Subject: CAcert Code Development list.
List archive
- From: Wytze van der Raay <wytze AT cacert.org>
- To: Benny Baumann <benbe AT cacert.org>
- Cc: "critical-admin AT cacert.org" <critical-admin AT cacert.org>, cacert-devel AT lists.cacert.org, 'dirk astrath' <dirk.astrath AT cacert.org>, Michael Tänzer <michael.taenzer AT cacert.org>, Martin Gummi <martin.gummi AT cacert.org>, Marcus Mängel <inopiae AT cacert.org>, Ulrich Schröter <ulrich AT cacert.org>, Juergen Bruckner <jbruckner AT cacert.org>
- Subject: Re: Patch Request Bug #782, #1173, #1176, #1186
- Date: Wed, 17 Jul 2013 11:00:15 +0200
- Organization: CAcert
|
[resent from correct address] Hi Benny, On 12.07.2013 22:04, Benny Baumann wrote: we have patches for various bug reports: After some discussion about patch problems, the only remaining patch of this list, the patch for #782, has been installed on the production server with --ignore-whitespace on July 17, 2013. See also the attached log message. Please run the makefile so our translators see the new strings (if present) on https://translations.cacert.org/ and new translations get imported into the system. These actions have also been performed after applying the patches. Regards, -- wytze |
--- Begin Message ---Fix for http://bugs.cacert.org/view.php?id=782
- From: Wytze van der Raay <wytze AT cacert.org>
- To: cacert-systemlog AT lists.cacert.org
- Subject: Fwd: cvs.cacert.org checkin notification
- Date: Wed, 17 Jul 2013 10:23:02 +0200
- Organization: CAcert
Add "notes" field to certificate information.
In conjunction with the attached CVS changes a new tarball has been
made available incorporating all updates. The new tarball is available
through http://www.cacert.org/src-lic.php
-- end
--- Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Wed, 17 Jul 2013 10:18:53 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
gpg.php 1.31 1.32
Wed Jul 17 10:18:53 CEST 2013
Update of /var/lib/cvs/cacert/www
In directory webdb:/home/cacert/www/www
Modified Files:
gpg.php
Log Message:
Fix for http://bugs.cacert.org/view.php?id=782
Add "notes" field to certificate information.
===================================================================
RCS file: /var/lib/cvs/cacert/www/gpg.php,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- gpg.php 2010/03/29 19:40:15 1.31
+++ gpg.php 2013/07/17 08:18:52 1.32
@@ -52,7 +52,7 @@
{
showheader(_("Welcome to CAcert.org"));
echo "The OpenPGP signing system is currently shutdown due to a
maintenance. We hope to get it fixed within the next few hours. We are very
sorry for the inconvenience.";
-
+
exit(0);
}
}
@@ -143,7 +143,7 @@
$uidformatwrong=0;
if(sizeof($bits)<10) $uidformatwrong=1;
-
+
if(preg_match("/\@.*\@/",$bits[9]))
{
showheader(_("Welcome to CAcert.org"));
@@ -251,7 +251,6 @@
}
$resulttable.="</table>";
-
if($nok==0)
{
showheader(_("Welcome to CAcert.org"));
@@ -275,12 +274,20 @@
if($oldid == "0" && $CSR != "")
{
+ //set variable for comment
+ if(trim($_REQUEST['description']) == ""){
+ $description= "";
+ }else{
+ $description=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }
+
$query = "insert into `gpg` set
`memid`='".intval($_SESSION['profile']['id'])."',
`email`='".mysql_real_escape_string($lastvalidemail)."',
`level`='1',
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."',
-
`keyid`='".mysql_real_escape_string($keyid)."'";
+
`keyid`='".mysql_real_escape_string($keyid)."',
+
`description`='".mysql_real_escape_string($description)."'";
mysql_query($query);
$id = mysql_insert_id();
@@ -334,7 +341,7 @@
}
$mail="";
- if
(preg_match("/<([\w.-]*\@[\w.-]*)>/",
$bits[9],$match)) {
+ if
(preg_match("/<([\w.-]*\@[\w.-]*)>/",
$bits[9],$match)) {
//echo "Found: ".$match[1];
$mail = trim(hex2bin($match[1]));
}
@@ -342,7 +349,7 @@
{
//echo "Not found!\n";
}
-
+
$emailok=verifyEmail($mail);
$uidid=$bits[7];
@@ -384,95 +391,89 @@
}
}
+ if(count($ToBeDeleted)>0)
+ {
+ $descriptorspec = array(
+ 0 => array("pipe", "r"), // stdin is a pipe
that the child will read from
+ 1 => array("pipe", "w"), // stdout is a pipe
that the child will write to
+ 2 => array("pipe", "w") // stderr is a file
to write to
+ );
+
+ $stderr = fopen('php://stderr', 'w');
