Merge branch 'bug-1138' of https://github.com/INOPIAE/CAcert into bug-1138
[cacert-devel.git] / includes / account.php
index 052e806..a579b7a 100644 (file)
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
-  
+
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
        require_once("../includes/loggedin.php");
        require_once("../includes/lib/l10n.php");
-       require_once('lib/check_weak_key.php');
+       require_once("../includes/lib/check_weak_key.php");
+       require_once("../includes/notary.inc.php");
 
        loadem("account");
 
@@ -70,9 +71,7 @@
                }
                $oldid=0;
                $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
-               $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 0)
+               if(check_email_exists($_REQUEST['email'])==true)
                {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@@ -83,7 +82,7 @@
                if($checkemail != "OK")
                {
                        showheader(_("My CAcert.org Account!"));
-                       if (substr($checkemail, 0, 1) == "4") 
+                       if (substr($checkemail, 0, 1) == "4")
                        {
                                echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
                        } else {
                {
                        foreach($_REQUEST['delid'] as $id)
                        {
+                               if (0==$delcount) {
+                                       echo _('The following email addresses have been removed:')."<br>\n";
+                               }
                                $id = intval($id);
                                $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
                                                `email`!='".$_SESSION['profile']['email']."'";
                                {
                                        $row = mysql_fetch_assoc($res);
                                        echo $row['email']."<br>\n";
-                                       $query = "select `emailcerts`.`id` 
-                                                       from `emaillink`,`emailcerts` where
-                                                       `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
-                                                       `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
-                                                       group by `emailcerts`.`id`";
-                                       $dres = mysql_query($query);
-                                       while($drow = mysql_fetch_assoc($dres))
-                                               mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-       
-                                       $query = "update `email` set `deleted`=NOW() where `id`='$id'";
-                                       mysql_query($query);
+                                       account_email_delete($row['id']);
                                        $delcount++;
                                }
                        }
                {
                        echo _("You did not select any email accounts for removal.");
                }
-               if($delcount > 0)
+               if(0 == $delcount)
                {
-                       echo _("The following accounts have been removed:")."<br>\n";
-               } else {
                        echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
                }
 
 
        if($process != "" && $oldid == 3)
        {
+               if(!array_key_exists('CCA',$_REQUEST))
+               {
+                       showheader(_("My CAcert.org Account!"));
+                       echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+                       showfooter();
+                       exit;
+               }
+
                if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
                {
                        showheader(_("My CAcert.org Account!"));
                        $_REQUEST['keytype'] = "MS";
                        $csr = clean_csr($_REQUEST['optionalCSR']);
                }
+               if(trim($_REQUEST['description']) != ""){
+                       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+               }else{
+                       $_SESSION['_config']['description']= "";
+               }
        }
 
        if($oldid == 4)
                                showfooter();
                                exit;
                        }
-                       
+
+                       write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
                        $query = "insert into emailcerts set
-                                               `CN`='$defaultemail', 
+                                               `CN`='$defaultemail',
                                                `keytype`='NS',
                                                `memid`='".intval($_SESSION['profile']['id'])."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `codesign`='".intval($_SESSION['_config']['codesign'])."',
                                                `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-                                               `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+                                               `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+                                               `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
                        if(is_array($addys))
                        fputs($fp, $emails);
                        fclose($fp);
                        $challenge=$_SESSION['spkac_hash'];
-                        $res=`openssl spkac -verify -in $CSRname`;
-                        if(!strstr($res,"Challenge String: ".$challenge))
-                        {
-                                $id = $oldid;
-                                showheader(_("My CAcert.org Account!"));
-                                echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
-                                showfooter();
-                                exit;
-                        }
+                       $res=`openssl spkac -verify -in $CSRname`;
+                       if(!strstr($res,"Challenge String: ".$challenge))
+                       {
+                               $id = $oldid;
+                               showheader(_("My CAcert.org Account!"));
+                               echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+                               showfooter();
+                               exit;
+                       }
                        mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
                        if($csr == "")
                                $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
-                       
+
                        if (($weakKey = checkWeakKeyCSR($csr)) !== "")
                        {
                                $id = 4;
                                showfooter();
                                exit;
                        }
-                       
+
                        $tmpfname = tempnam("/tmp", "id4CSR");
                        $fp = fopen($tmpfname, "w");
                        fputs($fp, $csr);
                        $csrsubject="";
 
