bug 782: adjusted comment handling for client certs
authorINOPIAE <inopiae@cacert.org>
Wed, 1 May 2013 20:20:26 +0000 (22:20 +0200)
committerINOPIAE <inopiae@cacert.org>
Wed, 1 May 2013 20:20:26 +0000 (22:20 +0200)
includes/account.php
pages/account/5.php

index 232bbac..898c58c 100644 (file)
@@ -10,7 +10,7 @@
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
-  
+
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
@@ -18,7 +18,7 @@
        require_once("../includes/loggedin.php");
        require_once("../includes/lib/l10n.php");
        require_once("../includes/lib/check_weak_key.php");
-       
+
        loadem("account");
 
        $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
@@ -83,7 +83,7 @@
                if($checkemail != "OK")
                {
                        showheader(_("My CAcert.org Account!"));
-                       if (substr($checkemail, 0, 1) == "4") 
+                       if (substr($checkemail, 0, 1) == "4")
                        {
                                echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
                        } else {
                                {
                                        $row = mysql_fetch_assoc($res);
                                        echo $row['email']."<br>\n";
-                                       $query = "select `emailcerts`.`id` 
+                                       $query = "select `emailcerts`.`id`
                                                        from `emaillink`,`emailcerts` where
                                                        `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
                                                        `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
                                        $dres = mysql_query($query);
                                        while($drow = mysql_fetch_assoc($dres))
                                                mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-       
+
                                        $query = "update `email` set `deleted`=NOW() where `id`='$id'";
                                        mysql_query($query);
                                        $delcount++;
                                showfooter();
                                exit;
                        }
-                       
+
                        $query = "insert into emailcerts set
-                                               `CN`='$defaultemail', 
+                                               `CN`='$defaultemail',
                                                `keytype`='NS',
                                                `memid`='".intval($_SESSION['profile']['id'])."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `codesign`='".intval($_SESSION['_config']['codesign'])."',
                                                `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-                                               `rootcert`='".intval($_SESSION['_config']['rootcert'])."', 
+                                               `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
                                                `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
                        if($csr == "")
                                $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
-                       
+
                        if (($weakKey = checkWeakKeyCSR($csr)) !== "")
                        {
                                $id = 4;
                                showfooter();
                                exit;
                        }
-                       
+
                        $tmpfname = tempnam("/tmp", "id4CSR");
                        $fp = fopen($tmpfname, "w");
                        fputs($fp, $csr);
                                showfooter();
                                exit;
                        }
-                       $query = "insert into emailcerts set 
-                                               `CN`='$defaultemail', 
+                       $query = "insert into emailcerts set
+                                               `CN`='$defaultemail',
                                                `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
                                                `memid`='".$_SESSION['profile']['id']."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `subject`='".mysql_real_escape_string($csrsubject)."',
                                                `codesign`='".$_SESSION['_config']['codesign']."',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."', 
+                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
                                                `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
                {
                        showheader(_("My CAcert.org Account!"));
                        //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
-                       if (substr($checkemail, 0, 1) == "4") 
+                       if (substr($checkemail, 0, 1) == "4")
                        {
                                echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
                        } else {
                  // In case the CSR is missing the ---BEGIN lines, add them automatically:
                  $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
                }
-               
+
                if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
                {
                        showheader(_("My CAcert.org Account!"));
                        showfooter();
                        exit;
                }
-               
+
                if(trim($_REQUEST['description']) != ""){
        $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
     }else{
        $_SESSION['_config']['description']= "";
     }
-    
+
                $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
                $fp = fopen($_SESSION['_config']['tmpfname'], "w");
                fputs($fp, $CSR);
                        showfooter();
                        exit;
                }
-               
+
                if (($weakKey = checkWeakKeyCSR(file_get_contents(
                                $_SESSION['_config']['tmpfname']))) !== "")
                {
                        showfooter();
                        exit;
                }
-               
+
                $id = 11;
                if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
                {
 
