bug 782: fixed typo
[cacert-devel.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once("../includes/lib/check_weak_key.php");
21
22 loadem("account");
23
24 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
25 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
26 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
27
28 $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
29 $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
30 $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
31 $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
32
33
34 if(!$_SESSION['mconn'])
35 {
36 echo _("Several CAcert Services are currently unavailable. Please try again later.");
37 exit;
38 }
39
40 if ($process == _("Cancel"))
41 {
42 // General reset CANCEL process requests
43 $process = "";
44 }
45
46
47 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
48 {
49 $id = 1;
50 $oldid=0;
51 }
52
53 if($process != "" && $oldid == 1)
54 {
55 $id = 1;
56 csrf_check('addemail');
57 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
58 {
59 showheader(_("My CAcert.org Account!"));
60 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
61 showfooter();
62 exit;
63 }
64 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
65 {
66 showheader(_("My CAcert.org Account!"));
67 printf(_("Not a valid email address. Can't continue."));
68 showfooter();
69 exit;
70 }
71 $oldid=0;
72 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
73 $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
74 $res = mysql_query($query);
75 if(mysql_num_rows($res) > 0)
76 {
77 showheader(_("My CAcert.org Account!"));
78 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
79 showfooter();
80 exit;
81 }
82 $checkemail = checkEmail($_REQUEST['newemail']);
83 if($checkemail != "OK")
84 {
85 showheader(_("My CAcert.org Account!"));
86 if (substr($checkemail, 0, 1) == "4")
87 {
88 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
89 } else {
90 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
91 }
92 echo "<p>$checkemail</p>\n";
93 showfooter();
94 exit;
95 }
96 $hash = make_hash();
97 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
98 mysql_query($query);
99 $emailid = mysql_insert_id();
100
101 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
102 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
103 $body .= _("Best regards")."\n"._("CAcert.org Support!");
104
105 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
106
107 showheader(_("My CAcert.org Account!"));
108 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
109 showfooter();
110 exit;
111 }
112
113 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
114 {
115 $id = 2;
116 $emailid = intval($_REQUEST['emailid']);
117 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
118 $res = mysql_query($query);
119 if(mysql_num_rows($res) <= 0)
120 {
121 showheader(_("Error!"));
122 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
123 showfooter();
124 exit;
125 }
126 $row = mysql_fetch_assoc($res);
127 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
128 $body .= _("You are receiving this email because you or someone else")."\n";
129 $body .= _("has changed the default email on your account.")."\n\n";
130
131 $body .= _("Best regards")."\n"._("CAcert.org Support!");
132
133 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
134 "support@cacert.org", "", "", "CAcert Support");
135
136 $_SESSION['profile']['email'] = $row['email'];
137 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
138 mysql_query($query);
139 showheader(_("My CAcert.org Account!"));
140 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
141 showfooter();
142 exit;
143 }
144
145 if($process != "" && $oldid == 2)
146 {
147 $id = 2;
148 csrf_check("chgdef");
149 showheader(_("My CAcert.org Account!"));
150 $delcount = 0;
151 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
152 {
153 foreach($_REQUEST['delid'] as $id)
154 {
155 $id = intval($id);
156 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
157 `email`!='".$_SESSION['profile']['email']."'";
158 $res = mysql_query($query);
159 if(mysql_num_rows($res) > 0)
160 {
161 $row = mysql_fetch_assoc($res);
162 echo $row['email']."<br>\n";
163 $query = "select `emailcerts`.`id`
164 from `emaillink`,`emailcerts` where
165 `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
166 `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
167 group by `emailcerts`.`id`";
168 $dres = mysql_query($query);
169 while($drow = mysql_fetch_assoc($dres))
170 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
171
172 $query = "update `email` set `deleted`=NOW() where `id`='$id'";
173 mysql_query($query);
174 $delcount++;
175 }
176 }
177 }
178 else
179 {
180 echo _("You did not select any email accounts for removal.");
181 }
182 if($delcount > 0)
183 {
184 echo _("The following accounts have been removed:")."<br>\n";
185 } else {
186 echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
187 }
188
189 showfooter();
190 exit;
191 }
192
193 if($process != "" && $oldid == 3)
194 {
195 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
196 {
197 showheader(_("My CAcert.org Account!"));
198 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
199 showfooter();
200 exit;
201 }
202
203 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
204
205 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
206 if($_SESSION['profile']['points'] >= 50)
207 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
208 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
209 {
210 $_REQUEST['codesign'] = 0;
211 }
212 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
213 {
214 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
215 $_SESSION['_config']['incname'] = 1;
216 }
217 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
218 $_SESSION['_config']['codesign'] = 1;
219 else
220 $_SESSION['_config']['codesign'] = 0;
221
222 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
223 $_SESSION['_config']['disablelogin'] = 0;
224 else
225 $_SESSION['_config']['disablelogin'] = 1;
226
227 $_SESSION['_config']['rootcert'] = 1;
228 if($_SESSION['profile']['points'] >= 50)
229 {
230 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
231 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
232 $_SESSION['_config']['rootcert'] = 1;
233 }
234 $csr = "";
235 if(trim($_REQUEST['optionalCSR']) == "")
236 {
237 $id = 4;
238 } else {
239 $oldid = 4;
240 $_REQUEST['keytype'] = "MS";
241 $csr = clean_csr($_REQUEST['optionalCSR']);
242 }
243 if(trim($_REQUEST['description']) != ""){
244 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
245 }else{
246 $_SESSION['_config']['description']= "";
247 }
248 }
249
250 if($oldid == 4)
251 {
252 if($_REQUEST['keytype'] == "NS")
253 {
254 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
255
256 if($spkac=="" || $spkac == "deadbeef")
257 {
258 $id = 4;
259 showheader(_("My CAcert.org Account!"));
260 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
261 showfooter();
262 exit;
263 }
264 $count = 0;
265 $emails = "";
266 $addys = array();
267 $defaultemail="";
268 if(is_array($_SESSION['_config']['addid']))
269 foreach($_SESSION['_config']['addid'] as $id)
270 {
271 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
272 if(mysql_num_rows($res) > 0)
273 {
274 $row = mysql_fetch_assoc($res);
275 if(!$emails)
276 $defaultemail = $row['email'];
277 $emails .= "$count.emailAddress = ".$row['email']."\n";
278 $count++;
279 $addys[] = intval($row['id']);
280 }
281 }
282 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
283 {
284 $id = 4;
285 showheader(_("My CAcert.org Account!"));
286 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
287 showfooter();
288 exit;
289 }
290 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
291 if($_SESSION['_config']['SSO'] == 1)
292 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
293
294 if(strlen($user['mname']) == 1)
295 $user['mname'] .= '.';
296 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
297 {
298 $emails .= "commonName = CAcert WoT User\n";
299 }
300 else
301 {
302 if($_SESSION['_config']['incname'] == 1)
303 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
304 if($_SESSION['_config']['incname'] == 2)
305 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
306 if($_SESSION['_config']['incname'] == 3)
307 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
308 if($_SESSION['_config']['incname'] == 4)
309 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
310 }
311 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
312 $_SESSION['_config']['rootcert'] = 1;
313
314 $emails .= "SPKAC = $spkac";
315 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
316 {
317 $id = 4;
318 showheader(_("My CAcert.org Account!"));
319 echo $weakKey;
320 showfooter();
321 exit;
322 }
323
324 $query = "insert into emailcerts set
325 `CN`='$defaultemail',
326 `keytype`='NS',
327 `memid`='".intval($_SESSION['profile']['id'])."',
328 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
329 `codesign`='".intval($_SESSION['_config']['codesign'])."',
330 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
331 `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
332 `description`='".$_SESSION['_config']['description']."'";
333 mysql_query($query);
334 $emailid = mysql_insert_id();
335 if(is_array($addys))
336 foreach($addys as $addy)
337 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
338 $CSRname=generatecertpath("csr","client",$emailid);
339 $fp = fopen($CSRname, "w");
340 fputs($fp, $emails);
341 fclose($fp);
342 $challenge=$_SESSION['spkac_hash'];
343 $res=`openssl spkac -verify -in $CSRname`;
344 if(!strstr($res,"Challenge String: ".$challenge))
345 {
346 $id = $oldid;
347 showheader(_("My CAcert.org Account!"));
348 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
349 showfooter();
350 exit;
351 }
352 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
