Source code taken from cacert-20130906.tar.bz2
[cacert-devel.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once("../includes/lib/check_weak_key.php");
21 require_once("../includes/notary.inc.php");
22
23 loadem("account");
24
25 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
26 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
27 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
28
29 $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
30 $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
31 $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
32 $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
33
34
35 if(!$_SESSION['mconn'])
36 {
37 echo _("Several CAcert Services are currently unavailable. Please try again later.");
38 exit;
39 }
40
41 if ($process == _("Cancel"))
42 {
43 // General reset CANCEL process requests
44 $process = "";
45 }
46
47
48 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
49 {
50 $id = 1;
51 $oldid=0;
52 }
53
54 if($process != "" && $oldid == 1)
55 {
56 $id = 1;
57 csrf_check('addemail');
58 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
59 {
60 showheader(_("My CAcert.org Account!"));
61 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
62 showfooter();
63 exit;
64 }
65 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
66 {
67 showheader(_("My CAcert.org Account!"));
68 printf(_("Not a valid email address. Can't continue."));
69 showfooter();
70 exit;
71 }
72 $oldid=0;
73 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
74 if(check_email_exists($_REQUEST['email'])==true)
75 {
76 showheader(_("My CAcert.org Account!"));
77 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
78 showfooter();
79 exit;
80 }
81 $checkemail = checkEmail($_REQUEST['newemail']);
82 if($checkemail != "OK")
83 {
84 showheader(_("My CAcert.org Account!"));
85 if (substr($checkemail, 0, 1) == "4")
86 {
87 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
88 } else {
89 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
90 }
91 echo "<p>$checkemail</p>\n";
92 showfooter();
93 exit;
94 }
95 $hash = make_hash();
96 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
97 mysql_query($query);
98 $emailid = mysql_insert_id();
99
100 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
101 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
102 $body .= _("Best regards")."\n"._("CAcert.org Support!");
103
104 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
105
106 showheader(_("My CAcert.org Account!"));
107 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
108 showfooter();
109 exit;
110 }
111
112 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
113 {
114 $id = 2;
115 $emailid = intval($_REQUEST['emailid']);
116 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
117 $res = mysql_query($query);
118 if(mysql_num_rows($res) <= 0)
119 {
120 showheader(_("Error!"));
121 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
122 showfooter();
123 exit;
124 }
125 $row = mysql_fetch_assoc($res);
126 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
127 $body .= _("You are receiving this email because you or someone else ".
128 "has changed the default email on your account.")."\n\n";
129
130 $body .= _("Best regards")."\n"._("CAcert.org Support!");
131
132 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
133 "support@cacert.org", "", "", "CAcert Support");
134
135 $_SESSION['profile']['email'] = $row['email'];
136 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
137 mysql_query($query);
138 showheader(_("My CAcert.org Account!"));
139 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
140 showfooter();
141 exit;
142 }
143
144 if($process != "" && $oldid == 2)
145 {
146 $id = 2;
147 csrf_check("chgdef");
148 showheader(_("My CAcert.org Account!"));
149 $delcount = 0;
150 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
151 {
152 foreach($_REQUEST['delid'] as $id)
153 {
154 $id = intval($id);
155 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
156 `email`!='".$_SESSION['profile']['email']."'";
157 $res = mysql_query($query);
158 if(mysql_num_rows($res) > 0)
159 {
160 $row = mysql_fetch_assoc($res);
161 echo $row['email']."<br>\n";
162 account_email_delete($row['id']);
163 $delcount++;
164 }
165 }
166 }
167 else
168 {
169 echo _("You did not select any email accounts for removal.");
170 }
171 if($delcount > 0)
172 {
173 echo _("The following accounts have been removed:")."<br>\n";
174 } else {
175 echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
176 }
177
178 showfooter();
179 exit;
180 }
181
182 if($process != "" && $oldid == 3)
183 {
184 if(!array_key_exists('CCA',$_REQUEST))
185 {
186 showheader(_("My CAcert.org Account!"));
187 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
188 showfooter();
189 exit;
190 }
191
192 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
193 {
194 showheader(_("My CAcert.org Account!"));
195 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
196 showfooter();
197 exit;
198 }
199
200 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
201
202 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
203 if($_SESSION['profile']['points'] >= 50)
204 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
205 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
206 {
207 $_REQUEST['codesign'] = 0;
208 }
209 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
210 {
211 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
212 $_SESSION['_config']['incname'] = 1;
213 }
214 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
215 $_SESSION['_config']['codesign'] = 1;
216 else
217 $_SESSION['_config']['codesign'] = 0;
218
219 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
220 $_SESSION['_config']['disablelogin'] = 0;
221 else
222 $_SESSION['_config']['disablelogin'] = 1;
223
224 $_SESSION['_config']['rootcert'] = 1;
225 if($_SESSION['profile']['points'] >= 50)
226 {
227 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
228 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
229 $_SESSION['_config']['rootcert'] = 1;
230 }
231 $csr = "";
232 if(trim($_REQUEST['optionalCSR']) == "")
233 {
234 $id = 4;
235 } else {
236 $oldid = 4;
237 $_REQUEST['keytype'] = "MS";
238 $csr = clean_csr($_REQUEST['optionalCSR']);
239 }
240 if(trim($_REQUEST['description']) != ""){
241 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
242 }else{
243 $_SESSION['_config']['description']= "";
244 }
245 }
246
247 if($oldid == 4)
248 {
249 if($_REQUEST['keytype'] == "NS")
250 {
251 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
252
253 if($spkac=="" || $spkac == "deadbeef")
254 {
255 $id = 4;
256 showheader(_("My CAcert.org Account!"));
257 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
258 showfooter();
259 exit;
260 }
261 $count = 0;
262 $emails = "";
263 $addys = array();
264 $defaultemail="";
265 if(is_array($_SESSION['_config']['addid']))
266 foreach($_SESSION['_config']['addid'] as $id)
267 {
268 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
269 if(mysql_num_rows($res) > 0)
270 {
271 $row = mysql_fetch_assoc($res);
272 if(!$emails)
273 $defaultemail = $row['email'];
274 $emails .= "$count.emailAddress = ".$row['email']."\n";
275 $count++;
276 $addys[] = intval($row['id']);
277 }
278 }
279 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
280 {
281 $id = 4;
282 showheader(_("My CAcert.org Account!"));
283 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
284 showfooter();
285 exit;
286 }
287 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
288 if($_SESSION['_config']['SSO'] == 1)
289 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
290
291 if(strlen($user['mname']) == 1)
292 $user['mname'] .= '.';
293 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
294 {
295 $emails .= "commonName = CAcert WoT User\n";
296 }
297 else
298 {
299 if($_SESSION['_config']['incname'] == 1)
300 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
301 if($_SESSION['_config']['incname'] == 2)
302 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
303 if($_SESSION['_config']['incname'] == 3)
304 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
305 if($_SESSION['_config']['incname'] == 4)
306 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
307 }
308 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
309 $_SESSION['_config']['rootcert'] = 1;
310
311 $emails .= "SPKAC = $spkac";
312 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
313 {
314 $id = 4;
315 showheader(_("My CAcert.org Account!"));
316 echo $weakKey;
317 showfooter();
318 exit;
319 }
320
321 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
322
323 $query = "insert into emailcerts set
324 `CN`='$defaultemail',
325 `keytype`='NS',
326 `memid`='".intval($_SESSION['profile']['id'])."',
327 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
328 `codesign`='".intval($_SESSION['_config']['codesign'])."',
329 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
330 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
331 `description`='".$_SESSION['_config']['description']."'";
332 mysql_query($query);
333 $emailid = mysql_insert_id();
334 if(is_array($addys))
335 foreach($addys as $addy)
336 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
337 $CSRname=generatecertpath("csr","client",$emailid);
338 $fp = fopen($CSRname, "w");
339 fputs($fp, $emails);
340 fclose($fp);
341 $challenge=$_SESSION['spkac_hash'];
342 $res=`openssl spkac -verify -in $CSRname`;
343 if(!strstr($res,"Challenge String: ".$challenge))
344 {
345 $id = $oldid;
346 showheader(_("My CAcert.org Account!"));
347 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
348 showfooter();
349 exit;
350 }
351 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
352 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
353 if($csr == "")
354 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
355
356 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
357 {
358 $id = 4;
359 showheader(_("My CAcert.org Account!"));
