Source code taken from cacert-20111116.tar.bz2
[cacert.git] / includes / account.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 require_once("../includes/loggedin.php");
19
20 loadem("account");
21
22 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
23 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
24 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
25
26 $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
27 $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
28 $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
29 $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
30
31
32 if(!$_SESSION['mconn'])
33 {
34 echo _("Several CAcert Services are currently unavailable. Please try again later.");
35 exit;
36 }
37
38 if ($process == _("Cancel"))
39 {
40 // General reset CANCEL process requests
41 $process = "";
42 }
43
44
45 if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
46 {
47 $id = 1;
48 $oldid=0;
49 }
50
51 if($process != "" && $oldid == 1)
52 {
53 $id = 1;
54 csrf_check('addemail');
55 if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0)
56 {
57 showheader(_("My CAcert.org Account!"));
58 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
59 showfooter();
60 exit;
61 }
62 if(trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))) == "")
63 {
64 showheader(_("My CAcert.org Account!"));
65 printf(_("Not a valid email address. Can't continue."));
66 showfooter();
67 exit;
68 }
69 $oldid=0;
70 $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
71 $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
72 $res = mysql_query($query);
73 if(mysql_num_rows($res) > 0)
74 {
75 showheader(_("My CAcert.org Account!"));
76 printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
77 showfooter();
78 exit;
79 }
80 $checkemail = checkEmail($_REQUEST['newemail']);
81 if($checkemail != "OK")
82 {
83 showheader(_("My CAcert.org Account!"));
84 if (substr($checkemail, 0, 1) == "4")
85 {
86 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
87 } else {
88 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
89 }
90 echo "<p>$checkemail</p>\n";
91 showfooter();
92 exit;
93 }
94 $hash = make_hash();
95 $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
96 mysql_query($query);
97 $emailid = mysql_insert_id();
98
99 $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
100 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
101 $body .= _("Best regards")."\n"._("CAcert.org Support!");
102
103 sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
104
105 showheader(_("My CAcert.org Account!"));
106 printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), sanitizeHTML($_REQUEST['email']));
107 showfooter();
108 exit;
109 }
110
111 if(array_key_exists("makedefault",$_REQUEST) && $_REQUEST['makedefault'] != "" && $oldid == 2)
112 {
113 $id = 2;
114 $emailid = intval($_REQUEST['emailid']);
115 $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
116 $res = mysql_query($query);
117 if(mysql_num_rows($res) <= 0)
118 {
119 showheader(_("Error!"));
120 echo _("You currently don't have access to the email address you selected, or you haven't verified it yet.");
121 showfooter();
122 exit;
123 }
124 $row = mysql_fetch_assoc($res);
125 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
126 $body .= _("You are receiving this email because you or someone else")."\n";
127 $body .= _("has changed the default email on your account.")."\n\n";
128
129 $body .= _("Best regards")."\n"._("CAcert.org Support!");
130
131 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Default Account Changed"), $body,
132 "support@cacert.org", "", "", "CAcert Support");
133
134 $_SESSION['profile']['email'] = $row['email'];
135 $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
136 mysql_query($query);
137 showheader(_("My CAcert.org Account!"));
138 printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
139 showfooter();
140 exit;
141 }
142
143 if($process != "" && $oldid == 2)
144 {
145 $id = 2;
146 csrf_check("chgdef");
147 showheader(_("My CAcert.org Account!"));
148 $delcount = 0;
149 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
150 {
151 foreach($_REQUEST['delid'] as $id)
152 {
153 $id = intval($id);
154 $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
155 `email`!='".$_SESSION['profile']['email']."'";
156 $res = mysql_query($query);
157 if(mysql_num_rows($res) > 0)
158 {
159 $row = mysql_fetch_assoc($res);
160 echo $row['email']."<br>\n";
161 $query = "select `emailcerts`.`id`
162 from `emaillink`,`emailcerts` where
163 `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
164 `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
165 group by `emailcerts`.`id`";
166 $dres = mysql_query($query);
167 while($drow = mysql_fetch_assoc($dres))
168 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
169
170 $query = "update `email` set `deleted`=NOW() where `id`='$id'";
171 mysql_query($query);
172 $delcount++;
173 }
174 }
175 }
176 else
177 {
178 echo _("You did not select any email accounts for removal.");
179 }
180 if($delcount > 0)
181 {
182 echo _("The following accounts have been removed:")."<br>\n";
183 } else {
184 echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
185 }
186
187 showfooter();
188 exit;
189 }
190
191 if($process != "" && $oldid == 3)
192 {
193 if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
194 {
195 showheader(_("My CAcert.org Account!"));
196 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
197 showfooter();
198 exit;
199 }
200
201 $_SESSION['_config']['SSO'] = intval($_REQUEST['SSO']);
202
203 $_SESSION['_config']['addid'] = $_REQUEST['addid'];
204 if($_SESSION['profile']['points'] >= 50)
205 $_SESSION['_config']['incname'] = intval($_REQUEST['incname']);
206 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
207 {
208 $_REQUEST['codesign'] = 0;
209 }
210 if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1)
211 {
212 if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
213 $_SESSION['_config']['incname'] = 1;
214 }
215 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] == 1 && $_SESSION['profile']['points'] >= 100)
216 $_SESSION['_config']['codesign'] = 1;
217 else
218 $_SESSION['_config']['codesign'] = 0;
219
220 if(array_key_exists('login',$_REQUEST) && $_REQUEST['login'] == 1)
221 $_SESSION['_config']['disablelogin'] = 0;
222 else
223 $_SESSION['_config']['disablelogin'] = 1;
224
225 $_SESSION['_config']['rootcert'] = 1;
226 if($_SESSION['profile']['points'] >= 50)
227 {
228 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
229 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
230 $_SESSION['_config']['rootcert'] = 1;
231 }
232 $csr = "";
233 if(trim($_REQUEST['optionalCSR']) == "")
234 {
235 $id = 4;
236 } else {
237 $oldid = 4;
238 $_REQUEST['keytype'] = "MS";
239 $csr = clean_csr($_REQUEST['optionalCSR']);
240 }
241 }
242
243 if($oldid == 4)
244 {
245 if($_REQUEST['keytype'] == "NS")
246 {
247 $spkac=""; if(array_key_exists('SPKAC',$_REQUEST) && preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
248
249 if($spkac=="" || $spkac == "deadbeef")
250 {
251 $id = 4;
252 showheader(_("My CAcert.org Account!"));
253 echo _("I didn't receive a valid Certificate Request, please try a different browser.");
254 showfooter();
255 exit;
256 }
257 $count = 0;
258 $emails = "";
259 $addys = array();
260 $defaultemail="";
261 if(is_array($_SESSION['_config']['addid']))
262 foreach($_SESSION['_config']['addid'] as $id)
263 {
264 $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
265 if(mysql_num_rows($res) > 0)
266 {
267 $row = mysql_fetch_assoc($res);
268 if(!$emails)
269 $defaultemail = $row['email'];
270 $emails .= "$count.emailAddress = ".$row['email']."\n";
271 $count++;
272 $addys[] = intval($row['id']);
273 }
274 }
275 if($count <= 0 && $_SESSION['_config']['SSO'] != 1)
276 {
277 $id = 4;
278 showheader(_("My CAcert.org Account!"));
279 echo _("You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request.");
280 showfooter();
281 exit;
282 }
283 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
284 if($_SESSION['_config']['SSO'] == 1)
285 $emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
286
287 if(strlen($user['mname']) == 1)
288 $user['mname'] .= '.';
289 if(!array_key_exists('incname',$_SESSION['_config']) || $_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
290 {
291 $emails .= "commonName = CAcert WoT User\n";
292 }
293 else
294 {
295 if($_SESSION['_config']['incname'] == 1)
296 $emails .= "commonName = ".$user['fname']." ".$user['lname']."\n";
297 if($_SESSION['_config']['incname'] == 2)
298 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
299 if($_SESSION['_config']['incname'] == 3)
300 $emails .= "commonName = ".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
301 if($_SESSION['_config']['incname'] == 4)
302 $emails .= "commonName = ".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
303 }
304 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
305 $_SESSION['_config']['rootcert'] = 1;
306
307 $emails .= "SPKAC = $spkac";
308 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
309 {
310 $id = 4;
311 showheader(_("My CAcert.org Account!"));
312 echo $weakKey;
313 showfooter();
314 exit;
315 }
316
317 $query = "insert into emailcerts set
318 `CN`='$defaultemail',
319 `keytype`='NS',
320 `memid`='".intval($_SESSION['profile']['id'])."',
321 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
322 `codesign`='".intval($_SESSION['_config']['codesign'])."',
323 `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
324 `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
325 mysql_query($query);
326 $emailid = mysql_insert_id();
327 if(is_array($addys))
328 foreach($addys as $addy)
329 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
330 $CSRname=generatecertpath("csr","client",$emailid);
331 $fp = fopen($CSRname, "w");
332 fputs($fp, $emails);
333 fclose($fp);
334 $challenge=$_SESSION['spkac_hash'];