353 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
354 if($csr == "")
355 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
356
357 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
358 {
359 $id = 4;
360 showheader(_("My CAcert.org Account!"));
361 echo $weakKey;
362 showfooter();
363 exit;
364 }
365
366 $tmpfname = tempnam("/tmp", "id4CSR");
367 $fp = fopen($tmpfname, "w");
368 fputs($fp, $csr);
369 fclose($fp);
370
371 $addys = array();
372 $defaultemail = "";
373 $csrsubject="";
374
375 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
376 if(strlen($user['mname']) == 1)
377 $user['mname'] .= '.';
378 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
379 $csrsubject = "/CN=CAcert WoT User";
380 if($_SESSION['_config']['incname'] == 1)
381 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
382 if($_SESSION['_config']['incname'] == 2)
383 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
384 if($_SESSION['_config']['incname'] == 3)
385 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
386 if($_SESSION['_config']['incname'] == 4)
387 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
388 if(is_array($_SESSION['_config']['addid']))
389 foreach($_SESSION['_config']['addid'] as $id)
390 {
391 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
392 if(mysql_num_rows($res) > 0)
393 {
394 $row = mysql_fetch_assoc($res);
395 if($defaultemail == "")
396 $defaultemail = $row['email'];
397 $csrsubject .= "/emailAddress=".$row['email'];
398 $addys[] = $row['id'];
399 }
400 }
401 if($_SESSION['_config']['SSO'] == 1)
402 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
403
404 $tmpname = tempnam("/tmp", "id4csr");
405 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
406 @unlink($tmpfname);
407 $csr = "";
408 $fp = fopen($tmpname, "r");
409 while($data = fgets($fp, 4096))
410 $csr .= $data;
411 fclose($fp);
412 @unlink($tmpname);
413 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
414 $_SESSION['_config']['rootcert'] = 1;
415
416 if($csr == "")
417 {
418 $id = 4;
419 showheader(_("My CAcert.org Account!"));
420 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
421 showfooter();
422 exit;
423 }
424 $query = "insert into emailcerts set
425 `CN`='$defaultemail',
426 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
427 `memid`='".$_SESSION['profile']['id']."',
428 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
429 `subject`='".mysql_real_escape_string($csrsubject)."',
430 `codesign`='".$_SESSION['_config']['codesign']."',
431 `rootcert`='".$_SESSION['_config']['rootcert']."',
432 `description`='".$_SESSION['_config']['description']."'";
433 mysql_query($query);
434 $emailid = mysql_insert_id();
435 if(is_array($addys))
436 foreach($addys as $addy)
437 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
438 $CSRname=generatecertpath("csr","client",$emailid);
439 $fp = fopen($CSRname, "w");
440 fputs($fp, $csr);
441 fclose($fp);
442 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
443 }
444 waitForResult("emailcerts", $emailid, 4);
445 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
446 $res = mysql_query($query);
447 if(mysql_num_rows($res) <= 0)
448 {
449 $id = 4;
450 showheader(_("My CAcert.org Account!"));
451 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
452 showfooter();
453 exit;
454 } else {
455 $id = 6;
456 $cert = $emailid;
457 $_REQUEST['cert']=$emailid;
458 }
459 }
460
461 if($oldid == 7)
462 {
463 csrf_check("adddomain");
464 if(strstr($_REQUEST['newdomain'],"\x00"))
465 {
466 showheader(_("My CAcert.org Account!"));
467 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
468 showfooter();
469 exit;
470 }
471
472 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
473 while($newdomain['0'] == '-')
474 $newdomain = substr($newdomain, 1);
475 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
476 {
477 showheader(_("My CAcert.org Account!"));
478 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
479 showfooter();
480 exit;
481 }
482
483 $newdom = trim(escapeshellarg($newdomain));
484 $newdomain = mysql_real_escape_string(trim($newdomain));
485
486 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
487 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
488 $res2 = mysql_query($query);
489 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
490 {
491 $oldid=0;
492 $id = 7;
493 showheader(_("My CAcert.org Account!"));
494 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
495 showfooter();
496 exit;
497 }
498 }
499
500 if($oldid == 7)
501 {
502 $oldid=0;
503 $id = 8;
504 $addy = array();
505 $adds = array();
506 if(strtolower(substr($newdom, -4, 3)) != ".jp")
507 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
508 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
509 {
510 if(is_array($adds))
511 foreach($adds as $line)
512 {
513 $bits = explode(":", $line, 2);
514 $line = trim($bits[1]);
515 if(!in_array($line, $addy) && $line != "")
516 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
517 }
518 } else {
519 if(is_array($adds))
520 foreach($adds as $line)
521 {
522 $line = trim(str_replace("\t", " ", $line));
523 $line = trim(str_replace("(", "", $line));
524 $line = trim(str_replace(")", " ", $line));
525 $line = trim(str_replace(":", " ", $line));
526
527 $bits = explode(" ", $line);
528 foreach($bits as $bit)
529 {
530 if(strstr($bit, "@"))
531 $line = $bit;
532 }
533 if(!in_array($line, $addy) && $line != "")
534 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
535 }
536 }
537
538 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
539 foreach($rfc as $sub)
540 if(!in_array($sub, $addy))
541 $addy[] = $sub;
542 $_SESSION['_config']['addy'] = $addy;
543 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
544 }
545
546 if($process != "" && $oldid == 8)
547 {
548 csrf_check('ctcinfo');
549 $oldid=0;
550 $id = 8;
551
552 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
553
554 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
555 {
556 showheader(_("My CAcert.org Account!"));
557 echo _("The address you submitted isn't a valid authority address for the domain.");
558 showfooter();
559 exit;
560 }
561
562 if(!in_array($authaddy, $_SESSION['_config']['addy']))
563 {
564 showheader(_("My CAcert.org Account!"));
565 echo _("The address you submitted isn't a valid authority address for the domain.");
566 showfooter();
567 exit;
568 }
569
570 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
571 $res = mysql_query($query);
572 if(mysql_num_rows($res) > 0)
573 {
574 showheader(_("My CAcert.org Account!"));
575 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
576 showfooter();
577 exit;
578 }
579 $checkemail = checkEmail($authaddy);
580 if($checkemail != "OK")
581 {
582 showheader(_("My CAcert.org Account!"));
583 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
584 if (substr($checkemail, 0, 1) == "4")
585 {
586 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
587 } else {
588 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
589 }
590 echo "<p>$checkemail</p>\n";
591 showfooter();
592 exit;
593 }
594
595 $hash = make_hash();
596 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
597 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
598 mysql_query($query);
599 $domainid = mysql_insert_id();
600
601 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
602 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
603 $body .= _("Best regards")."\n"._("CAcert.org Support!");
604
605 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
606
607 showheader(_("My CAcert.org Account!"));
608 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
609 showfooter();
610 exit;
611 }
612
613 if($process != "" && $oldid == 9)
614 {
615 $id = 9;
616 showheader(_("My CAcert.org Account!"));
617 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
618 {
619 echo _("The following domains have been removed:")."<br>
620 ("._("Any valid certificates will be revoked as well").")<br>\n";
621
622 foreach($_REQUEST['delid'] as $id)
623 {
624 $id = intval($id);
625 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
626 $res = mysql_query($query);
627 if(mysql_num_rows($res) > 0)
628 {
629 $row = mysql_fetch_assoc($res);
630 echo $row['domain']."<br>\n";
631 mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
632 $dres = mysql_query("select * from `domlink` where `domid`='$id'");
633 while($drow = mysql_fetch_assoc($dres))
634 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
635 }
636 }
637 }
638 else
639 {
640 echo _("You did not select any domains for removal.");
641 }
642
643 showfooter();
644 exit;
645 }
646
647 if($process != "" && $oldid == 10)
648 {
649 $CSR = clean_csr($_REQUEST['CSR']);
650 if(strpos($CSR,"---BEGIN")===FALSE)
651 {
652 // In case the CSR is missing the ---BEGIN lines, add them automatically:
653 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
654 }
655
656 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
657 {
658 showheader(_("My CAcert.org Account!"));
659 echo $weakKey;
660 showfooter();
661 exit;
662 }
663
664 if(trim($_REQUEST['description']) != ""){
665 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
666 }else{
667 $_SESSION['_config']['description']= "";
668 }
669
670 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
671 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
672 fputs($fp, $CSR);
673 fclose($fp);
674 $CSR = $_SESSION['_config']['tmpfname'];
675 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
676 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
677 foreach($bits as $val)
678 {
679 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
680 }
681 $id = 11;
682
683 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
684 extractit();
685 getcn();
686 getalt();
687
688 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
689 {
690 showheader(_("My CAcert.org Account!"));