360 echo $weakKey;
361 showfooter();
362 exit;
363 }
364
365 $tmpfname = tempnam("/tmp", "id4CSR");
366 $fp = fopen($tmpfname, "w");
367 fputs($fp, $csr);
368 fclose($fp);
369
370 $addys = array();
371 $defaultemail = "";
372 $csrsubject="";
373
374 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
375 if(strlen($user['mname']) == 1)
376 $user['mname'] .= '.';
377 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
378 $csrsubject = "/CN=CAcert WoT User";
379 if($_SESSION['_config']['incname'] == 1)
380 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
381 if($_SESSION['_config']['incname'] == 2)
382 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
383 if($_SESSION['_config']['incname'] == 3)
384 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
385 if($_SESSION['_config']['incname'] == 4)
386 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
387 if(is_array($_SESSION['_config']['addid']))
388 foreach($_SESSION['_config']['addid'] as $id)
389 {
390 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
391 if(mysql_num_rows($res) > 0)
392 {
393 $row = mysql_fetch_assoc($res);
394 if($defaultemail == "")
395 $defaultemail = $row['email'];
396 $csrsubject .= "/emailAddress=".$row['email'];
397 $addys[] = $row['id'];
398 }
399 }
400 if($_SESSION['_config']['SSO'] == 1)
401 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
402
403 $tmpname = tempnam("/tmp", "id4csr");
404 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
405 @unlink($tmpfname);
406 $csr = "";
407 $fp = fopen($tmpname, "r");
408 while($data = fgets($fp, 4096))
409 $csr .= $data;
410 fclose($fp);
411 @unlink($tmpname);
412 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
413 $_SESSION['_config']['rootcert'] = 1;
414
415 if($csr == "")
416 {
417 $id = 4;
418 showheader(_("My CAcert.org Account!"));
419 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
420 showfooter();
421 exit;
422 }
423 $query = "insert into emailcerts set
424 `CN`='$defaultemail',
425 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
426 `memid`='".$_SESSION['profile']['id']."',
427 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
428 `subject`='".mysql_real_escape_string($csrsubject)."',
429 `codesign`='".$_SESSION['_config']['codesign']."',
430 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
431 `rootcert`='".$_SESSION['_config']['rootcert']."',
432 `description`='".$_SESSION['_config']['description']."'";
433 mysql_query($query);
434 $emailid = mysql_insert_id();
435 if(is_array($addys))
436 foreach($addys as $addy)
437 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
438 $CSRname=generatecertpath("csr","client",$emailid);
439 $fp = fopen($CSRname, "w");
440 fputs($fp, $csr);
441 fclose($fp);
442 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
443 }
444 waitForResult("emailcerts", $emailid, 4);
445 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
446 $res = mysql_query($query);
447 if(mysql_num_rows($res) <= 0)
448 {
449 $id = 4;
450 showheader(_("My CAcert.org Account!"));
451 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
452 showfooter();
453 exit;
454 } else {
455 $id = 6;
456 $cert = $emailid;
457 $_REQUEST['cert']=$emailid;
458 }
459 }
460
461 if($oldid == 7)
462 {
463 csrf_check("adddomain");
464 if(strstr($_REQUEST['newdomain'],"\x00"))
465 {
466 showheader(_("My CAcert.org Account!"));
467 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
468 showfooter();
469 exit;
470 }
471
472 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
473 while($newdomain['0'] == '-')
474 $newdomain = substr($newdomain, 1);
475 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
476 {
477 showheader(_("My CAcert.org Account!"));
478 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
479 showfooter();
480 exit;
481 }
482
483 $newdom = trim(escapeshellarg($newdomain));
484 $newdomain = mysql_real_escape_string(trim($newdomain));
485
486 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
487 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
488 $res2 = mysql_query($query);
489 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
490 {
491 $oldid=0;
492 $id = 7;
493 showheader(_("My CAcert.org Account!"));
494 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
495 showfooter();
496 exit;
497 }
498 }
499
500 if($oldid == 7)
501 {
502 $oldid=0;
503 $id = 8;
504 $addy = array();
505 $adds = array();
506 if(strtolower(substr($newdom, -4, 3)) != ".jp")
507 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
508 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
509 {
510 if(is_array($adds))
511 foreach($adds as $line)
512 {
513 $bits = explode(":", $line, 2);
514 $line = trim($bits[1]);
515 if(!in_array($line, $addy) && $line != "")
516 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
517 }
518 } else {
519 if(is_array($adds))
520 foreach($adds as $line)
521 {
522 $line = trim(str_replace("\t", " ", $line));
523 $line = trim(str_replace("(", "", $line));
524 $line = trim(str_replace(")", " ", $line));
525 $line = trim(str_replace(":", " ", $line));
526
527 $bits = explode(" ", $line);
528 foreach($bits as $bit)
529 {
530 if(strstr($bit, "@"))
531 $line = $bit;
532 }
533 if(!in_array($line, $addy) && $line != "")
534 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
535 }
536 }
537
538 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
539 foreach($rfc as $sub)
540 if(!in_array($sub, $addy))
541 $addy[] = $sub;
542 $_SESSION['_config']['addy'] = $addy;
543 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
544 }
545
546 if($process != "" && $oldid == 8)
547 {
548 csrf_check('ctcinfo');
549 $oldid=0;
550 $id = 8;
551
552 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
553
554 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
555 {
556 showheader(_("My CAcert.org Account!"));
557 echo _("The address you submitted isn't a valid authority address for the domain.");
558 showfooter();
559 exit;
560 }
561
562 if(!in_array($authaddy, $_SESSION['_config']['addy']))
563 {
564 showheader(_("My CAcert.org Account!"));
565 echo _("The address you submitted isn't a valid authority address for the domain.");
566 showfooter();
567 exit;
568 }
569
570 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
571 $res = mysql_query($query);
572 if(mysql_num_rows($res) > 0)
573 {
574 showheader(_("My CAcert.org Account!"));
575 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
576 showfooter();
577 exit;
578 }
579 $checkemail = checkEmail($authaddy);
580 if($checkemail != "OK")
581 {
582 showheader(_("My CAcert.org Account!"));
583 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
584 if (substr($checkemail, 0, 1) == "4")
585 {
586 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
587 } else {
588 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
589 }
590 echo "<p>$checkemail</p>\n";
591 showfooter();
592 exit;
593 }
594
595 $hash = make_hash();
596 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
597 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
598 mysql_query($query);
599 $domainid = mysql_insert_id();
600
601 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
602 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
603 $body .= _("Best regards")."\n"._("CAcert.org Support!");
604
605 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
606
607 showheader(_("My CAcert.org Account!"));
608 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
609 showfooter();
610 exit;
611 }
612
613 if($process != "" && $oldid == 9)
614 {
615 $id = 9;
616 showheader(_("My CAcert.org Account!"));
617 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
618 {
619 echo _("The following domains have been removed:")."<br>
620 ("._("Any valid certificates will be revoked as well").")<br>\n";
621
622 foreach($_REQUEST['delid'] as $id)
623 {
624 $id = intval($id);
625 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
626 $res = mysql_query($query);
627 if(mysql_num_rows($res) > 0)
628 {
629 $row = mysql_fetch_assoc($res);
630 echo $row['domain']."<br>\n";
631 account_domain_delete($row['id']);
632 }
633
634 }
635 }
636 else
637 {
638 echo _("You did not select any domains for removal.");
639 }
640
641 showfooter();
642 exit;
643 }
644
645 if($process != "" && $oldid == 10)
646 {
647 if(!array_key_exists('CCA',$_REQUEST))
648 {
649 showheader(_("My CAcert.org Account!"));
650 echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
651 showfooter();
652 exit;
653 }
654
655 $CSR = clean_csr($_REQUEST['CSR']);
656 if(strpos($CSR,"---BEGIN")===FALSE)
657 {
658 // In case the CSR is missing the ---BEGIN lines, add them automatically:
659 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
660 }
661
662 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
663 {
664 showheader(_("My CAcert.org Account!"));
665 echo $weakKey;
666 showfooter();
667 exit;
668 }
669
670 if(trim($_REQUEST['description']) != ""){
671 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
672 }else{
673 $_SESSION['_config']['description']= "";
674 }
675
676 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
677 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
678 fputs($fp, $CSR);
679 fclose($fp);
680 $CSR = $_SESSION['_config']['tmpfname'];
681 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
682 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
683 foreach($bits as $val)
684 {
685 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
686 }
687 $id = 11;
688
689 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
690 extractit();
691 getcn();
692 getalt();
693
694 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
695 {
696 showheader(_("My CAcert.org Account!"));
697 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
698 showfooter();
699 exit;
700 }
701
702 $_SESSION['_config']['rootcert'] = 1;
703 if($_SESSION['profile']['points'] >= 50)
704 {
705 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
706 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
707 $_SESSION['_config']['rootcert'] = 1;
