));
2022 if(is_array($_REQUEST['revokeid']))
2023 {
2024 echo _("Now renewing the following certificates:")."<br>\n";
2025 foreach($_REQUEST['revokeid'] as $id)
2026 {
2027 $id = intval($id);
2028 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2029 `orgdomaincerts`,`org`
2030 where `orgdomaincerts`.`id`='$id' and
2031 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2032 `org`.`memid`='".$_SESSION['profile']['id']."'";
2033 $res = mysql_query($query);
2034 if(mysql_num_rows($res) <= 0)
2035 {
2036 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2037 continue;
2038 }
2039
2040 $row = mysql_fetch_assoc($res);
2041
2042 if (($weakKey = checkWeakKeyX509(file_get_contents(
2043 $row['crt_name']))) !== "")
2044 {
2045 echo $weakKey, "<br/>\n";
2046 continue;
2047 }
2048
2049 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
2050 if($row['revoke'] > 0)
2051 {
2052 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2053 continue;
2054 }
2055 $query = "insert into `orgdomaincerts` set
2056 `orgid`='".$row['orgid']."',
2057 `CN`='".$row['CN']."',
2058 `csr_name`='".$row['csr_name']."',
2059 `created`='".$row['created']."',
2060 `modified`=NOW(),
2061 `subject`='".$row['subject']."',
2062 `type`='".$row['type']."',
2063 `rootcert`='".$row['rootcert']."',
2064 `description`='".$row['description']."'";
2065 mysql_query($query);
2066 $newid = mysql_insert_id();
2067 //echo "NewID: $newid<br/>\n";
2068 $newfile=generatecertpath("csr","orgserver",$newid);
2069 copy($row['csr_name'], $newfile);
2070 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
2071 echo _("Renewing").": ".$row['CN']."<br>\n";
2072 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
2073 while($r2 = mysql_fetch_assoc($res))
2074 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
2075 waitForResult("orgdomaincerts", $newid,$oldid,0);
2076 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
2077 $res = mysql_query($query);
2078 if(mysql_num_rows($res) <= 0)
2079 {
2080 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2081 } else {
2082 $drow = mysql_fetch_assoc($res);
2083 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
2084 echo "<pre>\n$cert\n</pre>\n";
2085 }
2086 }
2087 }
2088 else
2089 {
2090 echo _("You did not select any certificates for renewal.");
2091 }
2092 showfooter();
2093 exit;
2094 }
2095
2096 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
2097 {
2098 csrf_check('orgsrvcerchange');
2099 showheader(_("My CAcert.org Account!"));
2100 if(is_array($_REQUEST['revokeid']))
2101 {
2102 echo _("Now revoking the following certificates:")."<br>\n";
2103 foreach($_REQUEST['revokeid'] as $id)
2104 {
2105 $id = intval($id);
2106 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2107 `orgdomaincerts`,`org`
2108 where `orgdomaincerts`.`id`='$id' and
2109 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2110 `org`.`memid`='".$_SESSION['profile']['id']."'";
2111 $res = mysql_query($query);
2112 if(mysql_num_rows($res) <= 0)
2113 {
2114 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2115 continue;
2116 }
2117 $row = mysql_fetch_assoc($res);
2118 if($row['revoke'] > 0)
2119 {
2120 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2121 continue;
2122 }
2123 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2124 printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
2125 }
2126
2127 // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
2128 echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
2129 }
2130 else
2131 {
2132 echo _("You did not select any certificates for revocation.");
2133 }
2134
2135 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2136 {
2137 echo _("Now deleting the following pending requests:")."<br>\n";
2138 foreach($_REQUEST['delid'] as $id)
2139 {
2140 $id = intval($id);
2141 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2142 `orgdomaincerts`,`org`
2143 where `orgdomaincerts`.`id`='$id' and
2144 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2145 `org`.`memid`='".$_SESSION['profile']['id']."'";
2146 $res = mysql_query($query);
2147 if(mysql_num_rows($res) <= 0)
2148 {
2149 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2150 continue;
2151 }
2152 $row = mysql_fetch_assoc($res);
2153 if($row['expired'] > 0)
2154 {
2155 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2156 continue;
2157 }
2158 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2159 @unlink($row['csr_name']);
2160 @unlink($row['crt_name']);
2161 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2162 }
2163 }
2164 showfooter();
2165 exit;
2166 }
2167
2168 if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
2169 {
2170 showheader(_("My CAcert.org Account!"));
2171 foreach($_REQUEST as $id => $val)
2172 {
2173 if(substr($id,0,14)=="check_comment_")
2174 {
2175 $cid = intval(substr($id,14));
2176 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
2177 mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
2178 }
2179 }
2180 echo(_("Certificate settings have been changed.")."<br/>\n");