335 $res=`openssl spkac -verify -in $CSRname`;
336 if(!strstr($res,"Challenge String: ".$challenge))
337 {
338 $id = $oldid;
339 showheader(_("My CAcert.org Account!"));
340 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
341 showfooter();
342 exit;
343 }
344 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
345 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
346 if($csr == "")
347 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
348
349 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
350 {
351 $id = 4;
352 showheader(_("My CAcert.org Account!"));
353 echo $weakKey;
354 showfooter();
355 exit;
356 }
357
358 $tmpfname = tempnam("/tmp", "id4CSR");
359 $fp = fopen($tmpfname, "w");
360 fputs($fp, $csr);
361 fclose($fp);
362
363 $addys = array();
364 $defaultemail = "";
365 $csrsubject="";
366
367 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
368 if(strlen($user['mname']) == 1)
369 $user['mname'] .= '.';
370 if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
371 $csrsubject = "/CN=CAcert WoT User";
372 if($_SESSION['_config']['incname'] == 1)
373 $csrsubject = "/CN=".$user['fname']." ".$user['lname'];
374 if($_SESSION['_config']['incname'] == 2)
375 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname'];
376 if($_SESSION['_config']['incname'] == 3)
377 $csrsubject = "/CN=".$user['fname']." ".$user['lname']." ".$user['suffix'];
378 if($_SESSION['_config']['incname'] == 4)
379 $csrsubject = "/CN=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'];
380 if(is_array($_SESSION['_config']['addid']))
381 foreach($_SESSION['_config']['addid'] as $id)
382 {
383 $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
384 if(mysql_num_rows($res) > 0)
385 {
386 $row = mysql_fetch_assoc($res);
387 if($defaultemail == "")
388 $defaultemail = $row['email'];
389 $csrsubject .= "/emailAddress=".$row['email'];
390 $addys[] = $row['id'];
391 }
392 }
393 if($_SESSION['_config']['SSO'] == 1)
394 $csrsubject .= "/emailAddress = ".$user['uniqueID'];
395
396 $tmpname = tempnam("/tmp", "id4csr");
397 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
398 @unlink($tmpfname);
399 $csr = "";
400 $fp = fopen($tmpname, "r");
401 while($data = fgets($fp, 4096))
402 $csr .= $data;
403 fclose($fp);
404 @unlink($tmpname);
405 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
406 $_SESSION['_config']['rootcert'] = 1;
407
408 if($csr == "")
409 {
410 $id = 4;
411 showheader(_("My CAcert.org Account!"));
412 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
413 showfooter();
414 exit;
415 }
416 $query = "insert into emailcerts set
417 `CN`='$defaultemail',
418 `keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
419 `memid`='".$_SESSION['profile']['id']."',
420 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
421 `subject`='".mysql_real_escape_string($csrsubject)."',
422 `codesign`='".$_SESSION['_config']['codesign']."',
423 `rootcert`='".$_SESSION['_config']['rootcert']."'";
424 mysql_query($query);
425 $emailid = mysql_insert_id();
426 if(is_array($addys))
427 foreach($addys as $addy)
428 mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='".mysql_real_escape_string($addy)."'");
429 $CSRname=generatecertpath("csr","client",$emailid);
430 $fp = fopen($CSRname, "w");
431 fputs($fp, $csr);
432 fclose($fp);
433 mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
434 }
435 waitForResult("emailcerts", $emailid, 4);
436 $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
437 $res = mysql_query($query);
438 if(mysql_num_rows($res) <= 0)
439 {
440 $id = 4;
441 showheader(_("My CAcert.org Account!"));
442 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
443 showfooter();
444 exit;
445 } else {
446 $id = 6;
447 $cert = $emailid;
448 $_REQUEST['cert']=$emailid;
449 }
450 }
451
452 if($oldid == 7)
453 {
454 csrf_check("adddomain");
455 if(strstr($_REQUEST['newdomain'],"\x00"))
456 {
457 showheader(_("My CAcert.org Account!"));
458 echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
459 showfooter();
460 exit;
461 }
462
463 list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
464 while($newdomain['0'] == '-')
465 $newdomain = substr($newdomain, 1);
466 if(strstr($newdomain, "xn--") && $_SESSION['profile']['codesign'] <= 0)
467 {
468 showheader(_("My CAcert.org Account!"));
469 echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses.");
470 showfooter();
471 exit;
472 }
473
474 $newdom = trim(escapeshellarg($newdomain));
475 $newdomain = mysql_real_escape_string(trim($newdomain));
476
477 $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
478 $query = "select * from `domains` where `domain`='$newdomain' and `deleted`=0";
479 $res2 = mysql_query($query);
480 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
481 {
482 $oldid=0;
483 $id = 7;
484 showheader(_("My CAcert.org Account!"));
485 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
486 showfooter();
487 exit;
488 }
489 }
490
491 if($oldid == 7)
492 {
493 $oldid=0;
494 $id = 8;
495 $addy = array();
496 $adds = array();
497 if(strtolower(substr($newdom, -4, 3)) != ".jp")
498 $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
499 if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
500 {
501 if(is_array($adds))
502 foreach($adds as $line)
503 {
504 $bits = explode(":", $line, 2);
505 $line = trim($bits[1]);
506 if(!in_array($line, $addy) && $line != "")
507 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
508 }
509 } else {
510 if(is_array($adds))
511 foreach($adds as $line)
512 {
513 $line = trim(str_replace("\t", " ", $line));
514 $line = trim(str_replace("(", "", $line));
515 $line = trim(str_replace(")", " ", $line));
516 $line = trim(str_replace(":", " ", $line));
517
518 $bits = explode(" ", $line);
519 foreach($bits as $bit)
520 {
521 if(strstr($bit, "@"))
522 $line = $bit;
523 }
524 if(!in_array($line, $addy) && $line != "")
525 $addy[] = trim(mysql_real_escape_string(stripslashes($line)));
526 }
527 }
528
529 $rfc = array("root@$newdomain", "hostmaster@$newdomain", "postmaster@$newdomain", "admin@$newdomain", "webmaster@$newdomain");
530 foreach($rfc as $sub)
531 if(!in_array($sub, $addy))
532 $addy[] = $sub;
533 $_SESSION['_config']['addy'] = $addy;
534 $_SESSION['_config']['domain'] = mysql_real_escape_string($newdomain);
535 }
536
537 if($process != "" && $oldid == 8)
538 {
539 csrf_check('ctcinfo');
540 $oldid=0;
541 $id = 8;
542
543 $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy'])));
544
545 if($authaddy == "" || !is_array($_SESSION['_config']['addy']))
546 {
547 showheader(_("My CAcert.org Account!"));
548 echo _("The address you submitted isn't a valid authority address for the domain.");
549 showfooter();
550 exit;
551 }
552
553 if(!in_array($authaddy, $_SESSION['_config']['addy']))
554 {
555 showheader(_("My CAcert.org Account!"));
556 echo _("The address you submitted isn't a valid authority address for the domain.");
557 showfooter();
558 exit;
559 }
560
561 $query = "select * from `domains` where `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."' and `deleted`=0";
562 $res = mysql_query($query);
563 if(mysql_num_rows($res) > 0)
564 {
565 showheader(_("My CAcert.org Account!"));
566 printf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
567 showfooter();
568 exit;
569 }
570 $checkemail = checkEmail($authaddy);
571 if($checkemail != "OK")
572 {
573 showheader(_("My CAcert.org Account!"));
574 //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
575 if (substr($checkemail, 0, 1) == "4")
576 {
577 echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
578 } else {
579 echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
580 }
581 echo "<p>$checkemail</p>\n";
582 showfooter();
583 exit;
584 }
585
586 $hash = make_hash();
587 $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
588 `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
589 mysql_query($query);
590 $domainid = mysql_insert_id();
591
592 $body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
593 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
594 $body .= _("Best regards")."\n"._("CAcert.org Support!");
595
596 sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
597
598 showheader(_("My CAcert.org Account!"));
599 printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
600 showfooter();
601 exit;
602 }
603
604 if($process != "" && $oldid == 9)
605 {
606 $id = 9;
607 showheader(_("My CAcert.org Account!"));
608 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
609 {
610 echo _("The following domains have been removed:")."<br>
611 ("._("Any valid certificates will be revoked as well").")<br>\n";
612
613 foreach($_REQUEST['delid'] as $id)
614 {
615 $id = intval($id);
616 $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
617 $res = mysql_query($query);
618 if(mysql_num_rows($res) > 0)
619 {
620 $row = mysql_fetch_assoc($res);
621 echo $row['domain']."<br>\n";
622 mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
623 $dres = mysql_query("select * from `domlink` where `domid`='$id'");
624 while($drow = mysql_fetch_assoc($dres))
625 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
626 }
627 }
628 }
629 else
630 {
631 echo _("You did not select any domains for removal.");
632 }
633
634 showfooter();
635 exit;
636 }
637
638 if($process != "" && $oldid == 10)
639 {
640 $CSR = clean_csr($_REQUEST['CSR']);
641 if(strpos($CSR,"---BEGIN")===FALSE)
642 {
643 // In case the CSR is missing the ---BEGIN lines, add them automatically:
644 $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
645 }
646
647 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
648 {
649 showheader(_("My CAcert.org Account!"));
650 echo $weakKey;
651 showfooter();
652 exit;
653 }
654
655 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
656 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
657 fputs($fp, $CSR);
658 fclose($fp);
659 $CSR = $_SESSION['_config']['tmpfname'];
660 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
661 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