708 }
709 }
710
711 if($process != "" && $oldid == 11)
712 {
713 if(!file_exists($_SESSION['_config']['tmpfname']))
714 {
715 showheader(_("My CAcert.org Account!"));
716 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
717 showfooter();
718 exit;
719 }
720
721 if (($weakKey = checkWeakKeyCSR(file_get_contents(
722 $_SESSION['_config']['tmpfname']))) !== "")
723 {
724 showheader(_("My CAcert.org Account!"));
725 echo $weakKey;
726 showfooter();
727 exit;
728 }
729
730 $id = 11;
731 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
732 {
733 showheader(_("My CAcert.org Account!"));
734 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
735 showfooter();
736 exit;
737 }
738
739 $subject = "";
740 $count = 0;
741 $supressSAN=0;
742 if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
743
744 if(is_array($_SESSION['_config']['rows']))
745 foreach($_SESSION['_config']['rows'] as $row)
746 {
747 $count++;
748 if($count <= 1)
749 {
750 $subject .= "/CN=$row";
751 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
752 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
753 } else {
754 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
755 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
756 }
757 }
758 if(is_array($_SESSION['_config']['altrows']))
759 foreach($_SESSION['_config']['altrows'] as $row)
760 {
761 if(substr($row, 0, 4) == "DNS:")
762 {
763 $row = substr($row, 4);
764 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
765 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
766 }
767 }
768 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
769 $_SESSION['_config']['rootcert'] = 1;
770
771 write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
772
773 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
774 {
775 $query = "insert into `domaincerts` set
776 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
777 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
778 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
779 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
780 `description`='".$_SESSION['_config']['description']."'";
781 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
782 $query = "insert into `domaincerts` set
783 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
784 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
785 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
786 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
787 `description`='".$_SESSION['_config']['description']."'";
788 } else {
789 showheader(_("My CAcert.org Account!"));
790 echo _("Domain not verified.");
791 showfooter();
792 exit;
793
794 }
795
796 mysql_query($query);
797 $CSRid = mysql_insert_id();
798
799 if(is_array($_SESSION['_config']['rowid']))
800 foreach($_SESSION['_config']['rowid'] as $dom)
801 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
802 if(is_array($_SESSION['_config']['altid']))
803 foreach($_SESSION['_config']['altid'] as $dom)
804 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
805
806 $CSRname=generatecertpath("csr","server",$CSRid);
807 rename($_SESSION['_config']['tmpfname'], $CSRname);
808 chmod($CSRname,0644);
809 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
810 waitForResult("domaincerts", $CSRid, 11);
811 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
812 $res = mysql_query($query);
813 if(mysql_num_rows($res) <= 0)
814 {
815 $id = 11;
816 showheader(_("My CAcert.org Account!"));
817 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
818 showfooter();
819 exit;
820 } else {
821 $id = 15;
822 $cert = $CSRid;
823 $_REQUEST['cert']=$CSRid;
824 }
825 }
826
827 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
828 {
829 csrf_check('srvcerchange');
830 $id = 12;
831 showheader(_("My CAcert.org Account!"));
832 if(is_array($_REQUEST['revokeid']))
833 {
834 echo _("Now renewing the following certificates:")."<br>\n";
835 foreach($_REQUEST['revokeid'] as $id)
836 {
837 $id = intval($id);
838 echo _("Processing request")." $id:<br/>";
839 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
840 where `domaincerts`.`id`='$id' and
841 `domaincerts`.`domid`=`domains`.`id` and
842 `domains`.`memid`='".$_SESSION['profile']['id']."'";
843 $res = mysql_query($query);
844 if(mysql_num_rows($res) <= 0)
845 {
846 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
847 continue;
848 }
849
850 $row = mysql_fetch_assoc($res);
851
852 if (($weakKey = checkWeakKeyX509(file_get_contents(
853 $row['crt_name']))) !== "")
854 {
855 echo $weakKey, "<br/>\n";
856 continue;
857 }
858
859 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
860 $query = "insert into `domaincerts` set
861 `domid`='".$row['domid']."',
862 `CN`='".mysql_real_escape_string($row['CN'])."',
863 `subject`='".mysql_real_escape_string($row['subject'])."',".
864 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
865 "`created`='".$row['created']."',
866 `modified`=NOW(),
867 `rootcert`='".$row['rootcert']."',
868 `type`='".$row['type']."',
869 `pkhash`='".$row['pkhash']."',
870 `description`='".$row['description']."'";
871 mysql_query($query);
872 $newid = mysql_insert_id();
873 $newfile=generatecertpath("csr","server",$newid);
874 copy($row['csr_name'], $newfile);
875 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
876 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
877 foreach($bits as $val)
878 {
879 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
880 }
881 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
882 extractit();
883 getcn();
884 getalt();
885
886 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
887 {
888 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
889 continue;
890 }
891
892 $subject = "";
893 $count = 0;
894 if(is_array($_SESSION['_config']['rows']))
895 foreach($_SESSION['_config']['rows'] as $row)
896 {
897 $count++;
898 if($count <= 1)
899 {
900 $subject .= "/CN=$row";
901 if(!strstr($subject, "=$row/") &&
902 substr($subject, -strlen("=$row")) != "=$row")
903 $subject .= "/subjectAltName=$row";
904 } else {
905 if(!strstr($subject, "=$row/") &&
906 substr($subject, -strlen("=$row")) != "=$row")
907 $subject .= "/subjectAltName=$row";
908 }
909 }
910 if(is_array($_SESSION['_config']['altrows']))
911 foreach($_SESSION['_config']['altrows'] as $row)
912 if(!strstr($subject, "=$row/") &&
913 substr($subject, -strlen("=$row")) != "=$row")
914 $subject .= "/subjectAltName=$row";
915 $subject = mysql_real_escape_string($subject);
916 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
917
918 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
919 waitForResult("domaincerts", $newid,$oldid,0);
920 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
921 $res = mysql_query($query);
922 if(mysql_num_rows($res) <= 0)
923 {
924 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
925 } else {
926 $drow = mysql_fetch_assoc($res);
927 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
928 echo "<pre>\n$cert\n</pre>\n";
929 }
930 }
931 }
932 else
933 {
934 echo _("You did not select any certificates for renewal.");
935 }
936 showfooter();
937 exit;
938 }
939
940 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
941 {
942 csrf_check('srvcerchange');
943 $id = 12;
944 showheader(_("My CAcert.org Account!"));
945 if(is_array($_REQUEST['revokeid']))
946 {
947 echo _("Now revoking the following certificates:")."<br>\n";
948 foreach($_REQUEST['revokeid'] as $id)
949 {
950 $id = intval($id);
951 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
952 where `domaincerts`.`id`='$id' and
953 `domaincerts`.`domid`=`domains`.`id` and
954 `domains`.`memid`='".$_SESSION['profile']['id']."'";
955 $res = mysql_query($query);
956 if(mysql_num_rows($res) <= 0)
957 {
958 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
959 continue;
960 }
961 $row = mysql_fetch_assoc($res);
962 if($row['revoke'] > 0)
963 {
964 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
965 continue;
966 }
967 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
968 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
969 }
970 }
971 else
972 {
973 echo _("You did not select any certificates for revocation.");
974 }
975
976 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
977 {
978 echo _("Now deleting the following pending requests:")."<br>\n";
979 foreach($_REQUEST['delid'] as $id)
980 {
981 $id = intval($id);
982 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
983 where `domaincerts`.`id`='$id' and
984 `domaincerts`.`domid`=`domains`.`id` and
985 `domains`.`memid`='".$_SESSION['profile']['id']."'";
986 $res = mysql_query($query);
987 if(mysql_num_rows($res) <= 0)
988 {
989 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
990 continue;
991 }
992 $row = mysql_fetch_assoc($res);
993 if($row['expired'] > 0)
994 {
995 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
996 continue;
997 }
998 mysql_query("delete from `domaincerts` where `id`='$id'");
999 @unlink($row['csr_name']);
1000 @unlink($row['crt_name']);
1001 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1002 }
1003 }
1004 showfooter();
1005 exit;
1006 }
1007
1008 if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1009 {
1010 showheader(_("My CAcert.org Account!"));
1011 foreach($_REQUEST as $id => $val)
1012 {
1013 if(substr($id,0,14)=="check_comment_")
1014 {
1015 $cid = intval(substr($id,14));
1016 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1017 mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
1018 }
1019 }
1020 echo(_("Certificate settings have been changed.")."<br/>\n");
1021 showfooter();
1022 exit;
1023 }
1024
1025
1026 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1027 {
1028 showheader(_("My CAcert.org Account!"));
1029 if(is_array($_REQUEST['revokeid']))
1030 {
1031 echo _("Now renewing the following certificates:")."<br>\n";
1032 foreach($_REQUEST['revokeid'] as $id)
1033 {
1034 $id = intval($id);
1035 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1036 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1037 $res = mysql_query($query);
