Source code taken from cacert-20130227.tar.bz2
[cacert.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19 require_once("../includes/lib/l10n.php");
20 require_once('lib/check_weak_key.php');
21
22 loadem("account");
23
24 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
25 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
26 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
27
28 $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
29 $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
30 $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
31 $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
32
33
34 if(!$_SESSION['mconn'])
35 {
36 echo _("Several CAcert Services are currently unavailable. Please try again later.");
37 exit;
38 }
39
40 if ($process == _("Cancel"))
41 {
42 // General reset CANCEL process requests
43 $process = "";
44 }
45
46
47 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
48 {
49 $id = 1;
50 $oldid=0;
51 }
52
53 if($process != "" && $oldid == 1)
54 {
55 $id = 1;
56 csrf_check('addemail');
57 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
58 {
59 showheader(_("My CAcert.org Account!"));
60 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
61 showfooter();
62 exit;
63 }
64 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
65 {
66 showheader(_("My CAcert.org Account!"));
67 printf(_("Not a valid email address. Can't continue."));
68 showfooter();
69 exit;
70 }
71 $oldid=0;
72 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
73 $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
74 $res = mysql_query($query);
75 if(mysql_num_rows($res) > 0)
76 {
77 showheader(_("My CAcert.org Account!"));
78 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
79 showfooter();
80 exit;
81 }
82 $checkemail = checkEmail($_REQUEST['newemail']);
83 if($checkemail != "OK")
84 {
85 showheader(_("My CAcert.org Account!"));
86 if (substr($checkemail, 0, 1) == "4")
87 {
88 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
89 } else {
90 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
91 }
92 echo "<p>$checkemail</p>\n";
93 showfooter();
94 exit;
95 }
96 $hash = make_hash();
97 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
98 mysql_query($query);
99 $emailid = mysql_insert_id();
100
101 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
102 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
103 $body .= _("Best regards")."\n"._("CAcert.org Support!");
104
105 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
106
107 showheader(_("My CAcert.org Account!"));
108 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
109 showfooter();
110 exit;
111 }
112
113 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
114 {
115 $id = 2;
116 $emailid = intval($_REQUEST['emailid']);
117 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
118 $res = mysql_query($query);
119 if(mysql_num_rows($res) <= 0)
120 {
121 showheader(_("Error!"));
122 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
123 showfooter();
124 exit;
125 }
126 $row = mysql_fetch_assoc($res);
127 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
128 $body .= _("You are receiving this email because you or someone else ".
129 "has changed the default email on your account.")."\n\n";
130
131 $body .= _("Best regards")."\n"._("CAcert.org Support!");
132
133 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
134 "support@cacert.org", "", "", "CAcert Support");
135
136 $_SESSION['profile']['email'] = $row['email'];
137 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
138 mysql_query($query);
139 showheader(_("My CAcert.org Account!"));
140 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
141 showfooter();
142 exit;
143 }
144
145 if($process != "" && $oldid == 2)
146 {
147 $id = 2;
148 csrf_check("chgdef");
149 showheader(_("My CAcert.org Account!"));
150 $delcount = 0;
151 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
152 {
153 foreach($_REQUEST['delid'] as $id)
154 {
155 $id = intval($id);
156 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
157 `email`!='".$_SESSION['profile']['email']."'";
158 $res = mysql_query($query);
159 if(mysql_num_rows($res) > 0)
160 {
161 $row = mysql_fetch_assoc($res);
162 echo $row['email']."<br>\n";
163 $query = "select `emailcerts`.`id`
164 from `emaillink`,`emailcerts` where
165 `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
166 `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
167 group by `emailcerts`.`id`";
168 $dres = mysql_query($query);
169 while($drow = mysql_fetch_assoc($dres))
170 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
171
172 $query = "update `email` set `deleted`=NOW() where `id`='$id'";
173 mysql_query($query);
174 $delcount++;
175 }
176 }
177 }
178 else
179 {
180 echo _("You did not select any email accounts for removal.");
181 }
182 if($delcount > 0)
183 {
184 echo _("The following accounts have been removed:")."<br>\n";
185 } else {
186 echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
187 }
188
189 showfooter();
190 exit;
191 }
192
193 if($process != "" && $oldid == 3)
194 {
195 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
196 {
197 showheader(_("My CAcert.org Account!"));
198 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
199 showfooter();
200 exit;
201 }
202
203 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
204
205 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
206 if($_SESSION['profile']['points'] >= 50)
207 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
208 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
209 {
210 $_REQUEST['codesign'] = 0;
211 }
212 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
213 {
214 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
215 $_SESSION['_config']['incname'] = 1;
216 }
217 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
218 $_SESSION['_config']['codesign'] = 1;
219 else
220 $_SESSION['_config']['codesign'] = 0;
221
222 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
223 $_SESSION['_config']['disablelogin'] = 0;
224 else
225 $_SESSION['_config']['disablelogin'] = 1;
226
227 $_SESSION['_config']['rootcert'] = 1;
228 if($_SESSION['profile']['points'] >= 50)
229 {
230 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
231 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
232 $_SESSION['_config']['rootcert'] = 1;
233 }
234 $csr = "";
235 if(trim($_REQUEST['optionalCSR']) == "")
236 {
237 $id = 4;
238 } else {
239 $oldid = 4;
240 $_REQUEST['keytype'] = "MS";
241 $csr = clean_csr($_REQUEST['optionalCSR']);
242 }
243 }
244
245 if($oldid == 4)
246 {
247 if($_REQUEST['keytype'] == "NS")
248 {
249 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
250
251 if($spkac=="" || $spkac == "deadbeef")
252 {
253 $id = 4;
254 showheader(_("My CAcert.org Account!"));
255 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
256 showfooter();
257 exit;
258 }
259 $count = 0;
260 $emails = "";
261 $addys = array();
262 $defaultemail="";
263 if(is_array($_SESSION['_config']['addid']))
264 foreach($_SESSION['_config']['addid'] as $id)
265 {
266 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
267 if(mysql_num_rows($res) > 0)
268 {
269 $row = mysql_fetch_assoc($res);
270 if(!$emails)
271 $defaultemail = $row['email'];
272 $emails .= "$count.emailAddress = ".$row['email']."\n";
273 $count++;
274 $addys[] = intval($row['id']);
275 }
276 }
277 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
278 {
279 $id = 4;
280 showheader(_("My CAcert.org Account!"));
281 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
282 showfooter();
283 exit;
284 }
285 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
286 if($_SESSION['_config']['SSO'] == 1)
287 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
288
289 if(strlen($user['mname']) == 1)
290 $user['mname'] .= '.';
291 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
292 {
293 $emails .= "commonName = CAcert WoT User\n";
294 }
295 else
296 {
297 if($_SESSION['_config']['incname'] == 1)
298 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
299 if($_SESSION['_config']['incname'] == 2)