662 foreach($bits as $val)
663 {
664 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
665 }
666 $id = 11;
667
668 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
669 extractit();
670 getcn();
671 getalt();
672
673 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
674 {
675 showheader(_("My CAcert.org Account!"));
676 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
677 showfooter();
678 exit;
679 }
680
681 $_SESSION['_config']['rootcert'] = 1;
682 if($_SESSION['profile']['points'] >= 50)
683 {
684 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
685 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
686 $_SESSION['_config']['rootcert'] = 1;
687 }
688 }
689
690 if($process != "" && $oldid == 11)
691 {
692 if(!file_exists($_SESSION['_config']['tmpfname']))
693 {
694 showheader(_("My CAcert.org Account!"));
695 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
696 showfooter();
697 exit;
698 }
699
700 if (($weakKey = checkWeakKeyCSR(file_get_contents(
701 $_SESSION['_config']['tmpfname']))) !== "")
702 {
703 showheader(_("My CAcert.org Account!"));
704 echo $weakKey;
705 showfooter();
706 exit;
707 }
708
709 $id = 11;
710 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
711 {
712 showheader(_("My CAcert.org Account!"));
713 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
714 showfooter();
715 exit;
716 }
717
718 $subject = "";
719 $count = 0;
720 $supressSAN=0;
721 if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
722
723 if(is_array($_SESSION['_config']['rows']))
724 foreach($_SESSION['_config']['rows'] as $row)
725 {
726 $count++;
727 if($count <= 1)
728 {
729 $subject .= "/CN=$row";
730 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
731 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
732 } else {
733 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
734 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
735 }
736 }
737 if(is_array($_SESSION['_config']['altrows']))
738 foreach($_SESSION['_config']['altrows'] as $row)
739 {
740 if(substr($row, 0, 4) == "DNS:")
741 {
742 $row = substr($row, 4);
743 if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
744 if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
745 }
746 }
747 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
748 $_SESSION['_config']['rootcert'] = 1;
749
750 if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
751 {
752 $query = "insert into `domaincerts` set
753 `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
754 `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
755 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
756 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
757 } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
758 $query = "insert into `domaincerts` set
759 `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
760 `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
761 `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
762 `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
763 } else {
764 showheader(_("My CAcert.org Account!"));
765 echo _("Domain not verified.");
766 showfooter();
767 exit;
768
769 }
770
771 mysql_query($query);
772 $CSRid = mysql_insert_id();
773
774 if(is_array($_SESSION['_config']['rowid']))
775 foreach($_SESSION['_config']['rowid'] as $dom)
776 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
777 if(is_array($_SESSION['_config']['altid']))
778 foreach($_SESSION['_config']['altid'] as $dom)
779 mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
780
781 $CSRname=generatecertpath("csr","server",$CSRid);
782 rename($_SESSION['_config']['tmpfname'], $CSRname);
783 chmod($CSRname,0644);
784 mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
785 waitForResult("domaincerts", $CSRid, 11);
786 $query = "select * from `domaincerts` where `id`='$CSRid' and `crt_name` != ''";
787 $res = mysql_query($query);
788 if(mysql_num_rows($res) <= 0)
789 {
790 $id = 11;
791 showheader(_("My CAcert.org Account!"));
792 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
793 showfooter();
794 exit;
795 } else {
796 $id = 15;
797 $cert = $CSRid;
798 $_REQUEST['cert']=$CSRid;
799 }
800 }
801
802 if($oldid == 12 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
803 {
804 csrf_check('srvcerchange');
805 $id = 12;
806 showheader(_("My CAcert.org Account!"));
807 if(is_array($_REQUEST['revokeid']))
808 {
809 echo _("Now renewing the following certificates:")."<br>\n";
810 foreach($_REQUEST['revokeid'] as $id)
811 {
812 $id = intval($id);
813 echo _("Processing request")." $id:<br/>";
814 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
815 where `domaincerts`.`id`='$id' and
816 `domaincerts`.`domid`=`domains`.`id` and
817 `domains`.`memid`='".$_SESSION['profile']['id']."'";
818 $res = mysql_query($query);
819 if(mysql_num_rows($res) <= 0)
820 {
821 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
822 continue;
823 }
824
825 $row = mysql_fetch_assoc($res);
826
827 if (($weakKey = checkWeakKeyX509(file_get_contents(
828 $row['crt_name']))) !== "")
829 {
830 echo $weakKey, "<br/>\n";
831 continue;
832 }
833
834 mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
835 $query = "insert into `domaincerts` set
836 `domid`='".$row['domid']."',
837 `CN`='".mysql_real_escape_string($row['CN'])."',
838 `subject`='".mysql_real_escape_string($row['subject'])."',".
839 //`csr_name`='".$row['csr_name']."', // RACE CONDITION
840 "`created`='".$row['created']."',
841 `modified`=NOW(),
842 `rootcert`='".$row['rootcert']."',
843 `type`='".$row['type']."',
844 `pkhash`='".$row['pkhash']."'";
845 mysql_query($query);
846 $newid = mysql_insert_id();
847 $newfile=generatecertpath("csr","server",$newid);
848 copy($row['csr_name'], $newfile);
849 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
850 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
851 foreach($bits as $val)
852 {
853 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
854 }
855 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
856 extractit();
857 getcn();
858 getalt();
859
860 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
861 {
862 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
863 continue;
864 }
865
866 $subject = "";
867 $count = 0;
868 if(is_array($_SESSION['_config']['rows']))
869 foreach($_SESSION['_config']['rows'] as $row)
870 {
871 $count++;
872 if($count <= 1)
873 {
874 $subject .= "/CN=$row";
875 if(!strstr($subject, "=$row/") &&
876 substr($subject, -strlen("=$row")) != "=$row")
877 $subject .= "/subjectAltName=$row";
878 } else {
879 if(!strstr($subject, "=$row/") &&
880 substr($subject, -strlen("=$row")) != "=$row")
881 $subject .= "/subjectAltName=$row";
882 }
883 }
884 if(is_array($_SESSION['_config']['altrows']))
885 foreach($_SESSION['_config']['altrows'] as $row)
886 if(!strstr($subject, "=$row/") &&
887 substr($subject, -strlen("=$row")) != "=$row")
888 $subject .= "/subjectAltName=$row";
889 $subject = mysql_real_escape_string($subject);
890 mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
891
892 echo _("Renewing").": ".sanitizeHTML($_SESSION['_config']['0.CN'])."<br>\n";
893 waitForResult("domaincerts", $newid,$oldid,0);
894 $query = "select * from `domaincerts` where `id`='$newid' and `crt_name` != ''";
895 $res = mysql_query($query);
896 if(mysql_num_rows($res) <= 0)
897 {
898 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
899 } else {
900 $drow = mysql_fetch_assoc($res);
901 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
902 echo "<pre>\n$cert\n</pre>\n";
903 }
904 }
905 }
906 else
907 {
908 echo _("You did not select any certificates for renewal.");
909 }
910 showfooter();
911 exit;
912 }
913
914 if($oldid == 12 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
915 {
916 csrf_check('srvcerchange');
917 $id = 12;
918 showheader(_("My CAcert.org Account!"));
919 if(is_array($_REQUEST['revokeid']))
920 {
921 echo _("Now revoking the following certificates:")."<br>\n";
922 foreach($_REQUEST['revokeid'] as $id)
923 {
924 $id = intval($id);
925 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
926 where `domaincerts`.`id`='$id' and
927 `domaincerts`.`domid`=`domains`.`id` and
928 `domains`.`memid`='".$_SESSION['profile']['id']."'";
929 $res = mysql_query($query);
930 if(mysql_num_rows($res) <= 0)
931 {
932 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
933 continue;
934 }
935 $row = mysql_fetch_assoc($res);
936 if($row['revoke'] > 0)
937 {
938 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
939 continue;
940 }
941 mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
942 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
943 }
944 }
945 else
946 {
947 echo _("You did not select any certificates for revocation.");
948 }
949
950 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
951 {
952 echo _("Now deleting the following pending requests:")."<br>\n";
953 foreach($_REQUEST['delid'] as $id)
954 {
955 $id = intval($id);
956 $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
957 where `domaincerts`.`id`='$id' and
958 `domaincerts`.`domid`=`domains`.`id` and
959 `domains`.`memid`='".$_SESSION['profile']['id']."'";
960 $res = mysql_query($query);
961 if(mysql_num_rows($res) <= 0)
962 {
963 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
964 continue;
965 }
966 $row = mysql_fetch_assoc($res);
967 if($row['expired'] > 0)
968 {
969 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
970 continue;
971 }
972 mysql_query("delete from `domaincerts` where `id`='$id'");
973 @unlink($row['csr_name']);
974 @unlink($row['crt_name']);
975 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
976 }
977 }
978 showfooter();
979 exit;
980 }
981
982 if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
983 {
984 showheader(_("My CAcert.org Account!"));
985 if(is_array($_REQUEST['revokeid']))
986 {
987 echo _("Now renewing the following certificates:")."<br>\n";
988 foreach($_REQUEST['revokeid'] as $id)
989 {