691 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
692 showfooter();
693 exit;
694 }
695
696 $_SESSION['_config']['rootcert'] = 1;
697 if($_SESSION['profile']['points'] >= 50)
698 {
699 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
700 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
701 $_SESSION['_config']['rootcert'] = 1;
702 }
703 }
704
705 if($process != "" && $oldid == 11)
706 {
707 if(!file_exists($_SESSION['_config']['tmpfname']))
708 {
709 showheader(_("My CAcert.org Account!"));
710 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
711 showfooter();
712 exit;
713 }
714
715 if (($weakKey = checkWeakKeyCSR(file_get_contents(
716 $_SESSION['_config']['tmpfname']))) !== "")
717 {
718 showheader(_("My CAcert.org Account!"));
719 echo $weakKey;
720 showfooter();
721 exit;
722 }
723
724 $id = 11;
725 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
726 {
727 showheader(_("My CAcert.org Account!"));
728 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
729 showfooter();
730 exit;
731 }
732
733 $subject = "";
734 $count = 0;
735 $supressSAN=0;
736 if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
737
738 if(is_array($_SESSION['_config']['rows']))
739 foreach($_SESSION['_config']['rows'] as $row)
740 {
741 $count++;
742 if($count <= 1)
743 {
744 $subject .= "/CN=$row";
745 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
746 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
747 } else {
748 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
749 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
750 }
751 }
752 if(is_array($_SESSION['_config']['altrows']))
753 foreach($_SESSION['_config']['altrows'] as $row)
754 {
755 if(substr($row, 0, 4) == "DNS:")
756 {
757 $row = substr($row, 4);
758 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
759 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
760 }
761 }
762 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
763 $_SESSION['_config']['rootcert'] = 1;
764
765 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
766 {
767 $query = "insert into `domaincerts` set
768 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
769 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
770 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
771 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
772 `description`='".$_SESSION['_config']['description']."'";
773 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
774 $query = "insert into `domaincerts` set
775 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
776 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
777 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
778 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
779 `description`='".$_SESSION['_config']['description']."'";
780 } else {
781 showheader(_("My CAcert.org Account!"));
782 echo _("Domain not verified.");
783 showfooter();
784 exit;
785
786 }
787
788 mysql_query($query);
789 $CSRid = mysql_insert_id();
790
791 if(is_array($_SESSION['_config']['rowid']))
792 foreach($_SESSION['_config']['rowid'] as $dom)
793 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
794 if(is_array($_SESSION['_config']['altid']))
795 foreach($_SESSION['_config']['altid'] as $dom)
796 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
797
798 $CSRname=generatecertpath("csr","server",$CSRid);
799 rename($_SESSION['_config']['tmpfname'], $CSRname);
800 chmod($CSRname,0644);
801 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
802 waitForResult("domaincerts", $CSRid, 11);
803 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
804 $res = mysql_query($query);
805 if(mysql_num_rows($res) <= 0)
806 {
807 $id = 11;
808 showheader(_("My CAcert.org Account!"));
809 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
810 showfooter();
811 exit;
812 } else {
813 $id = 15;
814 $cert = $CSRid;
815 $_REQUEST['cert']=$CSRid;
816 }
817 }
818
819 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
820 {
821 csrf_check('srvcerchange');
822 $id = 12;
823 showheader(_("My CAcert.org Account!"));
824 if(is_array($_REQUEST['revokeid']))
825 {
826 echo _("Now renewing the following certificates:")."<br>\n";
827 foreach($_REQUEST['revokeid'] as $id)
828 {
829 $id = intval($id);
830 echo _("Processing request")." $id:<br/>";
831 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
832 where `domaincerts`.`id`='$id' and
833 `domaincerts`.`domid`=`domains`.`id` and
834 `domains`.`memid`='".$_SESSION['profile']['id']."'";
835 $res = mysql_query($query);
836 if(mysql_num_rows($res) <= 0)
837 {
838 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
839 continue;
840 }
841
842 $row = mysql_fetch_assoc($res);
843
844 if (($weakKey = checkWeakKeyX509(file_get_contents(
845 $row['crt_name']))) !== "")
846 {
847 echo $weakKey, "<br/>\n";
848 continue;
849 }
850
851 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
852 $query = "insert into `domaincerts` set
853 `domid`='".$row['domid']."',
854 `CN`='".mysql_real_escape_string($row['CN'])."',
855 `subject`='".mysql_real_escape_string($row['subject'])."',".
856 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
857 "`created`='".$row['created']."',
858 `modified`=NOW(),
859 `rootcert`='".$row['rootcert']."',
860 `type`='".$row['type']."',
861 `pkhash`='".$row['pkhash']."',
862 `description`='".$row['description']."'";
863 mysql_query($query);
864 $newid = mysql_insert_id();
865 $newfile=generatecertpath("csr","server",$newid);
866 copy($row['csr_name'], $newfile);
867 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
868 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
869 foreach($bits as $val)
870 {
871 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
872 }
873 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
874 extractit();
875 getcn();
876 getalt();
877
878 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
879 {
880 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
881 continue;
882 }
883
884 $subject = "";
885 $count = 0;
886 if(is_array($_SESSION['_config']['rows']))
887 foreach($_SESSION['_config']['rows'] as $row)
888 {
889 $count++;
890 if($count <= 1)
891 {
892 $subject .= "/CN=$row";
893 if(!strstr($subject, "=$row/") &&
894 substr($subject, -strlen("=$row")) != "=$row")
895 $subject .= "/subjectAltName=$row";
896 } else {
897 if(!strstr($subject, "=$row/") &&
898 substr($subject, -strlen("=$row")) != "=$row")
899 $subject .= "/subjectAltName=$row";
900 }
901 }
902 if(is_array($_SESSION['_config']['altrows']))
903 foreach($_SESSION['_config']['altrows'] as $row)
904 if(!strstr($subject, "=$row/") &&
905 substr($subject, -strlen("=$row")) != "=$row")
906 $subject .= "/subjectAltName=$row";
907 $subject = mysql_real_escape_string($subject);
908 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
909
910 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
911 waitForResult("domaincerts", $newid,$oldid,0);
912 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
913 $res = mysql_query($query);
914 if(mysql_num_rows($res) <= 0)
915 {
916 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
917 } else {
918 $drow = mysql_fetch_assoc($res);
919 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
920 echo "<pre>\n$cert\n</pre>\n";
921 }
922 }
923 }
924 else
925 {
926 echo _("You did not select any certificates for renewal.");
927 }
928 showfooter();
929 exit;
930 }
931
932 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
933 {
934 csrf_check('srvcerchange');
935 $id = 12;
936 showheader(_("My CAcert.org Account!"));
937 if(is_array($_REQUEST['revokeid']))
938 {
939 echo _("Now revoking the following certificates:")."<br>\n";
940 foreach($_REQUEST['revokeid'] as $id)
941 {
942 $id = intval($id);
943 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
944 where `domaincerts`.`id`='$id' and
945 `domaincerts`.`domid`=`domains`.`id` and
946 `domains`.`memid`='".$_SESSION['profile']['id']."'";
947 $res = mysql_query($query);
948 if(mysql_num_rows($res) <= 0)
949 {
950 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
951 continue;
952 }
953 $row = mysql_fetch_assoc($res);
954 if($row['revoke'] > 0)
955 {
956 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
957 continue;
958 }
959 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
960 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
961 }
962 }
963 else
964 {
965 echo _("You did not select any certificates for revocation.");
966 }
967
968 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
969 {
970 echo _("Now deleting the following pending requests:")."<br>\n";
971 foreach($_REQUEST['delid'] as $id)
972 {
973 $id = intval($id);
974 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
975 where `domaincerts`.`id`='$id' and
976 `domaincerts`.`domid`=`domains`.`id` and
977 `domains`.`memid`='".$_SESSION['profile']['id']."'";
978 $res = mysql_query($query);
979 if(mysql_num_rows($res) <= 0)
980 {
981 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
982 continue;
983 }
984 $row = mysql_fetch_assoc($res);
985 if($row['expired'] > 0)
986 {
987 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
988 continue;
989 }
990 mysql_query("delete from `domaincerts` where `id`='$id'");
991 @unlink($row['csr_name']);
992 @unlink($row['crt_name']);
993 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
994 }
995 }
996 showfooter();
997 exit;
998 }
999
1000 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1001 {
1002 showheader(_("My CAcert.org Account!"));
1003 if(is_array($_REQUEST['revokeid']))
1004 {
1005 echo _("Now renewing the following certificates:")."<br>\n";
1006 foreach($_REQUEST['revokeid'] as $id)
1007 {
1008 $id = intval($id);
1009 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1010 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1011 $res = mysql_query($query);
1012 if(mysql_num_rows($res) <= 0)
1013 {
1014 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1015 continue;