+
+ //echo "Keyid: $keyid\n";
+
+ $process = proc_open("/usr/bin/gpg --homedir $cwd
--no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid",
$descriptorspec, $pipes);
+
+ //echo "Process: $process\n";
+ //fputs($stderr,"Process: $process\n");
+
+ if (is_resource($process)) {
+ //echo("it is a resource\n");
+ // $pipes now looks like this:
+ // 0 => writeable handle connected to child stdin
+ // 1 => readable handle connected to child stdout
+ // Any error output will be appended to
/tmp/error-output.txt
+ while (!feof($pipes[1]))
+ {
+ $buffer = fgets($pipes[1], 4096);
+ //echo $buffer;
-
-
- if(count($ToBeDeleted)>0)
- {
-
-
- $descriptorspec = array(
- 0 => array("pipe", "r"), // stdin is a pipe that the
child will read from
- 1 => array("pipe", "w"), // stdout is a pipe that
the child will write to
- 2 => array("pipe", "w") // stderr is a file to write
to
- );
-
- $stderr = fopen('php://stderr', 'w');
-
-
- //echo "Keyid: $keyid\n";
-
- $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty
--command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid",
$descriptorspec, $pipes);
-
- //echo "Process: $process\n";
- //fputs($stderr,"Process: $process\n");
-
- if (is_resource($process)) {
- //echo("it is a resource\n");
- // $pipes now looks like this:
- // 0 => writeable handle connected to child stdin
- // 1 => readable handle connected to child stdout
- // Any error output will be appended to /tmp/error-output.txt
- while (!feof($pipes[1]))
- {
- $buffer = fgets($pipes[1], 4096);
- //echo $buffer;
-
- if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
- {
- fputs($pipes[0],"yes\n");
- }
- elseif($buffer == "[GNUPG:] GOT_IT\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] GET_BOOL
keyedit\.remove\.uid\.okay\s*",$buffer))
- {
- fputs($pipes[0],"yes\n");
- }
- elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
- {
- if(count($ToBeDeleted)>0)
- {
- $delthisuid=array_pop($ToBeDeleted);
- //echo "Deleting an UID $delthisuid\n";
- fputs($pipes[0],"uid ".$delthisuid."\n");
- }
- else
- {
- //echo "Saving\n";
- fputs($pipes[0],$state?"save\n":"deluid\n");
- $state++;
- }
- }
- elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
- {
- echo "Key expired!\n";
- exit;
- }
- elseif($buffer == "")
- {
- //echo "Empty!\n";
- }
- else
- {
- echo "ERROR: UNKNOWN $buffer\n";
- }
+ if($buffer == "[GNUPG:] GET_BOOL
keyedit.sign_all.okay\n")
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif($buffer == "[GNUPG:] GOT_IT\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] GET_BOOL
keyedit\.remove\.uid\.okay\s*",$buffer))
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif(ereg("^\[GNUPG:\] GET_LINE
keyedit\.prompt\s*",$buffer))
+ {
+ if(count($ToBeDeleted)>0)
+ {
+ $delthisuid=array_pop($ToBeDeleted);
+ //echo "Deleting an UID
$delthisuid\n";
+ fputs($pipes[0],"uid
".$delthisuid."\n");
+ }
+ else
+ {
+ //echo "Saving\n";
+
fputs($pipes[0],$state?"save\n":"deluid\n");
+ $state++;
+ }
+ }
+ elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
+ {
+ echo "Key expired!\n";
+ exit;
+ }
+ elseif($buffer == "")
+ {
+ //echo "Empty!\n";
+ }
+ else
+ {
+ echo "ERROR: UNKNOWN $buffer\n";
+ }
}
//echo "Fertig\n";
fclose($pipes[0]);
-
+
//echo stream_get_contents($pipes[1]);
fclose($pipes[1]);
-
+
// It is important that you close any pipes before
calling
// proc_close in order to avoid a deadlock
$return_value = proc_close($process);
-
+
//echo "command returned $return_value\n";
}
else
@@ -507,6 +508,23 @@
showfooter();
exit;
}
+
+ if($oldid == 2 && array_key_exists('change',$_REQUEST) &&
$_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `gpg` set
`description`='$comment' where `id`='$cid' and
`memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
$id = intval($id);
--- End Message ------ Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Wed, 17 Jul 2013 10:18:58 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
account.php 1.164 1.165
Wed Jul 17 10:18:58 CEST 2013
Update of /var/lib/cvs/cacert/includes
In directory webdb:/home/cacert/www/includes
Modified Files:
account.php
Log Message:
Fix for http://bugs.cacert.org/view.php?id=782
Add "notes" field to certificate information.