2181 showfooter();
2182 exit;
2183 }
2184
2185 if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
2186 {
2187 $id=22;
2188 $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid'];
2189 $_SESSION['_config']['dsorting']=$_REQUEST['dsorting'];
2190 $_SESSION['_config']['dstatus']=$_REQUEST['dstatus'];
2191 }
2192
2193 if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
2194 {
2195 $id=22;
2196 $_SESSION['_config']['dorgfilterid']=0;
2197 $_SESSION['_config']['dsorting']=0;
2198 $_SESSION['_config']['dstatus']=0;
2199 }
2200
2201
2202 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2203 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2204 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2205 $_SESSION['profile']['orgadmin'] != 1)
2206 {
2207 showheader(_("My CAcert.org Account!"));
2208 echo _("You don't have access to this area.");
2209 showfooter();
2210 exit;
2211 }
2212
2213 if($oldid == 24 && $process != "")
2214 {
2215 $id = intval($oldid);
2216 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2217 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2218 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2219 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2220 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2221 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2222
2223 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2224 {
2225 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2226 } else {
2227 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2228 `contact`='".$_SESSION['_config']['contact']."',
2229 `L`='".$_SESSION['_config']['L']."',
2230 `ST`='".$_SESSION['_config']['ST']."',
2231 `C`='".$_SESSION['_config']['C']."',
2232 `comments`='".$_SESSION['_config']['comments']."'");
2233 showheader(_("My CAcert.org Account!"));
2234 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2235 showfooter();
2236 exit;
2237 }
2238 }
2239
2240 if($oldid == 27 && $process != "")
2241 {
2242 csrf_check('orgdetchange');
2243 $id = intval($oldid);
2244 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2245 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2246 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2247 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2248 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2249 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2250
2251 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2252 {
2253 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2254 } else {
2255 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2256 `contact`='".$_SESSION['_config']['contact']."',
2257 `L`='".$_SESSION['_config']['L']."',
2258 `ST`='".$_SESSION['_config']['ST']."',
2259 `C`='".$_SESSION['_config']['C']."',
2260 `comments`='".$_SESSION['_config']['comments']."'
2261 where `id`='".$_SESSION['_config']['orgid']."'");
2262 showheader(_("My CAcert.org Account!"));
2263 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2264 showfooter();
2265 exit;
2266 }
2267 }
2268
2269 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2270 {
2271 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2272 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2273 if(mysql_num_rows($res1) > 0)
2274 {
2275 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2276 $id = $oldid;
2277 $oldid=0;
2278 }
2279 }
2280
2281 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2282 {
2283 $oldid=0;
2284 $id = 25;
2285 }
2286
2287 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2288 {
2289 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2290 showheader(_("My CAcert.org Account!"));
2291 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2292 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2293 showfooter();
2294 exit;
2295 }
2296
2297 if($oldid == 29 && $process != "")
2298 {
2299 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2300
2301 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2302 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2303 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2304 {
2305 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2306 $id = $oldid;
2307 $oldid=0;
2308 }
2309 }
2310
2311 if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2312 {
2313 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2314 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2315 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2316 `orgdomains`.`id`='".intval($domid)."'";
2317 $res = mysql_query($query);
2318 while($row = mysql_fetch_assoc($res))
2319 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2320
2321 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2322 `orgemaillink`.`domid`=`orgdomains`.`id` and
2323 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2324 `orgdomains`.`id`='".intval($domid)."'";
2325 $res = mysql_query($query);
2326 while($row = mysql_fetch_assoc($res))
2327 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2328 }
2329
2330 if($oldid == 29 && $process != "")
2331 {