990 $id = intval($id);
991 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
992 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
993 $res = mysql_query($query);
994 if(mysql_num_rows($res) <= 0)
995 {
996 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
997 continue;
998 }
999
1000 $row = mysql_fetch_assoc($res);
1001
1002 if (($weakKey = checkWeakKeyX509(file_get_contents(
1003 $row['crt_name']))) !== "")
1004 {
1005 echo $weakKey, "<br/>\n";
1006 continue;
1007 }
1008
1009 mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
1010 $query = "insert into emailcerts set
1011 `memid`='".$row['memid']."',
1012 `CN`='".mysql_real_escape_string($row['CN'])."',
1013 `subject`='".mysql_real_escape_string($row['subject'])."',
1014 `keytype`='".$row['keytype']."',
1015 `csr_name`='".$row['csr_name']."',
1016 `created`='".$row['created']."',
1017 `modified`=NOW(),
1018 `disablelogin`='".$row['disablelogin']."',
1019 `codesign`='".$row['codesign']."',
1020 `rootcert`='".$row['rootcert']."'";
1021 mysql_query($query);
1022 $newid = mysql_insert_id();
1023 $newfile=generatecertpath("csr","client",$newid);
1024 copy($row['csr_name'], $newfile);
1025 mysql_query("update `emailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1026 $res = mysql_query("select * from `emaillink` where `emailcertsid`='".$row['id']."'");
1027 while($r2 = mysql_fetch_assoc($res))
1028 {
1029 mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
1030 `emailcertsid`='$newid'");
1031 }
1032 waitForResult("emailcerts", $newid,$oldid,0);
1033 $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
1034 $res = mysql_query($query);
1035 if(mysql_num_rows($res) <= 0)
1036 {
1037 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1038 } else {
1039 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1040 echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
1041 _("Click here")."</a> "._("to install your certificate.")."<br/><br/>\n";
1042 }
1043 }
1044 }
1045 else
1046 {
1047 echo _("You did not select any certificates for renewal.")."<br/>";
1048 }
1049
1050 showfooter();
1051 exit;
1052 }
1053
1054 if($oldid == 5 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1055 {
1056 $id = 5;
1057 showheader(_("My CAcert.org Account!"));
1058 if(array_key_exists('revokeid',$_REQUEST) && is_array($_REQUEST['revokeid']))
1059 {
1060 echo _("Now revoking the following certificates:")."<br>\n";
1061 foreach($_REQUEST['revokeid'] as $id)
1062 {
1063 $id = intval($id);
1064 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
1065 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1066 $res = mysql_query($query);
1067 if(mysql_num_rows($res) <= 0)
1068 {
1069 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1070 continue;
1071 }
1072 $row = mysql_fetch_assoc($res);
1073 if($row['revoke'] > 0)
1074 {
1075 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1076 continue;
1077 }
1078 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1079 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1080 }
1081 }
1082 else
1083 {
1084 echo _("You did not select any certificates for revocation.");
1085 }
1086
1087 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1088 {
1089 echo _("Now deleting the following pending requests:")."<br>\n";
1090 foreach($_REQUEST['delid'] as $id)
1091 {
1092 $id = intval($id);
1093 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
1094 where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
1095 $res = mysql_query($query);
1096 if(mysql_num_rows($res) <= 0)
1097 {
1098 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1099 continue;
1100 }
1101 $row = mysql_fetch_assoc($res);
1102 if($row['expired'] > 0)
1103 {
1104 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1105 continue;
1106 }
1107 mysql_query("delete from `emailcerts` where `id`='$id'");
1108 @unlink($row['csr_name']);
1109 @unlink($row['crt_name']);
1110 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1111 }
1112 }
1113 showfooter();
1114 exit;
1115 }
1116
1117 if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
1118 {
1119 showheader(_("My CAcert.org Account!"));
1120 //echo _("Now changing the settings for the following certificates:")."<br>\n";
1121 foreach($_REQUEST as $id => $val)
1122 {
1123 //echo $id."<br/>";
1124 if(substr($id,0,5)=="cert_")
1125 {
1126 $id = intval(substr($id,5));
1127 $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
1128 //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
1129 mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
1130 //$row = mysql_fetch_assoc($res);
1131 }
1132 }
1133 echo(_("Certificate settings have been changed.")."<br/>\n");
1134 showfooter();
1135 exit;
1136 }
1137
1138
1139 if($oldid == 13 && $process != "")
1140 {
1141 csrf_check("perschange");
1142 $_SESSION['_config']['user'] = $_SESSION['profile'];
1143
1144 $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
1145 $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
1146 $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
1147 $_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
1148 $_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
1149 $_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
1150 $_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
1151 $_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
1152 $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
1153 $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
1154
1155 if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
1156 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
1157 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
1158 $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
1159 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
1160 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
1161 $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
1162 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
1163 $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
1164 $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
1165 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
1166 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
1167 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
1168 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
1169 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
1170 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
1171 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
1172 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
1173 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
1174 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
1175 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
1176 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
1177 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
1178 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
1179 $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
1180 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
1181 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
1182 $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
1183 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
1184 $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
1185 $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
1186 {
1187 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
1188 $id = $oldid;
1189 $oldid=0;
1190 }
1191
1192 if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
1193 $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
1194 $_SESSION['_config']['user']['Q5'] == "")
1195 {
1196 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
1197 $id = $oldid;
1198 $oldid=0;
1199 }
1200 }
1201
1202 if($oldid == 13 && $process != "")
1203 {
1204 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1205 $ddres = mysql_query($ddquery);
1206 $ddrow = mysql_fetch_assoc($ddres);
1207 $_SESSION['profile']['points'] = $ddrow['total'];
1208
1209 if($_SESSION['profile']['points'] == 0)
1210 {
1211 $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
1212 $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
1213 $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
1214 $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
1215 $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
1216 $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
1217 $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
1218
1219 if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
1220 {
1221 $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."<br>";
1222 $id = $oldid;
1223 $oldid=0;
1224 }
1225 if($_SESSION['_config']['user']['year'] < 1900 || $_SESSION['_config']['user']['month'] < 1 || $_SESSION['_config']['user']['month'] > 12 ||
1226 $_SESSION['_config']['user']['day'] < 1 || $_SESSION['_config']['user']['day'] > 31)
1227 {
1228 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
1229 $id = $oldid;
1230 $oldid=0;
1231 }
1232 }
1233 }
1234
1235 if($oldid == 13 && $process != "")
1236 {
1237 if($_SESSION['profile']['points'] == 0)
1238 {
1239 $query = "update `users` set `fname`='".$_SESSION['_config']['user']['fname']."',
1240 `mname`='".$_SESSION['_config']['user']['mname']."',
1241 `lname`='".$_SESSION['_config']['user']['lname']."',
1242 `suffix`='".$_SESSION['_config']['user']['suffix']."',
1243 `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
1244 where `id`='".$_SESSION['profile']['id']."'";
1245 mysql_query($query);
1246 }
1247 $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
1248 `Q2`='".$_SESSION['_config']['user']['Q2']."',
1249 `Q3`='".$_SESSION['_config']['user']['Q3']."',
1250 `Q4`='".$_SESSION['_config']['user']['Q4']."',
1251 `Q5`='".$_SESSION['_config']['user']['Q5']."',
1252 `A1`='".$_SESSION['_config']['user']['A1']."',
1253 `A2`='".$_SESSION['_config']['user']['A2']."',
1254 `A3`='".$_SESSION['_config']['user']['A3']."',
1255 `A4`='".$_SESSION['_config']['user']['A4']."',
1256 `A5`='".$_SESSION['_config']['user']['A5']."'