===================================================================
RCS file: /var/lib/cvs/cacert/includes/account.php,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- account.php 2013/06/11 10:04:47 1.164
+++ account.php 2013/07/17 08:18:58 1.165
@@ -17,7 +17,7 @@
*/
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
- require_once('lib/check_weak_key.php');
+ require_once("../includes/lib/check_weak_key.php");
loadem("account");
@@ -240,6 +240,11 @@
$_REQUEST['keytype'] = "MS";
$csr = clean_csr($_REQUEST['optionalCSR']);
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 4)
@@ -323,7 +328,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-
`rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -334,15 +340,15 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your
certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your
certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `emailcerts` set
`csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" ||
$_REQUEST['keytype'] == "VI") {
if($csr == "")
@@ -367,8 +373,8 @@
$csrsubject="";
$user = mysql_fetch_assoc(mysql_query("select * from
`users` where `id`='".intval($_SESSION['profile']['id'])."'"));
- if(strlen($user['mname']) == 1)
- $user['mname'] .= '.';
+ if(strlen($user['mname']) == 1)
+ $user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 ||
$_SESSION['_config']['incname'] > 4)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
@@ -423,7 +429,8 @@
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-
`rootcert`='".$_SESSION['_config']['rootcert']."'";
+
`rootcert`='".$_SESSION['_config']['rootcert']."',
+
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -457,10 +464,10 @@
csrf_check("adddomain");
if(strstr($_REQUEST['newdomain'],"\x00"))
{
- showheader(_("My CAcert.org Account!"));
- echo _("Due to the possibility for nullbyte domain
exploits we currently do not allow any domain names with nullbytes.");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ echo _("Due to the possibility for nullbyte domain
exploits we currently do not allow any domain names with nullbytes.");
+ showfooter();
+ exit;
}
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2);
// Ignore the rest
@@ -664,8 +671,8 @@
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
- // In case the CSR is missing the ---BEGIN lines, add them
automatically:
- $CSR = "-----BEGIN CERTIFICATE
REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+ // In case the CSR is missing the ---BEGIN lines, add
them automatically:
+ $CSR = "-----BEGIN CERTIFICATE
REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
@@ -676,6 +683,12 @@
exit;
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -742,7 +755,7 @@
$subject = "";
$count = 0;
$supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
@@ -777,13 +790,15 @@
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+
`description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid'])
&& $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+
`description`='".$_SESSION['_config']['description']."'";
} else {
showheader(_("My CAcert.org Account!"));
echo _("Domain not verified.");
@@ -865,7 +880,8 @@
`modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
-
`pkhash`='".$row['pkhash']."'";
+ `pkhash`='".$row['pkhash']."',
+
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
@@ -1003,6 +1019,24 @@
exit;
}
+ if($oldid == 12 && array_key_exists('change',$_REQUEST) &&
$_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `domaincerts` set
`description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($oldid == 5 && array_key_exists('renew',$_REQUEST) &&
$_REQUEST['renew'] != "")
{
showheader(_("My CAcert.org Account!"));
@@ -1041,7 +1075,8 @@
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
-
`rootcert`='".$row['rootcert']."'";
+
`rootcert`='".$row['rootcert']."',
+
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1140,26 +1175,47 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) &&
$_REQUEST['change'] != "")
{
- showheader(_("My CAcert.org Account!"));
- //echo _("Now changing the settings for the following
certificates:")."<br>\n";
- foreach($_REQUEST as $id => $val)
- {
- //echo $id."<br/>";
- if(substr($id,0,5)=="cert_")
- {
- $id = intval(substr($id,5));
- $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) &&
$_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
- //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
- mysql_query("update `emailcerts` set `disablelogin`='$dis'
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
- //$row = mysql_fetch_assoc($res);
- }
- }
- echo(_("Certificate settings have been changed.")."<br/>\n");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,5)=="cert_")
+ {
+ $cid = intval(substr($id,5));
+
$dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) &&
$_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+ mysql_query("update `emailcerts` set
`disablelogin`='$dis' where `id`='$cid' and
`memid`='".$_SESSION['profile']['id']."'");
+ }
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ if(!empty($_REQUEST['check_comment_'.$cid])) {
+
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `emailcerts` set
`description`='$comment' where `id`='$cid' and
`memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
+ if($oldid == 6 && $_REQUEST['certid'] != "")
+ {
+ if(trim($_REQUEST['description']) != ""){
+ $description=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $description= "";
+ }
+
+ if(trim($_REQUEST['disablelogin']) == "1"){
+ $disablelogin = 1;
+ }else{
+ $disablelogin = 0;
}
+ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin',
`description`='$description' where `id`='".$_REQUEST['certid']."' and
`memid`='".$_SESSION['profile']['id']."'");
+ }
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@@ -1176,42 +1232,42 @@
$_SESSION['_config']['user']['A4'] =
trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['_config']['user']['A5'] =
trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
- if($_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q2'] ==
$_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q2'] ==
$_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q2'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q3'] ==
$_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q3'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q4'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q1'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A4'] ==
$_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A2'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A4'] ==
$_SESSION['_config']['user']['A5'])
- {
- $_SESSION['_config']['errmsg'] .= _("For your own
security you must enter 5 different password questions and answers. You
aren't allowed to duplicate questions, set questions as answers or use the
question as the answer.")."<br>\n";
- $id = $oldid;
+ if($_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q1'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q2'] ==
$_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q2'] ==
$_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q2'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q3'] ==