300 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
301 if($_SESSION['_config']['incname'] == 3)
302 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
303 if($_SESSION['_config']['incname'] == 4)
304 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
305 }
306 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
307 $_SESSION['_config']['rootcert'] = 1;
308
309 $emails .= "SPKAC = $spkac";
310 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
311 {
312 $id = 4;
313 showheader(_("My CAcert.org Account!"));
314 echo $weakKey;
315 showfooter();
316 exit;
317 }
318
319 $query = "insert into emailcerts set
320 `CN`='$defaultemail',
321 `keytype`='NS',
322 `memid`='".intval($_SESSION['profile']['id'])."',
323 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
324 `codesign`='".intval($_SESSION['_config']['codesign'])."',
325 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
326 `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
327 mysql_query($query);
328 $emailid = mysql_insert_id();
329 if(is_array($addys))
330 foreach($addys as $addy)
331 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
332 $CSRname=generatecertpath("csr","client",$emailid);
333 $fp = fopen($CSRname, "w");
334 fputs($fp, $emails);
335 fclose($fp);
336 $challenge=$_SESSION['spkac_hash'];
337 $res=`openssl spkac -verify -in $CSRname`;
338 if(!strstr($res,"Challenge String: ".$challenge))
339 {
340 $id = $oldid;
341 showheader(_("My CAcert.org Account!"));
342 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
343 showfooter();
344 exit;
345 }
346 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
347 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
348 if($csr == "")
349 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
350
351 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
352 {
353 $id = 4;
354 showheader(_("My CAcert.org Account!"));
355 echo $weakKey;
356 showfooter();
357 exit;
358 }
359
360 $tmpfname = tempnam("/tmp", "id4CSR");
361 $fp = fopen($tmpfname, "w");
362 fputs($fp, $csr);
363 fclose($fp);
364
365 $addys = array();
366 $defaultemail = "";
367 $csrsubject="";
368
369 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
370 if(strlen($user['mname']) == 1)
371 $user['mname'] .= '.';
372 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
373 $csrsubject = "/CN=CAcert WoT User";
374 if($_SESSION['_config']['incname'] == 1)
375 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
376 if($_SESSION['_config']['incname'] == 2)
377 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
378 if($_SESSION['_config']['incname'] == 3)
379 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
380 if($_SESSION['_config']['incname'] == 4)
381 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
382 if(is_array($_SESSION['_config']['addid']))
383 foreach($_SESSION['_config']['addid'] as $id)
384 {
385 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
386 if(mysql_num_rows($res) > 0)
387 {
388 $row = mysql_fetch_assoc($res);
389 if($defaultemail == "")
390 $defaultemail = $row['email'];
391 $csrsubject .= "/emailAddress=".$row['email'];
392 $addys[] = $row['id'];
393 }
394 }
395 if($_SESSION['_config']['SSO'] == 1)
396 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
397
398 $tmpname = tempnam("/tmp", "id4csr");
399 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
400 @unlink($tmpfname);
401 $csr = "";
402 $fp = fopen($tmpname, "r");
403 while($data = fgets($fp, 4096))
404 $csr .= $data;
405 fclose($fp);
406 @unlink($tmpname);
407 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
408 $_SESSION['_config']['rootcert'] = 1;
409
410 if($csr == "")
411 {
412 $id = 4;
413 showheader(_("My CAcert.org Account!"));
414 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
415 showfooter();
416 exit;
417 }
418 $query = "insert into emailcerts set
419 `CN`='$defaultemail',
420 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
421 `memid`='".$_SESSION['profile']['id']."',
422 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
423 `subject`='".mysql_real_escape_string($csrsubject)."',
424 `codesign`='".$_SESSION['_config']['codesign']."',
425 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
426 `rootcert`='".$_SESSION['_config']['rootcert']."'";
427 mysql_query($query);
428 $emailid = mysql_insert_id();
429 if(is_array($addys))
430 foreach($addys as $addy)
431 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
432 $CSRname=generatecertpath("csr","client",$emailid);
433 $fp = fopen($CSRname, "w");
434 fputs($fp, $csr);
435 fclose($fp);
436 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
437 }
438 waitForResult("emailcerts", $emailid, 4);
439 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
440 $res = mysql_query($query);
441 if(mysql_num_rows($res) <= 0)
442 {
443 $id = 4;
444 showheader(_("My CAcert.org Account!"));
445 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
446 showfooter();
447 exit;
448 } else {
449 $id = 6;
450 $cert = $emailid;
451 $_REQUEST['cert']=$emailid;
452 }
453 }
454
455 if($oldid == 7)
456 {
457 csrf_check("adddomain");
458 if(strstr($_REQUEST['newdomain'],"\x00"))
459 {
460 showheader(_("My CAcert.org Account!"));
461 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
462 showfooter();
463 exit;
464 }
465
466 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
467 while($newdomain['0'] == '-')
468 $newdomain = substr($newdomain, 1);
469 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
470 {
471 showheader(_("My CAcert.org Account!"));
472 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
473 showfooter();
474 exit;
475 }
476
477 $newdom = trim(escapeshellarg($newdomain));
478 $newdomain = mysql_real_escape_string(trim($newdomain));
479
480 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
481 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
482 $res2 = mysql_query($query);
483 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
484 {
485 $oldid=0;
486 $id = 7;
487 showheader(_("My CAcert.org Account!"));
488 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
489 showfooter();
490 exit;
491 }
492 }
493
494 if($oldid == 7)
495 {
496 $oldid=0;
497 $id = 8;
498 $addy = array();
499 $adds = array();
500 if(strtolower(substr($newdom, -4, 3)) != ".jp")
501 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
502 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
503 {
504 if(is_array($adds))
505 foreach($adds as $line)
506 {
507 $bits = explode(":", $line, 2);
508 $line = trim($bits[1]);
509 if(!in_array($line, $addy) && $line != "")
510 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
511 }
512 } else {
513 if(is_array($adds))
514 foreach($adds as $line)
515 {
516 $line = trim(str_replace("\t", " ", $line));
517 $line = trim(str_replace("(", "", $line));
518 $line = trim(str_replace(")", " ", $line));
519 $line = trim(str_replace(":", " ", $line));
520
521 $bits = explode(" ", $line);
522 foreach($bits as $bit)
523 {
524 if(strstr($bit, "@"))
525 $line = $bit;
526 }
527 if(!in_array($line, $addy) && $line != "")
528 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
529 }
530 }
531
532 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
533 foreach($rfc as $sub)
534 if(!in_array($sub, $addy))
535 $addy[] = $sub;
536 $_SESSION['_config']['addy'] = $addy;
537 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
538 }
539
540 if($process != "" && $oldid == 8)
541 {
542 csrf_check('ctcinfo');
543 $oldid=0;
544 $id = 8;
545
546 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
547
548 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
549 {
550 showheader(_("My CAcert.org Account!"));
551 echo _("The address you submitted isn't a valid authority address for the domain.");
552 showfooter();
553 exit;
554 }
555
556 if(!in_array($authaddy, $_SESSION['_config']['addy']))
557 {
558 showheader(_("My CAcert.org Account!"));
559 echo _("The address you submitted isn't a valid authority address for the domain.");
560 showfooter();
561 exit;
562 }
563
564 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
565 $res = mysql_query($query);
566 if(mysql_num_rows($res) > 0)
567 {