1257 where `id`='".$_SESSION['profile']['id']."'";
1258 mysql_query($query);
1259
1260 //!!!Should be rewritten
1261 $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
1262 $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
1263 if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
1264 {
1265 $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
1266 `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
1267 mysql_query($query);
1268 }
1269
1270 $_SESSION['_config']['user']['set'] = 0;
1271 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
1272 $_SESSION['profile']['loggedin'] = 1;
1273
1274 $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
1275 $ddres = mysql_query($ddquery);
1276 $ddrow = mysql_fetch_assoc($ddres);
1277 $_SESSION['profile']['points'] = $ddrow['total'];
1278
1279
1280 $id = 13;
1281 showheader(_("My CAcert.org Account!"));
1282 echo _("Your details have been updated with the database.");
1283 showfooter();
1284 exit;
1285 }
1286
1287 if($oldid == 14 && $process != "")
1288 {
1289 $_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['oldpassword'])));
1290 $_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
1291 $_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
1292
1293 $id = 14;
1294 csrf_check("pwchange");
1295
1296 showheader(_("My CAcert.org Account!"));
1297 if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
1298 {
1299 echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
1300 '</h3>', "\n";
1301 echo _("New Pass Phrases specified don't match or were blank.");
1302 } else {
1303 $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
1304 $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
1305
1306 if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
1307 {
1308 $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
1309 (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
1310 `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
1311 $rc = mysql_num_rows($match);
1312 } else {
1313 $rc = 1;
1314 }
1315
1316 if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
1317 echo '<h3 style="color:red">',
1318 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1319 echo _("The Pass Phrase you submitted was too short.");
1320 } else if($score < 3) {
1321 echo '<h3 style="color:red">',
1322 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1323 printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
1324 } else if($rc <= 0) {
1325 echo '<h3 style="color:red">',
1326 _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
1327 echo _("You failed to correctly enter your current Pass Phrase.");
1328 } else {
1329 mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
1330 where `id`='".$_SESSION['profile']['id']."'");
1331 echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
1332 echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
1333 $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
1334 $body .= _("You are receiving this email because you or someone else")."\n";
1335 $body .= _("has changed the password on your account.")."\n";
1336
1337 $body .= _("Best regards")."\n"._("CAcert.org Support!");
1338
1339 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("Password Update Notification"), $body,
1340 "support@cacert.org", "", "", "CAcert Support");
1341 }
1342 }
1343 showfooter();
1344 exit;
1345 }
1346
1347 if($oldid == 16)
1348 {
1349 $id = 16;
1350 $_SESSION['_config']['emails'] = array();
1351
1352 foreach($_REQUEST['emails'] as $val)
1353 {
1354 $val = mysql_real_escape_string(stripslashes(trim($val)));
1355 $bits = explode("@", $val);
1356 $count = count($bits);
1357 if($count != 2)
1358 continue;
1359
1360 if(checkownership($bits[1]) == false)
1361 continue;
1362
1363 if(!is_array($_SESSION['_config']['row']))
1364 continue;
1365 else if($_SESSION['_config']['row']['id'] > 0)
1366 $_SESSION['_config']['domids'][] = $_SESSION['_config']['row']['id'];
1367
1368 if($val != "")
1369 $_SESSION['_config']['emails'][] = $val;
1370 }
1371 $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
1372 $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
1373 }
1374
1375 if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
1376 {
1377 $id = 16;
1378 showheader(_("My CAcert.org Account!"));
1379 echo _("I couldn't match any emails against your organisational account.");
1380 showfooter();
1381 exit;
1382 }
1383
1384 if($oldid == 16 && $process != "")
1385 {
1386
1387 if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
1388 {
1389 $_REQUEST['codesign'] = 1;
1390 $_SESSION['_config']['codesign'] = 1;
1391 }
1392 else
1393 {
1394 $_REQUEST['codesign'] = 0;
1395 $_SESSION['_config']['codesign'] = 0;
1396 }
1397
1398 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1399 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1400 $_SESSION['_config']['rootcert'] = 1;
1401
1402 if(@count($_SESSION['_config']['emails']) > 0)
1403 $id = 17;
1404 }
1405
1406 if($oldid == 17)
1407 {
1408 $org = $_SESSION['_config']['row'];
1409 if($_REQUEST['keytype'] == "NS")
1410 {
1411 $spkac=""; if(preg_match("/^[a-zA-Z0-9+=\/]+$/", trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC']))))) $spkac=trim(str_replace("\n", "", str_replace("\r", "",$_REQUEST['SPKAC'])));
1412
1413 if($spkac == "" || strlen($spkac) < 128)
1414 {
1415 $id = 17;
1416 showheader(_("My CAcert.org Account!"));
1417 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1418 showfooter();
1419 exit;
1420 }
1421
1422 $count = 0;
1423 $emails = "";
1424 $addys = array();
1425 if(is_array($_SESSION['_config']['emails']))
1426 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1427 {
1428 if(!$emails)
1429 $defaultemail = $_REQUEST['email'];
1430 $emails .= "$count.emailAddress = $_REQUEST[email]\n";
1431 $count++;
1432 }
1433 if($_SESSION['_config']['name'] != "")
1434 $emails .= "commonName = ".$_SESSION['_config']['name']."\n";
1435 if($_SESSION['_config']['OU'])
1436 $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
1437 if($org['O'])
1438 $emails .= "organizationName = ".$org['O']."\n";
1439 if($org['L'])
1440 $emails .= "localityName = ".$org['L']."\n";
1441 if($org['ST'])
1442 $emails .= "stateOrProvinceName = ".$org['ST']."\n";
1443 if($org['C'])
1444 $emails .= "countryName = ".$org['C']."\n";
1445 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1446 $_SESSION['_config']['rootcert'] = 1;
1447
1448 $emails .= "SPKAC = $spkac";
1449 if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
1450 {
1451 $id = 17;
1452 showheader(_("My CAcert.org Account!"));
1453 echo $weakKey;
1454 showfooter();
1455 exit;
1456 }
1457
1458 $query = "insert into `orgemailcerts` set
1459 `CN`='$defaultemail',
1460 `keytype`='NS',
1461 `orgid`='".$org['orgid']."',
1462 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1463 `codesign`='".$_SESSION['_config']['codesign']."',
1464 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1465 mysql_query($query);
1466 $emailid = mysql_insert_id();
1467
1468 foreach($_SESSION['_config']['domids'] as $addy)
1469 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1470
1471 $CSRname=generatecertpath("csr","orgclient",$emailid);
1472 $fp = fopen($CSRname, "w");
1473 fputs($fp, $emails);
1474 fclose($fp);
1475 $challenge=$_SESSION['spkac_hash'];
1476 $res=`openssl spkac -verify -in $CSRname`;
1477 if(!strstr($res,"Challenge String: ".$challenge))
1478 {
1479 $id = $oldid;
1480 showheader(_("My CAcert.org Account!"));
1481 echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
1482 showfooter();
1483 exit;
1484 }
1485 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1486 } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
1487 $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
1488
1489 if (($weakKey = checkWeakKeyCSR($csr)) !== "")
1490 {
1491 $id = 17;
1492 showheader(_("My CAcert.org Account!"));
1493 echo $weakKey;
1494 showfooter();
1495 exit;
1496 }
1497
1498 $tmpfname = tempnam("/tmp", "id17CSR");
1499 $fp = fopen($tmpfname, "w");
1500 fputs($fp, $csr);
1501 fclose($fp);
1502
1503 $addys = array();
1504 $defaultemail = "";
1505 $csrsubject="";
1506
1507 if($_SESSION['_config']['name'] != "")
1508 $csrsubject = "/CN=".$_SESSION['_config']['name'];
1509 if(is_array($_SESSION['_config']['emails']))
1510 foreach($_SESSION['_config']['emails'] as $_REQUEST['email'])
1511 {
1512 if($defaultemail == "")
1513 $defaultemail = $_REQUEST['email'];
1514 $csrsubject .= "/emailAddress=$_REQUEST[email]";
1515 }
1516 if($_SESSION['_config']['OU'])
1517 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1518 if($org['O'])
1519 $csrsubject .= "/organizationName=".$org['O'];
1520 if($org['L'])
1521 $csrsubject .= "/localityName=".$org['L'];
1522 if($org['ST'])
1523 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1524 if($org['C'])
1525 $csrsubject .= "/countryName=".$org['C'];
1526
1527 $tmpname = tempnam("/tmp", "id17csr");
1528 $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
1529 @unlink($tmpfname);
1530 $csr = "";
1531 $fp = fopen($tmpname, "r");
1532 while($data = fgets($fp, 4096))
1533 $csr .= $data;
1534 fclose($fp);
1535 @unlink($tmpname);
1536
1537 if($csr == "")
1538 {
1539 showheader(_("My CAcert.org Account!"));
1540 echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
1541 showfooter();
1542 exit;
1543 }
1544 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1545 $_SESSION['_config']['rootcert'] = 1;