$_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q3'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q4'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q1'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A4'] ==
$_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A2'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A1'] ==
$_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A2'] ==
$_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A3'] ==
$_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A4'] ==
$_SESSION['_config']['user']['A5'])
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own
security you must enter 5 different password questions and answers. You
aren't allowed to duplicate questions, set questions as answers or use the
question as the answer.")."<br>\n";
+ $id = $oldid;
$oldid=0;
- }
+ }
if($_SESSION['_config']['user']['Q1'] == "" ||
$_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" ||
$_SESSION['_config']['user']['Q4'] == "" ||
@@ -1394,6 +1450,13 @@
}
$_SESSION['_config']['name'] =
mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] =
mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) +
0) <= 0)
@@ -1423,6 +1486,12 @@
if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1469,6 +1538,7 @@
if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
$emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{
@@ -1485,7 +1555,8 @@
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
-
`rootcert`='".$_SESSION['_config']['rootcert']."'";
+
`rootcert`='".$_SESSION['_config']['rootcert']."',
+
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1497,15 +1568,15 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your
certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your
certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `orgemailcerts` set
`csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" ||
$_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE
REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE
REQUEST-----\n";
@@ -1575,7 +1646,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."',
-
`rootcert`='".$_SESSION['_config']['rootcert']."'";
+
`rootcert`='".$_SESSION['_config']['rootcert']."',
+
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1650,7 +1722,8 @@
`created`='".$row['created']."',
`modified`=NOW(),
`codesign`='".$row['codesign']."',
-
`rootcert`='".$row['rootcert']."'";
+
`rootcert`='".$row['rootcert']."',
+
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1742,6 +1815,24 @@
exit;
}
+ if($oldid == 18 && array_key_exists('change',$_REQUEST) &&
$_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgemailcerts` set
`description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
@@ -1755,6 +1846,12 @@
exit;
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']=
trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1830,8 +1927,8 @@
exit;
}
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
$query = "select * from `org`,`orginfo` where
`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
`orginfo`.`id`=`org`.`orgid` and
@@ -1878,25 +1975,27 @@
if($_SESSION['_config']['rootcert'] < 1 ||
$_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
- $query = "insert into `orgdomaincerts` set
-
`CN`='".$_SESSION['_config']['rows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
-
`rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- } else {
- $query = "insert into `orgdomaincerts` set
-
`CN`='".$_SESSION['_config']['altrows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
-
`rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- }
- mysql_query($query);
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
+ $query = "insert into `orgdomaincerts` set
+
`CN`='".$_SESSION['_config']['rows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+
`rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+
`description`='".$_SESSION['_config']['description']."'";
+ } else {
+ $query = "insert into `orgdomaincerts` set
+
`CN`='".$_SESSION['_config']['altrows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+
`rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+
`description`='".$_SESSION['_config']['description']."'";
+ }
+ mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1970,7 +2069,8 @@
`modified`=NOW(),
`subject`='".$row['subject']."',
`type`='".$row['type']."',
-
`rootcert`='".$row['rootcert']."'";
+
`rootcert`='".$row['rootcert']."',
+
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -2071,6 +2171,24 @@
exit;
}
+ if($oldid == 22 && array_key_exists('change',$_REQUEST) &&
$_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+
$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgdomaincerts` set
`description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id ==
26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id
== 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -2462,7 +2580,7 @@
}
if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST)
&& $_REQUEST['action'] != "") ||
- ($id == 54 && array_key_exists('action',$_REQUEST) &&
$_REQUEST['action'] != "" &&
+ ($id == 54 && array_key_exists('action',$_REQUEST) &&
$_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" &&
$_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
$id = 53;
@@ -2472,7 +2590,7 @@
$locid =
intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name =
array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
$long =
array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude',
$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+ $lat = array_key_exists('latitude',
$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action =
array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2730,24 +2848,24 @@
mysql_query("update `users` set `tverify`='$ver' where
`id`='$memid'");
}
- if($id == 43 && array_key_exists('assurer',$_REQUEST) &&
$_REQUEST['assurer'] > 0)
- {
- csrf_check('admsetassuret');
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) &&
$_REQUEST['assurer_blocked'] > 0)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where
`id`='$memid'");
- }
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) &&
$_REQUEST['assurer'] > 0)
+ {
+ csrf_check('admsetassuret');
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer'];
+ mysql_query("update `users` set `assurer`='$ver' where
`id`='$memid'");
+ }
+
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) &&
$_REQUEST['assurer_blocked'] > 0)
+ {
+ $memid = $_REQUEST['userid'] =
intval($_REQUEST['assurer_blocked']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer_blocked'];
+ mysql_query("update `users` set `assurer_blocked`='$ver'
where `id`='$memid'");
+ }
if($id == 43 && array_key_exists('locked',$_REQUEST) &&
$_REQUEST['locked'] > 0)
{
--- End Message ------ Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Wed, 17 Jul 2013 10:19:02 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
10.php 1.11 1.12 12.php 1.16 1.17 16.php 1.9 1.10 18.php 1.16 1.17 20.php 1.6
1.7 22.php 1.13 1.14 3.php 1.17 1.18 5.php 1.22 1.23 6.php 1.10 1.11 8.php
1.5 1.6
Wed Jul 17 10:19:02 CEST 2013
Update of /var/lib/cvs/cacert/pages/account
In directory webdb:/home/cacert/www/pages/account
Modified Files:
10.php 12.php 16.php 18.php 20.php 22.php 3.php 5.php 6.php
8.php
Log Message:
Fix for http://bugs.cacert.org/view.php?id=782
Add "notes" field to certificate information.