568 showheader(_("My CAcert.org Account!"));
569 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
570 showfooter();
571 exit;
572 }
573 $checkemail = checkEmail($authaddy);
574 if($checkemail != "OK")
575 {
576 showheader(_("My CAcert.org Account!"));
577 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
578 if (substr($checkemail, 0, 1) == "4")
579 {
580 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
581 } else {
582 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
583 }
584 echo "<p>$checkemail</p>\n";
585 showfooter();
586 exit;
587 }
588
589 $hash = make_hash();
590 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
591 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
592 mysql_query($query);
593 $domainid = mysql_insert_id();
594
595 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
596 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
597 $body .= _("Best regards")."\n"._("CAcert.org Support!");
598
599 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
600
601 showheader(_("My CAcert.org Account!"));
602 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
603 showfooter();
604 exit;
605 }
606
607 if($process != "" && $oldid == 9)
608 {
609 $id = 9;
610 showheader(_("My CAcert.org Account!"));
611 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
612 {
613 echo _("The following domains have been removed:")."<br>
614 ("._("Any valid certificates will be revoked as well").")<br>\n";
615
616 foreach($_REQUEST['delid'] as $id)
617 {
618 $id = intval($id);
619 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
620 $res = mysql_query($query);
621 if(mysql_num_rows($res) > 0)
622 {
623 $row = mysql_fetch_assoc($res);
624 echo $row['domain']."<br>\n";
625 mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
626 $dres = mysql_query("select * from `domlink` where `domid`='$id'");
627 while($drow = mysql_fetch_assoc($dres))
628 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
629 }
630 }
631 }
632 else
633 {
634 echo _("You did not select any domains for removal.");
635 }
636
637 showfooter();
638 exit;
639 }
640
641 if($process != "" && $oldid == 10)
642 {
643 $CSR = clean_csr($_REQUEST['CSR']);
644 if(strpos($CSR,"---BEGIN")===FALSE)
645 {
646 // In case the CSR is missing the ---BEGIN lines, add them automatically:
647 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
648 }
649
650 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
651 {
652 showheader(_("My CAcert.org Account!"));
653 echo $weakKey;
654 showfooter();
655 exit;
656 }
657
658 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
659 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
660 fputs($fp, $CSR);
661 fclose($fp);
662 $CSR = $_SESSION['_config']['tmpfname'];
663 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
664 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
665 foreach($bits as $val)
666 {
667 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
668 }
669 $id = 11;
670
671 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
672 extractit();
673 getcn();
674 getalt();
675
676 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
677 {
678 showheader(_("My CAcert.org Account!"));
679 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
680 showfooter();
681 exit;
682 }
683
684 $_SESSION['_config']['rootcert'] = 1;
685 if($_SESSION['profile']['points'] >= 50)
686 {
687 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
688 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
689 $_SESSION['_config']['rootcert'] = 1;
690 }
691 }
692
693 if($process != "" && $oldid == 11)
694 {
695 if(!file_exists($_SESSION['_config']['tmpfname']))
696 {
697 showheader(_("My CAcert.org Account!"));
698 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
699 showfooter();
700 exit;
701 }
702
703 if (($weakKey = checkWeakKeyCSR(file_get_contents(
704 $_SESSION['_config']['tmpfname']))) !== "")
705 {
706 showheader(_("My CAcert.org Account!"));
707 echo $weakKey;
708 showfooter();
709 exit;
710 }
711
712 $id = 11;
713 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
714 {
715 showheader(_("My CAcert.org Account!"));
716 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
717 showfooter();
718 exit;
719 }
720
721 $subject = "";
722 $count = 0;
723 $supressSAN=0;
724 if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
725
726 if(is_array($_SESSION['_config']['rows']))
727 foreach($_SESSION['_config']['rows'] as $row)
728 {
729 $count++;
730 if($count <= 1)
731 {
732 $subject .= "/CN=$row";
733 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
734 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
735 } else {
736 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
737 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
738 }
739 }
740 if(is_array($_SESSION['_config']['altrows']))
741 foreach($_SESSION['_config']['altrows'] as $row)
742 {
743 if(substr($row, 0, 4) == "DNS:")
744 {
745 $row = substr($row, 4);
746 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
747 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
748 }
749 }
750 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
751 $_SESSION['_config']['rootcert'] = 1;
752
753 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
754 {
755 $query = "insert into `domaincerts` set
756 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
757 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
758 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
759 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
760 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
761 $query = "insert into `domaincerts` set
762 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
763 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
764 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
765 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
766 } else {
767 showheader(_("My CAcert.org Account!"));
768 echo _("Domain not verified.");
769 showfooter();
770 exit;
771
772 }
773
774 mysql_query($query);
775 $CSRid = mysql_insert_id();
776
777 if(is_array($_SESSION['_config']['rowid']))
778 foreach($_SESSION['_config']['rowid'] as $dom)
779 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
780 if(is_array($_SESSION['_config']['altid']))
781 foreach($_SESSION['_config']['altid'] as $dom)
782 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
783
784 $CSRname=generatecertpath("csr","server",$CSRid);
785 rename($_SESSION['_config']['tmpfname'], $CSRname);
786 chmod($CSRname,0644);
787 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
788 waitForResult("domaincerts", $CSRid, 11);
789 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
790 $res = mysql_query($query);
791 if(mysql_num_rows($res) <= 0)
792 {
793 $id = 11;
794 showheader(_("My CAcert.org Account!"));
795 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
796 showfooter();
797 exit;
798 } else {
799 $id = 15;
800 $cert = $CSRid;
801 $_REQUEST['cert']=$CSRid;
802 }
803 }
804
805 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
806 {
807 csrf_check('srvcerchange');
808 $id = 12;
809 showheader(_("My CAcert.org Account!"));
810 if(is_array($_REQUEST['revokeid']))
811 {
812 echo _("Now renewing the following certificates:")."<br>\n";
813 foreach($_REQUEST['revokeid'] as $id)
814 {
815 $id = intval($id);
816 echo _("Processing request")." $id:<br/>";
817 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
818 where `domaincerts`.`id`='$id' and
819 `domaincerts`.`domid`=`domains`.`id` and
820 `domains`.`memid`='".$_SESSION['profile']['id']."'";
821 $res = mysql_query($query);
822 if(mysql_num_rows($res) <= 0)
823 {
824 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
825 continue;
826 }
827
828 $row = mysql_fetch_assoc($res);
829
830 if (($weakKey = checkWeakKeyX509(file_get_contents(
831 $row['crt_name']))) !== "")
832 {
833 echo $weakKey, "<br/>\n";
834 continue;
835 }
836
837 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
838 $query = "insert into `domaincerts` set
839 `domid`='".$row['domid']."',
840 `CN`='".mysql_real_escape_string($row['CN'])."',
841 `subject`='".mysql_real_escape_string($row['subject'])."',".