                if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
                {
-                       $query = "insert into `domaincerts` set 
+                       $query = "insert into `domaincerts` set
                                                `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
                                                `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
                                                `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', 
+                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
                                                `description`='".$_SESSION['_config']['description']."'";
                } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
-                       $query = "insert into `domaincerts` set 
+                       $query = "insert into `domaincerts` set
                                                `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
                                                `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
                                                `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', 
+                                               `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
                                                `description`='".$_SESSION['_config']['description']."'";
                } else {
                        showheader(_("My CAcert.org Account!"));
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
-                               $query = "insert into `domaincerts` set 
-                                               `domid`='".$row['domid']."', 
+                               $query = "insert into `domaincerts` set
+                                               `domid`='".$row['domid']."',
                                                `CN`='".mysql_real_escape_string($row['CN'])."',
                                                `subject`='".mysql_real_escape_string($row['subject'])."',".
                                                //`csr_name`='".$row['csr_name']."', // RACE CONDITION
                                                "`created`='".$row['created']."',
-                                               `modified`=NOW(), 
+                                               `modified`=NOW(),
                                                `rootcert`='".$row['rootcert']."',
                                                `type`='".$row['type']."',
-                                               `pkhash`='".$row['pkhash']."', 
+                                               `pkhash`='".$row['pkhash']."',
                                                `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
                        foreach($_REQUEST['revokeid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` 
+                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".$_SESSION['profile']['id']."'";
                        foreach($_REQUEST['delid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` 
+                               $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
                                                where `domaincerts`.`id`='$id' and
                                                `domaincerts`.`domid`=`domains`.`id` and
                                                `domains`.`memid`='".$_SESSION['profile']['id']."'";
                        foreach($_REQUEST['revokeid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` 
+                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
                                                where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) <= 0)
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
-                               $query = "insert into emailcerts set 
-                                               `memid`='".$row['memid']."', 
+                               $query = "insert into emailcerts set
+                                               `memid`='".$row['memid']."',
                                                `CN`='".mysql_real_escape_string($row['CN'])."',
                                                `subject`='".mysql_real_escape_string($row['subject'])."',
-                                               `keytype`='".$row['keytype']."', 
-                                               `csr_name`='".$row['csr_name']."', 
-                                               `created`='".$row['created']."', 
+                                               `keytype`='".$row['keytype']."',
+                                               `csr_name`='".$row['csr_name']."',
+                                               `created`='".$row['created']."',
                                                `modified`=NOW(),
                                                `disablelogin`='".$row['disablelogin']."',
                                                `codesign`='".$row['codesign']."',
-                                               `rootcert`='".$row['rootcert']."', 
+                                               `rootcert`='".$row['rootcert']."',
                                                `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
                        foreach($_REQUEST['revokeid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` 
+                               $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
                                                where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) <= 0)
                        foreach($_REQUEST['delid'] as $id)
                        {
                                $id = intval($id);
-                               $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` 
+                               $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
                                                where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) <= 0)
              mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
              //$row = mysql_fetch_assoc($res);
            }
+               if(substr($id,0,14)=="check_comment_")
+               {
+                       $id = intval(substr($id,14));
+                       $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$id])));
+                       mysql_query("update `emailcerts` set `description`='$comment' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
+                       //$row = mysql_fetch_assoc($res);
+               }
          }
          echo(_("Certificate settings have been changed.")."<br/>\n");
          showfooter();
                $ddres = mysql_query($ddquery);
                $ddrow = mysql_fetch_assoc($ddres);
                $_SESSION['profile']['points'] = $ddrow['total'];
-               
+
                if($_SESSION['profile']['points'] == 0)
                {
                        $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
                                                where `id`='".$_SESSION['profile']['id']."'";
                mysql_query($query);
 
-               //!!!Should be rewritten 
+               //!!!Should be rewritten
                $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
                $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
                if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
                }
                $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
                $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
-               
-      
+
+
     if(trim($_REQUEST['description']) != ""){
         $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
     }else{
     }else{
         $_SESSION['_config']['description']= "";
     }
-      
+
                if(@count($_SESSION['_config']['emails']) > 0)
                        $id = 17;
        }
                                $emails .= "countryName = ".$org['C']."\n";
                        if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                                $_SESSION['_config']['rootcert'] = 1;
-      
-      
+
+
                        $emails .= "SPKAC = $spkac";
                        if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
                        {
                                showfooter();
                                exit;
                        }
-                       
-                       $query = "insert into `orgemailcerts` set 
-                                               `CN`='$defaultemail', 
+
+                       $query = "insert into `orgemailcerts` set
+                                               `CN`='$defaultemail',
                                                `keytype`='NS',
                                                `orgid`='".$org['orgid']."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `codesign`='".$_SESSION['_config']['codesign']."',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."', 
+                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
                                                `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
                        mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
                } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
                        $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
-                       
+
                        if (($weakKey = checkWeakKeyCSR($csr)) !== "")
                        {
                                $id = 17;
                                showfooter();
                                exit;
                        }
-                       
+
                        $tmpfname = tempnam("/tmp", "id17CSR");
                        $fp = fopen($tmpfname, "w");
                        fputs($fp, $csr);
                        if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
                                $_SESSION['_config']['rootcert'] = 1;
 