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/12.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- 12.php 2013/02/27 10:37:43 1.16
+++ 12.php 2013/07/17 08:19:01 1.17
@@ -19,22 +19,24 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0"
cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a
href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a
href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
</tr>
<?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) -
UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as
`revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
`domaincerts`.`serial`, `domaincerts`.`id` as `id`
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
`domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
from `domaincerts`,`domains`
where
`memid`='".intval($_SESSION['profile']['id'])."' and
`domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1)
@@ -49,7 +51,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No certificates are currently
listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No certificates are currently
listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,33 +64,41 @@
$verified = _("Pending");
if($row['revoked'] > 0)
$verified = _("Revoked");
- if($row['revoked'] == 0)
- $row['revoke'] = _("Not Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[]"
value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]"
value="<?=$row['id']?>"/></td>
<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[]"
value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="delid[]"
value="<?=$row['id']?>"/></td>
<? } else { ?>
<td class="DataTD"> </td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a
href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"
value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox"
name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew"
value="<?=_("Renew")?>">    
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended
for your personal reference only. To change the comment tick the checkbox and
hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew"
value="<?=_("Renew")?>"/>    
<input type="submit" name="revoke"
value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change"
value="<?=_("Change settings")?>"/> </td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><?=_("From here you can delete pending
requests, or revoke valid certificates.")?></td>
+ <td class="DataTD" colspan="8"><?=_("From here you can delete pending
requests, or revoke valid certificates.")?></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>"/>
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form>
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/8.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- 8.php 2008/09/07 02:45:45 1.5
+++ 8.php 2013/07/17 08:19:02 1.6
@@ -25,7 +25,7 @@
if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr>
- <td class="DataTD" width="75"><input type="radio" name="authaddy"
value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged =
1; } ?>></td>
+ <td class="DataTD" width="75"><input type="radio" name="authaddy"
value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged =
1; } ?> /></td>
<td class="DataTD" width="175"><?=$add?></td>
</tr>
<? } ?>
@@ -34,5 +34,5 @@
</tr>
</table>
<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/3.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- 3.php 2010/07/06 10:42:23 1.17
+++ 3.php 2013/07/17 08:19:01 1.18
@@ -44,7 +44,7 @@
<td class="DataTD"><input type="checkbox" name="addid[]"
value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
</tr>
-<? }
+<? }
if($_SESSION['profile']['points'] >= 50)
{
$fname = $_SESSION['profile']['fname'];
@@ -52,40 +52,44 @@
$lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix'];
?>
- <tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by
class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3
root certificate")?><br>
- <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3
root certificate needs to be imported into your email program as well as the
class 1 root certificate so your email program can build a full trust path
chain. Until we are included in browsers this might not be a desirable option
for most people"), 125))?>
+ <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by
class 1 root certificate")?><br />
+ <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3
root certificate")?><br />
+ <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3
root certificate needs to be imported into your email program as well as the
class 1 root certificate so your email program can build a full trust path
chain. Until we are included in browsers this might not be a desirable option
for most people"), 125))?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="incname" value="0" checked> <?=_("No
Name")?><br>
-<? if($fname && $lname) { ?><input type="radio" name="incname" value="1">
<?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
-<? if($fname && $mname && $lname) { ?><input type="radio" name="incname"
value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
-<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname"
value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
-<? if($fname && $mname && $lname && $suffix) { ?><input type="radio"
name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname."