842 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
843 "`created`='".$row['created']."',
844 `modified`=NOW(),
845 `rootcert`='".$row['rootcert']."',
846 `type`='".$row['type']."',
847 `pkhash`='".$row['pkhash']."'";
848 mysql_query($query);
849 $newid = mysql_insert_id();
850 $newfile=generatecertpath("csr","server",$newid);
851 copy($row['csr_name'], $newfile);
852 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
853 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
854 foreach($bits as $val)
855 {
856 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
857 }
858 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
859 extractit();
860 getcn();
861 getalt();
862
863 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
864 {
865 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
866 continue;
867 }
868
869 $subject = "";
870 $count = 0;
871 if(is_array($_SESSION['_config']['rows']))
872 foreach($_SESSION['_config']['rows'] as $row)
873 {
874 $count++;
875 if($count <= 1)
876 {
877 $subject .= "/CN=$row";
878 if(!strstr($subject, "=$row/") &&
879 substr($subject, -strlen("=$row")) != "=$row")
880 $subject .= "/subjectAltName=$row";
881 } else {
882 if(!strstr($subject, "=$row/") &&
883 substr($subject, -strlen("=$row")) != "=$row")
884 $subject .= "/subjectAltName=$row";
885 }
886 }
887 if(is_array($_SESSION['_config']['altrows']))
888 foreach($_SESSION['_config']['altrows'] as $row)
889 if(!strstr($subject, "=$row/") &&
890 substr($subject, -strlen("=$row")) != "=$row")
891 $subject .= "/subjectAltName=$row";
892 $subject = mysql_real_escape_string($subject);
893 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
894
895 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
896 waitForResult("domaincerts", $newid,$oldid,0);
897 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
898 $res = mysql_query($query);
899 if(mysql_num_rows($res) <= 0)
900 {
901 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
902 } else {
903 $drow = mysql_fetch_assoc($res);
904 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
905 echo "<pre>\n$cert\n</pre>\n";
906 }
907 }
908 }
909 else
910 {
911 echo _("You did not select any certificates for renewal.");
912 }
913 showfooter();
914 exit;
915 }
916
917 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
918 {
919 csrf_check('srvcerchange');
920 $id = 12;
921 showheader(_("My CAcert.org Account!"));
922 if(is_array($_REQUEST['revokeid']))
923 {
924 echo _("Now revoking the following certificates:")."<br>\n";
925 foreach($_REQUEST['revokeid'] as $id)
926 {
927 $id = intval($id);
928 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
929 where `domaincerts`.`id`='$id' and
930 `domaincerts`.`domid`=`domains`.`id` and
931 `domains`.`memid`='".$_SESSION['profile']['id']."'";
932 $res = mysql_query($query);
933 if(mysql_num_rows($res) <= 0)
934 {
935 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
936 continue;
937 }
938 $row = mysql_fetch_assoc($res);
939 if($row['revoke'] > 0)
940 {
941 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
942 continue;
943 }
944 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
945 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
946 }
947 }
948 else
949 {
950 echo _("You did not select any certificates for revocation.");
951 }
952
953 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
954 {
955 echo _("Now deleting the following pending requests:")."<br>\n";
956 foreach($_REQUEST['delid'] as $id)
957 {
958 $id = intval($id);
959 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
960 where `domaincerts`.`id`='$id' and
961 `domaincerts`.`domid`=`domains`.`id` and
962 `domains`.`memid`='".$_SESSION['profile']['id']."'";
963 $res = mysql_query($query);
964 if(mysql_num_rows($res) <= 0)
965 {
966 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
967 continue;
968 }
969 $row = mysql_fetch_assoc($res);
970 if($row['expired'] > 0)
971 {
972 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
973 continue;
974 }
975 mysql_query("delete from `domaincerts` where `id`='$id'");
976 @unlink($row['csr_name']);
977 @unlink($row['crt_name']);
978 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
979 }
980 }
981 showfooter();
982 exit;
983 }
984
985 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
986 {
987 showheader(_("My CAcert.org Account!"));
988 if(is_array($_REQUEST['revokeid']))
989 {
990 echo _("Now renewing the following certificates:")."<br>\n";
991 foreach($_REQUEST['revokeid'] as $id)
992 {
993 $id = intval($id);
994 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
995 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
996 $res = mysql_query($query);
997 if(mysql_num_rows($res) <= 0)
998 {
999 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1000 continue;
1001 }
1002
1003 $row = mysql_fetch_assoc($res);
1004
1005 if (($weakKey = checkWeakKeyX509(file_get_contents(
1006 $row['crt_name']))) !== "")
1007 {
1008 echo $weakKey, "<br/>\n";
1009 continue;
1010 }
1011
1012 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1013 $query = "insert into emailcerts set
1014 `memid`='".$row['memid']."',
1015 `CN`='".mysql_real_escape_string($row['CN'])."',
1016 `subject`='".mysql_real_escape_string($row['subject'])."',
1017 `keytype`='".$row['keytype']."',
1018 `csr_name`='".$row['csr_name']."',
1019 `created`='".$row['created']."',
1020 `modified`=NOW(),
1021 `disablelogin`='".$row['disablelogin']."',
1022 `codesign`='".$row['codesign']."',
1023 `rootcert`='".$row['rootcert']."'";
1024 mysql_query($query);
1025 $newid = mysql_insert_id();
1026 $newfile=generatecertpath("csr","client",$newid);
1027 copy($row['csr_name'], $newfile);
1028 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1029 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1030 while($r2 = mysql_fetch_assoc($res))
1031 {
1032 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1033 `emailcertsid`='$newid'");
1034 }
1035 waitForResult("emailcerts", $newid,$oldid,0);
1036 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1037 $res = mysql_query($query);
1038 if(mysql_num_rows($res) <= 0)
1039 {
1040 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1041 } else {
1042 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1043 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1044 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1045 }
1046 }
1047 }
1048 else
1049 {
1050 echo _("You did not select any certificates for renewal.")."<br/>";
1051 }
1052
1053 showfooter();
1054 exit;
1055 }
1056
1057 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1058 {
1059 $id = 5;
1060 showheader(_("My CAcert.org Account!"));
1061 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1062 {
1063 echo _("Now revoking the following certificates:")."<br>\n";
1064 foreach($_REQUEST['revokeid'] as $id)
1065 {
1066 $id = intval($id);
1067 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1068 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1069 $res = mysql_query($query);
1070 if(mysql_num_rows($res) <= 0)
1071 {
1072 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1073 continue;
1074 }
1075 $row = mysql_fetch_assoc($res);
1076 if($row['revoke'] > 0)
1077 {
1078 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1079 continue;
1080 }
1081 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1082 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1083 }
1084 }
1085 else
1086 {
1087 echo _("You did not select any certificates for revocation.");
1088 }
1089
1090 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1091 {
1092 echo _("Now deleting the following pending requests:")."<br>\n";
1093 foreach($_REQUEST['delid'] as $id)
1094 {
1095 $id = intval($id);
1096 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1097 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1098 $res = mysql_query($query);
1099 if(mysql_num_rows($res) <= 0)
1100 {
1101 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1102 continue;
1103 }
1104 $row = mysql_fetch_assoc($res);
1105 if($row['expired'] > 0)
1106 {
1107 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1108 continue;
1109 }
1110 mysql_query("delete from `emailcerts` where `id`='$id'");
1111 @unlink($row['csr_name']);
1112 @unlink($row['crt_name']);
1113 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1114 }
1115 }
1116 showfooter();
1117 exit;
1118 }
1119
1120 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1121 {
1122 showheader(_("My CAcert.org Account!"));
1123 //echo _("Now changing the settings for the following certificates:")."<br>\n";
1124 foreach($_REQUEST as $id => $val)
1125 {
1126 //echo $id."<br/>";
1127 if(substr($id,0,5)=="cert_")
1128 {
1129 $id = intval(substr($id,5));
1130 $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
1131 //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
1132 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
1133 //$row = mysql_fetch_assoc($res);
1134 }
1135 }
1136 echo(_("Certificate settings have been changed.")."<br/>\n");
1137 showfooter();
1138 exit;
1139 }
1140
1141
1142 if($oldid == 13 && $process != "")
1143 {
1144 csrf_check("perschange");
1145 $_SESSION['_config']['user'] = $_SESSION['profile'];
1146
1147 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1148 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1149 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1150 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1151 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1152 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1153 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1154 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1155 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1156 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1157
1158 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1159 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1160 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1161 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1162 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1163 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1164 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1165 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1166 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1167 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1168 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1169 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1170 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1171 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1172 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1173 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1174 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1175 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1176 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1177 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1178 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1179 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1180 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1181 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1182 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1183 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1184 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1185 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1186 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1187 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1188 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1189 {
1190 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1191 $id = $oldid;
1192 $oldid=0;
1193 }
1194
1195 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1196 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1197 $_SESSION['_config']['user']['Q5'] == "")
1198 {
1199 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1200 $id = $oldid;
1201 $oldid=0;
1202 }
1203 }
1204
1205 if($oldid == 13 && $process != "")
1206 {
1207 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1208 $ddres = mysql_query($ddquery);
1209 $ddrow = mysql_fetch_assoc($ddres);
1210 $_SESSION['profile']['points'] = $ddrow['total'];
1211
1212 if($_SESSION['profile']['points'] == 0)
1213 {
1214 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1215 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1216 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1217 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1218 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1219 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1220 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1221
1222 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1223 {
1224 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1225 $id = $oldid;
1226 $oldid=0;
1227 }
1228 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1229 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1230 {
1231 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1232 $id = $oldid;
1233 $oldid=0;
1234 }
1235 }
1236 }
1237
1238 if($oldid == 13 && $process != "")
1239 {
1240 if($_SESSION['profile']['points'] == 0)
1241 {
1242 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1243 `mname`='".$_SESSION['_config']['user']['mname']."',
1244 `lname`='".$_SESSION['_config']['user']['lname']."',
1245 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1246 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1247 where `id`='".$_SESSION['profile']['id']."'";
1248 mysql_query($query);
1249 }
1250 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1251 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1252 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1253 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1254 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1255 `A1`='".$_SESSION['_config']['user']['A1']."',
1256 `A2`='".$_SESSION['_config']['user']['A2']."',
1257 `A3`='".$_SESSION['_config']['user']['A3']."',
1258 `A4`='".$_SESSION['_config']['user']['A4']."',
1259 `A5`='".$_SESSION['_config']['user']['A5']."'
