Merge branch 'bug-978' into release
[cacert-devel.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once('lib/check_weak_key.php');
21
22 loadem("account");
23
24 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
25 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
26 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
27
28 $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
29 $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
30 $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
31 $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
32
33
34 if(!$_SESSION['mconn'])
35 {
36 echo _("Several CAcert Services are currently unavailable. Please try again later.");
37 exit;
38 }
39
40 if ($process == _("Cancel"))
41 {
42 // General reset CANCEL process requests
43 $process = "";
44 }
45
46
47 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
48 {
49 $id = 1;
50 $oldid=0;
51 }
52
53 if($process != "" && $oldid == 1)
54 {
55 $id = 1;
56 csrf_check('addemail');
57 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
58 {
59 showheader(_("My CAcert.org Account!"));
60 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
61 showfooter();
62 exit;
63 }
64 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
65 {
66 showheader(_("My CAcert.org Account!"));
67 printf(_("Not a valid email address. Can't continue."));
68 showfooter();
69 exit;
70 }
71 $oldid=0;
72 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
73 $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
74 $res = mysql_query($query);
75 if(mysql_num_rows($res) > 0)
76 {
77 showheader(_("My CAcert.org Account!"));
78 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
79 showfooter();
80 exit;
81 }
82 $checkemail = checkEmail($_REQUEST['newemail']);
83 if($checkemail != "OK")
84 {
85 showheader(_("My CAcert.org Account!"));
86 if (substr($checkemail, 0, 1) == "4")
87 {
88 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
89 } else {
90 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
91 }
92 echo "<p>$checkemail</p>\n";
93 showfooter();
94 exit;
95 }
96 $hash = make_hash();
97 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
98 mysql_query($query);
99 $emailid = mysql_insert_id();
100
101 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
102 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
103 $body .= _("Best regards")."\n"._("CAcert.org Support!");
104
105 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
106
107 showheader(_("My CAcert.org Account!"));
108 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
109 showfooter();
110 exit;
111 }
112
113 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
114 {
115 $id = 2;
116 $emailid = intval($_REQUEST['emailid']);
117 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
118 $res = mysql_query($query);
119 if(mysql_num_rows($res) <= 0)
120 {
121 showheader(_("Error!"));
122 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
123 showfooter();
124 exit;
125 }
126 $row = mysql_fetch_assoc($res);
127 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
128 $body .= _("You are receiving this email because you or someone else")."\n";
129 $body .= _("has changed the default email on your account.")."\n\n";
130
131 $body .= _("Best regards")."\n"._("CAcert.org Support!");
132
133 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
134 "support@cacert.org", "", "", "CAcert Support");
135
136 $_SESSION['profile']['email'] = $row['email'];
137 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
138 mysql_query($query);
139 showheader(_("My CAcert.org Account!"));
140 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
141 showfooter();
142 exit;
143 }
144
145 if($process != "" && $oldid == 2)
146 {
147 $id = 2;
148 csrf_check("chgdef");
149 showheader(_("My CAcert.org Account!"));
150 $delcount = 0;
151 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
152 {
153 foreach($_REQUEST['delid'] as $id)
154 {
155 $id = intval($id);
156 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
157 `email`!='".$_SESSION['profile']['email']."'";
158 $res = mysql_query($query);
159 if(mysql_num_rows($res) > 0)
160 {
161 $row = mysql_fetch_assoc($res);
162 echo $row['email']."<br>\n";
163 $query = "select `emailcerts`.`id`
164 from `emaillink`,`emailcerts` where
165 `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
166 `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
167 group by `emailcerts`.`id`";
168 $dres = mysql_query($query);
169 while($drow = mysql_fetch_assoc($dres))
170 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
171
172 $query = "update `email` set `deleted`=NOW() where `id`='$id'";
173 mysql_query($query);
174 $delcount++;
175 }
176 }
177 }
178 else
179 {
180 echo _("You did not select any email accounts for removal.");
181 }
182 if($delcount > 0)
183 {
184 echo _("The following accounts have been removed:")."<br>\n";
185 } else {
186 echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
187 }
188
189 showfooter();
190 exit;
191 }
192
193 if($process != "" && $oldid == 3)
194 {
195 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
196 {
197 showheader(_("My CAcert.org Account!"));
198 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
199 showfooter();
200 exit;
201 }
202
203 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
204
205 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
206 if($_SESSION['profile']['points'] >= 50)
207 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
208 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
209 {
210 $_REQUEST['codesign'] = 0;
211 }
212 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
213 {
214 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
215 $_SESSION['_config']['incname'] = 1;
216 }
217 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
218 $_SESSION['_config']['codesign'] = 1;
219 else
220 $_SESSION['_config']['codesign'] = 0;
221
222 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
223 $_SESSION['_config']['disablelogin'] = 0;
224 else
225 $_SESSION['_config']['disablelogin'] = 1;
226
227 $_SESSION['_config']['rootcert'] = 1;
228 if($_SESSION['profile']['points'] >= 50)
229 {
230 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
231 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
232 $_SESSION['_config']['rootcert'] = 1;
233 }
234 $csr = "";
235 if(trim($_REQUEST['optionalCSR']) == "")
236 {
237 $id = 4;
238 } else {
239 $oldid = 4;
240 $_REQUEST['keytype'] = "MS";
241 $csr = clean_csr($_REQUEST['optionalCSR']);
242 }
243 }
244
245 if($oldid == 4)
246 {
247 if($_REQUEST['keytype'] == "NS")
248 {
249 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
250
251 if($spkac=="" || $spkac == "deadbeef")
252 {
253 $id = 4;
254 showheader(_("My CAcert.org Account!"));
255 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
256 showfooter();
257 exit;
258 }
259 $count = 0;
260 $emails = "";
261 $addys = array();
262 $defaultemail="";
263 if(is_array($_SESSION['_config']['addid']))
264 foreach($_SESSION['_config']['addid'] as $id)
265 {
266 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
267 if(mysql_num_rows($res) > 0)
268 {
269 $row = mysql_fetch_assoc($res);
270 if(!$emails)
271 $defaultemail = $row['email'];
272 $emails .= "$count.emailAddress = ".$row['email']."\n";
273 $count++;
274 $addys[] = intval($row['id']);
275 }
276 }
277 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
278 {
279 $id = 4;
280 showheader(_("My CAcert.org Account!"));
281 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
282 showfooter();
283 exit;
284 }
285 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
286 if($_SESSION['_config']['SSO'] == 1)
287 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
288
289 if(strlen($user['mname']) == 1)
290 $user['mname'] .= '.';
291 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
292 {
293 $emails .= "commonName = CAcert WoT User\n";
294 }
295 else
296 {
297 if($_SESSION['_config']['incname'] == 1)
298 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
299 if($_SESSION['_config']['incname'] == 2)