".$lname." ".$suffix?>'<br><? } ?>
+ <input type="radio" name="incname" value="0" checked /> <?=_("No
Name")?><br />
+ <? if($fname && $lname) { ?><input type="radio" name="incname"
value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?>
+ <? if($fname && $mname && $lname) { ?><input type="radio"
name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname."
".$lname?>'<br /><? } ?>
+ <? if($fname && $lname && $suffix) { ?><input type="radio"
name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname."
".$suffix?>'<br /><? } ?>
+ <? if($fname && $mname && $lname && $suffix) { ?><input type="radio"
name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname."
".$lname." ".$suffix?>'<br /><? } ?>
</td>
</tr>
-<? } ?>
+<? } ?>
<? if($_SESSION['profile']['points'] >= 100 &&
$_SESSION['profile']['codesign'] > 0) { ?>
<tr>
<td class="DataTD" align="left">
- <input type="checkbox" name="codesign" value="1"> <?=_("Code
Signing")?></td>
+ <input type="checkbox" name="codesign" value="1" /> <?=_("Code
Signing")?></td>
<td class="DataTD" align="left">
- <?=_("Please Note: By ticking this box you will automatically have
your name included in any certificates.")?>
+ <?=_("Please Note: By ticking this box you will automatically have
your name included in any certificates.")?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="checkbox" name="login" value="1" checked="checked">
<?=_("Enable certificate login with this certificate")?><br>
+ <input type="checkbox" name="login" value="1" checked="checked" />
<?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to
login into this account at https://secure.cacert.org/ .";)?><br/>
</td>
</tr>
-
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Optional comment, only used in the certifictate overview max.
100 characters")?><br />
+ <input type="text" name="description" maxlength="100" size="100" />
+ </td>
+ </tr>
<tr name="expertoff" style="display:none">
<td class="DataTD" colspan="2" align="left">
@@ -95,12 +99,14 @@
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="SSO" value="0" checked> <?=_("No Single
Sign On ID")?><br>
- <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID
Information")?><br>
+ <input type="radio" name="SSO" value="0" checked /> <?=_("No Single
Sign On ID")?><br />
+ <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On
ID Information")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On
(SSO) ID information to your certificates this could be used to track you,
you can also issue certificates with no email addresses that are useful only
for Authentication. Please see a more detailed description on our WIKI about
it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO";><?=_("SSO WIKI Entry")?></a>
</td>
</tr>
+
+
<tr name="expert">
<td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information
on the certificate will be used")?></td>
</tr>
@@ -108,10 +114,10 @@
<td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80"
rows="5"></textarea></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process"
value="<?=_("Next")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="process"
value="<?=_("Next")?>" /></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
<script language="javascript">
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/16.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- 16.php 2011/10/21 20:01:45 1.9
+++ 16.php 2013/07/17 08:19:01 1.10
@@ -29,25 +29,25 @@
foreach($_SESSION['_config']['emails'] as $val) { ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]"
value="<?=$val?>"></td>
+ <td class="DataTD"><input type="text" name="emails[]"
value="<?=$val?>"/></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]"></td>
+ <td class="DataTD"><input type="text" name="emails[]"/></td>
</tr>
<tr>
<td class="DataTD"><?=_("Name")?>:</td>
- <td class="DataTD"><input type="text" name="name"
value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
+ <td class="DataTD"><input type="text" name="name"
value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
- <td class="DataTD"><input type="text" name="OU"
value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
+ <td class="DataTD"><input type="text" name="OU"
value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by
class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3
root certificate")?><br>
+ <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign
by class 1 root certificate")?><br />
+ <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class
3 root certificate")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3
root certificate needs to be imported into your email program as well as the
class 1 root certificate so your email program can build a full trust path
chain. Until we are included in browsers this might not be a desirable option
for most people"), 60))?>
</td>
</tr>
@@ -56,9 +56,15 @@
<td class="DataTD" colspan="2" align="left"><input type="checkbox"
name="codesign" value="1" /><?=_("Code Signing")?></td>
</tr>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Optional comment, only used in the certifictate overview")?><br
/>
+ <input type="text" name="description" maxlength="80" size=80 />
+ </td>
+ </tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="add_email"
value="<?=_("Another Email")?>">
- <input type="submit" name="process"
value="<?=_("Next")?>"></td>
+ <input type="submit" name="process"
value="<?=_("Next")?>" /></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/18.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- 18.php 2011/11/20 20:11:56 1.16
+++ 18.php 2013/07/17 08:19:01 1.17
@@ -19,13 +19,14 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0"
cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Client Certificates")?> - <a
href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Client Certificates")?> - <a
href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Comment")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
@@ -35,7 +36,8 @@
UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
`oemail`.`expire` as `expires`, `oemail`.`revoked` as
`revoke`,
UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
- `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`
+ `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
+ `oemail`.`description`
from `orgemailcerts` as `oemail`, `org`
where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`oemail`.`orgid` ";
@@ -50,7 +52,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No client certificates are
currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No client certificates are
currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -80,14 +82,22 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a
href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"
value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox"
name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended
for your personal reference only. To change the comment tick the checkbox and
hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew"
value="<?=_("Renew")?>">    
<input type="submit" name="revoke"
value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change"
value="<?=_("Change settings")?>"> </td>
</tr>
<? } ?>
</table>
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/5.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- 5.php 2011/10/12 15:15:35 1.22
+++ 5.php 2013/07/17 08:19:01 1.23
@@ -19,28 +19,29 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0"
cellpadding="0" class="wrapper">
<tr>
- <td colspan="7" class="title"><?=_("Client Certificates")?> - <a
href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
+ <td colspan="10" class="title"><?=_("Client Certificates")?> - <a
href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) -
UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
- `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`expire` as `expires`,
`emailcerts`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
- emailcerts.disablelogin as `disablelogin`
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
from `emailcerts`
where
`emailcerts`.`memid`='".$_SESSION['profile']['id']."'