1260 where `id`='".$_SESSION['profile']['id']."'";
1261 mysql_query($query);
1262
1263 //!!!Should be rewritten
1264 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1265 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1266 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1267 {
1268 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1269 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1270 mysql_query($query);
1271 }
1272
1273 $_SESSION['_config']['user']['set'] = 0;
1274 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1275 $_SESSION['profile']['loggedin'] = 1;
1276
1277 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1278 $ddres = mysql_query($ddquery);
1279 $ddrow = mysql_fetch_assoc($ddres);
1280 $_SESSION['profile']['points'] = $ddrow['total'];
1281
1282
1283 $id = 13;
1284 showheader(_("My CAcert.org Account!"));
1285 echo _("Your details have been updated with the database.");
1286 showfooter();
1287 exit;
1288 }
1289
1290 if($oldid == 14 && $process != "")
1291 {
1292 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1293 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1294 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1295
1296 $id = 14;
1297 csrf_check("pwchange");
1298
1299 showheader(_("My CAcert.org Account!"));
1300 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1301 {
1302 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1303 '</h3>', "\n";
1304 echo _("New Pass Phrases specified don't match or were blank.");
1305 } else {
1306 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1307 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1308
1309 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1310 {
1311 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1312 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1313 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1314 $rc = mysql_num_rows($match);
1315 } else {
1316 $rc = 1;
1317 }
1318
1319 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1320 echo '<h3 style="color:red">',
1321 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1322 echo _("The Pass Phrase you submitted was too short.");
1323 } else if($score < 3) {
1324 echo '<h3 style="color:red">',
1325 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1326 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1327 } else if($rc <= 0) {
1328 echo '<h3 style="color:red">',
1329 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1330 echo _("You failed to correctly enter your current Pass Phrase.");
1331 } else {
1332 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1333 where `id`='".$_SESSION['profile']['id']."'");
1334 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1335 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1336 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
1337 $body .= _("You are receiving this email because you or someone else ".
1338 "has changed the password on your account.")."\n\n";
1339
1340 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1341
1342 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1343 "support@cacert.org", "", "", "CAcert Support");
1344 }
1345 }
1346 showfooter();
1347 exit;
1348 }
1349
1350 if($oldid == 16)
1351 {
1352 $id = 16;
1353 $_SESSION['_config']['emails'] = array();
1354
1355 foreach($_REQUEST['emails'] as $val)
1356 {
1357 $val = mysql_real_escape_string(stripslashes(trim($val)));
1358 $bits = explode("@", $val);
1359 $count = count($bits);
1360 if($count != 2)
1361 continue;
1362
1363 if(checkownership($bits[1]) == false)
1364 continue;
1365
1366 if(!is_array($_SESSION['_config']['row']))
1367 continue;
1368 else if($_SESSION['_config']['row']['id'] > 0)
1369 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1370
1371 if($val != "")
1372 $_SESSION['_config']['emails'][] = $val;
1373 }
1374 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1375 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1376 }
1377
1378 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1379 {
1380 $id = 16;
1381 showheader(_("My CAcert.org Account!"));
1382 echo _("I couldn't match any emails against your organisational account.");
1383 showfooter();
1384 exit;
1385 }
1386
1387 if($oldid == 16 && $process != "")
1388 {
1389
1390 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1391 {
1392 $_REQUEST['codesign'] = 1;
1393 $_SESSION['_config']['codesign'] = 1;
1394 }
1395 else
1396 {
1397 $_REQUEST['codesign'] = 0;
1398 $_SESSION['_config']['codesign'] = 0;
1399 }
1400
1401 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1402 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1403 $_SESSION['_config']['rootcert'] = 1;
1404
1405 if(@count($_SESSION['_config']['emails']) > 0)
1406 $id = 17;
1407 }
1408
1409 if($oldid == 17)
1410 {
1411 $org = $_SESSION['_config']['row'];
1412 if($_REQUEST['keytype'] == "NS")
1413 {
1414 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1415
1416 if($spkac == "" || strlen($spkac) < 128)
1417 {
1418 $id = 17;
1419 showheader(_("My CAcert.org Account!"));
1420 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1421 showfooter();
1422 exit;
1423 }
1424
1425 $count = 0;
1426 $emails = "";
1427 $addys = array();
1428 if(is_array($_SESSION['_config']['emails']))
1429 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1430 {
1431 if(!$emails)
1432 $defaultemail = $_REQUEST['email'];
1433 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1434 $count++;
1435 }
1436 if($_SESSION['_config']['name'] != "")
1437 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1438 if($_SESSION['_config']['OU'])
1439 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1440 if($org['O'])
1441 $emails .= "organizationName = ".$org['O']."\n";
1442 if($org['L'])
1443 $emails .= "localityName = ".$org['L']."\n";
1444 if($org['ST'])
1445 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1446 if($org['C'])
1447 $emails .= "countryName = ".$org['C']."\n";
1448 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1449 $_SESSION['_config']['rootcert'] = 1;
1450
1451 $emails .= "SPKAC = $spkac";
1452 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1453 {
1454 $id = 17;
1455 showheader(_("My CAcert.org Account!"));
1456 echo $weakKey;
1457 showfooter();
1458 exit;
1459 }
1460
1461 $query = "insert into `orgemailcerts` set
1462 `CN`='$defaultemail',
1463 `keytype`='NS',
1464 `orgid`='".$org['orgid']."',
1465 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1466 `codesign`='".$_SESSION['_config']['codesign']."',
1467 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1468 mysql_query($query);
1469 $emailid = mysql_insert_id();
1470
1471 foreach($_SESSION['_config']['domids'] as $addy)
1472 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1473
1474 $CSRname=generatecertpath("csr","orgclient",$emailid);
1475 $fp = fopen($CSRname, "w");
1476 fputs($fp, $emails);
1477 fclose($fp);
1478 $challenge=$_SESSION['spkac_hash'];
1479 $res=`openssl spkac -verify -in $CSRname`;
1480 if(!strstr($res,"Challenge String: ".$challenge))
1481 {
1482 $id = $oldid;
1483 showheader(_("My CAcert.org Account!"));
1484 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1485 showfooter();
1486 exit;
1487 }
1488 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1489 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1490 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1491
1492 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1493 {
1494 $id = 17;
1495 showheader(_("My CAcert.org Account!"));
1496 echo $weakKey;
1497 showfooter();
1498 exit;
1499 }
1500
1501 $tmpfname = tempnam("/tmp", "id17CSR");
1502 $fp = fopen($tmpfname, "w");
1503 fputs($fp, $csr);
1504 fclose($fp);
1505
1506 $addys = array();
1507 $defaultemail = "";
1508 $csrsubject="";
1509
1510 if($_SESSION['_config']['name'] != "")
1511 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1512 if(is_array($_SESSION['_config']['emails']))
1513 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1514 {
1515 if($defaultemail == "")
1516 $defaultemail = $_REQUEST['email'];
1517 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1518 }
1519 if($_SESSION['_config']['OU'])
1520 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1521 if($org['O'])
1522 $csrsubject .= "/organizationName=".$org['O'];
1523 if($org['L'])
1524 $csrsubject .= "/localityName=".$org['L'];
1525 if($org['ST'])
1526 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1527 if($org['C'])
1528 $csrsubject .= "/countryName=".$org['C'];
1529
1530 $tmpname = tempnam("/tmp", "id17csr");
1531 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
1532 @unlink($tmpfname);
1533 $csr = "";
1534 $fp = fopen($tmpname, "r");
1535 while($data = fgets($fp, 4096))
1536 $csr .= $data;
1537 fclose($fp);
1538 @unlink($tmpname);
1539
1540 if($csr == "")
1541 {
1542 showheader(_("My CAcert.org Account!"));
1543 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1544 showfooter();
1545 exit;
1546 }
1547 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1548 $_SESSION['_config']['rootcert'] = 1;