1016 }
1017
1018 $row = mysql_fetch_assoc($res);
1019
1020 if (($weakKey = checkWeakKeyX509(file_get_contents(
1021 $row['crt_name']))) !== "")
1022 {
1023 echo $weakKey, "<br/>\n";
1024 continue;
1025 }
1026
1027 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1028 $query = "insert into emailcerts set
1029 `memid`='".$row['memid']."',
1030 `CN`='".mysql_real_escape_string($row['CN'])."',
1031 `subject`='".mysql_real_escape_string($row['subject'])."',
1032 `keytype`='".$row['keytype']."',
1033 `csr_name`='".$row['csr_name']."',
1034 `created`='".$row['created']."',
1035 `modified`=NOW(),
1036 `disablelogin`='".$row['disablelogin']."',
1037 `codesign`='".$row['codesign']."',
1038 `rootcert`='".$row['rootcert']."',
1039 `description`='".$row['description']."'";
1040 mysql_query($query);
1041 $newid = mysql_insert_id();
1042 $newfile=generatecertpath("csr","client",$newid);
1043 copy($row['csr_name'], $newfile);
1044 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1045 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1046 while($r2 = mysql_fetch_assoc($res))
1047 {
1048 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1049 `emailcertsid`='$newid'");
1050 }
1051 waitForResult("emailcerts", $newid,$oldid,0);
1052 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1053 $res = mysql_query($query);
1054 if(mysql_num_rows($res) <= 0)
1055 {
1056 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1057 } else {
1058 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1059 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1060 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1061 }
1062 }
1063 }
1064 else
1065 {
1066 echo _("You did not select any certificates for renewal.")."<br/>";
1067 }
1068
1069 showfooter();
1070 exit;
1071 }
1072
1073 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1074 {
1075 $id = 5;
1076 showheader(_("My CAcert.org Account!"));
1077 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1078 {
1079 echo _("Now revoking the following certificates:")."<br>\n";
1080 foreach($_REQUEST['revokeid'] as $id)
1081 {
1082 $id = intval($id);
1083 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1084 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1085 $res = mysql_query($query);
1086 if(mysql_num_rows($res) <= 0)
1087 {
1088 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1089 continue;
1090 }
1091 $row = mysql_fetch_assoc($res);
1092 if($row['revoke'] > 0)
1093 {
1094 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1095 continue;
1096 }
1097 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1098 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1099 }
1100 }
1101 else
1102 {
1103 echo _("You did not select any certificates for revocation.");
1104 }
1105
1106 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1107 {
1108 echo _("Now deleting the following pending requests:")."<br>\n";
1109 foreach($_REQUEST['delid'] as $id)
1110 {
1111 $id = intval($id);
1112 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1113 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1114 $res = mysql_query($query);
1115 if(mysql_num_rows($res) <= 0)
1116 {
1117 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1118 continue;
1119 }
1120 $row = mysql_fetch_assoc($res);
1121 if($row['expired'] > 0)
1122 {
1123 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1124 continue;
1125 }
1126 mysql_query("delete from `emailcerts` where `id`='$id'");
1127 @unlink($row['csr_name']);
1128 @unlink($row['crt_name']);
1129 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1130 }
1131 }
1132 showfooter();
1133 exit;
1134 }
1135
1136 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1137 {
1138 showheader(_("My CAcert.org Account!"));
1139 foreach($_REQUEST as $id => $val)
1140 {
1141 if(substr($id,0,5)=="cert_")
1142 {
1143 $id = intval(substr($id,5));
1144 $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
1145 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
1146 }
1147 if(substr($id,0,14)=="check_comment_")
1148 {
1149 if (!empty($_REQUEST['check_comment'.$id])) {
1150 $id = intval(substr($id,14));
1151 $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$id])));
1152 mysql_query("update `emailcerts` set `description`='$comment' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
1153 }
1154 }
1155 }
1156 echo(_("Certificate settings have been changed.")."<br/>\n");
1157 showfooter();
1158 exit;
1159 }
1160
1161
1162 if($oldid == 6 && $_REQUEST['certid'] != "")
1163 {
1164 if(trim($_REQUEST['description']) != ""){
1165 $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1166 }else{
1167 $description= "";
1168 }
1169
1170 if(trim($_REQUEST['disablelogin']) == "1"){
1171 $disablelogin = 1;
1172 }else{
1173 $disablelogin = 0;
1174 }
1175
1176 mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
1177
1178 }
1179 if($oldid == 13 && $process != "")
1180 {
1181 csrf_check("perschange");
1182 $_SESSION['_config']['user'] = $_SESSION['profile'];
1183
1184 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1185 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1186 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1187 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1188 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1189 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1190 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1191 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1192 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1193 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1194
1195 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1196 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1197 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1198 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1199 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1200 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1201 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1202 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1203 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1204 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1205 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1206 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1207 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1208 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1209 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1210 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1211 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1212 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1213 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1214 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1215 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1216 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1217 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1218 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1219 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1220 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1221 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1222 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1223 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1224 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1225 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1226 {
1227 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1228 $id = $oldid;
1229 $oldid=0;
1230 }
1231
1232 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1233 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1234 $_SESSION['_config']['user']['Q5'] == "")
1235 {
1236 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1237 $id = $oldid;
1238 $oldid=0;
1239 }
1240 }
1241
1242 if($oldid == 13 && $process != "")
1243 {
1244 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1245 $ddres = mysql_query($ddquery);
1246 $ddrow = mysql_fetch_assoc($ddres);
1247 $_SESSION['profile']['points'] = $ddrow['total'];
1248
1249 if($_SESSION['profile']['points'] == 0)
1250 {
1251 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1252 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1253 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1254 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1255 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1256 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1257 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1258
1259 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1260 {
1261 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1262 $id = $oldid;
1263 $oldid=0;
1264 }
1265 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1266 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1267 {
1268 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1269 $id = $oldid;
1270 $oldid=0;
1271 }
1272 }
1273 }
1274
1275 if($oldid == 13 && $process != "")
1276 {
1277 if($_SESSION['profile']['points'] == 0)
1278 {
1279 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1280 `mname`='".$_SESSION['_config']['user']['mname']."',
1281 `lname`='".$_SESSION['_config']['user']['lname']."',
1282 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1283 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1284 where `id`='".$_SESSION['profile']['id']."'";
1285 mysql_query($query);
1286 }
1287 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1288 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1289 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1290 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1291 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1292 `A1`='".$_SESSION['_config']['user']['A1']."',
1293 `A2`='".$_SESSION['_config']['user']['A2']."',
1294 `A3`='".$_SESSION['_config']['user']['A3']."',
1295 `A4`='".$_SESSION['_config']['user']['A4']."',
1296 `A5`='".$_SESSION['_config']['user']['A5']."'