                        $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
-                        if(strlen($user['mname']) == 1)
-                                $user['mname'] .= '.';
+                       if(strlen($user['mname']) == 1)
+                               $user['mname'] .= '.';
                        if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
                                $csrsubject = "/CN=CAcert WoT User";
                        if($_SESSION['_config']['incname'] == 1)
                                showfooter();
                                exit;
                        }
-                       $query = "insert into emailcerts set 
-                                               `CN`='$defaultemail', 
+                       $query = "insert into emailcerts set
+                                               `CN`='$defaultemail',
                                                `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
                                                `memid`='".$_SESSION['profile']['id']."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `subject`='".mysql_real_escape_string($csrsubject)."',
                                                `codesign`='".$_SESSION['_config']['codesign']."',
                                                `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."'";
+                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
+                                               `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
                        if(is_array($addys))
                csrf_check("adddomain");
                if(strstr($_REQUEST['newdomain'],"\x00"))
                {
-                        showheader(_("My CAcert.org Account!"));
-                        echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
-                        showfooter();
-                        exit;
+                       showheader(_("My CAcert.org Account!"));
+                       echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+                       showfooter();
+                       exit;
                }
 
                list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
                {
                        showheader(_("My CAcert.org Account!"));
                        //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
-                       if (substr($checkemail, 0, 1) == "4") 
+                       if (substr($checkemail, 0, 1) == "4")
                        {
                                echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
                        } else {
                                {
                                        $row = mysql_fetch_assoc($res);
                                        echo $row['domain']."<br>\n";
-                                       
-                                       $dres = mysql_query(
-                                               "select distinct `domaincerts`.`id`
-                                                       from `domaincerts`, `domlink`
-                                                       where `domaincerts`.`domid` = '$id'
-                                                       or (
-                                                               `domaincerts`.`id` = `domlink`.`certid`
-                                                               and `domlink`.`domid` = '$id'
-                                                               )");
-                                       while($drow = mysql_fetch_assoc($dres))
-                                       {
-                                               mysql_query(
-                                                       "update `domaincerts`
-                                                               set `revoked`='1970-01-01 10:00:01'
-                                                               where `id` = '".$drow['id']."'
-                                                               and `revoked` = 0
-                                                               and UNIX_TIMESTAMP(`expire`) -
-                                                                               UNIX_TIMESTAMP() > 0");
-                                       }
-                                       
-                                       mysql_query(
-                                               "update `domains`
-                                                       set `deleted`=NOW()
-                                                       where `id` = '$id'");
+                                       account_domain_delete($row['id']);
                                }
+
                        }
                }
                else
 
        if($process != "" && $oldid == 10)
        {
+               if(!array_key_exists('CCA',$_REQUEST))
+               {
+                       showheader(_("My CAcert.org Account!"));
+                       echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+                       showfooter();
+                       exit;
+               }
+
                $CSR = clean_csr($_REQUEST['CSR']);
                if(strpos($CSR,"---BEGIN")===FALSE)
                {
-                 // In case the CSR is missing the ---BEGIN lines, add them automatically:
-                 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+                       // In case the CSR is missing the ---BEGIN lines, add them automatically:
+                       $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
                }
-               
+
                if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
                {
                        showheader(_("My CAcert.org Account!"));
                        showfooter();
                        exit;
                }
-               
+
+               if(trim($_REQUEST['description']) != ""){
+                       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+               }else{
+                       $_SESSION['_config']['description']= "";
+               }
+
                $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
                $fp = fopen($_SESSION['_config']['tmpfname'], "w");
                fputs($fp, $CSR);
                        showfooter();
                        exit;
                }
-               
+
                if (($weakKey = checkWeakKeyCSR(file_get_contents(
                                $_SESSION['_config']['tmpfname']))) !== "")
                {
                        showfooter();
                        exit;
                }
-               
+
                $id = 11;
                if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
                {
                $subject = "";
                $count = 0;
                $supressSAN=0;
-                if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+               if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
 
                if(is_array($_SESSION['_config']['rows']))
                        foreach($_SESSION['_config']['rows'] as $row)
                if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                        $_SESSION['_config']['rootcert'] = 1;
 