1549
1550 $query = "insert into `orgemailcerts` set
1551 `CN`='$defaultemail',
1552 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1553 `orgid`='".$org['orgid']."',
1554 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1555 `subject`='$csrsubject',
1556 `codesign`='".$_SESSION['_config']['codesign']."',
1557 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1558 mysql_query($query);
1559 $emailid = mysql_insert_id();
1560
1561 foreach($_SESSION['_config']['domids'] as $addy)
1562 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1563
1564 $CSRname=generatecertpath("csr","orgclient",$emailid);
1565 $fp = fopen($CSRname, "w");
1566 fputs($fp, $csr);
1567 fclose($fp);
1568 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1569 }
1570 waitForResult("orgemailcerts", $emailid,$oldid);
1571 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1572 $res = mysql_query($query);
1573 if(mysql_num_rows($res) <= 0)
1574 {
1575 showheader(_("My CAcert.org Account!"));
1576 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1577 showfooter();
1578 exit;
1579 } else {
1580 $id = 19;
1581 $cert = $emailid;
1582 $_REQUEST['cert']=$emailid;
1583 }
1584 }
1585
1586 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1587 {
1588 csrf_check('clicerchange');
1589 showheader(_("My CAcert.org Account!"));
1590 if(is_array($_REQUEST['revokeid']))
1591 {
1592 $id = 18;
1593 echo _("Now renewing the following certificates:")."<br>\n";
1594 foreach($_REQUEST['revokeid'] as $id)
1595 {
1596 echo "Renewing certificate #$id ...\n<br/>";
1597 $id = intval($id);
1598 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1599 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1600 `org`.`orgid`=`orgemailcerts`.`orgid`";
1601 $res = mysql_query($query);
1602 if(mysql_num_rows($res) <= 0)
1603 {
1604 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1605 continue;
1606 }
1607
1608 $row = mysql_fetch_assoc($res);
1609
1610 if (($weakKey = checkWeakKeyX509(file_get_contents(
1611 $row['crt_name']))) !== "")
1612 {
1613 echo $weakKey, "<br/>\n";
1614 continue;
1615 }
1616
1617 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1618 if($row['revoke'] > 0)
1619 {
1620 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1621 continue;
1622 }
1623 $query = "insert into `orgemailcerts` set
1624 `orgid`='".$row['orgid']."',
1625 `CN`='".$row['CN']."',
1626 `subject`='".$row['subject']."',
1627 `keytype`='".$row['keytype']."',
1628 `csr_name`='".$row['csr_name']."',
1629 `created`='".$row['created']."',
1630 `modified`=NOW(),
1631 `codesign`='".$row['codesign']."',
1632 `rootcert`='".$row['rootcert']."'";
1633 mysql_query($query);
1634 $newid = mysql_insert_id();
1635 $newfile=generatecertpath("csr","orgclient",$newid);
1636 copy($row['csr_name'], $newfile);
1637 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1638 waitForResult("orgemailcerts", $newid,$oldid,0);
1639 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1640 $res = mysql_query($query);
1641 if(mysql_num_rows($res) > 0)
1642 {
1643 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1644 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1645 _("Click here")."</a> "._("to install your certificate.");
1646 }
1647 echo("<br/>");
1648 }
1649 }
1650 else
1651 {
1652 echo _("You did not select any certificates for renewal.");
1653 }
1654 showfooter();
1655 exit;
1656 }
1657
1658 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1659 {
1660 csrf_check('clicerchange');
1661 $id = 18;
1662 showheader(_("My CAcert.org Account!"));
1663 if(is_array($_REQUEST['revokeid']))
1664 {
1665 echo _("Now revoking the following certificates:")."<br>\n";
1666 foreach($_REQUEST['revokeid'] as $id)
1667 {
1668 $id = intval($id);
1669 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1670 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1671 `org`.`orgid`=`orgemailcerts`.`orgid`";
1672 $res = mysql_query($query);
1673 if(mysql_num_rows($res) <= 0)
1674 {
1675 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1676 continue;
1677 }
1678 $row = mysql_fetch_assoc($res);
1679 if($row['revoke'] > 0)
1680 {
1681 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1682 continue;
1683 }
1684 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1685 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1686 }
1687 }
1688 else
1689 {
1690 echo _("You did not select any certificates for revocation.");
1691 }
1692
1693 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1694 {
1695 echo _("Now deleting the following pending requests:")."<br>\n";
1696 foreach($_REQUEST['delid'] as $id)
1697 {
1698 $id = intval($id);
1699 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1700 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1701 `org`.`orgid`=`orgemailcerts`.`orgid`";
1702 $res = mysql_query($query);
1703 if(mysql_num_rows($res) <= 0)
1704 {
1705 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1706 continue;
1707 }
1708 $row = mysql_fetch_assoc($res);
1709 if($row['expired'] > 0)
1710 {
1711 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1712 continue;
1713 }
1714 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1715 @unlink($row['csr_name']);
1716 @unlink($row['crt_name']);
1717 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1718 }
1719 }
1720 showfooter();
1721 exit;
1722 }
1723
1724 if($process != "" && $oldid == 20)
1725 {
1726 $CSR = clean_csr($_REQUEST['CSR']);
1727
1728 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1729 {
1730 $id = 20;
1731 showheader(_("My CAcert.org Account!"));
1732 echo $weakKey;
1733 showfooter();
1734 exit;
1735 }
1736
1737 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1738 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1739 fputs($fp, $CSR);
1740 fclose($fp);
1741 $CSR = $_SESSION['_config']['tmpfname'];
1742 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
1743 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1744 foreach($bits as $val)
1745 {
1746 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1747 }
1748 $id = 21;
1749
1750 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1751 extractit();
1752 getcn2();
1753 getalt2();
1754
1755 $query = "select * from `orginfo`,`org`,`orgdomains` where
1756 `org`.`memid`='".$_SESSION['profile']['id']."' and
1757 `org`.`orgid`=`orginfo`.`id` and
1758 `org`.`orgid`=`orgdomains`.`orgid` and
1759 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1760 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1761 $query = "select * from `orginfo`,`org`,`orgdomains` where
1762 `org`.`memid`='".$_SESSION['profile']['id']."' and
1763 `org`.`orgid`=`orginfo`.`id` and
1764 `org`.`orgid`=`orgdomains`.`orgid` and
1765 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1766 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1767 //echo "<pre>"; print_r($_SESSION['_config']); die;
1768
1769 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1770 {
1771 $id = 20;
1772 showheader(_("My CAcert.org Account!"));
1773 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1774 showfooter();
1775 exit;
1776 }
1777
1778 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1779 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1780 $_SESSION['_config']['rootcert'] = 1;
1781 }
1782
1783 if($process != "" && $oldid == 21)
1784 {
1785 $id = 21;
1786
1787 if(!file_exists($_SESSION['_config']['tmpfname']))
1788 {
1789 showheader(_("My CAcert.org Account!"));
1790 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1791 showfooter();
1792 exit;
1793 }
1794
1795 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1796 $_SESSION['_config']['tmpfname']))) !== "")
1797 {
1798 showheader(_("My CAcert.org Account!"));
1799 echo $weakKey;
1800 showfooter();
1801 exit;
1802 }
1803
1804 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1805 {
1806 showheader(_("My CAcert.org Account!"));
1807 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1808 showfooter();
1809 exit;
1810 }
1811
1812 if($_SESSION['_config']['rowid']['0'] > 0)
1813 {
1814 $query = "select * from `org`,`orginfo` where
1815 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1816 `orginfo`.`id`=`org`.`orgid` and
1817 `org`.`memid`='".$_SESSION['profile']['id']."'";
1818 } else {
1819 $query = "select * from `org`,`orginfo` where
1820 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1821 `orginfo`.`id`=`org`.`orgid` and
1822 `org`.`memid`='".$_SESSION['profile']['id']."'";
1823 }
1824 $org = mysql_fetch_assoc(mysql_query($query));
1825 $csrsubject = "";
1826
1827 if($_SESSION['_config']['OU'])
1828 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1829 if($org['O'])
1830 $csrsubject .= "/organizationName=".$org['O'];
1831 if($org['L'])
1832 $csrsubject .= "/localityName=".$org['L'];
1833 if($org['ST'])
1834 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1835 if($org['C'])
1836 $csrsubject .= "/countryName=".$org['C'];
1837 //if($org['contact'])
1838 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1839