1038 if(mysql_num_rows($res) <= 0)
1039 {
1040 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1041 continue;
1042 }
1043
1044 $row = mysql_fetch_assoc($res);
1045
1046 if (($weakKey = checkWeakKeyX509(file_get_contents(
1047 $row['crt_name']))) !== "")
1048 {
1049 echo $weakKey, "<br/>\n";
1050 continue;
1051 }
1052
1053 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1054 $query = "insert into emailcerts set
1055 `memid`='".$row['memid']."',
1056 `CN`='".mysql_real_escape_string($row['CN'])."',
1057 `subject`='".mysql_real_escape_string($row['subject'])."',
1058 `keytype`='".$row['keytype']."',
1059 `csr_name`='".$row['csr_name']."',
1060 `created`='".$row['created']."',
1061 `modified`=NOW(),
1062 `disablelogin`='".$row['disablelogin']."',
1063 `codesign`='".$row['codesign']."',
1064 `rootcert`='".$row['rootcert']."',
1065 `description`='".$row['description']."'";
1066 mysql_query($query);
1067 $newid = mysql_insert_id();
1068 $newfile=generatecertpath("csr","client",$newid);
1069 copy($row['csr_name'], $newfile);
1070 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1071 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1072 while($r2 = mysql_fetch_assoc($res))
1073 {
1074 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1075 `emailcertsid`='$newid'");
1076 }
1077 waitForResult("emailcerts", $newid,$oldid,0);
1078 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1079 $res = mysql_query($query);
1080 if(mysql_num_rows($res) <= 0)
1081 {
1082 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1083 } else {
1084 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1085 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1086 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1087 }
1088 }
1089 }
1090 else
1091 {
1092 echo _("You did not select any certificates for renewal.")."<br/>";
1093 }
1094
1095 showfooter();
1096 exit;
1097 }
1098
1099 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1100 {
1101 $id = 5;
1102 showheader(_("My CAcert.org Account!"));
1103 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1104 {
1105 echo _("Now revoking the following certificates:")."<br>\n";
1106 foreach($_REQUEST['revokeid'] as $id)
1107 {
1108 $id = intval($id);
1109 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1110 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1111 $res = mysql_query($query);
1112 if(mysql_num_rows($res) <= 0)
1113 {
1114 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1115 continue;
1116 }
1117 $row = mysql_fetch_assoc($res);
1118 if($row['revoke'] > 0)
1119 {
1120 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1121 continue;
1122 }
1123 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1124 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1125 }
1126 }
1127 else
1128 {
1129 echo _("You did not select any certificates for revocation.");
1130 }
1131
1132 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1133 {
1134 echo _("Now deleting the following pending requests:")."<br>\n";
1135 foreach($_REQUEST['delid'] as $id)
1136 {
1137 $id = intval($id);
1138 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1139 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1140 $res = mysql_query($query);
1141 if(mysql_num_rows($res) <= 0)
1142 {
1143 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1144 continue;
1145 }
1146 $row = mysql_fetch_assoc($res);
1147 if($row['expired'] > 0)
1148 {
1149 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1150 continue;
1151 }
1152 mysql_query("delete from `emailcerts` where `id`='$id'");
1153 @unlink($row['csr_name']);
1154 @unlink($row['crt_name']);
1155 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1156 }
1157 }
1158 showfooter();
1159 exit;
1160 }
1161
1162 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1163 {
1164 showheader(_("My CAcert.org Account!"));
1165 foreach($_REQUEST as $id => $val)
1166 {
1167 if(substr($id,0,5)=="cert_")
1168 {
1169 $cid = intval(substr($id,5));
1170 $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
1171 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
1172 }
1173 if(substr($id,0,14)=="check_comment_")
1174 {
1175 $cid = intval(substr($id,14));
1176 if(!empty($_REQUEST['check_comment_'.$cid])) {
1177 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1178 mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
1179 }
1180 }
1181 }
1182 echo(_("Certificate settings have been changed.")."<br/>\n");
1183 showfooter();
1184 exit;
1185 }
1186
1187
1188 if($oldid == 6 && $_REQUEST['certid'] != "")
1189 {
1190 if(trim($_REQUEST['description']) != ""){
1191 $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1192 }else{
1193 $description= "";
1194 }
1195
1196 if(trim($_REQUEST['disablelogin']) == "1"){
1197 $disablelogin = 1;
1198 }else{
1199 $disablelogin = 0;
1200 }
1201
1202 mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
1203 }
1204
1205 if($oldid == 13 && $process != "")
1206 {
1207 csrf_check("perschange");
1208 $_SESSION['_config']['user'] = $_SESSION['profile'];
1209
1210 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1211 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1212 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1213 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1214 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1215 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1216 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1217 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1218 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1219 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1220
1221 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1222 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1223 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1224 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1225 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1226 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1227 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1228 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1229 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1230 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1231 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1232 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1233 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1234 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1235 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1236 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1237 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1238 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1239 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1240 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1241 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1242 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1243 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1244 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1245 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1246 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1247 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1248 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1249 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1250 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1251 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1252 {
1253 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1254 $id = $oldid;
1255 $oldid=0;
1256 }
1257
1258 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1259 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1260 $_SESSION['_config']['user']['Q5'] == "")
1261 {
1262 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1263 $id = $oldid;
1264 $oldid=0;
1265 }
1266 }
1267
1268 if($oldid == 13 && $process != "")
1269 {
1270 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1271 $ddres = mysql_query($ddquery);
1272 $ddrow = mysql_fetch_assoc($ddres);
1273 $_SESSION['profile']['points'] = $ddrow['total'];
1274
1275 if($_SESSION['profile']['points'] == 0)
1276 {
1277 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1278 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1279 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1280 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1281 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1282 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1283 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1284
1285 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1286 {
1287 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1288 $id = $oldid;
1289 $oldid=0;
1290 }
1291 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1292 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1293 {
1294 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1295 $id = $oldid;
1296 $oldid=0;
1297 }
1298 }
1299 }
1300
1301 if($oldid == 13 && $process != "")
1302 {
1303 if($_SESSION['profile']['points'] == 0)
1304 {
1305 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1306 `mname`='".$_SESSION['_config']['user']['mname']."',
1307 `lname`='".$_SESSION['_config']['user']['lname']."',
1308 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1309 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1310 where `id`='".$_SESSION['profile']['id']."'";
1311 mysql_query($query);
1312 }
1313 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1314 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1315 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1316 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1317 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1318 `A1`='".$_SESSION['_config']['user']['A1']."',
1319 `A2`='".$_SESSION['_config']['user']['A2']."',
1320 `A3`='".$_SESSION['_config']['user']['A3']."',
1321 `A4`='".$_SESSION['_config']['user']['A4']."',
1322 `A5`='".$_SESSION['_config']['user']['A5']."'