+               write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
                if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
                {
-                       $query = "insert into `domaincerts` set 
+                       $query = "insert into `domaincerts` set
                                                `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
                                                `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
                                                `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+                                               `description`='".$_SESSION['_config']['description']."'";
                } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
-                       $query = "insert into `domaincerts` set 
+                       $query = "insert into `domaincerts` set
                                                `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
                                                `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
                                                `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+                                               `description`='".$_SESSION['_config']['description']."'";
                } else {
                        showheader(_("My CAcert.org Account!"));
                        echo _("Domain not verified.");
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
-                               $query = "insert into `domaincerts` set 
-                                               `domid`='".$row['domid']."', 
+                               $query = "insert into `domaincerts` set
+                                               `domid`='".$row['domid']."',
                                                `CN`='".mysql_real_escape_string($row['CN'])."',
                                                `subject`='".mysql_real_escape_string($row['subject'])."',".
                                                //`csr_name`='".$row['csr_name']."', // RACE CONDITION
                                                "`created`='".$row['created']."',
-                                               `modified`=NOW(), 
+                                               `modified`=NOW(),
                                                `rootcert`='".$row['rootcert']."',
                                                `type`='".$row['type']."',
-                                               `pkhash`='".$row['pkhash']."'";
+                                               `pkhash`='".$row['pkhash']."',
+                                               `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
                                $newfile=generatecertpath("csr","server",$newid);
                        foreach($_REQUEST['revokeid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` 
+                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".$_SESSION['profile']['id']."'";
                        foreach($_REQUEST['delid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` 
+                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".$_SESSION['profile']['id']."'";
                exit;
        }
 
+       if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+       {
+               showheader(_("My CAcert.org Account!"));
+               foreach($_REQUEST as $id => $val)
+               {
+                       if(substr($id,0,14)=="check_comment_")
+                       {
+                               $cid = intval(substr($id,14));
+                               $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+                               mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+                       }
+               }
+               echo(_("Certificate settings have been changed.")."<br/>\n");
+               showfooter();
+               exit;
+       }
+
+
        if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
        {
                showheader(_("My CAcert.org Account!"));
                        foreach($_REQUEST['revokeid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` 
+                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
                                                where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) <= 0)
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
-                               $query = "insert into emailcerts set 
-                                               `memid`='".$row['memid']."', 
+                               $query = "insert into emailcerts set
+                                               `memid`='".$row['memid']."',
                                                `CN`='".mysql_real_escape_string($row['CN'])."',
                                                `subject`='".mysql_real_escape_string($row['subject'])."',
-                                               `keytype`='".$row['keytype']."', 
-                                               `csr_name`='".$row['csr_name']."', 
-                                               `created`='".$row['created']."', 
+                                               `keytype`='".$row['keytype']."',
+                                               `csr_name`='".$row['csr_name']."',
+                                               `created`='".$row['created']."',
                                                `modified`=NOW(),
                                                `disablelogin`='".$row['disablelogin']."',
                                                `codesign`='".$row['codesign']."',
-                                               `rootcert`='".$row['rootcert']."'";
+                                               `rootcert`='".$row['rootcert']."',
+                                               `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
                                $newfile=generatecertpath("csr","client",$newid);
                        foreach($_REQUEST['revokeid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` 
+                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
                                                where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) <= 0)
                        foreach($_REQUEST['delid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` 
+                               $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
                                                where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) <= 0)
 