1297 where `id`='".$_SESSION['profile']['id']."'";
1298 mysql_query($query);
1299
1300 //!!!Should be rewritten
1301 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1302 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1303 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1304 {
1305 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1306 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1307 mysql_query($query);
1308 }
1309
1310 $_SESSION['_config']['user']['set'] = 0;
1311 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1312 $_SESSION['profile']['loggedin'] = 1;
1313
1314 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1315 $ddres = mysql_query($ddquery);
1316 $ddrow = mysql_fetch_assoc($ddres);
1317 $_SESSION['profile']['points'] = $ddrow['total'];
1318
1319
1320 $id = 13;
1321 showheader(_("My CAcert.org Account!"));
1322 echo _("Your details have been updated with the database.");
1323 showfooter();
1324 exit;
1325 }
1326
1327 if($oldid == 14 && $process != "")
1328 {
1329 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1330 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1331 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1332
1333 $id = 14;
1334 csrf_check("pwchange");
1335
1336 showheader(_("My CAcert.org Account!"));
1337 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1338 {
1339 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1340 '</h3>', "\n";
1341 echo _("New Pass Phrases specified don't match or were blank.");
1342 } else {
1343 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1344 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1345
1346 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1347 {
1348 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1349 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1350 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1351 $rc = mysql_num_rows($match);
1352 } else {
1353 $rc = 1;
1354 }
1355
1356 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1357 echo '<h3 style="color:red">',
1358 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1359 echo _("The Pass Phrase you submitted was too short.");
1360 } else if($score < 3) {
1361 echo '<h3 style="color:red">',
1362 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1363 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1364 } else if($rc <= 0) {
1365 echo '<h3 style="color:red">',
1366 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1367 echo _("You failed to correctly enter your current Pass Phrase.");
1368 } else {
1369 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1370 where `id`='".$_SESSION['profile']['id']."'");
1371 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1372 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1373 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
1374 $body .= _("You are receiving this email because you or someone else")."\n";
1375 $body .= _("has changed the password on your account.")."\n";
1376
1377 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1378
1379 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1380 "support@cacert.org", "", "", "CAcert Support");
1381 }
1382 }
1383 showfooter();
1384 exit;
1385 }
1386
1387 if($oldid == 16)
1388 {
1389 $id = 16;
1390 $_SESSION['_config']['emails'] = array();
1391
1392 foreach($_REQUEST['emails'] as $val)
1393 {
1394 $val = mysql_real_escape_string(stripslashes(trim($val)));
1395 $bits = explode("@", $val);
1396 $count = count($bits);
1397 if($count != 2)
1398 continue;
1399
1400 if(checkownership($bits[1]) == false)
1401 continue;
1402
1403 if(!is_array($_SESSION['_config']['row']))
1404 continue;
1405 else if($_SESSION['_config']['row']['id'] > 0)
1406 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1407
1408 if($val != "")
1409 $_SESSION['_config']['emails'][] = $val;
1410 }
1411 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1412 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1413
1414
1415 if(trim($_REQUEST['description']) != ""){
1416 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1417 }else{
1418 $_SESSION['_config']['description']= "";
1419 }
1420 }
1421
1422 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1423 {
1424 $id = 16;
1425 showheader(_("My CAcert.org Account!"));
1426 echo _("I couldn't match any emails against your organisational account.");
1427 showfooter();
1428 exit;
1429 }
1430
1431 if($oldid == 16 && $process != "")
1432 {
1433
1434 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1435 {
1436 $_REQUEST['codesign'] = 1;
1437 $_SESSION['_config']['codesign'] = 1;
1438 }
1439 else
1440 {
1441 $_REQUEST['codesign'] = 0;
1442 $_SESSION['_config']['codesign'] = 0;
1443 }
1444
1445 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1446 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1447 $_SESSION['_config']['rootcert'] = 1;
1448
1449 if(trim($_REQUEST['description']) != ""){
1450 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1451 }else{
1452 $_SESSION['_config']['description']= "";
1453 }
1454
1455 if(@count($_SESSION['_config']['emails']) > 0)
1456 $id = 17;
1457 }
1458
1459 if($oldid == 17)
1460 {
1461 $org = $_SESSION['_config']['row'];
1462 if($_REQUEST['keytype'] == "NS")
1463 {
1464 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1465
1466 if($spkac == "" || strlen($spkac) < 128)
1467 {
1468 $id = 17;
1469 showheader(_("My CAcert.org Account!"));
1470 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1471 showfooter();
1472 exit;
1473 }
1474
1475 $count = 0;
1476 $emails = "";
1477 $addys = array();
1478 if(is_array($_SESSION['_config']['emails']))
1479 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1480 {
1481 if(!$emails)
1482 $defaultemail = $_REQUEST['email'];
1483 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1484 $count++;
1485 }
1486 if($_SESSION['_config']['name'] != "")
1487 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1488 if($_SESSION['_config']['OU'])
1489 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1490 if($org['O'])
1491 $emails .= "organizationName = ".$org['O']."\n";
1492 if($org['L'])
1493 $emails .= "localityName = ".$org['L']."\n";
1494 if($org['ST'])
1495 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1496 if($org['C'])
1497 $emails .= "countryName = ".$org['C']."\n";
1498 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1499 $_SESSION['_config']['rootcert'] = 1;
1500
1501
1502 $emails .= "SPKAC = $spkac";
1503 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1504 {
1505 $id = 17;
1506 showheader(_("My CAcert.org Account!"));
1507 echo $weakKey;
1508 showfooter();
1509 exit;
1510 }
1511
1512 $query = "insert into `orgemailcerts` set
1513 `CN`='$defaultemail',
1514 `keytype`='NS',
1515 `orgid`='".$org['orgid']."',
1516 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1517 `codesign`='".$_SESSION['_config']['codesign']."',
1518 `rootcert`='".$_SESSION['_config']['rootcert']."',
1519 `description`='".$_SESSION['_config']['description']."'";
1520 mysql_query($query);
1521 $emailid = mysql_insert_id();
1522
1523 foreach($_SESSION['_config']['domids'] as $addy)
1524 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1525
1526 $CSRname=generatecertpath("csr","orgclient",$emailid);
1527 $fp = fopen($CSRname, "w");
1528 fputs($fp, $emails);
1529 fclose($fp);
1530 $challenge=$_SESSION['spkac_hash'];
1531 $res=`openssl spkac -verify -in $CSRname`;
1532 if(!strstr($res,"Challenge String: ".$challenge))
1533 {
1534 $id = $oldid;
1535 showheader(_("My CAcert.org Account!"));
1536 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1537 showfooter();
1538 exit;
1539 }
1540 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1541 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1542 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1543
1544 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1545 {
1546 $id = 17;
1547 showheader(_("My CAcert.org Account!"));
1548 echo $weakKey;
1549 showfooter();
1550 exit;
1551 }
1552
1553 $tmpfname = tempnam("/tmp", "id17CSR");
1554 $fp = fopen($tmpfname, "w");
1555 fputs($fp, $csr);
1556 fclose($fp);
1557
1558 $addys = array();
1559 $defaultemail = "";
1560 $csrsubject="";
1561
1562 if($_SESSION['_config']['name'] != "")
1563 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1564 if(is_array($_SESSION['_config']['emails']))
1565 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1566 {
1567 if($defaultemail == "")
1568 $defaultemail = $_REQUEST['email'];
1569 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1570 }
1571 if($_SESSION['_config']['OU'])
1572 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1573 if($org['O'])
1574 $csrsubject .= "/organizationName=".$org['O'];
1575 if($org['L'])
1576 $csrsubject .= "/localityName=".$org['L'];
1577 if($org['ST'])
1578 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1579 if($org['C'])
1580 $csrsubject .= "/countryName=".$org['C'];
1581
1582 $tmpname = tempnam("/tmp", "id17csr");
1583 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
1584 @unlink($tmpfname);
1585 $csr = "";
1586 $fp = fopen($tmpname, "r");
1587 while($data = fgets($fp, 4096))
1588 $csr .= $data;
1589 fclose($fp);
1590 @unlink($tmpname);
1591
1592 if($csr == "")
1593 {
1594 showheader(_("My CAcert.org Account!"));