300 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
301 if($_SESSION['_config']['incname'] == 3)
302 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
303 if($_SESSION['_config']['incname'] == 4)
304 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
305 }
306 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
307 $_SESSION['_config']['rootcert'] = 1;
308
309 $emails .= "SPKAC = $spkac";
310 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
311 {
312 $id = 4;
313 showheader(_("My CAcert.org Account!"));
314 echo $weakKey;
315 showfooter();
316 exit;
317 }
318
319 $query = "insert into emailcerts set
320 `CN`='$defaultemail',
321 `keytype`='NS',
322 `memid`='".intval($_SESSION['profile']['id'])."',
323 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
324 `codesign`='".intval($_SESSION['_config']['codesign'])."',
325 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
326 `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
327 mysql_query($query);
328 $emailid = mysql_insert_id();
329 if(is_array($addys))
330 foreach($addys as $addy)
331 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
332 $CSRname=generatecertpath("csr","client",$emailid);
333 $fp = fopen($CSRname, "w");
334 fputs($fp, $emails);
335 fclose($fp);
336 $challenge=$_SESSION['spkac_hash'];
337 $res=`openssl spkac -verify -in $CSRname`;
338 if(!strstr($res,"Challenge String: ".$challenge))
339 {
340 $id = $oldid;
341 showheader(_("My CAcert.org Account!"));
342 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
343 showfooter();
344 exit;
345 }
346 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
347 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
348 if($csr == "")
349 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
350
351 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
352 {
353 $id = 4;
354 showheader(_("My CAcert.org Account!"));
355 echo $weakKey;
356 showfooter();
357 exit;
358 }
359
360 $tmpfname = tempnam("/tmp", "id4CSR");
361 $fp = fopen($tmpfname, "w");
362 fputs($fp, $csr);
363 fclose($fp);
364
365 $addys = array();
366 $defaultemail = "";
367 $csrsubject="";
368
369 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
370 if(strlen($user['mname']) == 1)
371 $user['mname'] .= '.';
372 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
373 $csrsubject = "/CN=CAcert WoT User";
374 if($_SESSION['_config']['incname'] == 1)
375 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
376 if($_SESSION['_config']['incname'] == 2)
377 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
378 if($_SESSION['_config']['incname'] == 3)
379 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
380 if($_SESSION['_config']['incname'] == 4)
381 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
382 if(is_array($_SESSION['_config']['addid']))
383 foreach($_SESSION['_config']['addid'] as $id)
384 {
385 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
386 if(mysql_num_rows($res) > 0)
387 {
388 $row = mysql_fetch_assoc($res);
389 if($defaultemail == "")
390 $defaultemail = $row['email'];
391 $csrsubject .= "/emailAddress=".$row['email'];
392 $addys[] = $row['id'];
393 }
394 }
395 if($_SESSION['_config']['SSO'] == 1)
396 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
397
398 $tmpname = tempnam("/tmp", "id4csr");
399 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
400 @unlink($tmpfname);
401 $csr = "";
402 $fp = fopen($tmpname, "r");
403 while($data = fgets($fp, 4096))
404 $csr .= $data;
405 fclose($fp);
406 @unlink($tmpname);
407 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
408 $_SESSION['_config']['rootcert'] = 1;
409
410 if($csr == "")
411 {
412 $id = 4;
413 showheader(_("My CAcert.org Account!"));
414 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
415 showfooter();
416 exit;
417 }
418 $query = "insert into emailcerts set
419 `CN`='$defaultemail',
420 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
421 `memid`='".$_SESSION['profile']['id']."',
422 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
423 `subject`='".mysql_real_escape_string($csrsubject)."',
424 `codesign`='".$_SESSION['_config']['codesign']."',
425 `rootcert`='".$_SESSION['_config']['rootcert']."'";
426 mysql_query($query);
427 $emailid = mysql_insert_id();
428 if(is_array($addys))
429 foreach($addys as $addy)
430 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
431 $CSRname=generatecertpath("csr","client",$emailid);
432 $fp = fopen($CSRname, "w");
433 fputs($fp, $csr);
434 fclose($fp);
435 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
436 }
437 waitForResult("emailcerts", $emailid, 4);
438 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
439 $res = mysql_query($query);
440 if(mysql_num_rows($res) <= 0)
441 {
442 $id = 4;
443 showheader(_("My CAcert.org Account!"));
444 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
445 showfooter();
446 exit;
447 } else {
448 $id = 6;
449 $cert = $emailid;
450 $_REQUEST['cert']=$emailid;
451 }
452 }
453
454 if($oldid == 7)
455 {
456 csrf_check("adddomain");
457 if(strstr($_REQUEST['newdomain'],"\x00"))
458 {
459 showheader(_("My CAcert.org Account!"));
460 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
461 showfooter();
462 exit;
463 }
464
465 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
466 while($newdomain['0'] == '-')
467 $newdomain = substr($newdomain, 1);
468 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
469 {
470 showheader(_("My CAcert.org Account!"));
471 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
472 showfooter();
473 exit;
474 }
475
476 $newdom = trim(escapeshellarg($newdomain));
477 $newdomain = mysql_real_escape_string(trim($newdomain));
478
479 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
480 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
481 $res2 = mysql_query($query);
482 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
483 {
484 $oldid=0;
485 $id = 7;
486 showheader(_("My CAcert.org Account!"));
487 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
488 showfooter();
489 exit;
490 }
491 }
492
493 if($oldid == 7)
494 {
495 $oldid=0;
496 $id = 8;
497 $addy = array();
498 $adds = array();
499 if(strtolower(substr($newdom, -4, 3)) != ".jp")
500 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
501 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
502 {
503 if(is_array($adds))
504 foreach($adds as $line)
505 {
506 $bits = explode(":", $line, 2);
507 $line = trim($bits[1]);
508 if(!in_array($line, $addy) && $line != "")
509 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
510 }
511 } else {
512 if(is_array($adds))
513 foreach($adds as $line)
514 {
515 $line = trim(str_replace("\t", " ", $line));
516 $line = trim(str_replace("(", "", $line));
517 $line = trim(str_replace(")", " ", $line));
518 $line = trim(str_replace(":", " ", $line));
519
520 $bits = explode(" ", $line);
521 foreach($bits as $bit)
522 {
523 if(strstr($bit, "@"))
524 $line = $bit;
525 }
526 if(!in_array($line, $addy) && $line != "")
527 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
528 }
529 }
530
531 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
532 foreach($rfc as $sub)
533 if(!in_array($sub, $addy))
534 $addy[] = $sub;
535 $_SESSION['_config']['addy'] = $addy;
536 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
537 }
538
539 if($process != "" && $oldid == 8)
540 {
541 csrf_check('ctcinfo');
542 $oldid=0;
543 $id = 8;
544
545 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
546
547 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
548 {
549 showheader(_("My CAcert.org Account!"));
550 echo _("The address you submitted isn't a valid authority address for the domain.");
551 showfooter();
552 exit;
553 }
554
555 if(!in_array($authaddy, $_SESSION['_config']['addy']))
556 {
557 showheader(_("My CAcert.org Account!"));
558 echo _("The address you submitted isn't a valid authority address for the domain.");
559 showfooter();
560 exit;
561 }
562
563 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
564 $res = mysql_query($query);
565 if(mysql_num_rows($res) > 0)
566 {
567 showheader(_("My CAcert.org Account!"));