";
@@ -56,7 +57,7 @@
{
?>
<tr>
- <td colspan="7" class="DataTD"><?=_("No client certificates are
currently listed.")?></td>
+ <td colspan="10" class="DataTD"><?=_("No client certificates are
currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -86,31 +87,39 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") :
$row['CN'])?></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD">
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1"
<?=$row['disablelogin']?"":"checked='checked'"?>/>
- <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
</td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"
value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox"
name="check_comment_<?=$row['id']?>" /></td>
</tr>
-<? } ?>
+ <? } ?>
<tr>
- <td class="DataTD" colspan="8">
+ <td class="DataTD" colspan="9">
<a
href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old
certificates"):_("View all certificates")?></b></a>
</td>
</tr>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew"
value="<?=_("Renew")?>">    
- <input type="submit" name="revoke"
value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="9">
+ <?=_('* Comment is NOT included in the certificate as it is intended
for your personal reference only. To change the comment tick the checkbox and
hit "Change Settings".')?>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew"
value="<?=_("Renew")?>" />    
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"
/></td>
- <td class="DataTD" colspan="3"><input type="submit" name="change"
value="<?=_("Change settings")?>"> </td>
+ <td class="DataTD" colspan="4"><input type="submit" name="change"
value="<?=_("Change settings")?>" /> </td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid
certificates.")?></p>
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/20.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- 20.php 2009/03/10 18:39:55 1.6
+++ 20.php 2013/07/17 08:19:01 1.7
@@ -27,11 +27,13 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the
subscriber will immediately inform CAcert Inc. who shall revoke the digital
certificate. When the Digital Certificate expires or is revoked the company
will permanently remove the certificate from the server on which it is
installed and will not use it for any purpose thereafter. The person
responsible for key management and security is fully authorized to install
and utilize the certificate to represent this organization's electronic
presence.")?></p>
<form method="post" action="account.php">
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root
certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3
root certificate")?><br>
+<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root
certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class
3 root certificate")?><br />
+<p> <?=_("Optional comment, only used in the certifictate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your
webserver as a chained certificate, while slightly more complicated to setup,
this root certificate is more likely to be trusted by more people.")?></p>
<p><?=_("Paste your CSR below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
+<textarea name="CSR" cols="80" rows="15"></textarea><br />
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
+</form>
\ No newline at end of file
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/10.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- 10.php 2013/05/14 08:50:29 1.11
+++ 10.php 2013/07/17 08:19:01 1.12
@@ -31,12 +31,14 @@
<form method="post" action="account.php">
<? if($_SESSION['profile']['points'] >= 50) { ?>
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root
certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3
root certificate")?><br>
+<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root
certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class
3 root certificate")?><br />
<p><?=_("Please note: The class 3 root certificate needs to be setup in your
webserver as a chained certificate, while slightly more complicated to setup,
this root certificate is more likely to be trusted by more people.")?></p>
<? } ?>
+<p><?=_("Optional comment, only used in the certifictate overview")?><br>
+ <input type="text" name="description" maxlength="80" size=80/></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="submit" name="process" value="<?=_("Submit")?>"/>
+<input type="hidden" name="oldid" value="<?=$id?>"/>
</form>
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/6.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- 6.php 2008/11/23 05:08:59 1.10
+++ 6.php 2013/07/17 08:19:01 1.11
@@ -18,7 +18,24 @@
<?