1323 where `id`='".$_SESSION['profile']['id']."'";
1324 mysql_query($query);
1325
1326 //!!!Should be rewritten
1327 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1328 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1329 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1330 {
1331 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1332 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1333 mysql_query($query);
1334 }
1335
1336 $_SESSION['_config']['user']['set'] = 0;
1337 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1338 $_SESSION['profile']['loggedin'] = 1;
1339
1340 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1341 $ddres = mysql_query($ddquery);
1342 $ddrow = mysql_fetch_assoc($ddres);
1343 $_SESSION['profile']['points'] = $ddrow['total'];
1344
1345
1346 $id = 13;
1347 showheader(_("My CAcert.org Account!"));
1348 echo _("Your details have been updated with the database.");
1349 showfooter();
1350 exit;
1351 }
1352
1353 if($oldid == 14 && $process != "")
1354 {
1355 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1356 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1357 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1358
1359 $id = 14;
1360 csrf_check("pwchange");
1361
1362 showheader(_("My CAcert.org Account!"));
1363 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1364 {
1365 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1366 '</h3>', "\n";
1367 echo _("New Pass Phrases specified don't match or were blank.");
1368 } else {
1369 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1370 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1371
1372 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1373 {
1374 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1375 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1376 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1377 $rc = mysql_num_rows($match);
1378 } else {
1379 $rc = 1;
1380 }
1381
1382 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1383 echo '<h3 style="color:red">',
1384 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1385 echo _("The Pass Phrase you submitted was too short.");
1386 } else if($score < 3) {
1387 echo '<h3 style="color:red">',
1388 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1389 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1390 } else if($rc <= 0) {
1391 echo '<h3 style="color:red">',
1392 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1393 echo _("You failed to correctly enter your current Pass Phrase.");
1394 } else {
1395 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1396 where `id`='".$_SESSION['profile']['id']."'");
1397 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1398 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1399 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
1400 $body .= _("You are receiving this email because you or someone else ".
1401 "has changed the password on your account.")."\n\n";
1402
1403 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1404
1405 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1406 "support@cacert.org", "", "", "CAcert Support");
1407 }
1408 }
1409 showfooter();
1410 exit;
1411 }
1412
1413 if($oldid == 16)
1414 {
1415 $id = 16;
1416 $_SESSION['_config']['emails'] = array();
1417
1418 foreach($_REQUEST['emails'] as $val)
1419 {
1420 $val = mysql_real_escape_string(stripslashes(trim($val)));
1421 $bits = explode("@", $val);
1422 $count = count($bits);
1423 if($count != 2)
1424 continue;
1425
1426 if(checkownership($bits[1]) == false)
1427 continue;
1428
1429 if(!is_array($_SESSION['_config']['row']))
1430 continue;
1431 else if($_SESSION['_config']['row']['id'] > 0)
1432 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1433
1434 if($val != "")
1435 $_SESSION['_config']['emails'][] = $val;
1436 }
1437 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1438 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1439
1440
1441 if(trim($_REQUEST['description']) != ""){
1442 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1443 }else{
1444 $_SESSION['_config']['description']= "";
1445 }
1446 }
1447
1448 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1449 {
1450 $id = 16;
1451 showheader(_("My CAcert.org Account!"));
1452 echo _("I couldn't match any emails against your organisational account.");
1453 showfooter();
1454 exit;
1455 }
1456
1457 if($oldid == 16 && $process != "")
1458 {
1459
1460 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1461 {
1462 $_REQUEST['codesign'] = 1;
1463 $_SESSION['_config']['codesign'] = 1;
1464 }
1465 else
1466 {
1467 $_REQUEST['codesign'] = 0;
1468 $_SESSION['_config']['codesign'] = 0;
1469 }
1470
1471 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1472 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1473 $_SESSION['_config']['rootcert'] = 1;
1474
1475 if(trim($_REQUEST['description']) != ""){
1476 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1477 }else{
1478 $_SESSION['_config']['description']= "";
1479 }
1480
1481 if(@count($_SESSION['_config']['emails']) > 0)
1482 $id = 17;
1483 }
1484
1485 if($oldid == 17)
1486 {
1487 $org = $_SESSION['_config']['row'];
1488 if($_REQUEST['keytype'] == "NS")
1489 {
1490 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1491
1492 if($spkac == "" || strlen($spkac) < 128)
1493 {
1494 $id = 17;
1495 showheader(_("My CAcert.org Account!"));
1496 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1497 showfooter();
1498 exit;
1499 }
1500
1501 $count = 0;
1502 $emails = "";
1503 $addys = array();
1504 if(is_array($_SESSION['_config']['emails']))
1505 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1506 {
1507 if(!$emails)
1508 $defaultemail = $_REQUEST['email'];
1509 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1510 $count++;
1511 }
1512 if($_SESSION['_config']['name'] != "")
1513 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1514 if($_SESSION['_config']['OU'])
1515 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1516 if($org['O'])
1517 $emails .= "organizationName = ".$org['O']."\n";
1518 if($org['L'])
1519 $emails .= "localityName = ".$org['L']."\n";
1520 if($org['ST'])
1521 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1522 if($org['C'])
1523 $emails .= "countryName = ".$org['C']."\n";
1524 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1525 $_SESSION['_config']['rootcert'] = 1;
1526
1527
1528 $emails .= "SPKAC = $spkac";
1529 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1530 {
1531 $id = 17;
1532 showheader(_("My CAcert.org Account!"));
1533 echo $weakKey;
1534 showfooter();
1535 exit;
1536 }
1537
1538 $query = "insert into `orgemailcerts` set
1539 `CN`='$defaultemail',
1540 `keytype`='NS',
1541 `orgid`='".$org['orgid']."',
1542 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1543 `codesign`='".$_SESSION['_config']['codesign']."',
1544 `rootcert`='".$_SESSION['_config']['rootcert']."',
1545 `description`='".$_SESSION['_config']['description']."'";
1546 mysql_query($query);
1547 $emailid = mysql_insert_id();
1548
1549 foreach($_SESSION['_config']['domids'] as $addy)
1550 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1551
1552 $CSRname=generatecertpath("csr","orgclient",$emailid);
1553 $fp = fopen($CSRname, "w");
1554 fputs($fp, $emails);
1555 fclose($fp);
1556 $challenge=$_SESSION['spkac_hash'];
1557 $res=`openssl spkac -verify -in $CSRname`;
1558 if(!strstr($res,"Challenge String: ".$challenge))
1559 {
1560 $id = $oldid;
1561 showheader(_("My CAcert.org Account!"));
1562 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1563 showfooter();
1564 exit;
1565 }
1566 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1567 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1568 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1569
1570 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1571 {
1572 $id = 17;
1573 showheader(_("My CAcert.org Account!"));
1574 echo $weakKey;
1575 showfooter();
1576 exit;
1577 }
1578
1579 $tmpfname = tempnam("/tmp", "id17CSR");
1580 $fp = fopen($tmpfname, "w");
1581 fputs($fp, $csr);
1582 fclose($fp);
1583
1584 $addys = array();
1585 $defaultemail = "";
1586 $csrsubject="";
1587
1588 if($_SESSION['_config']['name'] != "")
1589 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1590 if(is_array($_SESSION['_config']['emails']))
1591 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1592 {
1593 if($defaultemail == "")
1594 $defaultemail = $_REQUEST['email'];
1595 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1596 }
1597 if($_SESSION['_config']['OU'])
1598 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1599 if($org['O'])
1600 $csrsubject .= "/organizationName=".$org['O'];
1601 if($org['L'])
1602 $csrsubject .= "/localityName=".$org['L'];
1603 if($org['ST'])
1604 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1605 if($org['C'])
1606 $csrsubject .= "/countryName=".$org['C'];
1607
1608 $tmpname = tempnam("/tmp", "id17csr");
1609 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
1610 @unlink($tmpfname);
1611 $csr = "";
1612 $fp = fopen($tmpname, "r");
1613 while($data = fgets($fp, 4096))
1614 $csr .= $data;
1615 fclose($fp);
1616 @unlink($tmpname);
1617
1618 if($csr == "")
1619 {
1620 showheader(_("My CAcert.org Account!"));
1621 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1622 showfooter();
1623 exit;
1624 }
1625 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1626 $_SESSION['_config']['rootcert'] = 1;
1627
1628 $query = "insert into `orgemailcerts` set
1629 `CN`='$defaultemail',
1630 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1631 `orgid`='".$org['orgid']."',