568 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
569 showfooter();
570 exit;
571 }
572 $checkemail = checkEmail($authaddy);
573 if($checkemail != "OK")
574 {
575 showheader(_("My CAcert.org Account!"));
576 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
577 if (substr($checkemail, 0, 1) == "4")
578 {
579 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
580 } else {
581 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
582 }
583 echo "<p>$checkemail</p>\n";
584 showfooter();
585 exit;
586 }
587
588 $hash = make_hash();
589 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
590 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
591 mysql_query($query);
592 $domainid = mysql_insert_id();
593
594 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
595 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
596 $body .= _("Best regards")."\n"._("CAcert.org Support!");
597
598 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
599
600 showheader(_("My CAcert.org Account!"));
601 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
602 showfooter();
603 exit;
604 }
605
606 if($process != "" && $oldid == 9)
607 {
608 $id = 9;
609 showheader(_("My CAcert.org Account!"));
610 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
611 {
612 echo _("The following domains have been removed:")."<br>
613 ("._("Any valid certificates will be revoked as well").")<br>\n";
614
615 foreach($_REQUEST['delid'] as $id)
616 {
617 $id = intval($id);
618 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
619 $res = mysql_query($query);
620 if(mysql_num_rows($res) > 0)
621 {
622 $row = mysql_fetch_assoc($res);
623 echo $row['domain']."<br>\n";
624 mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
625 $dres = mysql_query("select * from `domlink` where `domid`='$id'");
626 while($drow = mysql_fetch_assoc($dres))
627 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
628 }
629 }
630 }
631 else
632 {
633 echo _("You did not select any domains for removal.");
634 }
635
636 showfooter();
637 exit;
638 }
639
640 if($process != "" && $oldid == 10)
641 {
642 $CSR = clean_csr($_REQUEST['CSR']);
643 if(strpos($CSR,"---BEGIN")===FALSE)
644 {
645 // In case the CSR is missing the ---BEGIN lines, add them automatically:
646 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
647 }
648
649 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
650 {
651 showheader(_("My CAcert.org Account!"));
652 echo $weakKey;
653 showfooter();
654 exit;
655 }
656
657 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
658 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
659 fputs($fp, $CSR);
660 fclose($fp);
661 $CSR = $_SESSION['_config']['tmpfname'];
662 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
663 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
664 foreach($bits as $val)
665 {
666 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
667 }
668 $id = 11;
669
670 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
671 extractit();
672 getcn();
673 getalt();
674
675 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
676 {
677 showheader(_("My CAcert.org Account!"));
678 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
679 showfooter();
680 exit;
681 }
682
683 $_SESSION['_config']['rootcert'] = 1;
684 if($_SESSION['profile']['points'] >= 50)
685 {
686 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
687 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
688 $_SESSION['_config']['rootcert'] = 1;
689 }
690 }
691
692 if($process != "" && $oldid == 11)
693 {
694 if(!file_exists($_SESSION['_config']['tmpfname']))
695 {
696 showheader(_("My CAcert.org Account!"));
697 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
698 showfooter();
699 exit;
700 }
701
702 if (($weakKey = checkWeakKeyCSR(file_get_contents(
703 $_SESSION['_config']['tmpfname']))) !== "")
704 {
705 showheader(_("My CAcert.org Account!"));
706 echo $weakKey;
707 showfooter();
708 exit;
709 }
710
711 $id = 11;
712 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
713 {
714 showheader(_("My CAcert.org Account!"));
715 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
716 showfooter();
717 exit;
718 }
719
720 $subject = "";
721 $count = 0;
722 $supressSAN=0;
723 if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
724
725 if(is_array($_SESSION['_config']['rows']))
726 foreach($_SESSION['_config']['rows'] as $row)
727 {
728 $count++;
729 if($count <= 1)
730 {
731 $subject .= "/CN=$row";
732 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
733 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
734 } else {
735 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
736 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
737 }
738 }
739 if(is_array($_SESSION['_config']['altrows']))
740 foreach($_SESSION['_config']['altrows'] as $row)
741 {
742 if(substr($row, 0, 4) == "DNS:")
743 {
744 $row = substr($row, 4);
745 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
746 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
747 }
748 }
749 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
750 $_SESSION['_config']['rootcert'] = 1;
751
752 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
753 {
754 $query = "insert into `domaincerts` set
755 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
756 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
757 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
758 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
759 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
760 $query = "insert into `domaincerts` set
761 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
762 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
763 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
764 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
765 } else {
766 showheader(_("My CAcert.org Account!"));
767 echo _("Domain not verified.");
768 showfooter();
769 exit;
770
771 }
772
773 mysql_query($query);
774 $CSRid = mysql_insert_id();
775
776 if(is_array($_SESSION['_config']['rowid']))
777 foreach($_SESSION['_config']['rowid'] as $dom)
778 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
779 if(is_array($_SESSION['_config']['altid']))
780 foreach($_SESSION['_config']['altid'] as $dom)
781 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
782
783 $CSRname=generatecertpath("csr","server",$CSRid);
784 rename($_SESSION['_config']['tmpfname'], $CSRname);
785 chmod($CSRname,0644);
786 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
787 waitForResult("domaincerts", $CSRid, 11);
788 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
789 $res = mysql_query($query);
790 if(mysql_num_rows($res) <= 0)
791 {
792 $id = 11;
793 showheader(_("My CAcert.org Account!"));
794 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
795 showfooter();
796 exit;
797 } else {
798 $id = 15;
799 $cert = $CSRid;
800 $_REQUEST['cert']=$CSRid;
801 }
802 }
803
804 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
805 {
806 csrf_check('srvcerchange');
807 $id = 12;
808 showheader(_("My CAcert.org Account!"));
809 if(is_array($_REQUEST['revokeid']))
810 {
811 echo _("Now renewing the following certificates:")."<br>\n";
812 foreach($_REQUEST['revokeid'] as $id)
813 {
814 $id = intval($id);
815 echo _("Processing request")." $id:<br/>";
816 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
817 where `domaincerts`.`id`='$id' and
818 `domaincerts`.`domid`=`domains`.`id` and
819 `domains`.`memid`='".$_SESSION['profile']['id']."'";
820 $res = mysql_query($query);
821 if(mysql_num_rows($res) <= 0)
822 {
823 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
824 continue;
825 }
826
827 $row = mysql_fetch_assoc($res);
828
829 if (($weakKey = checkWeakKeyX509(file_get_contents(
830 $row['crt_name']))) !== "")
831 {
832 echo $weakKey, "<br/>\n";
833 continue;
834 }
835
836 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
837 $query = "insert into `domaincerts` set
838 `domid`='".$row['domid']."',
839 `CN`='".mysql_real_escape_string($row['CN'])."',
840 `subject`='".mysql_real_escape_string($row['subject'])."',".