1840 if(is_array($_SESSION['_config']['rows']))
1841 foreach($_SESSION['_config']['rows'] as $row)
1842 $csrsubject .= "/commonName=$row";
1843 $SAN="";
1844 if(is_array($_SESSION['_config']['altrows']))
1845 foreach($_SESSION['_config']['altrows'] as $subalt)
1846 {
1847 if($SAN != "")
1848 $SAN .= ",";
1849 $SAN .= "$subalt";
1850 }
1851
1852 if($SAN != "")
1853 $csrsubject .= "/subjectAltName=".$SAN;
1854
1855 $type="";
1856 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1857 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1858 $_SESSION['_config']['rootcert'] = 1;
1859
1860 if($_SESSION['_config']['rowid']['0'] > 0)
1861 {
1862 $query = "insert into `orgdomaincerts` set
1863 `CN`='".$_SESSION['_config']['rows']['0']."',
1864 `orgid`='".$org['id']."',
1865 `created`=NOW(),
1866 `subject`='$csrsubject',
1867 `rootcert`='".$_SESSION['_config']['rootcert']."',
1868 `type`='$type'";
1869 } else {
1870 $query = "insert into `orgdomaincerts` set
1871 `CN`='".$_SESSION['_config']['altrows']['0']."',
1872 `orgid`='".$org['id']."',
1873 `created`=NOW(),
1874 `subject`='$csrsubject',
1875 `rootcert`='".$_SESSION['_config']['rootcert']."',
1876 `type`='$type'";
1877 }
1878 mysql_query($query);
1879 $CSRid = mysql_insert_id();
1880
1881 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1882 rename($_SESSION['_config']['tmpfname'], $CSRname);
1883 chmod($CSRname,0644);
1884 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1885 if(is_array($_SESSION['_config']['rowid']))
1886 foreach($_SESSION['_config']['rowid'] as $id)
1887 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1888 if(is_array($_SESSION['_config']['altid']))
1889 foreach($_SESSION['_config']['altid'] as $id)
1890 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1891 waitForResult("orgdomaincerts", $CSRid,$oldid);
1892 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1893 $res = mysql_query($query);
1894 if(mysql_num_rows($res) <= 0)
1895 {
1896 showheader(_("My CAcert.org Account!"));
1897 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1898 showfooter();
1899 exit;
1900 } else {
1901 $id = 23;
1902 $cert = $CSRid;
1903 $_REQUEST['cert']=$CSRid;
1904 }
1905 }
1906
1907 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1908 {
1909 csrf_check('orgsrvcerchange');
1910 showheader(_("My CAcert.org Account!"));
1911 if(is_array($_REQUEST['revokeid']))
1912 {
1913 echo _("Now renewing the following certificates:")."<br>\n";
1914 foreach($_REQUEST['revokeid'] as $id)
1915 {
1916 $id = intval($id);
1917 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1918 `orgdomaincerts`,`org`
1919 where `orgdomaincerts`.`id`='$id' and
1920 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1921 `org`.`memid`='".$_SESSION['profile']['id']."'";
1922 $res = mysql_query($query);
1923 if(mysql_num_rows($res) <= 0)
1924 {
1925 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1926 continue;
1927 }
1928
1929 $row = mysql_fetch_assoc($res);
1930
1931 if (($weakKey = checkWeakKeyX509(file_get_contents(
1932 $row['crt_name']))) !== "")
1933 {
1934 echo $weakKey, "<br/>\n";
1935 continue;
1936 }
1937
1938 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
1939 if($row['revoke'] > 0)
1940 {
1941 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1942 continue;
1943 }
1944 $query = "insert into `orgdomaincerts` set
1945 `orgid`='".$row['orgid']."',
1946 `CN`='".$row['CN']."',
1947 `csr_name`='".$row['csr_name']."',
1948 `created`='".$row['created']."',
1949 `modified`=NOW(),
1950 `subject`='".$row['subject']."',
1951 `type`='".$row['type']."',
1952 `rootcert`='".$row['rootcert']."'";
1953 mysql_query($query);
1954 $newid = mysql_insert_id();
1955 //echo "NewID: $newid<br/>\n";
1956 $newfile=generatecertpath("csr","orgserver",$newid);
1957 copy($row['csr_name'], $newfile);
1958 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
1959 echo _("Renewing").": ".$row['CN']."<br>\n";
1960 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
1961 while($r2 = mysql_fetch_assoc($res))
1962 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
1963 waitForResult("orgdomaincerts", $newid,$oldid,0);
1964 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
1965 $res = mysql_query($query);
1966 if(mysql_num_rows($res) <= 0)
1967 {
1968 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1969 } else {
1970 $drow = mysql_fetch_assoc($res);
1971 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
1972 echo "<pre>\n$cert\n</pre>\n";
1973 }
1974 }
1975 }
1976 else
1977 {
1978 echo _("You did not select any certificates for renewal.");
1979 }
1980 showfooter();
1981 exit;
1982 }
1983
1984 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1985 {
1986 csrf_check('orgsrvcerchange');
1987 showheader(_("My CAcert.org Account!"));
1988 if(is_array($_REQUEST['revokeid']))
1989 {
1990 echo _("Now revoking the following certificates:")."<br>\n";
1991 foreach($_REQUEST['revokeid'] as $id)
1992 {
1993 $id = intval($id);
1994 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1995 `orgdomaincerts`,`org`
1996 where `orgdomaincerts`.`id`='$id' and
1997 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1998 `org`.`memid`='".$_SESSION['profile']['id']."'";
1999 $res = mysql_query($query);
2000 if(mysql_num_rows($res) <= 0)
2001 {
2002 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2003 continue;
2004 }
2005 $row = mysql_fetch_assoc($res);
2006 if($row['revoke'] > 0)
2007 {
2008 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2009 continue;
2010 }
2011 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2012 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
2013 }
2014 }
2015 else
2016 {
2017 echo _("You did not select any certificates for revocation.");
2018 }
2019
2020 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2021 {
2022 echo _("Now deleting the following pending requests:")."<br>\n";
2023 foreach($_REQUEST['delid'] as $id)
2024 {
2025 $id = intval($id);
2026 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2027 `orgdomaincerts`,`org`
2028 where `orgdomaincerts`.`id`='$id' and
2029 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2030 `org`.`memid`='".$_SESSION['profile']['id']."'";
2031 $res = mysql_query($query);
2032 if(mysql_num_rows($res) <= 0)
2033 {
2034 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2035 continue;
2036 }
2037 $row = mysql_fetch_assoc($res);
2038 if($row['expired'] > 0)
2039 {
2040 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2041 continue;
2042 }
2043 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2044 @unlink($row['csr_name']);
2045 @unlink($row['crt_name']);
2046 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2047 }
2048 }
2049 showfooter();
2050 exit;
2051 }
2052
2053 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2054 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2055 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2056 $_SESSION['profile']['orgadmin'] != 1)
2057 {
2058 showheader(_("My CAcert.org Account!"));
2059 echo _("You don't have access to this area.");
2060 showfooter();
2061 exit;
2062 }
2063
2064 if($oldid == 24 && $process != "")
2065 {
2066 $id = intval($oldid);
2067 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2068 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2069 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2070 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2071 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2072 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2073
2074 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2075 {
2076 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2077 } else {
2078 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2079 `contact`='".$_SESSION['_config']['contact']."',
2080 `L`='".$_SESSION['_config']['L']."',
2081 `ST`='".$_SESSION['_config']['ST']."',
2082 `C`='".$_SESSION['_config']['C']."',
2083 `comments`='".$_SESSION['_config']['comments']."'");
2084 showheader(_("My CAcert.org Account!"));
2085 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2086 showfooter();
2087 exit;
2088 }
2089 }
2090
2091 if($oldid == 27 && $process != "")
2092 {
2093 csrf_check('orgdetchange');
2094 $id = intval($oldid);
2095 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2096 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2097 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2098 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2099 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2100 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2101
2102 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2103 {
2104 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2105 } else {
2106 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2107 `contact`='".$_SESSION['_config']['contact']."',
2108 `L`='".$_SESSION['_config']['L']."',
2109 `ST`='".$_SESSION['_config']['ST']."',
2110 `C`='".$_SESSION['_config']['C']."',
2111 `comments`='".$_SESSION['_config']['comments']."'