-                       $query = "insert into `orgemailcerts` set 
-                                               `CN`='$defaultemail', 
+                       $query = "insert into `orgemailcerts` set
+                                               `CN`='$defaultemail',
                                                `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
                                                `orgid`='".$org['orgid']."',
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `subject`='$csrsubject',
                                                `codesign`='".$_SESSION['_config']['codesign']."',
-                                               `rootcert`='".$_SESSION['_config']['rootcert']."', 
+                                               `rootcert`='".$_SESSION['_config']['rootcert']."',
                                                `description`='".$_SESSION['_config']['description']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               $query = "insert into `orgemailcerts` set 
-                                               `orgid`='".$row['orgid']."', 
+                               $query = "insert into `orgemailcerts` set
+                                               `orgid`='".$row['orgid']."',
                                                `CN`='".$row['CN']."',
                                                `subject`='".$row['subject']."',
-                                               `keytype`='".$row['keytype']."', 
-                                               `csr_name`='".$row['csr_name']."', 
-                                               `created`='".$row['created']."', 
+                                               `keytype`='".$row['keytype']."',
+                                               `csr_name`='".$row['csr_name']."',
+                                               `created`='".$row['created']."',
                                                `modified`=NOW(),
                                                `codesign`='".$row['codesign']."',
-                                               `rootcert`='".$row['rootcert']."', 
+                                               `rootcert`='".$row['rootcert']."',
                                                `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
        if($process != "" && $oldid == 20)
        {
                $CSR = clean_csr($_REQUEST['CSR']);
-               
+
                if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
                {
                        $id = 20;
                        showfooter();
                        exit;
                }
-               
+
                if(trim($_REQUEST['description']) != ""){
        $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
     }else{
        $_SESSION['_config']['description']= "";
     }
-    
+
                $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
                $fp = fopen($_SESSION['_config']['tmpfname'], "w");
                fputs($fp, $CSR);
        if($process != "" && $oldid == 21)
        {
                $id = 21;
-               
+
                if(!file_exists($_SESSION['_config']['tmpfname']))
                {
                        showheader(_("My CAcert.org Account!"));
                        showfooter();
                        exit;
                }
-               
+
                if (($weakKey = checkWeakKeyCSR(file_get_contents(
                                $_SESSION['_config']['tmpfname']))) !== "")
                {
                if(is_array($_SESSION['_config']['rows']))
                        foreach($_SESSION['_config']['rows'] as $row)
                                $csrsubject .= "/commonName=$row";
-               $SAN="";                
+               $SAN="";
                if(is_array($_SESSION['_config']['altrows']))
                        foreach($_SESSION['_config']['altrows'] as $subalt)
                        {
 
                 if($_SESSION['_config']['rowid']['0'] > 0)
                 {
-                        $query = "insert into `orgdomaincerts` set 
+                        $query = "insert into `orgdomaincerts` set
                                                `CN`='".$_SESSION['_config']['rows']['0']."',
                                                `orgid`='".$org['id']."',
                                                 `created`=NOW(),
                                                `rootcert`='".$_SESSION['_config']['rootcert']."',
                                                `type`='$type'";
                 } else {
-                        $query = "insert into `orgdomaincerts` set 
+                        $query = "insert into `orgdomaincerts` set
                                                `CN`='".$_SESSION['_config']['altrows']['0']."',
                                                `orgid`='".$org['id']."',
                                                 `created`=NOW(),
                                                `subject`='$csrsubject',
                                                `rootcert`='".$_SESSION['_config']['rootcert']."',
-                                               `type`='$type', 
+                                               `type`='$type',
                                                `description`='".$_SESSION['_config']['description']."'";
                 }
                 mysql_query($query);
                                        printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
                                        continue;
                                }
-                               
+
                                $row = mysql_fetch_assoc($res);
-                               
+
                                if (($weakKey = checkWeakKeyX509(file_get_contents(
                                                $row['crt_name']))) !== "")
                                {
                                        echo $weakKey, "<br/>\n";
                                        continue;
                                }
-                               
+
                                mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
                                if($row['revoke'] > 0)
                                {
                                        printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
                                        continue;
                                }
-                               $query = "insert into `orgdomaincerts` set 
-                                               `orgid`='".$row['orgid']."', 
+                               $query = "insert into `orgdomaincerts` set
+                                               `orgid`='".$row['orgid']."',
                                                `CN`='".$row['CN']."',
-                                               `csr_name`='".$row['csr_name']."', 
+                                               `csr_name`='".$row['csr_name']."',
                                                `created`='".$row['created']."',
-                                               `modified`=NOW(), 
-                                               `subject`='".$row['subject']."', 
+                                               `modified`=NOW(),
+                                               `subject`='".$row['subject']."',
                                                `type`='".$row['type']."',
-                                               `rootcert`='".$row['rootcert']."', 
+                                               `rootcert`='".$row['rootcert']."',
                                                `description`='".$row['description']."'";
                                mysql_query($query);
                                $newid = mysql_insert_id();
 