        if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
        {
-         showheader(_("My CAcert.org Account!"));
-         //echo _("Now changing the settings for the following certificates:")."<br>\n";
-         foreach($_REQUEST as $id => $val)
-         {
-           //echo $id."<br/>";
-           if(substr($id,0,5)=="cert_")
-           {
-             $id = intval(substr($id,5));
-             $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
-             //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
-             mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
-             //$row = mysql_fetch_assoc($res);
-           }
-         }
-         echo(_("Certificate settings have been changed.")."<br/>\n");
-         showfooter();
-         exit;
+               showheader(_("My CAcert.org Account!"));
+               foreach($_REQUEST as $id => $val)
+               {
+                       if(substr($id,0,5)=="cert_")
+                       {
+                               $cid = intval(substr($id,5));
+                               $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+                               mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+                       }
+                       if(substr($id,0,14)=="check_comment_")
+                       {
+                               $cid = intval(substr($id,14));
+                               if(!empty($_REQUEST['check_comment_'.$cid])) {
+                                       $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+                                       mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+                               }
+                       }
+               }
+               echo(_("Certificate settings have been changed.")."<br/>\n");
+               showfooter();
+               exit;
        }
 
 
+       if($oldid == 6 && $_REQUEST['certid'] != "")
+       {
+               if(trim($_REQUEST['description']) != ""){
+                       $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+               }else{
+                       $description= "";
+               }
+
+               if(trim($_REQUEST['disablelogin']) == "1"){
+                       $disablelogin = 1;
+               }else{
+                       $disablelogin = 0;
+               }
+
+               mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+       }
+
        if($oldid == 13 && $process != "")
        {
                csrf_check("perschange");
                $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
                $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
 
-                if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
-                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
-                        $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
-                {
-                        $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
-                        $id = $oldid;
+               if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+                               $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+                               $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+                               $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+                               $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+                               $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+                               $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+                               $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+                               $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+                               $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+                               $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+                               $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+                               $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+                               $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+                               $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+                               $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+                               $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+               {
+                       $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+                       $id = $oldid;
                        $oldid=0;
-                }
+               }
 
                if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
                        $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
                $ddres = mysql_query($ddquery);
                $ddrow = mysql_fetch_assoc($ddres);
                $_SESSION['profile']['points'] = $ddrow['total'];
-               
+
                if($_SESSION['profile']['points'] == 0)
                {
                        $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
                                                where `id`='".$_SESSION['profile']['id']."'";
                mysql_query($query);
 
-               //!!!Should be rewritten 
+               //!!!Should be rewritten
                $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
                $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
                if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
                }
                $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
                $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+
+
+               if(trim($_REQUEST['description']) != ""){
+                       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+               }else{
+                       $_SESSION['_config']['description']= "";
+               }
        }
 
        if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
                if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                        $_SESSION['_config']['rootcert'] = 1;
 
+               if(trim($_REQUEST['description']) != ""){
+                       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+               }else{
+                       $_SESSION['_config']['description']= "";
+               }
+
                if(@count($_SESSION['_config']['emails']) > 0)
                        $id = 17;
        }
                        if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                                $_SESSION['_config']['rootcert'] = 1;
 
+
                        $emails .= "SPKAC = $spkac";
                        if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
                        {
                                showfooter();
                                exit;
                        }
-                       
-                       $query = "insert into `orgemailcerts` set 
-                                               `CN`='$defaultemail', 
+
+                       $query = "insert into `orgemailcerts` set
+                                               `CN`='$defaultemail',
                                                `keytype`='NS',
                                                `orgid`='".$org['orgid']."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `codesign`='".$_SESSION['_config']['codesign']."',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."'";
+                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
+                                               `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
 