1546
1547 $query = "insert into `orgemailcerts` set
1548 `CN`='$defaultemail',
1549 `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
1550 `orgid`='".$org['orgid']."',
1551 `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
1552 `subject`='$csrsubject',
1553 `codesign`='".$_SESSION['_config']['codesign']."',
1554 `rootcert`='".$_SESSION['_config']['rootcert']."'";
1555 mysql_query($query);
1556 $emailid = mysql_insert_id();
1557
1558 foreach($_SESSION['_config']['domids'] as $addy)
1559 mysql_query("insert into `domemaillink` set `emailcertsid`='$emailid', `emailid`='$addy'");
1560
1561 $CSRname=generatecertpath("csr","orgclient",$emailid);
1562 $fp = fopen($CSRname, "w");
1563 fputs($fp, $csr);
1564 fclose($fp);
1565 mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
1566 }
1567 waitForResult("orgemailcerts", $emailid,$oldid);
1568 $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
1569 $res = mysql_query($query);
1570 if(mysql_num_rows($res) <= 0)
1571 {
1572 showheader(_("My CAcert.org Account!"));
1573 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1574 showfooter();
1575 exit;
1576 } else {
1577 $id = 19;
1578 $cert = $emailid;
1579 $_REQUEST['cert']=$emailid;
1580 }
1581 }
1582
1583 if($oldid == 18 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1584 {
1585 csrf_check('clicerchange');
1586 showheader(_("My CAcert.org Account!"));
1587 if(is_array($_REQUEST['revokeid']))
1588 {
1589 $id = 18;
1590 echo _("Now renewing the following certificates:")."<br>\n";
1591 foreach($_REQUEST['revokeid'] as $id)
1592 {
1593 echo "Renewing certificate #$id ...\n<br/>";
1594 $id = intval($id);
1595 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1596 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1597 `org`.`orgid`=`orgemailcerts`.`orgid`";
1598 $res = mysql_query($query);
1599 if(mysql_num_rows($res) <= 0)
1600 {
1601 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1602 continue;
1603 }
1604
1605 $row = mysql_fetch_assoc($res);
1606
1607 if (($weakKey = checkWeakKeyX509(file_get_contents(
1608 $row['crt_name']))) !== "")
1609 {
1610 echo $weakKey, "<br/>\n";
1611 continue;
1612 }
1613
1614 mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
1615 if($row['revoke'] > 0)
1616 {
1617 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1618 continue;
1619 }
1620 $query = "insert into `orgemailcerts` set
1621 `orgid`='".$row['orgid']."',
1622 `CN`='".$row['CN']."',
1623 `subject`='".$row['subject']."',
1624 `keytype`='".$row['keytype']."',
1625 `csr_name`='".$row['csr_name']."',
1626 `created`='".$row['created']."',
1627 `modified`=NOW(),
1628 `codesign`='".$row['codesign']."',
1629 `rootcert`='".$row['rootcert']."'";
1630 mysql_query($query);
1631 $newid = mysql_insert_id();
1632 $newfile=generatecertpath("csr","orgclient",$newid);
1633 copy($row['csr_name'], $newfile);
1634 mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
1635 waitForResult("orgemailcerts", $newid,$oldid,0);
1636 $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
1637 $res = mysql_query($query);
1638 if(mysql_num_rows($res) > 0)
1639 {
1640 printf(_("Certificate for '%s' has been renewed."), $row['CN']);
1641 echo "<a href='account.php?id=19&cert=$newid' target='_new'>".
1642 _("Click here")."</a> "._("to install your certificate.");
1643 }
1644 echo("<br/>");
1645 }
1646 }
1647 else
1648 {
1649 echo _("You did not select any certificates for renewal.");
1650 }
1651 showfooter();
1652 exit;
1653 }
1654
1655 if($oldid == 18 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1656 {
1657 csrf_check('clicerchange');
1658 $id = 18;
1659 showheader(_("My CAcert.org Account!"));
1660 if(is_array($_REQUEST['revokeid']))
1661 {
1662 echo _("Now revoking the following certificates:")."<br>\n";
1663 foreach($_REQUEST['revokeid'] as $id)
1664 {
1665 $id = intval($id);
1666 $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
1667 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1668 `org`.`orgid`=`orgemailcerts`.`orgid`";
1669 $res = mysql_query($query);
1670 if(mysql_num_rows($res) <= 0)
1671 {
1672 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1673 continue;
1674 }
1675 $row = mysql_fetch_assoc($res);
1676 if($row['revoke'] > 0)
1677 {
1678 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1679 continue;
1680 }
1681 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
1682 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
1683 }
1684 }
1685 else
1686 {
1687 echo _("You did not select any certificates for revocation.");
1688 }
1689
1690 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
1691 {
1692 echo _("Now deleting the following pending requests:")."<br>\n";
1693 foreach($_REQUEST['delid'] as $id)
1694 {
1695 $id = intval($id);
1696 $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
1697 where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
1698 `org`.`orgid`=`orgemailcerts`.`orgid`";
1699 $res = mysql_query($query);
1700 if(mysql_num_rows($res) <= 0)
1701 {
1702 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1703 continue;
1704 }
1705 $row = mysql_fetch_assoc($res);
1706 if($row['expired'] > 0)
1707 {
1708 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
1709 continue;
1710 }
1711 mysql_query("delete from `orgemailcerts` where `id`='$id'");
1712 @unlink($row['csr_name']);
1713 @unlink($row['crt_name']);
1714 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
1715 }
1716 }
1717 showfooter();
1718 exit;
1719 }
1720
1721 if($process != "" && $oldid == 20)
1722 {
1723 $CSR = clean_csr($_REQUEST['CSR']);
1724
1725 if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
1726 {
1727 $id = 20;
1728 showheader(_("My CAcert.org Account!"));
1729 echo $weakKey;
1730 showfooter();
1731 exit;
1732 }
1733
1734 $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
1735 $fp = fopen($_SESSION['_config']['tmpfname'], "w");
1736 fputs($fp, $CSR);
1737 fclose($fp);
1738 $CSR = $_SESSION['_config']['tmpfname'];
1739 $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
1740 $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
1741 foreach($bits as $val)
1742 {
1743 $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
1744 }
1745 $id = 21;
1746
1747 $_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
1748 extractit();
1749 getcn2();
1750 getalt2();
1751
1752 $query = "select * from `orginfo`,`org`,`orgdomains` where
1753 `org`.`memid`='".$_SESSION['profile']['id']."' and
1754 `org`.`orgid`=`orginfo`.`id` and
1755 `org`.`orgid`=`orgdomains`.`orgid` and
1756 `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
1757 $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
1758 $query = "select * from `orginfo`,`org`,`orgdomains` where
1759 `org`.`memid`='".$_SESSION['profile']['id']."' and
1760 `org`.`orgid`=`orginfo`.`id` and
1761 `org`.`orgid`=`orgdomains`.`orgid` and
1762 `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
1763 $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
1764 //echo "<pre>"; print_r($_SESSION['_config']); die;
1765
1766 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1767 {
1768 $id = 20;
1769 showheader(_("My CAcert.org Account!"));
1770 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1771 showfooter();
1772 exit;
1773 }
1774
1775 $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
1776 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1777 $_SESSION['_config']['rootcert'] = 1;
1778 }
1779
1780 if($process != "" && $oldid == 21)
1781 {
1782 $id = 21;
1783
1784 if(!file_exists($_SESSION['_config']['tmpfname']))
1785 {
1786 showheader(_("My CAcert.org Account!"));
1787 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1788 showfooter();
1789 exit;
1790 }
1791
1792 if (($weakKey = checkWeakKeyCSR(file_get_contents(
1793 $_SESSION['_config']['tmpfname']))) !== "")
1794 {
1795 showheader(_("My CAcert.org Account!"));
1796 echo $weakKey;
1797 showfooter();
1798 exit;
1799 }
1800
1801 if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
1802 {
1803 showheader(_("My CAcert.org Account!"));
1804 echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
1805 showfooter();
1806 exit;
1807 }
1808
1809 if($_SESSION['_config']['rowid']['0'] > 0)
1810 {
1811 $query = "select * from `org`,`orginfo` where
1812 `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
1813 `orginfo`.`id`=`org`.`orgid` and
1814 `org`.`memid`='".$_SESSION['profile']['id']."'";
1815 } else {
1816 $query = "select * from `org`,`orginfo` where
1817 `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
1818 `orginfo`.`id`=`org`.`orgid` and
1819 `org`.`memid`='".$_SESSION['profile']['id']."'";
1820 }
1821 $org = mysql_fetch_assoc(mysql_query($query));
1822 $csrsubject = "";
1823
1824 if($_SESSION['_config']['OU'])
1825 $csrsubject .= "/organizationalUnitName=".$_SESSION['_config']['OU'];
1826 if($org['O'])
1827 $csrsubject .= "/organizationName=".$org['O'];
1828 if($org['L'])
1829 $csrsubject .= "/localityName=".$org['L'];
1830 if($org['ST'])
1831 $csrsubject .= "/stateOrProvinceName=".$org['ST'];
1832 if($org['C'])
1833 $csrsubject .= "/countryName=".$org['C'];
1834 //if($org['contact'])
1835 // $csrsubject .= "/emailAddress=".trim($org['contact']);
1836
1837 if(is_array($_SESSION['_config']['rows']))
1838 foreach($_SESSION['_config']['rows'] as $row)
1839 $csrsubject .= "/commonName=$row";
1840 $SAN="";
1841 if(is_array($_SESSION['_config']['altrows']))