841 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
842 "`created`='".$row['created']."',
843 `modified`=NOW(),
844 `rootcert`='".$row['rootcert']."',
845 `type`='".$row['type']."',
846 `pkhash`='".$row['pkhash']."'";
847 mysql_query($query);
848 $newid = mysql_insert_id();
849 $newfile=generatecertpath("csr","server",$newid);
850 copy($row['csr_name'], $newfile);
851 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
852 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
853 foreach($bits as $val)
854 {
855 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
856 }
857 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
858 extractit();
859 getcn();
860 getalt();
861
862 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
863 {
864 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
865 continue;
866 }
867
868 $subject = "";
869 $count = 0;
870 if(is_array($_SESSION['_config']['rows']))
871 foreach($_SESSION['_config']['rows'] as $row)
872 {
873 $count++;
874 if($count <= 1)
875 {
876 $subject .= "/CN=$row";
877 if(!strstr($subject, "=$row/") &&
878 substr($subject, -strlen("=$row")) != "=$row")
879 $subject .= "/subjectAltName=$row";
880 } else {
881 if(!strstr($subject, "=$row/") &&
882 substr($subject, -strlen("=$row")) != "=$row")
883 $subject .= "/subjectAltName=$row";
884 }
885 }
886 if(is_array($_SESSION['_config']['altrows']))
887 foreach($_SESSION['_config']['altrows'] as $row)
888 if(!strstr($subject, "=$row/") &&
889 substr($subject, -strlen("=$row")) != "=$row")
890 $subject .= "/subjectAltName=$row";
891 $subject = mysql_real_escape_string($subject);
892 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
893
894 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
895 waitForResult("domaincerts", $newid,$oldid,0);
896 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
897 $res = mysql_query($query);
898 if(mysql_num_rows($res) <= 0)
899 {
900 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
901 } else {
902 $drow = mysql_fetch_assoc($res);
903 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
904 echo "<pre>\n$cert\n</pre>\n";
905 }
906 }
907 }
908 else
909 {
910 echo _("You did not select any certificates for renewal.");
911 }
912 showfooter();
913 exit;
914 }
915
916 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
917 {
918 csrf_check('srvcerchange');
919 $id = 12;
920 showheader(_("My CAcert.org Account!"));
921 if(is_array($_REQUEST['revokeid']))
922 {
923 echo _("Now revoking the following certificates:")."<br>\n";
924 foreach($_REQUEST['revokeid'] as $id)
925 {
926 $id = intval($id);
927 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
928 where `domaincerts`.`id`='$id' and
929 `domaincerts`.`domid`=`domains`.`id` and
930 `domains`.`memid`='".$_SESSION['profile']['id']."'";
931 $res = mysql_query($query);
932 if(mysql_num_rows($res) <= 0)
933 {
934 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
935 continue;
936 }
937 $row = mysql_fetch_assoc($res);
938 if($row['revoke'] > 0)
939 {
940 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
941 continue;
942 }
943 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
944 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
945 }
946 }
947 else
948 {
949 echo _("You did not select any certificates for revocation.");
950 }
951
952 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
953 {
954 echo _("Now deleting the following pending requests:")."<br>\n";
955 foreach($_REQUEST['delid'] as $id)
956 {
957 $id = intval($id);
958 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
959 where `domaincerts`.`id`='$id' and
960 `domaincerts`.`domid`=`domains`.`id` and
961 `domains`.`memid`='".$_SESSION['profile']['id']."'";
962 $res = mysql_query($query);
963 if(mysql_num_rows($res) <= 0)
964 {
965 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
966 continue;
967 }
968 $row = mysql_fetch_assoc($res);
969 if($row['expired'] > 0)
970 {
971 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
972 continue;
973 }
974 mysql_query("delete from `domaincerts` where `id`='$id'");
975 @unlink($row['csr_name']);
976 @unlink($row['crt_name']);
977 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
978 }
979 }
980 showfooter();
981 exit;
982 }
983
984 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
985 {
986 showheader(_("My CAcert.org Account!"));
987 if(is_array($_REQUEST['revokeid']))
988 {
989 echo _("Now renewing the following certificates:")."<br>\n";
990 foreach($_REQUEST['revokeid'] as $id)
991 {
992 $id = intval($id);
993 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
994 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
995 $res = mysql_query($query);
996 if(mysql_num_rows($res) <= 0)
997 {
998 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
999 continue;
1000 }
1001
1002 $row = mysql_fetch_assoc($res);
1003
1004 if (($weakKey = checkWeakKeyX509(file_get_contents(
1005 $row['crt_name']))) !== "")
1006 {
1007 echo $weakKey, "<br/>\n";
1008 continue;
1009 }
1010
1011 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1012 $query = "insert into emailcerts set
1013 `memid`='".$row['memid']."',
1014 `CN`='".mysql_real_escape_string($row['CN'])."',
1015 `subject`='".mysql_real_escape_string($row['subject'])."',
1016 `keytype`='".$row['keytype']."',
1017 `csr_name`='".$row['csr_name']."',
1018 `created`='".$row['created']."',
1019 `modified`=NOW(),
1020 `disablelogin`='".$row['disablelogin']."',
1021 `codesign`='".$row['codesign']."',
1022 `rootcert`='".$row['rootcert']."'";
1023 mysql_query($query);
1024 $newid = mysql_insert_id();
1025 $newfile=generatecertpath("csr","client",$newid);
1026 copy($row['csr_name'], $newfile);
1027 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1028 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1029 while($r2 = mysql_fetch_assoc($res))
1030 {
1031 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1032 `emailcertsid`='$newid'");
1033 }
1034 waitForResult("emailcerts", $newid,$oldid,0);
1035 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1036 $res = mysql_query($query);
1037 if(mysql_num_rows($res) <= 0)
1038 {
1039 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1040 } else {
1041 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1042 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1043 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1044 }
1045 }
1046 }
1047 else
1048 {
1049 echo _("You did not select any certificates for renewal.")."<br/>";
1050 }
1051
1052 showfooter();
1053 exit;
1054 }
1055
1056 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1057 {
1058 $id = 5;
1059 showheader(_("My CAcert.org Account!"));
1060 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1061 {
1062 echo _("Now revoking the following certificates:")."<br>\n";
1063 foreach($_REQUEST['revokeid'] as $id)
1064 {
1065 $id = intval($id);
1066 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1067 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1068 $res = mysql_query($query);
1069 if(mysql_num_rows($res) <= 0)
1070 {
1071 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1072 continue;
1073 }
1074 $row = mysql_fetch_assoc($res);
1075 if($row['revoke'] > 0)
1076 {
1077 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1078 continue;
1079 }
1080 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1081 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1082 }
1083 }
1084 else
1085 {
1086 echo _("You did not select any certificates for revocation.");
1087 }
1088
1089 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1090 {
1091 echo _("Now deleting the following pending requests:")."<br>\n";
1092 foreach($_REQUEST['delid'] as $id)
1093 {
1094 $id = intval($id);
1095 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1096 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1097 $res = mysql_query($query);
1098 if(mysql_num_rows($res) <= 0)
1099 {
1100 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1101 continue;
1102 }
1103 $row = mysql_fetch_assoc($res);
1104 if($row['expired'] > 0)
1105 {
1106 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1107 continue;
1108 }
1109 mysql_query("delete from `emailcerts` where `id`='$id'");
1110 @unlink($row['csr_name']);
1111 @unlink($row['crt_name']);
1112 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1113 }
1114 }
1115 showfooter();
1116 exit;
1117 }
1118
1119 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1120 {
1121 showheader(_("My CAcert.org Account!"));
1122 //echo _("Now changing the settings for the following certificates:")."<br>\n";
1123 foreach($_REQUEST as $id => $val)
1124 {
1125 //echo $id."<br/>";
1126 if(substr($id,0,5)=="cert_")
1127 {
1128 $id = intval(substr($id,5));
1129 $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
1130 //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
1131 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
1132 //$row = mysql_fetch_assoc($res);
1133 }
1134 }
1135 echo(_("Certificate settings have been changed.")."<br/>\n");
1136 showfooter();
1137 exit;
1138 }
1139
1140
1141 if($oldid == 13 && $process != "")
1142 {
1143 csrf_check("perschange");
1144 $_SESSION['_config']['user'] = $_SESSION['profile'];
1145
1146 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1147 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1148 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1149 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1150 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1151 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1152 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1153 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1154 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1155 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1156
1157 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1158 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1159 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1160 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1161 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1162 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1163 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1164 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1165 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1166 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1167 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1168 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1169 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1170 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1171 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1172 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1173 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1174 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1175 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1176 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1177 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1178 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1179 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1180 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1181 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1182 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1183 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1184 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1185 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1186 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1187 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1188 {
1189 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1190 $id = $oldid;
1191 $oldid=0;
1192 }
1193
1194 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1195 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1196 $_SESSION['_config']['user']['Q5'] == "")
1197 {
1198 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1199 $id = $oldid;
1200 $oldid=0;
1201 }
1202 }
1203
1204 if($oldid == 13 && $process != "")
1205 {
1206 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1207 $ddres = mysql_query($ddquery);
1208 $ddrow = mysql_fetch_assoc($ddres);
1209 $_SESSION['profile']['points'] = $ddrow['total'];
1210
1211 if($_SESSION['profile']['points'] == 0)
1212 {
1213 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1214 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1215 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1216 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1217 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1218 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1219 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1220
1221 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1222 {
1223 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1224 $id = $oldid;
1225 $oldid=0;
1226 }
1227 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1228 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1229 {
1230 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1231 $id = $oldid;
1232 $oldid=0;
1233 }
1234 }
1235 }
1236
1237 if($oldid == 13 && $process != "")
1238 {
1239 if($_SESSION['profile']['points'] == 0)
1240 {
1241 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1242 `mname`='".$_SESSION['_config']['user']['mname']."',
1243 `lname`='".$_SESSION['_config']['user']['lname']."',
1244 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1245 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1246 where `id`='".$_SESSION['profile']['id']."'";
1247 mysql_query($query);
1248 }
1249 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1250 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1251 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1252 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1253 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1254 `A1`='".$_SESSION['_config']['user']['A1']."',
1255 `A2`='".$_SESSION['_config']['user']['A2']."',
1256 `A3`='".$_SESSION['_config']['user']['A3']."',
1257 `A4`='".$_SESSION['_config']['user']['A4']."',
1258 `A5`='".$_SESSION['_config']['user']['A5']."'