2112 where `id`='".$_SESSION['_config']['orgid']."'");
2113 showheader(_("My CAcert.org Account!"));
2114 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2115 showfooter();
2116 exit;
2117 }
2118 }
2119
2120 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2121 {
2122 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2123 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2124 if(mysql_num_rows($res1) > 0)
2125 {
2126 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2127 $id = $oldid;
2128 $oldid=0;
2129 }
2130 }
2131
2132 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2133 {
2134 $oldid=0;
2135 $id = 25;
2136 }
2137
2138 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2139 {
2140 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2141 showheader(_("My CAcert.org Account!"));
2142 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2143 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2144 showfooter();
2145 exit;
2146 }
2147
2148 if($oldid == 29 && $process != "")
2149 {
2150 $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
2151
2152 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
2153 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2154 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2155 {
2156 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2157 $id = $oldid;
2158 $oldid=0;
2159 }
2160 }
2161
2162 if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
2163 {
2164 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2165 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2166 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2167 `orgdomains`.`id`='".intval($domid)."'";
2168 $res = mysql_query($query);
2169 while($row = mysql_fetch_assoc($res))
2170 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2171
2172 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2173 `orgemaillink`.`domid`=`orgdomains`.`id` and
2174 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2175 `orgdomains`.`id`='".intval($domid)."'";
2176 $res = mysql_query($query);
2177 while($row = mysql_fetch_assoc($res))
2178 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2179 }
2180
2181 if($oldid == 29 && $process != "")
2182 {
2183 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2184 mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
2185 showheader(_("My CAcert.org Account!"));
2186 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
2187 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2188 showfooter();
2189 exit;
2190 }
2191
2192 if($oldid == 30 && $process != "")
2193 {
2194 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
2195 $domain = $row['domain'];
2196 mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
2197 showheader(_("My CAcert.org Account!"));
2198 printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
2199 echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
2200 showfooter();
2201 exit;
2202 }
2203
2204 if($oldid == 30)
2205 {
2206 $id = 26;
2207 $orgid = 0;
2208 }
2209
2210 if($oldid == 31 && $process != "")
2211 {
2212 $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
2213 $dres = mysql_query($query);
2214 while($drow = mysql_fetch_assoc($dres))
2215 {
2216 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2217 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2218 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2219 `orgdomains`.`id`='".intval($drow['id'])."'";
2220 $res = mysql_query($query);
2221 while($row = mysql_fetch_assoc($res))
2222 {
2223 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2224 mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
2225 mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
2226 }
2227
2228 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2229 `orgemaillink`.`domid`=`orgdomains`.`id` and
2230 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2231 `orgdomains`.`id`='".intval($drow['id'])."'";
2232 $res = mysql_query($query);
2233 while($row = mysql_fetch_assoc($res))
2234 {
2235 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2236 mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
2237 mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
2238 }
2239 }
2240 mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2241 mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2242 mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
2243 }
2244
2245 if($oldid == 31)
2246 {
2247 $id = 25;
2248 $orgid = 0;
2249 }
2250
2251 if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
2252 {
2253 $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2254 $_macc = mysql_num_rows(mysql_query($query));
2255 if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
2256 {
2257 showheader(_("My CAcert.org Account!"));
2258 echo _("You don't have access to this area.");
2259 showfooter();
2260 exit;
2261 }
2262 }
2263
2264 if($id == 35 || $oldid == 35)
2265 {
2266 $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
2267 $is_orguser = mysql_num_rows(mysql_query($query));
2268 if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
2269 {
2270 showheader(_("My CAcert.org Account!"));
2271 echo _("You don't have access to this area.");
2272 showfooter();
2273 exit;
2274 }
2275 }
2276
2277 if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
2278 {
2279 $orgid = intval($_SESSION['_config']['orgid']);
2280 $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2281 $res = mysql_query($query);
2282 if(mysql_num_rows($res) <= 0)
2283 {
2284 $id = 35;
2285 }
2286 }
2287
2288 if($oldid == 33 && $process != "")
2289 {
2290 csrf_check('orgadmadd');
2291 if($_SESSION['profile']['orgadmin'] == 1)
2292 $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
2293 else
2294 $masteracc = $_SESSION['_config'][masteracc] = 0;
2295 $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
2296 $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
2297 $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
2298 $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
2299 if(mysql_num_rows($res) <= 0)
2300 {
2301 $id = $oldid;
2302 $oldid=0;
2303 $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
2304 } else {
2305 $row = mysql_fetch_assoc($res);
2306 if ( !is_assurer(intval($row['id'])) )
2307 {
2308 $id = $oldid;
2309 $oldid=0;
2310 $_SESSION['_config']['errmsg'] =
2311 _("The user is not an Assurer yet");
2312 } else {
2313 mysql_query(
2314 "insert into `org`
2315 set `memid`='".intval($row['id'])."',
2316 `orgid`='".intval($_SESSION['_config']['orgid'])."',
2317 `masteracc`='$masteracc',
2318 `OU`='$OU',
2319 `comments`='$comments'");
2320 }
2321 }
2322 }
2323
2324 if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
2325 {
2326 $orgid = intval($_SESSION['_config']['orgid']);
2327 $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
2328 if(mysql_num_rows($res) <= 0)
2329 $id = 32;
2330 }
2331
2332 if($oldid == 34 && $process != "")
2333 {
2334 $orgid = intval($_SESSION['_config']['orgid']);
2335 $memid = intval($_REQUEST['memid']);
2336 $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
2337 mysql_query($query);
2338 }
2339
2340 if($oldid == 34 || $oldid == 33)
2341 {
2342 $oldid=0;
2343 $id = 32;
2344 $orgid = 0;