                        fputs($fp, $emails);
                        fclose($fp);
                        $challenge=$_SESSION['spkac_hash'];
-                        $res=`openssl spkac -verify -in $CSRname`;
-                        if(!strstr($res,"Challenge String: ".$challenge))
-                        {
-                                $id = $oldid;
-                                showheader(_("My CAcert.org Account!"));
-                                echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
-                                showfooter();
-                                exit;
-                        }
+                       $res=`openssl spkac -verify -in $CSRname`;
+                       if(!strstr($res,"Challenge String: ".$challenge))
+                       {
+                               $id = $oldid;
+                               showheader(_("My CAcert.org Account!"));
+                               echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+                               showfooter();
+                               exit;
+                       }
                        mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
                        $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
-                       
+
                        if (($weakKey = checkWeakKeyCSR($csr)) !== "")
                        {
                                $id = 17;
                                showfooter();
                                exit;
                        }
-                       
+
                        $tmpfname = tempnam("/tmp", "id17CSR");
                        $fp = fopen($tmpfname, "w");
                        fputs($fp, $csr);
                        if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                                $_SESSION['_config']['rootcert'] = 1;
 
-                       $query = "insert into `orgemailcerts` set 
-                                               `CN`='$defaultemail', 
+                       $query = "insert into `orgemailcerts` set
+                                               `CN`='$defaultemail',
                                                `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
                                                `orgid`='".$org['orgid']."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `subject`='$csrsubject',
                                                `codesign`='".$_SESSION['_config']['codesign']."',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."'";
+                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
+                                               `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
 
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               $query = "insert into `orgemailcerts` set 
-                                               `orgid`='".$row['orgid']."', 
+                               $query = "insert into `orgemailcerts` set
+                                               `orgid`='".$row['orgid']."',
                                                `CN`='".$row['CN']."',
                                                `subject`='".$row['subject']."',
-                                               `keytype`='".$row['keytype']."', 
-                                               `csr_name`='".$row['csr_name']."', 
-                                               `created`='".$row['created']."', 
+                                               `keytype`='".$row['keytype']."',
+                                               `csr_name`='".$row['csr_name']."',
+                                               `created`='".$row['created']."',
                                                `modified`=NOW(),
                                                `codesign`='".$row['codesign']."',
-                                               `rootcert`='".$row['rootcert']."'";
+                                               `rootcert`='".$row['rootcert']."',
+                                               `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
                                $newfile=generatecertpath("csr","orgclient",$newid);
                exit;
        }
 
+       if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+       {
+               showheader(_("My CAcert.org Account!"));
+               foreach($_REQUEST as $id => $val)
+               {
+                       if(substr($id,0,14)=="check_comment_")
+                       {
+                               $cid = intval(substr($id,14));
+                               $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+                               mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+                       }
+               }
+               echo(_("Certificate settings have been changed.")."<br/>\n");
+               showfooter();
+               exit;
+       }
+
+
        if($process != "" && $oldid == 20)
        {
                $CSR = clean_csr($_REQUEST['CSR']);
-               
+
                if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
                {
                        $id = 20;
                        showfooter();
                        exit;
                }
-               
+
+               if(trim($_REQUEST['description']) != ""){
+                       $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+               }else{
+                       $_SESSION['_config']['description']= "";
+               }
+
                $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
                $fp = fopen($_SESSION['_config']['tmpfname'], "w");
                fputs($fp, $CSR);
        if($process != "" && $oldid == 21)
        {
                $id = 21;
-               
+
                if(!file_exists($_SESSION['_config']['tmpfname']))
                {
                        showheader(_("My CAcert.org Account!"));
                        showfooter();
                        exit;
                }
-               
+
                if (($weakKey = checkWeakKeyCSR(file_get_contents(
                                $_SESSION['_config']['tmpfname']))) !== "")
                {
                        exit;
                }
 
-                if($_SESSION['_config']['rowid']['0'] > 0)
-                {
+               if($_SESSION['_config']['rowid']['0'] > 0)
+               {
                        $query = "select * from `org`,`orginfo` where
                                        `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
                                        `orginfo`.`id`=`org`.`orgid` and
                if(is_array($_SESSION['_config']['rows']))
                        foreach($_SESSION['_config']['rows'] as $row)
                                $csrsubject .= "/commonName=$row";
-               $SAN="";                
+               $SAN="";
                if(is_array($_SESSION['_config']['altrows']))
                        foreach($_SESSION['_config']['altrows'] as $subalt)
                        {
                if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                        $_SESSION['_config']['rootcert'] = 1;
 