        if(($oldid == 29 || $oldid == 30) && $process != "")      // _("Cancel") is handled in front of account.php
        {
-               $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
+               $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
                                `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
                                `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
                                `orgdomains`.`id`='".intval($domid)."'";
                while($row = mysql_fetch_assoc($res))
                        mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
 
-               $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
+               $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
                                `orgemaillink`.`domid`=`orgdomains`.`id` and
                                `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
                                `orgdomains`.`id`='".intval($domid)."'";
                $dres = mysql_query($query);
                while($drow = mysql_fetch_assoc($dres))
                {
-                       $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
+                       $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
                                        `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
                                        `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
                                        `orgdomains`.`id`='".intval($drow['id'])."'";
                                mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
                        }
 
-                       $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
+                       $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
                                        `orgemaillink`.`domid`=`orgdomains`.`id` and
                                        `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
                                        `orgdomains`.`id`='".intval($drow['id'])."'";
                exit;
        }
 
-       if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || 
+       if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
                     ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
                        $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
        {
                        showfooter();
                        exit;
                }
-               
+
                if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
                {
                        showheader(_("My CAcert.org Account!"));
                        exit;
                }
 
-               $query = "insert into `domaincerts` set 
+               $query = "insert into `domaincerts` set
                                                `CN`='".$_SESSION['_config']['0.CN']."',
                                                `domid`='".$_SESSION['_config']['row']['id']."',
                                                `created`=NOW()";
 
        if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
        {
-               csrf_check('admactlock');       
+               csrf_check('admactlock');
                $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
                $query = "select * from `users` where `id`='$memid'";
                $row = mysql_fetch_assoc(mysql_query($query));
                        while($row = mysql_fetch_assoc($res))
                                $body .= $row['comment']."\n";
                        $body .= "\n";
-                       
+
                        $body .= _("Best regards")."\n";
                        $body .= _("CAcert Support Team");
                        sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
                        $body .= "\n";
 
                        $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
-                       
+
                        $body .= _("Best regards")."\n";
                        $body .= _("CAcert Support Team");
                        sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
index f8e9190..7ef8933 100644 (file)
@@ -19,7 +19,7 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="9" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+    <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
     <td class="DataTD"><?=_("Revoked")?></td>
     <td class="DataTD"><?=_("Expires")?></td>
     <td class="DataTD"><?=_("Login")?></td>
-    <td class="DataTD"><?=_("Comment *")?></td>
+    <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
 <?
        $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
                        UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
                        UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
-                       `emailcerts`.`expire` as `expires`, 
+                       `emailcerts`.`expire` as `expires`,
                        `emailcerts`.`revoked` as `revoke`,
-                       UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, 
+                       UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
                        `emailcerts`.`id`,
                        `emailcerts`.`CN`,
                        `emailcerts`.`serial`,
                        emailcerts.disablelogin as `disablelogin`,
                        `emailcerts`.`description`
-                       from `emailcerts`
+                       from `emailcerts`
                        where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
                        ";
        if($viewall != 1)
@@ -94,7 +94,8 @@
       <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
       <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
     </td>
-    <td class="DataTD"><?=htmlspecialchars($row['description'])?></td>
+    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"><?=htmlspecialchars($row['description'])?></input></td>
+    <td><input type="checkbox" name="check_comment_<?=$row['id']?>" value="0"/></td>
   </tr>
     <? } ?>
   <tr>
       <?=_("* Comment is NOT included in the certificate as it is inteded for your personal reference only. To change the comment go to the certificate view with hitting email address.")?>
     </td>
   </tr>
-  
+
   <tr>
     <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
                        <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
 
-    <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+    <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
 
   </tr>
 <? } ?>