1632 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1633 `subject`='$csrsubject',
1634 `codesign`='".$_SESSION['_config']['codesign']."',
1635 `rootcert`='".$_SESSION['_config']['rootcert']."',
1636 `description`='".$_SESSION['_config']['description']."'";
1637 mysql_query($query);
1638 $emailid = mysql_insert_id();
1639
1640 foreach($_SESSION['_config']['domids'] as $addy)
1641 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1642
1643 $CSRname=generatecertpath("csr","orgclient",$emailid);
1644 $fp = fopen($CSRname, "w");
1645 fputs($fp, $csr);
1646 fclose($fp);
1647 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1648 }
1649 waitForResult("orgemailcerts", $emailid,$oldid);
1650 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1651 $res = mysql_query($query);
1652 if(mysql_num_rows($res) <= 0)
1653 {
1654 showheader(_("My CAcert.org Account!"));
1655 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1656 showfooter();
1657 exit;
1658 } else {
1659 $id = 19;
1660 $cert = $emailid;
1661 $_REQUEST['cert']=$emailid;
1662 }
1663 }
1664
1665 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1666 {
1667 csrf_check('clicerchange');
1668 showheader(_("My CAcert.org Account!"));
1669 if(is_array($_REQUEST['revokeid']))
1670 {
1671 $id = 18;
1672 echo _("Now renewing the following certificates:")."<br>\n";
1673 foreach($_REQUEST['revokeid'] as $id)
1674 {
1675 echo "Renewing certificate #$id ...\n<br/>";
1676 $id = intval($id);
1677 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1678 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1679 `org`.`orgid`=`orgemailcerts`.`orgid`";
1680 $res = mysql_query($query);
1681 if(mysql_num_rows($res) <= 0)
1682 {
1683 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1684 continue;
1685 }
1686
1687 $row = mysql_fetch_assoc($res);
1688
1689 if (($weakKey = checkWeakKeyX509(file_get_contents(
1690 $row['crt_name']))) !== "")
1691 {
1692 echo $weakKey, "<br/>\n";
1693 continue;
1694 }
1695
1696 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1697 if($row['revoke'] > 0)
1698 {
1699 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1700 continue;
1701 }
1702 $query = "insert into `orgemailcerts` set
1703 `orgid`='".$row['orgid']."',
1704 `CN`='".$row['CN']."',
1705 `subject`='".$row['subject']."',
1706 `keytype`='".$row['keytype']."',
1707 `csr_name`='".$row['csr_name']."',
1708 `created`='".$row['created']."',
1709 `modified`=NOW(),
1710 `codesign`='".$row['codesign']."',
1711 `rootcert`='".$row['rootcert']."',
1712 `description`='".$row['description']."'";
1713 mysql_query($query);
1714 $newid = mysql_insert_id();
1715 $newfile=generatecertpath("csr","orgclient",$newid);
1716 copy($row['csr_name'], $newfile);
1717 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1718 waitForResult("orgemailcerts", $newid,$oldid,0);
1719 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1720 $res = mysql_query($query);
1721 if(mysql_num_rows($res) > 0)
1722 {
1723 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1724 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1725 _("Click here")."</a> "._("to install your certificate.");
1726 }
1727 echo("<br/>");
1728 }
1729 }
1730 else
1731 {
1732 echo _("You did not select any certificates for renewal.");
1733 }
1734 showfooter();
1735 exit;
1736 }
1737
1738 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1739 {
1740 csrf_check('clicerchange');
1741 $id = 18;
1742 showheader(_("My CAcert.org Account!"));
1743 if(is_array($_REQUEST['revokeid']))
1744 {
1745 echo _("Now revoking the following certificates:")."<br>\n";
1746 foreach($_REQUEST['revokeid'] as $id)
1747 {
1748 $id = intval($id);
1749 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1750 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1751 `org`.`orgid`=`orgemailcerts`.`orgid`";
1752 $res = mysql_query($query);
1753 if(mysql_num_rows($res) <= 0)
1754 {
1755 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1756 continue;
1757 }
1758 $row = mysql_fetch_assoc($res);
1759 if($row['revoke'] > 0)
1760 {
1761 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1762 continue;
1763 }
1764 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1765 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1766 }
1767 }
1768 else
1769 {
1770 echo _("You did not select any certificates for revocation.");
1771 }
1772
1773 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1774 {
1775 echo _("Now deleting the following pending requests:")."<br>\n";
1776 foreach($_REQUEST['delid'] as $id)
1777 {
1778 $id = intval($id);
1779 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1780 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1781 `org`.`orgid`=`orgemailcerts`.`orgid`";
1782 $res = mysql_query($query);
1783 if(mysql_num_rows($res) <= 0)
1784 {
1785 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1786 continue;
1787 }
1788 $row = mysql_fetch_assoc($res);
1789 if($row['expired'] > 0)
1790 {
1791 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1792 continue;
1793 }
1794 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1795 @unlink($row['csr_name']);
1796 @unlink($row['crt_name']);
1797 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1798 }
1799 }
1800 showfooter();
1801 exit;
1802 }
1803
1804 if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1805 {
1806 showheader(_("My CAcert.org Account!"));
1807 foreach($_REQUEST as $id => $val)
1808 {
1809 if(substr($id,0,14)=="check_comment_")
1810 {
1811 $cid = intval(substr($id,14));
1812 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
1813 mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
1814 }
1815 }
1816 echo(_("Certificate settings have been changed.")."<br/>\n");
1817 showfooter();
1818 exit;
1819 }
1820
1821
1822 if($process != "" && $oldid == 20)
1823 {
1824 $CSR = clean_csr($_REQUEST['CSR']);
1825
1826 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1827 {
1828 $id = 20;
1829 showheader(_("My CAcert.org Account!"));
1830 echo $weakKey;
1831 showfooter();
1832 exit;
1833 }
1834
1835 if(trim($_REQUEST['description']) != ""){
1836 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1837 }else{
1838 $_SESSION['_config']['description']= "";
1839 }
1840
1841 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1842 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1843 fputs($fp, $CSR);
1844 fclose($fp);
1845 $CSR = $_SESSION['_config']['tmpfname'];
1846 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
1847 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1848 foreach($bits as $val)
1849 {
1850 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1851 }
1852 $id = 21;
1853
1854 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1855 extractit();
1856 getcn2();
1857 getalt2();
1858
1859 $query = "select * from `orginfo`,`org`,`orgdomains` where
1860 `org`.`memid`='".$_SESSION['profile']['id']."' and
1861 `org`.`orgid`=`orginfo`.`id` and
1862 `org`.`orgid`=`orgdomains`.`orgid` and
1863 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1864 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1865 $query = "select * from `orginfo`,`org`,`orgdomains` where
1866 `org`.`memid`='".$_SESSION['profile']['id']."' and
1867 `org`.`orgid`=`orginfo`.`id` and
1868 `org`.`orgid`=`orgdomains`.`orgid` and
1869 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1870 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1871 //echo "<pre>"; print_r($_SESSION['_config']); die;
1872
1873 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1874 {
1875 $id = 20;
1876 showheader(_("My CAcert.org Account!"));
1877 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1878 showfooter();
1879 exit;
1880 }
1881
1882 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1883 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1884 $_SESSION['_config']['rootcert'] = 1;
1885 }
1886
1887 if($process != "" && $oldid == 21)
1888 {
1889 $id = 21;
1890
1891 if(!file_exists($_SESSION['_config']['tmpfname']))
1892 {
1893 showheader(_("My CAcert.org Account!"));
1894 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1895 showfooter();
1896 exit;
1897 }
1898
1899 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1900 $_SESSION['_config']['tmpfname']))) !== "")
1901 {
1902 showheader(_("My CAcert.org Account!"));
1903 echo $weakKey;
1904 showfooter();
1905 exit;
1906 }
1907
1908 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1909 {
1910 showheader(_("My CAcert.org Account!"));
1911 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1912 showfooter();
1913 exit;
1914 }
1915
1916 if($_SESSION['_config']['rowid']['0'] > 0)
1917 {
1918 $query = "select * from `org`,`orginfo` where
1919 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1920 `orginfo`.`id`=`org`.`orgid` and
1921 `org`.`memid`='".$_SESSION['profile']['id']."'";
1922 } else {
1923 $query = "select * from `org`,`orginfo` where
1924 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1925 `orginfo`.`id`=`org`.`orgid` and
1926 `org`.`memid`='".$_SESSION['profile']['id']."'";
1927 }
1928 $org = mysql_fetch_assoc(mysql_query($query));
1929 $csrsubject = "";
1930
1931 if($_SESSION['_config']['OU'])
1932 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1933 if($org['O'])
1934 $csrsubject .= "/organizationName=".$org['O'];
1935 if($org['L'])
1936 $csrsubject .= "/localityName=".$org['L'];
1937 if($org['ST'])
1938 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1939 if($org['C'])
1940 $csrsubject .= "/countryName=".$org['C'];
1941 //if($org['contact'])
1942 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1943
1944 if(is_array($_SESSION['_config']['rows']))