-                if($_SESSION['_config']['rowid']['0'] > 0)
-                {
-                        $query = "insert into `orgdomaincerts` set 
-                                               `CN`='".$_SESSION['_config']['rows']['0']."',
-                                               `orgid`='".$org['id']."',
-                                                `created`=NOW(),
-                                               `subject`='$csrsubject',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
-                                               `type`='$type'";
-                } else {
-                        $query = "insert into `orgdomaincerts` set 
-                                               `CN`='".$_SESSION['_config']['altrows']['0']."',
-                                               `orgid`='".$org['id']."',
-                                                `created`=NOW(),
-                                               `subject`='$csrsubject',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
-                                               `type`='$type'";
-                }
-                mysql_query($query);
+               if($_SESSION['_config']['rowid']['0'] > 0)
+               {
+                       $query = "insert into `orgdomaincerts` set
+                                       `CN`='".$_SESSION['_config']['rows']['0']."',
+                                       `orgid`='".$org['id']."',
+                                       `created`=NOW(),
+                                       `subject`='$csrsubject',
+                                       `rootcert`='".$_SESSION['_config']['rootcert']."',
+                                       `type`='$type',
+                                       `description`='".$_SESSION['_config']['description']."'";
+               } else {
+                       $query = "insert into `orgdomaincerts` set
+                                       `CN`='".$_SESSION['_config']['altrows']['0']."',
+                                       `orgid`='".$org['id']."',
+                                       `created`=NOW(),
+                                       `subject`='$csrsubject',
+                                       `rootcert`='".$_SESSION['_config']['rootcert']."',
+                                       `type`='$type',
+                                       `description`='".$_SESSION['_config']['description']."'";
+               }
+               mysql_query($query);
                $CSRid = mysql_insert_id();
 
                $CSRname=generatecertpath("csr","orgserver",$CSRid);
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               $query = "insert into `orgdomaincerts` set 
-                                               `orgid`='".$row['orgid']."', 
+                               $query = "insert into `orgdomaincerts` set
+                                               `orgid`='".$row['orgid']."',
                                                `CN`='".$row['CN']."',
-                                               `csr_name`='".$row['csr_name']."', 
+                                               `csr_name`='".$row['csr_name']."',
                                                `created`='".$row['created']."',
-                                               `modified`=NOW(), 
-                                               `subject`='".$row['subject']."', 
+                                               `modified`=NOW(),
+                                               `subject`='".$row['subject']."',
                                                `type`='".$row['type']."',
-                                               `rootcert`='".$row['rootcert']."'";
+                                               `rootcert`='".$row['rootcert']."',
+                                               `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
                                //echo "NewID: $newid<br/>\n";
                exit;
        }
 
+       if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+       {
+               showheader(_("My CAcert.org Account!"));
+               foreach($_REQUEST as $id => $val)
+               {
+                       if(substr($id,0,14)=="check_comment_")
+                       {
+                               $cid = intval(substr($id,14));
+                               $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+                               mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+                       }
+               }
+               echo(_("Certificate settings have been changed.")."<br/>\n");
+               showfooter();
+               exit;
+       }
+
+
        if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
                $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
                $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
 
        if(($oldid == 29 || $oldid == 30) && $process != "")      // _("Cancel") is handled in front of account.php
        {
-               $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
+               $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
                                `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
                                `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
                                `orgdomains`.`id`='".intval($domid)."'";
                while($row = mysql_fetch_assoc($res))
                        mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
 
-               $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
+               $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
                                `orgemaillink`.`domid`=`orgdomains`.`id` and
                                `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
                                `orgdomains`.`id`='".intval($domid)."'";
                $dres = mysql_query($query);
                while($drow = mysql_fetch_assoc($dres))
                {
-                       $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
+                       $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
                                        `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
                                        `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
                                        `orgdomains`.`id`='".intval($drow['id'])."'";
                                mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
                        }
 