1595 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1596 showfooter();
1597 exit;
1598 }
1599 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1600 $_SESSION['_config']['rootcert'] = 1;
1601
1602 $query = "insert into `orgemailcerts` set
1603 `CN`='$defaultemail',
1604 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1605 `orgid`='".$org['orgid']."',
1606 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1607 `subject`='$csrsubject',
1608 `codesign`='".$_SESSION['_config']['codesign']."',
1609 `rootcert`='".$_SESSION['_config']['rootcert']."',
1610 `description`='".$_SESSION['_config']['description']."'";
1611 mysql_query($query);
1612 $emailid = mysql_insert_id();
1613
1614 foreach($_SESSION['_config']['domids'] as $addy)
1615 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1616
1617 $CSRname=generatecertpath("csr","orgclient",$emailid);
1618 $fp = fopen($CSRname, "w");
1619 fputs($fp, $csr);
1620 fclose($fp);
1621 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1622 }
1623 waitForResult("orgemailcerts", $emailid,$oldid);
1624 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1625 $res = mysql_query($query);
1626 if(mysql_num_rows($res) <= 0)
1627 {
1628 showheader(_("My CAcert.org Account!"));
1629 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1630 showfooter();
1631 exit;
1632 } else {
1633 $id = 19;
1634 $cert = $emailid;
1635 $_REQUEST['cert']=$emailid;
1636 }
1637 }
1638
1639 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1640 {
1641 csrf_check('clicerchange');
1642 showheader(_("My CAcert.org Account!"));
1643 if(is_array($_REQUEST['revokeid']))
1644 {
1645 $id = 18;
1646 echo _("Now renewing the following certificates:")."<br>\n";
1647 foreach($_REQUEST['revokeid'] as $id)
1648 {
1649 echo "Renewing certificate #$id ...\n<br/>";
1650 $id = intval($id);
1651 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1652 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1653 `org`.`orgid`=`orgemailcerts`.`orgid`";
1654 $res = mysql_query($query);
1655 if(mysql_num_rows($res) <= 0)
1656 {
1657 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1658 continue;
1659 }
1660
1661 $row = mysql_fetch_assoc($res);
1662
1663 if (($weakKey = checkWeakKeyX509(file_get_contents(
1664 $row['crt_name']))) !== "")
1665 {
1666 echo $weakKey, "<br/>\n";
1667 continue;
1668 }
1669
1670 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1671 if($row['revoke'] > 0)
1672 {
1673 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1674 continue;
1675 }
1676 $query = "insert into `orgemailcerts` set
1677 `orgid`='".$row['orgid']."',
1678 `CN`='".$row['CN']."',
1679 `subject`='".$row['subject']."',
1680 `keytype`='".$row['keytype']."',
1681 `csr_name`='".$row['csr_name']."',
1682 `created`='".$row['created']."',
1683 `modified`=NOW(),
1684 `codesign`='".$row['codesign']."',
1685 `rootcert`='".$row['rootcert']."',
1686 `description`='".$row['description']."'";
1687 mysql_query($query);
1688 $newid = mysql_insert_id();
1689 $newfile=generatecertpath("csr","orgclient",$newid);
1690 copy($row['csr_name'], $newfile);
1691 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1692 waitForResult("orgemailcerts", $newid,$oldid,0);
1693 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1694 $res = mysql_query($query);
1695 if(mysql_num_rows($res) > 0)
1696 {
1697 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1698 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1699 _("Click here")."</a> "._("to install your certificate.");
1700 }
1701 echo("<br/>");
1702 }
1703 }
1704 else
1705 {
1706 echo _("You did not select any certificates for renewal.");
1707 }
1708 showfooter();
1709 exit;
1710 }
1711
1712 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1713 {
1714 csrf_check('clicerchange');
1715 $id = 18;
1716 showheader(_("My CAcert.org Account!"));
1717 if(is_array($_REQUEST['revokeid']))
1718 {
1719 echo _("Now revoking the following certificates:")."<br>\n";
1720 foreach($_REQUEST['revokeid'] as $id)
1721 {
1722 $id = intval($id);
1723 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1724 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1725 `org`.`orgid`=`orgemailcerts`.`orgid`";
1726 $res = mysql_query($query);
1727 if(mysql_num_rows($res) <= 0)
1728 {
1729 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1730 continue;
1731 }
1732 $row = mysql_fetch_assoc($res);
1733 if($row['revoke'] > 0)
1734 {
1735 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1736 continue;
1737 }
1738 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1739 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1740 }
1741 }
1742 else
1743 {
1744 echo _("You did not select any certificates for revocation.");
1745 }
1746
1747 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1748 {
1749 echo _("Now deleting the following pending requests:")."<br>\n";
1750 foreach($_REQUEST['delid'] as $id)
1751 {
1752 $id = intval($id);
1753 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1754 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1755 `org`.`orgid`=`orgemailcerts`.`orgid`";
1756 $res = mysql_query($query);
1757 if(mysql_num_rows($res) <= 0)
1758 {
1759 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1760 continue;
1761 }
1762 $row = mysql_fetch_assoc($res);
1763 if($row['expired'] > 0)
1764 {
1765 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1766 continue;
1767 }
1768 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1769 @unlink($row['csr_name']);
1770 @unlink($row['crt_name']);
1771 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1772 }
1773 }
1774 showfooter();
1775 exit;
1776 }
1777
1778 if($process != "" && $oldid == 20)
1779 {
1780 $CSR = clean_csr($_REQUEST['CSR']);
1781
1782 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1783 {
1784 $id = 20;
1785 showheader(_("My CAcert.org Account!"));
1786 echo $weakKey;
1787 showfooter();
1788 exit;
1789 }
1790
1791 if(trim($_REQUEST['description']) != ""){
1792 $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
1793 }else{
1794 $_SESSION['_config']['description']= "";
1795 }
1796
1797 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1798 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1799 fputs($fp, $CSR);
1800 fclose($fp);
1801 $CSR = $_SESSION['_config']['tmpfname'];
1802 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
1803 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1804 foreach($bits as $val)
1805 {
1806 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1807 }
1808 $id = 21;
1809
1810 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1811 extractit();
1812 getcn2();
1813 getalt2();
1814
1815 $query = "select * from `orginfo`,`org`,`orgdomains` where
1816 `org`.`memid`='".$_SESSION['profile']['id']."' and
1817 `org`.`orgid`=`orginfo`.`id` and
1818 `org`.`orgid`=`orgdomains`.`orgid` and
1819 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1820 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1821 $query = "select * from `orginfo`,`org`,`orgdomains` where
1822 `org`.`memid`='".$_SESSION['profile']['id']."' and
1823 `org`.`orgid`=`orginfo`.`id` and
1824 `org`.`orgid`=`orgdomains`.`orgid` and
1825 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1826 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1827 //echo "<pre>"; print_r($_SESSION['_config']); die;
1828
1829 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1830 {
1831 $id = 20;
1832 showheader(_("My CAcert.org Account!"));
1833 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1834 showfooter();
1835 exit;
1836 }
1837
1838 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1839 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1840 $_SESSION['_config']['rootcert'] = 1;
1841 }
1842
1843 if($process != "" && $oldid == 21)
1844 {
1845 $id = 21;
1846
1847 if(!file_exists($_SESSION['_config']['tmpfname']))
1848 {
1849 showheader(_("My CAcert.org Account!"));
1850 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1851 showfooter();
1852 exit;
1853 }
1854
1855 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1856 $_SESSION['_config']['tmpfname']))) !== "")
1857 {
1858 showheader(_("My CAcert.org Account!"));
1859 echo $weakKey;
1860 showfooter();
1861 exit;
1862 }
1863
1864 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1865 {
1866 showheader(_("My CAcert.org Account!"));
1867 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1868 showfooter();
1869 exit;
1870 }
1871
1872 if($_SESSION['_config']['rowid']['0'] > 0)
1873 {
1874 $query = "select * from `org`,`orginfo` where
1875 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1876 `orginfo`.`id`=`org`.`orgid` and
1877 `org`.`memid`='".$_SESSION['profile']['id']."'";
1878 } else {
1879 $query = "select * from `org`,`orginfo` where
1880 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1881 `orginfo`.`id`=`org`.`orgid` and
1882 `org`.`memid`='".$_SESSION['profile']['id']."'";
1883 }
1884 $org = mysql_fetch_assoc(mysql_query($query));
1885 $csrsubject = "";
1886
1887 if($_SESSION['_config']['OU'])
1888 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1889 if($org['O'])
1890 $csrsubject .= "/organizationName=".$org['O'];
1891 if($org['L'])
1892 $csrsubject .= "/localityName=".$org['L'];
1893 if($org['ST'])