1259 where `id`='".$_SESSION['profile']['id']."'";
1260 mysql_query($query);
1261
1262 //!!!Should be rewritten
1263 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1264 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1265 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1266 {
1267 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1268 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1269 mysql_query($query);
1270 }
1271
1272 $_SESSION['_config']['user']['set'] = 0;
1273 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1274 $_SESSION['profile']['loggedin'] = 1;
1275
1276 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1277 $ddres = mysql_query($ddquery);
1278 $ddrow = mysql_fetch_assoc($ddres);
1279 $_SESSION['profile']['points'] = $ddrow['total'];
1280
1281
1282 $id = 13;
1283 showheader(_("My CAcert.org Account!"));
1284 echo _("Your details have been updated with the database.");
1285 showfooter();
1286 exit;
1287 }
1288
1289 if($oldid == 14 && $process != "")
1290 {
1291 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1292 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1293 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1294
1295 $id = 14;
1296 csrf_check("pwchange");
1297
1298 showheader(_("My CAcert.org Account!"));
1299 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1300 {
1301 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1302 '</h3>', "\n";
1303 echo _("New Pass Phrases specified don't match or were blank.");
1304 } else {
1305 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1306 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1307
1308 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1309 {
1310 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1311 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1312 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1313 $rc = mysql_num_rows($match);
1314 } else {
1315 $rc = 1;
1316 }
1317
1318 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1319 echo '<h3 style="color:red">',
1320 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1321 echo _("The Pass Phrase you submitted was too short.");
1322 } else if($score < 3) {
1323 echo '<h3 style="color:red">',
1324 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1325 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1326 } else if($rc <= 0) {
1327 echo '<h3 style="color:red">',
1328 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1329 echo _("You failed to correctly enter your current Pass Phrase.");
1330 } else {
1331 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1332 where `id`='".$_SESSION['profile']['id']."'");
1333 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1334 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1335 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
1336 $body .= _("You are receiving this email because you or someone else")."\n";
1337 $body .= _("has changed the password on your account.")."\n";
1338
1339 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1340
1341 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1342 "support@cacert.org", "", "", "CAcert Support");
1343 }
1344 }
1345 showfooter();
1346 exit;
1347 }
1348
1349 if($oldid == 16)
1350 {
1351 $id = 16;
1352 $_SESSION['_config']['emails'] = array();
1353
1354 foreach($_REQUEST['emails'] as $val)
1355 {
1356 $val = mysql_real_escape_string(stripslashes(trim($val)));
1357 $bits = explode("@", $val);
1358 $count = count($bits);
1359 if($count != 2)
1360 continue;
1361
1362 if(checkownership($bits[1]) == false)
1363 continue;
1364
1365 if(!is_array($_SESSION['_config']['row']))
1366 continue;
1367 else if($_SESSION['_config']['row']['id'] > 0)
1368 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1369
1370 if($val != "")
1371 $_SESSION['_config']['emails'][] = $val;
1372 }
1373 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1374 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1375 }
1376
1377 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1378 {
1379 $id = 16;
1380 showheader(_("My CAcert.org Account!"));
1381 echo _("I couldn't match any emails against your organisational account.");
1382 showfooter();
1383 exit;
1384 }
1385
1386 if($oldid == 16 && $process != "")
1387 {
1388
1389 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1390 {
1391 $_REQUEST['codesign'] = 1;
1392 $_SESSION['_config']['codesign'] = 1;
1393 }
1394 else
1395 {
1396 $_REQUEST['codesign'] = 0;
1397 $_SESSION['_config']['codesign'] = 0;
1398 }
1399
1400 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1401 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1402 $_SESSION['_config']['rootcert'] = 1;
1403
1404 if(@count($_SESSION['_config']['emails']) > 0)
1405 $id = 17;
1406 }
1407
1408 if($oldid == 17)
1409 {
1410 $org = $_SESSION['_config']['row'];
1411 if($_REQUEST['keytype'] == "NS")
1412 {
1413 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1414
1415 if($spkac == "" || strlen($spkac) < 128)
1416 {
1417 $id = 17;
1418 showheader(_("My CAcert.org Account!"));
1419 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1420 showfooter();
1421 exit;
1422 }
1423
1424 $count = 0;
1425 $emails = "";
1426 $addys = array();
1427 if(is_array($_SESSION['_config']['emails']))
1428 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1429 {
1430 if(!$emails)
1431 $defaultemail = $_REQUEST['email'];
1432 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1433 $count++;
1434 }
1435 if($_SESSION['_config']['name'] != "")
1436 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1437 if($_SESSION['_config']['OU'])
1438 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1439 if($org['O'])
1440 $emails .= "organizationName = ".$org['O']."\n";
1441 if($org['L'])
1442 $emails .= "localityName = ".$org['L']."\n";
1443 if($org['ST'])
1444 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1445 if($org['C'])
1446 $emails .= "countryName = ".$org['C']."\n";
1447 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1448 $_SESSION['_config']['rootcert'] = 1;
1449
1450 $emails .= "SPKAC = $spkac";
1451 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1452 {
1453 $id = 17;
1454 showheader(_("My CAcert.org Account!"));
1455 echo $weakKey;
1456 showfooter();
1457 exit;
1458 }
1459
1460 $query = "insert into `orgemailcerts` set
1461 `CN`='$defaultemail',
1462 `keytype`='NS',
1463 `orgid`='".$org['orgid']."',
1464 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1465 `codesign`='".$_SESSION['_config']['codesign']."',
1466 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1467 mysql_query($query);
1468 $emailid = mysql_insert_id();
1469
1470 foreach($_SESSION['_config']['domids'] as $addy)
1471 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1472
1473 $CSRname=generatecertpath("csr","orgclient",$emailid);
1474 $fp = fopen($CSRname, "w");
1475 fputs($fp, $emails);
1476 fclose($fp);
1477 $challenge=$_SESSION['spkac_hash'];
1478 $res=`openssl spkac -verify -in $CSRname`;
1479 if(!strstr($res,"Challenge String: ".$challenge))
1480 {
1481 $id = $oldid;
1482 showheader(_("My CAcert.org Account!"));
1483 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1484 showfooter();
1485 exit;
1486 }
1487 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1488 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1489 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1490
1491 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1492 {
1493 $id = 17;
1494 showheader(_("My CAcert.org Account!"));
1495 echo $weakKey;
1496 showfooter();
1497 exit;
1498 }
1499
1500 $tmpfname = tempnam("/tmp", "id17CSR");
1501 $fp = fopen($tmpfname, "w");
1502 fputs($fp, $csr);
1503 fclose($fp);
1504
1505 $addys = array();
1506 $defaultemail = "";
1507 $csrsubject="";
1508
1509 if($_SESSION['_config']['name'] != "")
1510 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1511 if(is_array($_SESSION['_config']['emails']))
1512 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1513 {
1514 if($defaultemail == "")
1515 $defaultemail = $_REQUEST['email'];
1516 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1517 }
1518 if($_SESSION['_config']['OU'])
1519 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1520 if($org['O'])
1521 $csrsubject .= "/organizationName=".$org['O'];
1522 if($org['L'])