-                       $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
+                       $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
                                        `orgemaillink`.`domid`=`orgdomains`.`id` and
                                        `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
                                        `orgdomains`.`id`='".intval($drow['id'])."'";
                        $row = mysql_fetch_assoc($res);
                        if ( !is_assurer(intval($row['id'])) )
                        {
-                               $id = $oldid;\r
-                               $oldid=0;\r
+                               $id = $oldid;
+                               $oldid=0;
                                $_SESSION['_config']['errmsg'] =
                                                _("The user is not an Assurer yet");
                        } else {
                exit;
        }
 
-       if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || 
-                    ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+       if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
+                       ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
                        $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
        {
                $id = 53;
                $locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
                $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
                $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
-               $lat =  array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+               $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
                $action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
 
                if($locid > 0 && $action == "edit")
                $oldid=0;
        }
 
-       if($oldid == 43 && $_REQUEST['action'] == "updatedob")
+       if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation==TRUE)
        {
                $id = 43;
                $oldid=0;
                $month = intval($_REQUEST['month']);
                $year = intval($_REQUEST['year']);
                $userid = intval($_REQUEST['userid']);
-               $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
-               $details = mysql_fetch_assoc(mysql_query($query));
-               $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
-                               `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
-               mysql_query($query);
                $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
                mysql_query($query);
+               write_se_log($userid,$_SESSION[''], $_SESSION['profile']['id'],'AD Name/DOB Change',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+       }
+
+       if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
+       {
+               $userid = intval($_REQUEST['userid']);
+               revoke_all_private_cert($userid);
+               $id=43;
        }
 
        if($oldid == 48 && $_REQUEST['domain'] == "")
                        $_REQUEST['email'] = $row['email'];
        }
 
-       if($oldid == 44)
+       if($oldid == 44 && $ticketvalidation==TRUE)
        {
                showheader(_("My CAcert.org Account!"));
                if(intval($_REQUEST['userid']) <= 0)
 
                        sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
                                                "support@cacert.org", "", "", "CAcert Support");
-
+                       write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'AD reset password',$ticketno);
                }
                showfooter();
                exit;
+       }else{
+               $_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
        }
 
+
        if($process != "" && $oldid == 45)
        {
                $CSR = clean_csr($CSR);
                        showfooter();
                        exit;
                }
-               
+
                if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
                {
                        showheader(_("My CAcert.org Account!"));
                        exit;
                }
 
-               $query = "insert into `domaincerts` set 
+               $query = "insert into `domaincerts` set
                                                `CN`='".$_SESSION['_config']['0.CN']."',
                                                `domid`='".$_SESSION['_config']['row']['id']."',
                                                `created`=NOW()";
                }
        }
 
-       if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0)
+       /* presently not needed
+       if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
                $query = "select * from `users` where `id`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['tverify'];
                mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change tverify status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+       }
+ */
+       if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation==TRUE)
+       {
+               csrf_check('admsetassuret');
+               $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+               $query = "select * from `users` where `id`='$memid'";
+               $row = mysql_fetch_assoc(mysql_query($query));
+               $ver = !$row['assurer'];
+               mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer staus',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+       }
+
+       if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation==TRUE)
+       {
+               $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+               $query = "select * from `users` where `id`='$memid'";
+               $row = mysql_fetch_assoc(mysql_query($query));
+               $ver = !$row['assurer_blocked'];
+               mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer blocked status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-  if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
-  {
-    csrf_check('admsetassuret');
-    $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
-    $query = "select * from `users` where `id`='$memid'";
-    $row = mysql_fetch_assoc(mysql_query($query));
-    $ver = !$row['assurer'];
-    mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
-  }
-
-  if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
-  {
-    $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
-    $query = "select * from `users` where `id`='$memid'";
-    $row = mysql_fetch_assoc(mysql_query($query));
-    $ver = !$row['assurer_blocked'];
-    mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
-  }
-
-       if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
-       {
-               csrf_check('admactlock');       
+       if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation==TRUE)
+       {
+               csrf_check('admactlock');
                $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
                $query = "select * from `users` where `id`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['locked'];
                mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change locked status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
+       if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation==TRUE)
        {
                csrf_check('admcodesign');
                $memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['codesign'];
                mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change codesign status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
+       if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation==TRUE)
        {
                csrf_check('admorgadmin');
                $memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['orgadmin'];
                mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change org assuer status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
+       if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation==TRUE)
        {
                csrf_check('admttpadmin');
                $memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['ttpadmin'];
                mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change ttp admin status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
+       if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
                $query = "select * from `users` where `id`='$memid'";
                if($ver > 2)
                        $ver = 0;
                mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change advertising admin status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
+       if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
                $query = "select * from `users` where `id`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['locadmin'];
                mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change location admin status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
+       if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation==TRUE)
        {
                csrf_check('admsetadmin');
                $memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['admin'];
                mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change SE status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
+       if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
                $query = "select * from `alerts` where `memid`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['general'];
                mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change general status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
+       if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
                $query = "select * from `alerts` where `memid`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['country'];
                mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change country status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
+       if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
                $query = "select * from `alerts` where `memid`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['regional'];
                mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change regional status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
-       if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
+       if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation==TRUE)
        {
                $memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
                $query = "select * from `alerts` where `memid`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                $ver = !$row['radius'];
                mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+               write_se_log($memid, $_SESSION['profile']['id'],'AD Change radius status',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
 