1894 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1895 if($org['C'])
1896 $csrsubject .= "/countryName=".$org['C'];
1897 //if($org['contact'])
1898 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1899
1900 if(is_array($_SESSION['_config']['rows']))
1901 foreach($_SESSION['_config']['rows'] as $row)
1902 $csrsubject .= "/commonName=$row";
1903 $SAN="";
1904 if(is_array($_SESSION['_config']['altrows']))
1905 foreach($_SESSION['_config']['altrows'] as $subalt)
1906 {
1907 if($SAN != "")
1908 $SAN .= ",";
1909 $SAN .= "$subalt";
1910 }
1911
1912 if($SAN != "")
1913 $csrsubject .= "/subjectAltName=".$SAN;
1914
1915 $type="";
1916 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1917 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1918 $_SESSION['_config']['rootcert'] = 1;
1919
1920 if($_SESSION['_config']['rowid']['0'] > 0)
1921 {
1922 $query = "insert into `orgdomaincerts` set
1923 `CN`='".$_SESSION['_config']['rows']['0']."',
1924 `orgid`='".$org['id']."',
1925 `created`=NOW(),
1926 `subject`='$csrsubject',
1927 `rootcert`='".$_SESSION['_config']['rootcert']."',
1928 `type`='$type'";
1929 } else {
1930 $query = "insert into `orgdomaincerts` set
1931 `CN`='".$_SESSION['_config']['altrows']['0']."',
1932 `orgid`='".$org['id']."',
1933 `created`=NOW(),
1934 `subject`='$csrsubject',
1935 `rootcert`='".$_SESSION['_config']['rootcert']."',
1936 `type`='$type',
1937 `description`='".$_SESSION['_config']['description']."'";
1938 }
1939 mysql_query($query);
1940 $CSRid = mysql_insert_id();
1941
1942 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1943 rename($_SESSION['_config']['tmpfname'], $CSRname);
1944 chmod($CSRname,0644);
1945 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1946 if(is_array($_SESSION['_config']['rowid']))
1947 foreach($_SESSION['_config']['rowid'] as $id)
1948 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1949 if(is_array($_SESSION['_config']['altid']))
1950 foreach($_SESSION['_config']['altid'] as $id)
1951 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1952 waitForResult("orgdomaincerts", $CSRid,$oldid);
1953 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1954 $res = mysql_query($query);
1955 if(mysql_num_rows($res) <= 0)
1956 {
1957 showheader(_("My CAcert.org Account!"));
1958 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1959 showfooter();
1960 exit;
1961 } else {
1962 $id = 23;
1963 $cert = $CSRid;
1964 $_REQUEST['cert']=$CSRid;
1965 }
1966 }
1967
1968 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1969 {
1970 csrf_check('orgsrvcerchange');
1971 showheader(_("My CAcert.org Account!"));
1972 if(is_array($_REQUEST['revokeid']))
1973 {
1974 echo _("Now renewing the following certificates:")."<br>\n";
1975 foreach($_REQUEST['revokeid'] as $id)
1976 {
1977 $id = intval($id);
1978 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1979 `orgdomaincerts`,`org`
1980 where `orgdomaincerts`.`id`='$id' and
1981 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1982 `org`.`memid`='".$_SESSION['profile']['id']."'";
1983 $res = mysql_query($query);
1984 if(mysql_num_rows($res) <= 0)
1985 {
1986 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1987 continue;
1988 }
1989
1990 $row = mysql_fetch_assoc($res);
1991
1992 if (($weakKey = checkWeakKeyX509(file_get_contents(
1993 $row['crt_name']))) !== "")
1994 {
1995 echo $weakKey, "<br/>\n";
1996 continue;
1997 }
1998
1999 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
2000 if($row['revoke'] > 0)
2001 {
2002 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2003 continue;
2004 }
2005 $query = "insert into `orgdomaincerts` set
2006 `orgid`='".$row['orgid']."',
2007 `CN`='".$row['CN']."',
2008 `csr_name`='".$row['csr_name']."',
2009 `created`='".$row['created']."',
2010 `modified`=NOW(),
2011 `subject`='".$row['subject']."',
2012 `type`='".$row['type']."',
2013 `rootcert`='".$row['rootcert']."',
2014 `description`='".$row['description']."'";
2015 mysql_query($query);
2016 $newid = mysql_insert_id();
2017 //echo "NewID: $newid<br/>\n";
2018 $newfile=generatecertpath("csr","orgserver",$newid);
2019 copy($row['csr_name'], $newfile);
2020 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
2021 echo _("Renewing").": ".$row['CN']."<br>\n";
2022 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
2023 while($r2 = mysql_fetch_assoc($res))
2024 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
2025 waitForResult("orgdomaincerts", $newid,$oldid,0);
2026 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
2027 $res = mysql_query($query);
2028 if(mysql_num_rows($res) <= 0)
2029 {
2030 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
2031 } else {
2032 $drow = mysql_fetch_assoc($res);
2033 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
2034 echo "<pre>\n$cert\n</pre>\n";
2035 }
2036 }
2037 }
2038 else
2039 {
2040 echo _("You did not select any certificates for renewal.");
2041 }
2042 showfooter();
2043 exit;
2044 }
2045
2046 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
2047 {
2048 csrf_check('orgsrvcerchange');
2049 showheader(_("My CAcert.org Account!"));
2050 if(is_array($_REQUEST['revokeid']))
2051 {
2052 echo _("Now revoking the following certificates:")."<br>\n";
2053 foreach($_REQUEST['revokeid'] as $id)
2054 {
2055 $id = intval($id);
2056 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
2057 `orgdomaincerts`,`org`
2058 where `orgdomaincerts`.`id`='$id' and
2059 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2060 `org`.`memid`='".$_SESSION['profile']['id']."'";
2061 $res = mysql_query($query);
2062 if(mysql_num_rows($res) <= 0)
2063 {
2064 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2065 continue;
2066 }
2067 $row = mysql_fetch_assoc($res);
2068 if($row['revoke'] > 0)
2069 {
2070 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2071 continue;
2072 }
2073 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2074 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
2075 }
2076 }
2077 else
2078 {
2079 echo _("You did not select any certificates for revocation.");
2080 }
2081
2082 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2083 {
2084 echo _("Now deleting the following pending requests:")."<br>\n";
2085 foreach($_REQUEST['delid'] as $id)
2086 {
2087 $id = intval($id);
2088 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2089 `orgdomaincerts`,`org`
2090 where `orgdomaincerts`.`id`='$id' and
2091 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2092 `org`.`memid`='".$_SESSION['profile']['id']."'";
2093 $res = mysql_query($query);
2094 if(mysql_num_rows($res) <= 0)
2095 {
2096 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2097 continue;
2098 }
2099 $row = mysql_fetch_assoc($res);
2100 if($row['expired'] > 0)
2101 {
2102 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2103 continue;
2104 }
2105 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2106 @unlink($row['csr_name']);
2107 @unlink($row['crt_name']);
2108 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2109 }
2110 }
2111 showfooter();
2112 exit;
2113 }
2114
2115 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2116 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2117 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2118 $_SESSION['profile']['orgadmin'] != 1)
2119 {
2120 showheader(_("My CAcert.org Account!"));
2121 echo _("You don't have access to this area.");
2122 showfooter();
2123 exit;
2124 }
2125
2126 if($oldid == 24 && $process != "")
2127 {
2128 $id = intval($oldid);
2129 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2130 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2131 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2132 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2133 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2134 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2135
2136 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2137 {
2138 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2139 } else {
2140 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2141 `contact`='".$_SESSION['_config']['contact']."',
2142 `L`='".$_SESSION['_config']['L']."',
2143 `ST`='".$_SESSION['_config']['ST']."',
2144 `C`='".$_SESSION['_config']['C']."',
2145 `comments`='".$_SESSION['_config']['comments']."'");
2146 showheader(_("My CAcert.org Account!"));
2147 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2148 showfooter();
2149 exit;
2150 }
2151 }
2152
2153 if($oldid == 27 && $process != "")
2154 {
2155 csrf_check('orgdetchange');
2156 $id = intval($oldid);
2157 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2158 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2159 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2160 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2161 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2162 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2163
2164 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2165 {
2166 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2167 } else {
2168 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2169 `contact`='".$_SESSION['_config']['contact']."',
2170 `L`='".$_SESSION['_config']['L']."',
2171 `ST`='".$_SESSION['_config']['ST']."',
2172 `C`='".$_SESSION['_config']['C']."',
2173 `comments`='".$_SESSION['_config']['comments']."'