1523 $csrsubject .= "/localityName=".$org['L'];
1524 if($org['ST'])
1525 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1526 if($org['C'])
1527 $csrsubject .= "/countryName=".$org['C'];
1528
1529 $tmpname = tempnam("/tmp", "id17csr");
1530 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
1531 @unlink($tmpfname);
1532 $csr = "";
1533 $fp = fopen($tmpname, "r");
1534 while($data = fgets($fp, 4096))
1535 $csr .= $data;
1536 fclose($fp);
1537 @unlink($tmpname);
1538
1539 if($csr == "")
1540 {
1541 showheader(_("My CAcert.org Account!"));
1542 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1543 showfooter();
1544 exit;
1545 }
1546 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1547 $_SESSION['_config']['rootcert'] = 1;
1548
1549 $query = "insert into `orgemailcerts` set
1550 `CN`='$defaultemail',
1551 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1552 `orgid`='".$org['orgid']."',
1553 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1554 `subject`='$csrsubject',
1555 `codesign`='".$_SESSION['_config']['codesign']."',
1556 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1557 mysql_query($query);
1558 $emailid = mysql_insert_id();
1559
1560 foreach($_SESSION['_config']['domids'] as $addy)
1561 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1562
1563 $CSRname=generatecertpath("csr","orgclient",$emailid);
1564 $fp = fopen($CSRname, "w");
1565 fputs($fp, $csr);
1566 fclose($fp);
1567 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1568 }
1569 waitForResult("orgemailcerts", $emailid,$oldid);
1570 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1571 $res = mysql_query($query);
1572 if(mysql_num_rows($res) <= 0)
1573 {
1574 showheader(_("My CAcert.org Account!"));
1575 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1576 showfooter();
1577 exit;
1578 } else {
1579 $id = 19;
1580 $cert = $emailid;
1581 $_REQUEST['cert']=$emailid;
1582 }
1583 }
1584
1585 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1586 {
1587 csrf_check('clicerchange');
1588 showheader(_("My CAcert.org Account!"));
1589 if(is_array($_REQUEST['revokeid']))
1590 {
1591 $id = 18;
1592 echo _("Now renewing the following certificates:")."<br>\n";
1593 foreach($_REQUEST['revokeid'] as $id)
1594 {
1595 echo "Renewing certificate #$id ...\n<br/>";
1596 $id = intval($id);
1597 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1598 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1599 `org`.`orgid`=`orgemailcerts`.`orgid`";
1600 $res = mysql_query($query);
1601 if(mysql_num_rows($res) <= 0)
1602 {
1603 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1604 continue;
1605 }
1606
1607 $row = mysql_fetch_assoc($res);
1608
1609 if (($weakKey = checkWeakKeyX509(file_get_contents(
1610 $row['crt_name']))) !== "")
1611 {
1612 echo $weakKey, "<br/>\n";
1613 continue;
1614 }
1615
1616 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1617 if($row['revoke'] > 0)
1618 {
1619 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1620 continue;
1621 }
1622 $query = "insert into `orgemailcerts` set
1623 `orgid`='".$row['orgid']."',
1624 `CN`='".$row['CN']."',
1625 `subject`='".$row['subject']."',
1626 `keytype`='".$row['keytype']."',
1627 `csr_name`='".$row['csr_name']."',
1628 `created`='".$row['created']."',
1629 `modified`=NOW(),
1630 `codesign`='".$row['codesign']."',
1631 `rootcert`='".$row['rootcert']."'";
1632 mysql_query($query);
1633 $newid = mysql_insert_id();
1634 $newfile=generatecertpath("csr","orgclient",$newid);
1635 copy($row['csr_name'], $newfile);
1636 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1637 waitForResult("orgemailcerts", $newid,$oldid,0);
1638 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1639 $res = mysql_query($query);
1640 if(mysql_num_rows($res) > 0)
1641 {
1642 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1643 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1644 _("Click here")."</a> "._("to install your certificate.");
1645 }
1646 echo("<br/>");
1647 }
1648 }
1649 else
1650 {
1651 echo _("You did not select any certificates for renewal.");
1652 }
1653 showfooter();
1654 exit;
1655 }
1656
1657 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1658 {
1659 csrf_check('clicerchange');
1660 $id = 18;
1661 showheader(_("My CAcert.org Account!"));
1662 if(is_array($_REQUEST['revokeid']))
1663 {
1664 echo _("Now revoking the following certificates:")."<br>\n";
1665 foreach($_REQUEST['revokeid'] as $id)
1666 {
1667 $id = intval($id);
1668 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1669 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1670 `org`.`orgid`=`orgemailcerts`.`orgid`";
1671 $res = mysql_query($query);
1672 if(mysql_num_rows($res) <= 0)
1673 {
1674 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1675 continue;
1676 }
1677 $row = mysql_fetch_assoc($res);
1678 if($row['revoke'] > 0)
1679 {
1680 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1681 continue;
1682 }
1683 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1684 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1685 }
1686 }
1687 else
1688 {
1689 echo _("You did not select any certificates for revocation.");
1690 }
1691
1692 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1693 {
1694 echo _("Now deleting the following pending requests:")."<br>\n";
1695 foreach($_REQUEST['delid'] as $id)
1696 {
1697 $id = intval($id);
1698 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1699 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1700 `org`.`orgid`=`orgemailcerts`.`orgid`";
1701 $res = mysql_query($query);
1702 if(mysql_num_rows($res) <= 0)
1703 {
1704 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1705 continue;
1706 }
1707 $row = mysql_fetch_assoc($res);
1708 if($row['expired'] > 0)
1709 {
1710 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1711 continue;
1712 }
1713 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1714 @unlink($row['csr_name']);
1715 @unlink($row['crt_name']);
1716 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1717 }
1718 }
1719 showfooter();
1720 exit;
1721 }
1722
1723 if($process != "" && $oldid == 20)
1724 {
1725 $CSR = clean_csr($_REQUEST['CSR']);
1726
1727 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1728 {
1729 $id = 20;
1730 showheader(_("My CAcert.org Account!"));
1731 echo $weakKey;
1732 showfooter();
1733 exit;
1734 }
1735
1736 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1737 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1738 fputs($fp, $CSR);
1739 fclose($fp);
1740 $CSR = $_SESSION['_config']['tmpfname'];
1741 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
1742 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1743 foreach($bits as $val)
1744 {
1745 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1746 }
1747 $id = 21;
1748
1749 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1750 extractit();
1751 getcn2();
1752 getalt2();
1753
1754 $query = "select * from `orginfo`,`org`,`orgdomains` where
1755 `org`.`memid`='".$_SESSION['profile']['id']."' and
1756 `org`.`orgid`=`orginfo`.`id` and
1757 `org`.`orgid`=`orgdomains`.`orgid` and
1758 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1759 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1760 $query = "select * from `orginfo`,`org`,`orgdomains` where
1761 `org`.`memid`='".$_SESSION['profile']['id']."' and
1762 `org`.`orgid`=`orginfo`.`id` and
1763 `org`.`orgid`=`orgdomains`.`orgid` and
1764 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1765 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1766 //echo "<pre>"; print_r($_SESSION['_config']); die;
1767
1768 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1769 {
1770 $id = 20;
1771 showheader(_("My CAcert.org Account!"));
1772 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1773 showfooter();
1774 exit;
1775 }
1776
1777 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1778 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1779 $_SESSION['_config']['rootcert'] = 1;
1780 }
1781
1782 if($process != "" && $oldid == 21)
1783 {
1784 $id = 21;
1785
1786 if(!file_exists($_SESSION['_config']['tmpfname']))
1787 {
1788 showheader(_("My CAcert.org Account!"));
1789 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1790 showfooter();
1791 exit;
1792 }
1793
1794 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1795 $_SESSION['_config']['tmpfname']))) !== "")