        if($id == 50)
        if($oldid == 50 && $process != "")
        {
                $_REQUEST['userid'] = intval($_REQUEST['userid']);
-               $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
-               if(mysql_num_rows($res) > 0)
-               {
-                       $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
-                                       WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
+               if (trim($_REQUEST['arbitrationno'])==""){
+                       showheader(_("My CAcert.org Account!"));
+                       echo _("You did not enter an arbitration number entry.");
+                       showfooter();
+                       exit;
+               }
+               if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
+                       showheader(_("My CAcert.org Account!"));
+                       printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+                       showfooter();
+                       exit;
                }
+               if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
+                       showheader(_("My CAcert.org Account!"));
+                       printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+                       showfooter();
+                       exit;
+                }
+               if (check_client_cert_running($_REQUEST['userid'],1) ||
+                       check_server_cert_running($_REQUEST['userid'],1) ||
+                       check_gpg_cert_running($_REQUEST['userid'],1)) {
+                       showheader(_("My CAcert.org Account!"));
+                       printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+                       showfooter();
+                       exit;
+               }
+               if (check_is_orgadmin($_REQUEST['userid'],1)) {
+                       showheader(_("My CAcert.org Account!"));
+                       printf(_("The user is listed as Organisation Administrator. Can't continue."));
+                       showfooter();
+                       exit;
+               }
+               account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+       }
+
+       if(($id == 51 || $id == 52 || $oldid == 52))
+       {
+               showheader(_("My CAcert.org Account!"));
+               echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" );
+               showfooter();
+               exit;
        }
 
+       /* this area not needed as the The Tverify programme is Terminated as of 16th November 2010
+
        if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
        {
                showheader(_("My CAcert.org Account!"));
                showfooter();
                exit;
        }
-
        if($oldid == 52)
        {
                $uid = intval($_REQUEST['uid']);
                        while($row = mysql_fetch_assoc($res))
                                $body .= $row['comment']."\n";
                        $body .= "\n";
-                       
+
                        $body .= _("Best regards")."\n";
                        $body .= _("CAcert Support Team");
                        sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
                        $body .= "\n";
 
                        $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
-                       
+
                        $body .= _("Best regards")."\n";
                        $body .= _("CAcert Support Team");
                        sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
                showfooter();
                exit;
        }
+ */
+       if($id == 59){
+               if ($oldid==43) {
+                       se_write_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'View account history', $_REQUEST['ticketno']);
+                       $support=1;
+               }ELSEIF ($oldid==13){
+                       $support=0;
+               }ELSE{
+                       showheader(_("My CAcert.org Account!"));
+                       echo _("You do not have access to this page.");
+                       showfooter();
+                       exit;
+               }
+       }
+
 
        if(intval($cert) > 0)
                $_SESSION['_config']['cert'] = intval($cert);