1945 foreach($_SESSION['_config']['rows'] as $row)
1946 $csrsubject .= "/commonName=$row";
1947 $SAN="";
1948 if(is_array($_SESSION['_config']['altrows']))
1949 foreach($_SESSION['_config']['altrows'] as $subalt)
1950 {
1951 if($SAN != "")
1952 $SAN .= ",";
1953 $SAN .= "$subalt";
1954 }
1955
1956 if($SAN != "")
1957 $csrsubject .= "/subjectAltName=".$SAN;
1958
1959 $type="";
1960 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1961 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1962 $_SESSION['_config']['rootcert'] = 1;
1963
1964 if($_SESSION['_config']['rowid']['0'] > 0)
1965 {
1966 $query = "insert into `orgdomaincerts` set
1967 `CN`='".$_SESSION['_config']['rows']['0']."',
1968 `orgid`='".$org['id']."',
1969 `created`=NOW(),
1970 `subject`='$csrsubject',
1971 `rootcert`='".$_SESSION['_config']['rootcert']."',
1972 `type`='$type',
1973 `description`='".$_SESSION['_config']['description']."'";
1974 } else {
1975 $query = "insert into `orgdomaincerts` set
1976 `CN`='".$_SESSION['_config']['altrows']['0']."',
1977 `orgid`='".$org['id']."',
1978 `created`=NOW(),
1979 `subject`='$csrsubject',
1980 `rootcert`='".$_SESSION['_config']['rootcert']."',
1981 `type`='$type',
1982 `description`='".$_SESSION['_config']['description']."'";
1983 }
1984 mysql_query($query);
1985 $CSRid = mysql_insert_id();
1986
1987 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1988 rename($_SESSION['_config']['tmpfname'], $CSRname);
1989 chmod($CSRname,0644);
1990 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1991 if(is_array($_SESSION['_config']['rowid']))
1992 foreach($_SESSION['_config']['rowid'] as $id)
1993 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1994 if(is_array($_SESSION['_config']['altid']))
1995 foreach($_SESSION['_config']['altid'] as $id)
1996 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1997 waitForResult("orgdomaincerts", $CSRid,$oldid);
1998 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1999 $res = mysql_query($query);
2000 if(mysql_num_rows($res) <= 0)
2001 {
2002 showheader(_("My CAcert.org Account!"));
2003 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2004 showfooter();
2005 exit;
2006 } else {
2007 $id = 23;
2008 $cert = $CSRid;
2009 $_REQUEST['cert']=$CSRid;
2010 }
2011 }
2012
2013 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
2014 {
2015 csrf_check('orgsrvcerchange');
2016 showheader(_("My CAcert.org Account!"));
2017 if(is_array($_REQUEST['revokeid']))
2018 {
2019 echo _("Now renewing the following certificates:")."<br>\n";
2020 foreach($_REQUEST['revokeid'] as $id)
2021 {
2022 $id = intval($id);
2023 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2024 `orgdomaincerts`,`org`
2025 where `orgdomaincerts`.`id`='$id' and
2026 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2027 `org`.`memid`='".$_SESSION['profile']['id']."'";
2028 $res = mysql_query($query);
2029 if(mysql_num_rows($res) <= 0)
2030 {
2031 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2032 continue;
2033 }
2034
2035 $row = mysql_fetch_assoc($res);
2036
2037 if (($weakKey = checkWeakKeyX509(file_get_contents(
2038 $row['crt_name']))) !== "")
2039 {
2040 echo $weakKey, "<br/>\n";
2041 continue;
2042 }
2043
2044 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
2045 if($row['revoke'] > 0)
2046 {
2047 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2048 continue;
2049 }
2050 $query = "insert into `orgdomaincerts` set
2051 `orgid`='".$row['orgid']."',
2052 `CN`='".$row['CN']."',
2053 `csr_name`='".$row['csr_name']."',
2054 `created`='".$row['created']."',
2055 `modified`=NOW(),
2056 `subject`='".$row['subject']."',
2057 `type`='".$row['type']."',
2058 `rootcert`='".$row['rootcert']."',
2059 `description`='".$row['description']."'";
2060 mysql_query($query);
2061 $newid = mysql_insert_id();
2062 //echo "NewID: $newid<br/>\n";
2063 $newfile=generatecertpath("csr","orgserver",$newid);
2064 copy($row['csr_name'], $newfile);
2065 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
2066 echo _("Renewing").": ".$row['CN']."<br>\n";
2067 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
2068 while($r2 = mysql_fetch_assoc($res))
2069 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
2070 waitForResult("orgdomaincerts", $newid,$oldid,0);
2071 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
2072 $res = mysql_query($query);
2073 if(mysql_num_rows($res) <= 0)
2074 {
2075 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2076 } else {
2077 $drow = mysql_fetch_assoc($res);
2078 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
2079 echo "<pre>\n$cert\n</pre>\n";
2080 }
2081 }
2082 }
2083 else
2084 {
2085 echo _("You did not select any certificates for renewal.");
2086 }
2087 showfooter();
2088 exit;
2089 }
2090
2091 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
2092 {
2093 csrf_check('orgsrvcerchange');
2094 showheader(_("My CAcert.org Account!"));
2095 if(is_array($_REQUEST['revokeid']))
2096 {
2097 echo _("Now revoking the following certificates:")."<br>\n";
2098 foreach($_REQUEST['revokeid'] as $id)
2099 {
2100 $id = intval($id);
2101 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2102 `orgdomaincerts`,`org`
2103 where `orgdomaincerts`.`id`='$id' and
2104 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2105 `org`.`memid`='".$_SESSION['profile']['id']."'";
2106 $res = mysql_query($query);
2107 if(mysql_num_rows($res) <= 0)
2108 {
2109 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2110 continue;
2111 }
2112 $row = mysql_fetch_assoc($res);
2113 if($row['revoke'] > 0)
2114 {
2115 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2116 continue;
2117 }
2118 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2119 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
2120 }
2121 }
2122 else
2123 {
2124 echo _("You did not select any certificates for revocation.");
2125 }
2126
2127 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2128 {
2129 echo _("Now deleting the following pending requests:")."<br>\n";
2130 foreach($_REQUEST['delid'] as $id)
2131 {
2132 $id = intval($id);
2133 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2134 `orgdomaincerts`,`org`
2135 where `orgdomaincerts`.`id`='$id' and
2136 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2137 `org`.`memid`='".$_SESSION['profile']['id']."'";
2138 $res = mysql_query($query);
2139 if(mysql_num_rows($res) <= 0)
2140 {
2141 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2142 continue;
2143 }
2144 $row = mysql_fetch_assoc($res);
2145 if($row['expired'] > 0)
2146 {
2147 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2148 continue;
2149 }
2150 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2151 @unlink($row['csr_name']);
2152 @unlink($row['crt_name']);
2153 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2154 }
2155 }
2156 showfooter();
2157 exit;
2158 }
2159
2160 if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
2161 {
2162 showheader(_("My CAcert.org Account!"));
2163 foreach($_REQUEST as $id => $val)
2164 {
2165 if(substr($id,0,14)=="check_comment_")
2166 {
2167 $cid = intval(substr($id,14));
2168 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
2169 mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
2170 }
2171 }
2172 echo(_("Certificate settings have been changed.")."<br/>\n");
2173 showfooter();
2174 exit;
2175 }
2176
2177
2178 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2179 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2180 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2181 $_SESSION['profile']['orgadmin'] != 1)
2182 {
2183 showheader(_("My CAcert.org Account!"));
2184 echo _("You don't have access to this area.");
2185 showfooter();
2186 exit;
2187 }
2188
2189 if($oldid == 24 && $process != "")
2190 {
2191 $id = intval($oldid);
2192 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2193 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2194 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2195 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2196 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2197 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2198
2199 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2200 {
2201 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2202 } else {
2203 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2204 `contact`='".$_SESSION['_config']['contact']."',
2205 `L`='".$_SESSION['_config']['L']."',
2206 `ST`='".$_SESSION['_config']['ST']."',
2207 `C`='".$_SESSION['_config']['C']."',
2208 `comments`='".$_SESSION['_config']['comments']."'");
2209 showheader(_("My CAcert.org Account!"));
2210 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2211 showfooter();
2212 exit;
2213 }
2214 }
2215
2216 if($oldid == 27 && $process != "")
2217 {
2218 csrf_check('orgdetchange');
2219 $id = intval($oldid);
2220 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2221 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2222 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2223 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2224 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2225 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2226
2227 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2228 {
2229 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2230 } else {
2231 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2232 `contact`='".$_SESSION['_config']['contact']."',
2233 `L`='".$_SESSION['_config']['L']."',
2234 `ST`='".$_SESSION['_config']['ST']."',
2235 `C`='".$_SESSION['_config']['C']."',
2236 `comments`='".$_SESSION['_config']['comments']."'