1796 {
1797 showheader(_("My CAcert.org Account!"));
1798 echo $weakKey;
1799 showfooter();
1800 exit;
1801 }
1802
1803 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1804 {
1805 showheader(_("My CAcert.org Account!"));
1806 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1807 showfooter();
1808 exit;
1809 }
1810
1811 if($_SESSION['_config']['rowid']['0'] > 0)
1812 {
1813 $query = "select * from `org`,`orginfo` where
1814 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1815 `orginfo`.`id`=`org`.`orgid` and
1816 `org`.`memid`='".$_SESSION['profile']['id']."'";
1817 } else {
1818 $query = "select * from `org`,`orginfo` where
1819 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1820 `orginfo`.`id`=`org`.`orgid` and
1821 `org`.`memid`='".$_SESSION['profile']['id']."'";
1822 }
1823 $org = mysql_fetch_assoc(mysql_query($query));
1824 $csrsubject = "";
1825
1826 if($_SESSION['_config']['OU'])
1827 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1828 if($org['O'])
1829 $csrsubject .= "/organizationName=".$org['O'];
1830 if($org['L'])
1831 $csrsubject .= "/localityName=".$org['L'];
1832 if($org['ST'])
1833 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1834 if($org['C'])
1835 $csrsubject .= "/countryName=".$org['C'];
1836 //if($org['contact'])
1837 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1838
1839 if(is_array($_SESSION['_config']['rows']))
1840 foreach($_SESSION['_config']['rows'] as $row)
1841 $csrsubject .= "/commonName=$row";
1842 $SAN="";
1843 if(is_array($_SESSION['_config']['altrows']))
1844 foreach($_SESSION['_config']['altrows'] as $subalt)
1845 {
1846 if($SAN != "")
1847 $SAN .= ",";
1848 $SAN .= "$subalt";
1849 }
1850
1851 if($SAN != "")
1852 $csrsubject .= "/subjectAltName=".$SAN;
1853
1854 $type="";
1855 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1856 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1857 $_SESSION['_config']['rootcert'] = 1;
1858
1859 if($_SESSION['_config']['rowid']['0'] > 0)
1860 {
1861 $query = "insert into `orgdomaincerts` set
1862 `CN`='".$_SESSION['_config']['rows']['0']."',
1863 `orgid`='".$org['id']."',
1864 `created`=NOW(),
1865 `subject`='$csrsubject',
1866 `rootcert`='".$_SESSION['_config']['rootcert']."',
1867 `type`='$type'";
1868 } else {
1869 $query = "insert into `orgdomaincerts` set
1870 `CN`='".$_SESSION['_config']['altrows']['0']."',
1871 `orgid`='".$org['id']."',
1872 `created`=NOW(),
1873 `subject`='$csrsubject',
1874 `rootcert`='".$_SESSION['_config']['rootcert']."',
1875 `type`='$type'";
1876 }
1877 mysql_query($query);
1878 $CSRid = mysql_insert_id();
1879
1880 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1881 rename($_SESSION['_config']['tmpfname'], $CSRname);
1882 chmod($CSRname,0644);
1883 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1884 if(is_array($_SESSION['_config']['rowid']))
1885 foreach($_SESSION['_config']['rowid'] as $id)
1886 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1887 if(is_array($_SESSION['_config']['altid']))
1888 foreach($_SESSION['_config']['altid'] as $id)
1889 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1890 waitForResult("orgdomaincerts", $CSRid,$oldid);
1891 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1892 $res = mysql_query($query);
1893 if(mysql_num_rows($res) <= 0)
1894 {
1895 showheader(_("My CAcert.org Account!"));
1896 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1897 showfooter();
1898 exit;
1899 } else {
1900 $id = 23;
1901 $cert = $CSRid;
1902 $_REQUEST['cert']=$CSRid;
1903 }
1904 }
1905
1906 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1907 {
1908 csrf_check('orgsrvcerchange');
1909 showheader(_("My CAcert.org Account!"));
1910 if(is_array($_REQUEST['revokeid']))
1911 {
1912 echo _("Now renewing the following certificates:")."<br>\n";
1913 foreach($_REQUEST['revokeid'] as $id)
1914 {
1915 $id = intval($id);
1916 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1917 `orgdomaincerts`,`org`
1918 where `orgdomaincerts`.`id`='$id' and
1919 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1920 `org`.`memid`='".$_SESSION['profile']['id']."'";
1921 $res = mysql_query($query);
1922 if(mysql_num_rows($res) <= 0)
1923 {
1924 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1925 continue;
1926 }
1927
1928 $row = mysql_fetch_assoc($res);
1929
1930 if (($weakKey = checkWeakKeyX509(file_get_contents(
1931 $row['crt_name']))) !== "")
1932 {
1933 echo $weakKey, "<br/>\n";
1934 continue;
1935 }
1936
1937 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
1938 if($row['revoke'] > 0)
1939 {
1940 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1941 continue;
1942 }
1943 $query = "insert into `orgdomaincerts` set
1944 `orgid`='".$row['orgid']."',
1945 `CN`='".$row['CN']."',
1946 `csr_name`='".$row['csr_name']."',
1947 `created`='".$row['created']."',
1948 `modified`=NOW(),
1949 `subject`='".$row['subject']."',
1950 `type`='".$row['type']."',
1951 `rootcert`='".$row['rootcert']."'";
1952 mysql_query($query);
1953 $newid = mysql_insert_id();
1954 //echo "NewID: $newid<br/>\n";
1955 $newfile=generatecertpath("csr","orgserver",$newid);
1956 copy($row['csr_name'], $newfile);
1957 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
1958 echo _("Renewing").": ".$row['CN']."<br>\n";
1959 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
1960 while($r2 = mysql_fetch_assoc($res))
1961 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
1962 waitForResult("orgdomaincerts", $newid,$oldid,0);
1963 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
1964 $res = mysql_query($query);
1965 if(mysql_num_rows($res) <= 0)
1966 {
1967 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1968 } else {
1969 $drow = mysql_fetch_assoc($res);
1970 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
1971 echo "<pre>\n$cert\n</pre>\n";
1972 }
1973 }
1974 }
1975 else
1976 {
1977 echo _("You did not select any certificates for renewal.");
1978 }
1979 showfooter();
1980 exit;
1981 }
1982
1983 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1984 {
1985 csrf_check('orgsrvcerchange');
1986 showheader(_("My CAcert.org Account!"));
1987 if(is_array($_REQUEST['revokeid']))
1988 {
1989 echo _("Now revoking the following certificates:")."<br>\n";
1990 foreach($_REQUEST['revokeid'] as $id)
1991 {
1992 $id = intval($id);
1993 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1994 `orgdomaincerts`,`org`
1995 where `orgdomaincerts`.`id`='$id' and
1996 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1997 `org`.`memid`='".$_SESSION['profile']['id']."'";
1998 $res = mysql_query($query);
1999 if(mysql_num_rows($res) <= 0)
2000 {
2001 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2002 continue;
2003 }
2004 $row = mysql_fetch_assoc($res);
2005 if($row['revoke'] > 0)
2006 {
2007 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2008 continue;
2009 }
2010 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2011 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
2012 }
2013 }
2014 else
2015 {
2016 echo _("You did not select any certificates for revocation.");
2017 }
2018
2019 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2020 {
2021 echo _("Now deleting the following pending requests:")."<br>\n";
2022 foreach($_REQUEST['delid'] as $id)
2023 {
2024 $id = intval($id);
2025 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2026 `orgdomaincerts`,`org`
2027 where `orgdomaincerts`.`id`='$id' and
2028 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2029 `org`.`memid`='".$_SESSION['profile']['id']."'";
2030 $res = mysql_query($query);
2031 if(mysql_num_rows($res) <= 0)
2032 {
2033 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2034 continue;
2035 }
2036 $row = mysql_fetch_assoc($res);
2037 if($row['expired'] > 0)
2038 {
2039 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2040 continue;
2041 }
2042 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2043 @unlink($row['csr_name']);
2044 @unlink($row['crt_name']);
2045 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2046 }
2047 }
2048 showfooter();
2049 exit;
2050 }
2051
2052 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2053 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2054 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2055 $_SESSION['profile']['orgadmin'] != 1)
2056 {