1842 foreach($_SESSION['_config']['altrows'] as $subalt)
1843 {
1844 if($SAN != "")
1845 $SAN .= ",";
1846 $SAN .= "$subalt";
1847 }
1848
1849 if($SAN != "")
1850 $csrsubject .= "/subjectAltName=".$SAN;
1851
1852 $type="";
1853 if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
1854 if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
1855 $_SESSION['_config']['rootcert'] = 1;
1856
1857 if($_SESSION['_config']['rowid']['0'] > 0)
1858 {
1859 $query = "insert into `orgdomaincerts` set
1860 `CN`='".$_SESSION['_config']['rows']['0']."',
1861 `orgid`='".$org['id']."',
1862 `created`=NOW(),
1863 `subject`='$csrsubject',
1864 `rootcert`='".$_SESSION['_config']['rootcert']."',
1865 `type`='$type'";
1866 } else {
1867 $query = "insert into `orgdomaincerts` set
1868 `CN`='".$_SESSION['_config']['altrows']['0']."',
1869 `orgid`='".$org['id']."',
1870 `created`=NOW(),
1871 `subject`='$csrsubject',
1872 `rootcert`='".$_SESSION['_config']['rootcert']."',
1873 `type`='$type'";
1874 }
1875 mysql_query($query);
1876 $CSRid = mysql_insert_id();
1877
1878 $CSRname=generatecertpath("csr","orgserver",$CSRid);
1879 rename($_SESSION['_config']['tmpfname'], $CSRname);
1880 chmod($CSRname,0644);
1881 mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
1882 if(is_array($_SESSION['_config']['rowid']))
1883 foreach($_SESSION['_config']['rowid'] as $id)
1884 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1885 if(is_array($_SESSION['_config']['altid']))
1886 foreach($_SESSION['_config']['altid'] as $id)
1887 mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
1888 waitForResult("orgdomaincerts", $CSRid,$oldid);
1889 $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
1890 $res = mysql_query($query);
1891 if(mysql_num_rows($res) <= 0)
1892 {
1893 showheader(_("My CAcert.org Account!"));
1894 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1895 showfooter();
1896 exit;
1897 } else {
1898 $id = 23;
1899 $cert = $CSRid;
1900 $_REQUEST['cert']=$CSRid;
1901 }
1902 }
1903
1904 if($oldid == 22 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
1905 {
1906 csrf_check('orgsrvcerchange');
1907 showheader(_("My CAcert.org Account!"));
1908 if(is_array($_REQUEST['revokeid']))
1909 {
1910 echo _("Now renewing the following certificates:")."<br>\n";
1911 foreach($_REQUEST['revokeid'] as $id)
1912 {
1913 $id = intval($id);
1914 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1915 `orgdomaincerts`,`org`
1916 where `orgdomaincerts`.`id`='$id' and
1917 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1918 `org`.`memid`='".$_SESSION['profile']['id']."'";
1919 $res = mysql_query($query);
1920 if(mysql_num_rows($res) <= 0)
1921 {
1922 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
1923 continue;
1924 }
1925
1926 $row = mysql_fetch_assoc($res);
1927
1928 if (($weakKey = checkWeakKeyX509(file_get_contents(
1929 $row['crt_name']))) !== "")
1930 {
1931 echo $weakKey, "<br/>\n";
1932 continue;
1933 }
1934
1935 mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
1936 if($row['revoke'] > 0)
1937 {
1938 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
1939 continue;
1940 }
1941 $query = "insert into `orgdomaincerts` set
1942 `orgid`='".$row['orgid']."',
1943 `CN`='".$row['CN']."',
1944 `csr_name`='".$row['csr_name']."',
1945 `created`='".$row['created']."',
1946 `modified`=NOW(),
1947 `subject`='".$row['subject']."',
1948 `type`='".$row['type']."',
1949 `rootcert`='".$row['rootcert']."'";
1950 mysql_query($query);
1951 $newid = mysql_insert_id();
1952 //echo "NewID: $newid<br/>\n";
1953 $newfile=generatecertpath("csr","orgserver",$newid);
1954 copy($row['csr_name'], $newfile);
1955 mysql_query("update `orgdomaincerts` set `csr_name`='$newfile' where `id`='$newid'");
1956 echo _("Renewing").": ".$row['CN']."<br>\n";
1957 $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
1958 while($r2 = mysql_fetch_assoc($res))
1959 mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
1960 waitForResult("orgdomaincerts", $newid,$oldid,0);
1961 $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
1962 $res = mysql_query($query);
1963 if(mysql_num_rows($res) <= 0)
1964 {
1965 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
1966 } else {
1967 $drow = mysql_fetch_assoc($res);
1968 $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
1969 echo "<pre>\n$cert\n</pre>\n";
1970 }
1971 }
1972 }
1973 else
1974 {
1975 echo _("You did not select any certificates for renewal.");
1976 }
1977 showfooter();
1978 exit;
1979 }
1980
1981 if($oldid == 22 && array_key_exists('revoke',$_REQUEST) && $_REQUEST['revoke'] != "")
1982 {
1983 csrf_check('orgsrvcerchange');
1984 showheader(_("My CAcert.org Account!"));
1985 if(is_array($_REQUEST['revokeid']))
1986 {
1987 echo _("Now revoking the following certificates:")."<br>\n";
1988 foreach($_REQUEST['revokeid'] as $id)
1989 {
1990 $id = intval($id);
1991 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoke` from
1992 `orgdomaincerts`,`org`
1993 where `orgdomaincerts`.`id`='$id' and
1994 `orgdomaincerts`.`orgid`=`org`.`orgid` and
1995 `org`.`memid`='".$_SESSION['profile']['id']."'";
1996 $res = mysql_query($query);
1997 if(mysql_num_rows($res) <= 0)
1998 {
1999 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2000 continue;
2001 }
2002 $row = mysql_fetch_assoc($res);
2003 if($row['revoke'] > 0)
2004 {
2005 printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
2006 continue;
2007 }
2008 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
2009 printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
2010 }
2011 }
2012 else
2013 {
2014 echo _("You did not select any certificates for revocation.");
2015 }
2016
2017 if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
2018 {
2019 echo _("Now deleting the following pending requests:")."<br>\n";
2020 foreach($_REQUEST['delid'] as $id)
2021 {
2022 $id = intval($id);
2023 $query = "select *,UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired` from
2024 `orgdomaincerts`,`org`
2025 where `orgdomaincerts`.`id`='$id' and
2026 `orgdomaincerts`.`orgid`=`org`.`orgid` and
2027 `org`.`memid`='".$_SESSION['profile']['id']."'";
2028 $res = mysql_query($query);
2029 if(mysql_num_rows($res) <= 0)
2030 {
2031 printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
2032 continue;
2033 }
2034 $row = mysql_fetch_assoc($res);
2035 if($row['expired'] > 0)
2036 {
2037 printf(_("Couldn't remove the request for `%s`, request had already been processed.")."<br>\n", $row['CN']);
2038 continue;
2039 }
2040 mysql_query("delete from `orgdomaincerts` where `id`='$id'");
2041 @unlink($row['csr_name']);
2042 @unlink($row['crt_name']);
2043 printf(_("Removed a pending request for '%s'")."<br>\n", $row['CN']);
2044 }
2045 }
2046 showfooter();
2047 exit;
2048 }
2049
2050 if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
2051 $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
2052 $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
2053 $_SESSION['profile']['orgadmin'] != 1)
2054 {
2055 showheader(_("My CAcert.org Account!"));
2056 echo _("You don't have access to this area.");
2057 showfooter();
2058 exit;
2059 }
2060
2061 if($oldid == 24 && $process != "")
2062 {
2063 $id = intval($oldid);
2064 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2065 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2066 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2067 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2068 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2069 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2070
2071 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2072 {
2073 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2074 } else {
2075 mysql_query("insert into `orginfo` set `O`='".$_SESSION['_config']['O']."',
2076 `contact`='".$_SESSION['_config']['contact']."',
2077 `L`='".$_SESSION['_config']['L']."',
2078 `ST`='".$_SESSION['_config']['ST']."',
2079 `C`='".$_SESSION['_config']['C']."',
2080 `comments`='".$_SESSION['_config']['comments']."'");
2081 showheader(_("My CAcert.org Account!"));
2082 printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
2083 showfooter();
2084 exit;
2085 }
2086 }
2087
2088 if($oldid == 27 && $process != "")
2089 {
2090 csrf_check('orgdetchange');
2091 $id = intval($oldid);
2092 $_SESSION['_config']['O'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['O'])));
2093 $_SESSION['_config']['contact'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['contact'])));
2094 $_SESSION['_config']['L'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['L'])));
2095 $_SESSION['_config']['ST'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['ST'])));
2096 $_SESSION['_config']['C'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['C'])));
2097 $_SESSION['_config']['comments'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['comments'])));
2098
2099 if($_SESSION['_config']['O'] == "" || $_SESSION['_config']['contact'] == "")
2100 {
2101 $_SESSION['_config']['errmsg'] = _("Organisation Name and Contact Email are required fields.");
2102 } else {
2103 mysql_query("update `orginfo` set `O`='".$_SESSION['_config']['O']."',
2104 `contact`='".$_SESSION['_config']['contact']."',
2105 `L`='".$_SESSION['_config']['L']."',
2106 `ST`='".$_SESSION['_config']['ST']."',
2107 `C`='".$_SESSION['_config']['C']."',
2108 `comments`='".$_SESSION['_config']['comments']."'