2237 where `id`='".$_SESSION['_config']['orgid']."'");
2238 showheader(_("My CAcert.org Account!"));
2239 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2240 showfooter();
2241 exit;
2242 }
2243 }
2244
2245 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2246 {
2247 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2248 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2249 if(mysql_num_rows($res1) > 0)
2250 {
2251 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2252 $id = $oldid;
2253 $oldid=0;
2254 }
2255 }
2256
2257 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2258 {
2259 $oldid=0;
2260 $id = 25;
2261 }
2262
2263 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2264 {
2265 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2266 showheader(_("My CAcert.org Account!"));
2267 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2268 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2269 showfooter();
2270 exit;
2271 }
2272
2273 if($oldid == 29 && $process != "")
2274 {
2275 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2276
2277 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2278 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2279 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2280 {
2281 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2282 $id = $oldid;
2283 $oldid=0;
2284 }
2285 }
2286
2287 if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2288 {
2289 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2290 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2291 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2292 `orgdomains`.`id`='".intval($domid)."'";
2293 $res = mysql_query($query);
2294 while($row = mysql_fetch_assoc($res))
2295 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2296
2297 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2298 `orgemaillink`.`domid`=`orgdomains`.`id` and
2299 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2300 `orgdomains`.`id`='".intval($domid)."'";
2301 $res = mysql_query($query);
2302 while($row = mysql_fetch_assoc($res))
2303 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2304 }
2305
2306 if($oldid == 29 && $process != "")
2307 {
2308 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2309 mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
2310 showheader(_("My CAcert.org Account!"));
2311 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
2312 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2313 showfooter();
2314 exit;
2315 }
2316
2317 if($oldid == 30 && $process != "")
2318 {
2319 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2320 $domain = $row['domain'];
2321 mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
2322 showheader(_("My CAcert.org Account!"));
2323 printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
2324 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2325 showfooter();
2326 exit;
2327 }
2328
2329 if($oldid == 30)
2330 {
2331 $id = 26;
2332 $orgid = 0;
2333 }
2334
2335 if($oldid == 31 && $process != "")
2336 {
2337 $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
2338 $dres = mysql_query($query);
2339 while($drow = mysql_fetch_assoc($dres))
2340 {
2341 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2342 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2343 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2344 `orgdomains`.`id`='".intval($drow['id'])."'";
2345 $res = mysql_query($query);
2346 while($row = mysql_fetch_assoc($res))
2347 {
2348 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2349 mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
2350 mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
2351 }
2352
2353 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2354 `orgemaillink`.`domid`=`orgdomains`.`id` and
2355 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2356 `orgdomains`.`id`='".intval($drow['id'])."'";
2357 $res = mysql_query($query);
2358 while($row = mysql_fetch_assoc($res))
2359 {
2360 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2361 mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
2362 mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
2363 }
2364 }
2365 mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2366 mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2367 mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
2368 }
2369
2370 if($oldid == 31)
2371 {
2372 $id = 25;
2373 $orgid = 0;
2374 }
2375
2376 if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
2377 {
2378 $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2379 $_macc = mysql_num_rows(mysql_query($query));
2380 if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
2381 {
2382 showheader(_("My CAcert.org Account!"));
2383 echo _("You don't have access to this area.");
2384 showfooter();
2385 exit;
2386 }
2387 }
2388
2389 if($id == 35 || $oldid == 35)
2390 {
2391 $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
2392 $is_orguser = mysql_num_rows(mysql_query($query));
2393 if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
2394 {
2395 showheader(_("My CAcert.org Account!"));
2396 echo _("You don't have access to this area.");
2397 showfooter();
2398 exit;
2399 }
2400 }
2401
2402 if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
2403 {
2404 $orgid = intval($_SESSION['_config']['orgid']);
2405 $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2406 $res = mysql_query($query);
2407 if(mysql_num_rows($res) <= 0)
2408 {
2409 $id = 35;
2410 }
2411 }
2412
2413 if($oldid == 33 && $process != "")
2414 {
2415 csrf_check('orgadmadd');
2416 if($_SESSION['profile']['orgadmin'] == 1)
2417 $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
2418 else
2419 $masteracc = $_SESSION['_config'][masteracc] = 0;
2420 $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
2421 $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
2422 $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
2423 $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
2424 if(mysql_num_rows($res) <= 0)
2425 {
2426 $id = $oldid;
2427 $oldid=0;
2428 $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
2429 } else {
2430 $row = mysql_fetch_assoc($res);
2431 if ( !is_assurer(intval($row['id'])) )
2432 {
2433 $id = $oldid;
2434 $oldid=0;
2435 $_SESSION['_config']['errmsg'] =
2436 _("The user is not an Assurer yet");
2437 } else {
2438 mysql_query(
2439 "insert into `org`
2440 set `memid`='".intval($row['id'])."',
2441 `orgid`='".intval($_SESSION['_config']['orgid'])."',
2442 `masteracc`='$masteracc',
2443 `OU`='$OU',
2444 `comments`='$comments'");
2445 }
2446 }
2447 }
2448
2449 if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
2450 {
2451 $orgid = intval($_SESSION['_config']['orgid']);
2452 $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
2453 if(mysql_num_rows($res) <= 0)
2454 $id = 32;
2455 }
2456
2457 if($oldid == 34 && $process != "")
2458 {
2459 $orgid = intval($_SESSION['_config']['orgid']);
2460 $memid = intval($_REQUEST['memid']);
2461 $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
2462 mysql_query($query);
2463 }
2464
2465 if($oldid == 34 || $oldid == 33)
2466 {
2467 $oldid=0;
2468 $id = 32;
2469 $orgid = 0;
2470 }
2471
2472 if($id == 36)
2473 {
2474 $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
2475 $_REQUEST['general'] = $row['general'];
2476 $_REQUEST['country'] = $row['country'];
2477 $_REQUEST['regional'] = $row['regional'];
2478 $_REQUEST['radius'] = $row['radius'];
2479 }
2480
2481 if($oldid == 36)
2482 {
2483 $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
2484 if($rc > 0)
2485 {
2486 $query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
2487 `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
2488 `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',
2489 `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."'
2490 where `memid`='".intval($_SESSION['profile']['id'])."'";
2491 } else {
2492 $query = "insert into `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
2493 `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
2494 `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',
2495 `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
2496 `memid`='".intval($_SESSION['profile']['id'])."'";
2497 }
2498 mysql_query($query);
2499 $id = $oldid;
2500 $oldid=0;
2501 }
2502
2503 if($oldid == 41 && $_REQUEST['action'] == 'default')
2504 {
2505 csrf_check("mainlang");
2506 $lang = mysql_real_escape_string($_REQUEST['lang']);
2507 foreach(L10n::$translations as $key => $val)
2508 {
2509 if($key == $lang)
2510 {
2511 mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
2512 $_SESSION['profile']['language'] = $lang;
2513 showheader(_("My CAcert.org Account!"));
2514 echo _("Your language setting has been updated.");
2515 showfooter();
2516 exit;
2517 }
2518 }
2519
2520 showheader(_("My CAcert.org Account!"));
2521 echo _("You tried to use an invalid language.");
2522 showfooter();
2523 exit;
2524 }
2525
2526 if($oldid == 41 && $_REQUEST['action'] == 'addsec')
2527 {
2528 csrf_check("seclang");
2529 $addlang = mysql_real_escape_string($_REQUEST['addlang']);
2530 // Does the language exist?
2531 mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
2532 showheader(_("My CAcert.org Account!"));
2533 echo _("Your language setting has been updated.");
2534 showfooter();
2535 exit;
2536 }
2537
2538 if($oldid == 41 && $_REQUEST['action'] == 'dellang')
2539 {
2540 csrf_check("seclang");
2541 $remove = mysql_real_escape_string($_REQUEST['remove']);
2542 mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
2543 showheader(_("My CAcert.org Account!"));
2544 echo _("Your language setting has been updated.");
2545 showfooter();
2546 exit;
2547 }
2548
2549 if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 ||
2550 $oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) &&
2551 $_SESSION['profile']['admin'] != 1)
2552 {
2553 showheader(_("My CAcert.org Account!"));
2554 echo _("You don't have access to this area.");
2555 showfooter();
2556 exit;
2557 }
2558
2559 if(($id == 53 || $id == 54 || $oldid == 53 || $oldid == 54) &&
2560 $_SESSION['profile']['locadmin'] != 1)
2561 {
2562 showheader(_(