2057 showheader(_("My CAcert.org Account!"));
2058 echo _("You don't have access to this area.");
2059 showfooter();
2060 exit;
2061 }
2062
2063 if($oldid == 24 && $process != "")
2064 {
2065 $id = intval($oldid);
2066 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2067 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2068 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2069 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2070 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2071 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2072
2073 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2074 {
2075 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2076 } else {
2077 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2078 `contact`='".$_SESSION['_config']['contact']."',
2079 `L`='".$_SESSION['_config']['L']."',
2080 `ST`='".$_SESSION['_config']['ST']."',
2081 `C`='".$_SESSION['_config']['C']."',
2082 `comments`='".$_SESSION['_config']['comments']."'");
2083 showheader(_("My CAcert.org Account!"));
2084 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2085 showfooter();
2086 exit;
2087 }
2088 }
2089
2090 if($oldid == 27 && $process != "")
2091 {
2092 csrf_check('orgdetchange');
2093 $id = intval($oldid);
2094 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2095 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2096 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2097 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2098 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2099 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2100
2101 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2102 {
2103 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2104 } else {
2105 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2106 `contact`='".$_SESSION['_config']['contact']."',
2107 `L`='".$_SESSION['_config']['L']."',
2108 `ST`='".$_SESSION['_config']['ST']."',
2109 `C`='".$_SESSION['_config']['C']."',
2110 `comments`='".$_SESSION['_config']['comments']."'
2111 where `id`='".$_SESSION['_config']['orgid']."'");
2112 showheader(_("My CAcert.org Account!"));
2113 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2114 showfooter();
2115 exit;
2116 }
2117 }
2118
2119 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2120 {
2121 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2122 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2123 if(mysql_num_rows($res1) > 0)
2124 {
2125 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2126 $id = $oldid;
2127 $oldid=0;
2128 }
2129 }
2130
2131 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2132 {
2133 $oldid=0;
2134 $id = 25;
2135 }
2136
2137 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2138 {
2139 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2140 showheader(_("My CAcert.org Account!"));
2141 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2142 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2143 showfooter();
2144 exit;
2145 }
2146
2147 if($oldid == 29 && $process != "")
2148 {
2149 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2150
2151 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2152 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2153 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2154 {
2155 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2156 $id = $oldid;
2157 $oldid=0;
2158 }
2159 }
2160
2161 if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2162 {
2163 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2164 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2165 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2166 `orgdomains`.`id`='".intval($domid)."'";
2167 $res = mysql_query($query);
2168 while($row = mysql_fetch_assoc($res))
2169 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2170
2171 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2172 `orgemaillink`.`domid`=`orgdomains`.`id` and
2173 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2174 `orgdomains`.`id`='".intval($domid)."'";
2175 $res = mysql_query($query);
2176 while($row = mysql_fetch_assoc($res))
2177 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2178 }
2179
2180 if($oldid == 29 && $process != "")
2181 {
2182 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2183 mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
2184 showheader(_("My CAcert.org Account!"));
2185 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
2186 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2187 showfooter();
2188 exit;
2189 }
2190
2191 if($oldid == 30 && $process != "")
2192 {
2193 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2194 $domain = $row['domain'];
2195 mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
2196 showheader(_("My CAcert.org Account!"));
2197 printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
2198 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2199 showfooter();
2200 exit;
2201 }
2202
2203 if($oldid == 30)
2204 {
2205 $id = 26;
2206 $orgid = 0;
2207 }
2208
2209 if($oldid == 31 && $process != "")
2210 {
2211 $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
2212 $dres = mysql_query($query);
2213 while($drow = mysql_fetch_assoc($dres))
2214 {
2215 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2216 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2217 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2218 `orgdomains`.`id`='".intval($drow['id'])."'";
2219 $res = mysql_query($query);
2220 while($row = mysql_fetch_assoc($res))
2221 {
2222 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2223 mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
2224 mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
2225 }
2226
2227 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2228 `orgemaillink`.`domid`=`orgdomains`.`id` and
2229 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2230 `orgdomains`.`id`='".intval($drow['id'])."'";
2231 $res = mysql_query($query);
2232 while($row = mysql_fetch_assoc($res))
2233 {
2234 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2235 mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
2236 mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
2237 }
2238 }
2239 mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2240 mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2241 mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
2242 }
2243
2244 if($oldid == 31)
2245 {
2246 $id = 25;
2247 $orgid = 0;
2248 }
2249
2250 if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
2251 {
2252 $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2253 $_macc = mysql_num_rows(mysql_query($query));
2254 if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
2255 {
2256 showheader(_("My CAcert.org Account!"));
2257 echo _("You don't have access to this area.");
2258 showfooter();
2259 exit;
2260 }
2261 }
2262
2263 if($id == 35 || $oldid == 35)
2264 {
2265 $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
2266 $is_orguser = mysql_num_rows(mysql_query($query));
2267 if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
2268 {
2269 showheader(_("My CAcert.org Account!"));
2270 echo _("You don't have access to this area.");
2271 showfooter();
2272 exit;
2273 }
2274 }
2275
2276 if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
2277 {
2278 $orgid = intval($_SESSION['_config']['orgid']);
2279 $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2280 $res = mysql_query($query);
2281 if(mysql_num_rows($res) <= 0)
2282 {
2283 $id = 35;
2284 }
2285 }
2286
2287 if($oldid == 33 && $process != "")
2288 {
2289 csrf_check('orgadmadd');
2290 if($_SESSION['profile']['orgadmin'] == 1)
2291 $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
2292 else
2293 $masteracc = $_SESSION['_config'][masteracc] = 0;
2294 $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
2295 $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
2296 $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
2297 $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
2298 if(mysql_num_rows($res) <= 0)
2299 {
2300 $id = $oldid;
2301 $oldid=0;
2302 $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
2303 } else {
2304 $row = mysql_fetch_assoc($res);
2305 if ( !is_assurer(intval($row['id'])) )
2306 {
2307 $id = $oldid;
2308 $oldid=0;
2309 $_SESSION[</