2109 where `id`='".$_SESSION['_config']['orgid']."'");
2110 showheader(_("My CAcert.org Account!"));
2111 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
2112 showfooter();
2113 exit;
2114 }
2115 }
2116
2117 if($oldid == 28 && $process != "" && array_key_exists("domainname",$_REQUEST))
2118 {
2119 $domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
2120 $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
2121 if(mysql_num_rows($res1) > 0)
2122 {
2123 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2124 $id = $oldid;
2125 $oldid=0;
2126 }
2127 }
2128
2129 if($oldid == 28 && $_SESSION['_config']['orgid'] <= 0)
2130 {
2131 $oldid=0;
2132 $id = 25;
2133 }
2134
2135 if($oldid == 28 && $process != "" && array_key_exists("orgid",$_SESSION["_config"]))
2136 {
2137 mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
2138 showheader(_("My CAcert.org Account!"));
2139 printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
2140 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2141 showfooter();
2142 exit;
2143 }
2144
2145 if($oldid == 29 && $process != "")
2146 {
2147 $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
2148
2149 $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
2150 $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
2151 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
2152 {
2153 $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
2154 $id = $oldid;
2155 $oldid=0;
2156 }
2157 }
2158
2159 if(($oldid == 29 || $oldid == 30) && $process != _("Cancel"))
2160 {
2161 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2162 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2163 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2164 `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
2165 $res = mysql_query($query);
2166 while($row = mysql_fetch_assoc($res))
2167 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
2168
2169 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2170 `orgemaillink`.`domid`=`orgdomains`.`id` and
2171 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2172 `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
2173 $res = mysql_query($query);
2174 while($row = mysql_fetch_assoc($res))
2175 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2176 }
2177
2178 if($oldid == 29 && $process != "")
2179 {
2180 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
2181 mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
2182 showheader(_("My CAcert.org Account!"));
2183 printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
2184 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2185 showfooter();
2186 exit;
2187 }
2188
2189 if($oldid == 30 && $process != "")
2190 {
2191 $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
2192 $domain = $row['domain'];
2193 mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
2194 showheader(_("My CAcert.org Account!"));
2195 printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
2196 echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
2197 showfooter();
2198 exit;
2199 }
2200
2201 if($oldid == 30)
2202 {
2203 $id = 26;
2204 $orgid = 0;
2205 }
2206
2207 if($oldid == 31 && $process != "")
2208 {
2209 $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
2210 $dres = mysql_query($query);
2211 while($drow = mysql_fetch_assoc($dres))
2212 {
2213 $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
2214 `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
2215 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
2216 `orgdomains`.`id`='".intval($drow['id'])."'";
2217 $res = mysql_query($query);
2218 while($row = mysql_fetch_assoc($res))
2219 {
2220 mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2221 mysql_query("delete from `orgdomaincerts` where `orgid`='".intval($row['id'])."'");
2222 mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
2223 }
2224
2225 $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
2226 `orgemaillink`.`domid`=`orgdomains`.`id` and
2227 `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
2228 `orgdomains`.`id`='".intval($drow['id'])."'";
2229 $res = mysql_query($query);
2230 while($row = mysql_fetch_assoc($res))
2231 {
2232 mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
2233 mysql_query("delete from `orgemailcerts` where `id`='".intval($row['id'])."'");
2234 mysql_query("delete from `orgemaillink` where `domid`='".intval($row['id'])."'");
2235 }
2236 }
2237 mysql_query("delete from `org` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2238 mysql_query("delete from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'");
2239 mysql_query("delete from `orginfo` where `id`='".intval($_SESSION['_config']['orgid'])."'");
2240 }
2241
2242 if($oldid == 31)
2243 {
2244 $id = 25;
2245 $orgid = 0;
2246 }
2247
2248 if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
2249 $id == 35 || $oldid == 35)
2250 {
2251 $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2252 $_macc = mysql_num_rows(mysql_query($query));
2253 if($_SESSION['profile']['orgadmin'] != 1 && $_macc <= 0)
2254 {
2255 showheader(_("My CAcert.org Account!"));
2256 echo _("You don't have access to this area.");
2257 showfooter();
2258 exit;
2259 }
2260 }
2261
2262 if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
2263 {
2264 $orgid = intval($_SESSION['_config']['orgid']);
2265 $query = "select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
2266 $res = mysql_query($query);
2267 if(mysql_num_rows($res) <= 0)
2268 {
2269 $id = 35;
2270 }
2271 }
2272
2273 if($oldid == 33 && $process != "")
2274 {
2275 csrf_check('orgadmadd');
2276 if($_SESSION['profile']['orgadmin'] == 1)
2277 $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
2278 else
2279 $masteracc = $_SESSION['_config'][masteracc] = 0;
2280 $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
2281 $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
2282 $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
2283 $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
2284 if(mysql_num_rows($res) <= 0)
2285 {
2286 $id = $oldid;
2287 $oldid=0;
2288 $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
2289 } else {
2290 $row = mysql_fetch_assoc($res);
2291 mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
2292 `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
2293 }
2294 }
2295
2296 if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
2297 {
2298 $orgid = intval($_SESSION['_config']['orgid']);
2299 $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
2300 if(mysql_num_rows($res) <= 0)
2301 $id = 32;
2302 }
2303
2304 if($oldid == 34 && $process != "")
2305 {
2306 $orgid = intval($_SESSION['_config']['orgid']);
2307 $memid = intval($_REQUEST['memid']);
2308 $query = "delete from `org` where `orgid`='$orgid' and `memid`='$memid'";
2309 mysql_query($query);
2310 }
2311
2312 if($oldid == 34 || $oldid == 33)
2313 {
2314 $oldid=0;
2315 $id = 32;
2316 $orgid = 0;
2317 }
2318
2319 if($id == 36)
2320 {
2321 $row = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
2322 $_REQUEST['general'] = $row['general'];
2323 $_REQUEST['country'] = $row['country'];
2324 $_REQUEST['regional'] = $row['regional'];
2325 $_REQUEST['radius'] = $row['radius'];
2326 }
2327
2328 if($oldid == 36)
2329 {
2330 $rc = mysql_num_rows(mysql_query("select * from `alerts` where `memid`='".intval($_SESSION['profile']['id'])."'"));
2331 if($rc > 0)
2332 {
2333 $query = "update `alerts` set `general`='".intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0)."',
2334 `country`='".intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0)."',
2335 `regional`='".intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0)."',