2174 where `id`='".$_SESSION['_config']['orgid']."'");
2175 showheader(_("My CAcert.org Account!"));
2176 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2177 showfooter();
2178 exit;
2179 }
2180 }
2181
2182 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2183 {
2184 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2185 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2186 if(mysql_num_rows($res1) > 0)
2187 {
2188 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2189 $id = $oldid;
2190 $oldid=0;
2191 }
2192 }
2193
2194 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2195 {
2196 $oldid=0;
2197 $id = 25;
2198 }
2199
2200 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2201 {
2202 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2203 showheader(_("My CAcert.org Account!"));
2204 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2205 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2206 showfooter();
2207 exit;
2208 }
2209
2210 if($oldid == 29 && $process != "")
2211 {
2212 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2213
2214 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2215 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2216 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2217 {
2218 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2219 $id = $oldid;
2220 $oldid=0;
2221 }
2222 }
2223
2224 if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2225 {
2226 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2227 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2228 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2229 `orgdomains`.`id`='".intval($domid)."'";
2230 $res = mysql_query($query);
2231 while($row = mysql_fetch_assoc($res))
2232 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2233
2234 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2235 `orgemaillink`.`domid`=`orgdomains`.`id` and
2236 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2237 `orgdomains`.`id`='".intval($domid)."'";
2238 $res = mysql_query($query);
2239 while($row = mysql_fetch_assoc($res))
2240 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2241 }
2242
2243 if($oldid == 29 && $process != "")
2244 {
2245 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2246 mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
2247 showheader(_("My CAcert.org Account!"));
2248 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
2249 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2250 showfooter();
2251 exit;
2252 }
2253
2254 if($oldid == 30 && $process != "")
2255 {
2256 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2257 $domain = $row['domain'];
2258 mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
2259 showheader(_("My CAcert.org Account!"));
2260 printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
2261 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2262 showfooter();
2263 exit;
2264 }
2265
2266 if($oldid == 30)
2267 {
2268 $id = 26;
2269 $orgid = 0;
2270 }
2271
2272 if($oldid == 31 && $process != "")
2273 {
2274 $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
2275 $dres = mysql_query($query);
2276 while($drow = mysql_fetch_assoc($dres))
2277 {
2278 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2279 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2280 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2281 `orgdomains`.`id`='".intval($drow['id'])."'";
2282 $res = mysql_query($query);
2283 while($row = mysql_fetch_assoc($res))
2284 {
2285 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2286 mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
2287 mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
2288 }
2289
2290 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2291 `orgemaillink`.`domid`=`orgdomains`.`id` and
2292 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2293 `orgdomains`.`id`='".intval($drow['id'])."'";
2294 $res = mysql_query($query);
2295 while($row = mysql_fetch_assoc($res))
2296 {
2297 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2298 mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
2299 mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
2300 }
2301 }
2302 mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2303 mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2304 mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
2305 }
2306
2307 if($oldid == 31)
2308 {
2309 $id = 25;
2310 $orgid = 0;
2311 }
2312
2313 if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
2314 {
2315 $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2316 $_macc = mysql_num_rows(mysql_query($query));
2317 if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
2318 {
2319 showheader(_("My CAcert.org Account!"));
2320 echo _("You don't have access to this area.");
2321 showfooter();
2322 exit;
2323 }
2324 }
2325
2326 if($id == 35 || $oldid == 35)
2327 {
2328 $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
2329 $is_orguser = mysql_num_rows(mysql_query($query));
2330 if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
2331 {
2332 showheader(_("My CAcert.org Account!"));
2333 echo _("You don't have access to this area.");
2334 showfooter();
2335 exit;
2336 }
2337 }
2338
2339 if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
2340 {
2341 $orgid = intval($_SESSION['_config']['orgid']);
2342 $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2343 $res = mysql_query($query);
2344 if(mysql_num_rows($res) <= 0)
2345 {
2346 $id = 35;
2347 }
2348 }
2349
2350 if($oldid == 33 && $process != "")
2351 {
2352 csrf_check('orgadmadd');
2353 if($_SESSION['profile']['orgadmin'] == 1)
2354 $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
2355 else
2356 $masteracc = $_SESSION['_config'][masteracc] = 0;
2357 $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
2358 $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
2359 $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
2360 $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
2361 if(mysql_num_rows($res) <= 0)
2362 {
2363 $id = $oldid;
2364 $oldid=0;
2365 $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
2366 } else {
2367 $row = mysql_fetch_assoc($res);
2368 if ( !is_assurer(intval($row['id'])) )
2369 {
2370 $id = $oldid;
2371 $oldid=0;
2372 $_SESSION['_config']['errmsg'] =
2373 _("The user is not an Assurer yet");
2374 } else {
2375 mysql_query(
2376 "insert into `org`
2377 set `memid`='".intval($row['id'])."',
2378 `orgid`='".intval($_SESSION['_config']['orgid'])."',
2379 `masteracc`='$masteracc',
2380 `OU`='$OU',
2381 `comments`='$comments'");
2382 }
2383 }
2384 }
2385
2386 if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
2387 {
2388 $orgid = intval($_SESSION['_config']['orgid']);
2389 $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
2390 if(mysql_num_rows($res) <= 0)
2391 $id = 32;
2392 }
2393
2394 if($oldid == 34 && $process != "")
2395 {
2396 $orgid = intval($_SESSION['_config']['orgid']);
2397 $memid = intval($_REQUEST['memid']);
2398 $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
2399 mysql_query($query);
2400 }
2401
2402 if($oldid == 34 || $oldid == 33)
2403 {
2404 $oldid=0;
2405 $id = 32;
2406 $orgid = 0;
2407 }
2408
2409 if($id == 36)
2410 {
2411 $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
2412 $_REQUEST['general'] = $row['general'];
2413 $_REQUEST['country'] = $row['country'];
2414 $_REQUEST['regional'] = $row['regional'];
2415 $_REQUEST['radius'] = $row['radius'];
2416 }
2417
2418 if($oldid == 36)
2419 {
2420 $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
2421 if($rc > 0)
2422 {
2423 $query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
2424 `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
2425 `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',
2426 `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."'
2427 where `memid`='".intval($_SESSION['profile']['id'])."'";
2428 } else {
2429 $query = "insert into `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
2430 `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
2431 `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',
2432 `radius`='".intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0)."',
2433 `memid`='".intval($_SESSION['profile']['id'])."'";
2434 }
2435 mysql_query($query);
2436 $id = $oldid;
2437 $oldid=0;
2438 }
2439
2440 if($oldid == 41 && $_REQUEST['action'] == 'default')
2441 {
2442 csrf_check("mainlang");
2443 $lang = mysql_real_escape_string($_REQUEST['lang']);
2444 foreach(L10n::$translations as $key => $val)
2445 {
2446 if($key == $lang)
2447 {
2448 mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
2449 $_SESSION['profile']['language'] = $lang;
2450 showheader(_("My CAcert.org Account!"));
2451 echo _("Your language setting has been updated.");
2452 showfooter();
2453 exit;
2454 }
2455 }
2456
2457 showheader(_("My CAcert.org Account!"));
2458 echo _("You tried to use an invalid language.");
2459 showfooter();
2460 exit;
2461 }
2462
2463 if($oldid == 41 && $_REQUEST['action'] == 'addsec')
2464 {
2465 csrf_check("seclang");
2466 $addlang = mysql_real_escape_string($_REQUEST['addlang']);
2467 // Does the language exist?
2468 mysql_query("insert into `addlang` set `userid`='".intval($_SESSION['profile']['id'])."', `lang`='$addlang'");
2469 showheader(_("My CAcert.org Account!"));
2470 echo _("Your language setting has been updated.");
2471 showfooter();
2472 exit;
2473 }
2474
2475 if($oldid == 41 && $_REQUEST['action'] == 'dellang')
2476 {
2477 csrf_check("seclang");
2478 $remove = mysql_real_escape_string($_REQUEST['remove']);
2479 mysql_query("delete from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."' and `lang`='$remove'");
2480 showheader(_("My CAcert.org Account!"));
2481 echo _("Your language setting has been updated.");
2482 showfooter();
2483 exit;
2484 }
2485
2486 if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 ||
2487 $oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) &&
2488 $_SESSION['profile']['admin'] != 1)
2489 {
2490 showheader(_("My CAcert.org Account!"));
2491 echo _("You don't have access to this area.");
2492 showfooter();
2493 exit;
2494 }
2495
2496 if(($id == 53 || $id == 54 || $oldid == 53 || $oldid == 54) &&
2497 $_SESSION['profile']['locadmin'] != 1)
2498 {
2499 showheader(_("My CAcert.org Account!"));
2500 echo _("You don't have access to this area.");
2501 showfooter();
2502 exit;
2503 }
2504
2505 if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
2506 ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
2507 $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
2508 {
2509 $id = 53;
2510 $ccid = intval(array_key_exists('ccid',$_REQUEST)?$_REQUEST['ccid']:0);
2511 $regid = intval(array_key_exists('regid',$_REQUEST)?$_REQUEST['regid']:0);
2512 $newreg = intval(array_key_exists('newreg',$_REQUEST)?$_REQUEST['newreg']:0);
2513 $locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
2514 $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
2515 $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
2516 $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
2517 $action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
2518
2519 if($locid > 0 && $action == "edit")
2520 {
2521 $query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'";
2522 mysql_query($query);
2523 $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'"));
2524 $_REQUEST['regid'] = $row['regid'];
2525 unset($_REQUEST['ccid']);
2526 unset($_REQUEST['locid']);
2527 unset($_REQUEST['action']);
2528 } else if($regid > 0 && $action == "edit") {
2529 $query = "update `regions` set `name`='$name' where `id`='$regid'";
2530 mysql_query($query);
2531 $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
2532 $_REQUEST['ccid'] = $row['ccid'];
2533 unset($_REQUEST['regid']);
2534 unset($_REQUEST['locid']);
2535 unset($_REQUEST['action']);
2536 } else if($regid > 0 && $action == "add") {
2537 $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'"));
2538 $ccid = $row['ccid'];
2539 $query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'";
2540 mysql_query($query);
2541 unset($_REQUEST['ccid']);
2542 unset($_REQUEST['locid']);
2543 unset($_REQUEST['action']);
2544 } else if($ccid > 0 && $action == "add" && $name != "") {
2545 $query = "insert into `regions` set `ccid`='$ccid', `name`='$name'";