$certid = 0; if(array_key_exists('cert',$_REQUEST))
$certid=intval($_REQUEST['cert']);
- $query = "select * from `emailcerts` where `id`='$certid' and
`memid`='".intval($_SESSION['profile']['id'])."'";
+// $query = "select * from `emailcerts` where `id`='$certid' and
`memid`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) -
UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`crt_name`,
+ `emailcerts`.`keytype`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`id`='$certid' and
`emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -127,10 +144,73 @@
<p><?=_("Your certificate:")?></p>
<pre><?=$cert?></pre>
+
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0"
cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Information about the
certificte")?></td>
+ </tr>
<?
-
- showfooter();
- exit;
- }
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox"
name="revokeid[<?=$row['id']?>]" ></td>
+<? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox"
name="delid[<?=$row['id']?>]"></td>
+<? } else { ?>
+ <td class="DataTD"> </td>
+<? } ?>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=$verified?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") :
$row['CN'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Login")?></td>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin" value="1"
<?=$row['disablelogin']?"":"checked='checked'"?>/>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Comment")?></td>
+ <td class="DataTD"><input type="text" name="description"
maxlength="100" size=100
value="<?=htmlspecialchars($row['description'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit"
name="change" value="<?=_("Change settings")?>"> </td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="6">
+<input type="hidden" name="certid" value="<?=$certid?>">
+</form>
+<?
+ showfooter();
+ exit;
+}
\ No newline at end of file
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/22.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- 22.php 2011/10/12 15:15:35 1.13
+++ 22.php 2013/07/17 08:19:01 1.14
@@ -19,16 +19,16 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0"
cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a
href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a
href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all
certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as
`created`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) -
UNIX_TIMESTAMP() as `timeleft`,
@@ -36,7 +36,8 @@
`orgdomaincerts`.`expire` as `expires`, `revoked` as
`revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
`orgdomaincerts`.`serial`,
- `orgdomaincerts`.`id` as `id`
+ `orgdomaincerts`.`id` as `id`,
+ `orgdomaincerts`.`description`
from `orgdomaincerts`,`org`
where
`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`orgdomaincerts`.`orgid`=`org`.`orgid` ";
if($viewall != 1)
@@ -51,7 +52,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No domains are currently
listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No domains are currently
listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -77,18 +78,26 @@
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a
href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"
value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox"
name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew"
value="<?=_("Renew")?>">    
- <input type="submit" name="revoke"
value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended
for your personal reference only. To change the comment tick the checkbox and
hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew"
value="<?=_("Renew")?>" />    
+ <input type="submit" name="revoke"
value="<?=_("Revoke/Delete")?>" /></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change"
value="<?=_("Change settings")?>" /> </td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid
certificates.")?></p>
--- End Message ------ Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Wed, 17 Jul 2013 10:19:05 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
0.php 1.10 1.11 2.php 1.9 1.10
Wed Jul 17 10:19:05 CEST 2013
Update of /var/lib/cvs/cacert/pages/gpg
In directory webdb:/home/cacert/www/pages/gpg
Modified Files:
0.php 2.php
Log Message:
Fix for http://bugs.cacert.org/view.php?id=782
Add "notes" field to certificate information.
===================================================================
RCS file: /var/lib/cvs/cacert/pages/gpg/2.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- 2.php 2008/09/03 16:12:17 1.9
+++ 2.php 2013/07/17 08:19:05 1.10
@@ -15,29 +15,30 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
*/ ?>
+<form method="post" action="gpg.php">
<table align="center" valign="middle" border="0" cellspacing="0"
cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
+ <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Key ID")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as
`timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
- `expire` as `expires`, `id`, `level`,
- `email`,`keyid` from `gpg` where
`memid`='".intval($_SESSION['profile']['id'])."'
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where
`memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently
listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently
listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,10 +63,19 @@
<? } ?>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><a
href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
-
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text"
value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox"
name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="6">
+ <?=_('* Comment is NOT included in the certificate as it is intended
for your personal reference only. To change the comment tick the checkbox and
hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="change"
value="<?=_("Change settings")?>" /> </td>
+ </tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
===================================================================
RCS file: /var/lib/cvs/cacert/pages/gpg/0.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- 0.php 2009/04/27 17:34:04 1.10
+++ 0.php 2013/07/17 08:19:04 1.11
@@ -19,7 +19,9 @@
?>
<p><?=_("Paste your own public OpenPGP key below. It should not contain a
picture. CAcert will sign your key after submission.")?></p>
<form method="post" action="gpg.php">
-<textarea name="CSR" cols="80"
rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<p><?=_("Optional comment, only used in the certifictate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
+<textarea name="CSR" cols="80"
rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br
/>
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
--- End Message ---Attachment: smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Patch Request Bug #782, #1173, #1176, #1186, Benny Baumann, 07/12/2013
- Re: Patch Request Bug #782, #1173, #1176, #1186, Wytze van der Raay, 07/15/2013
- Re: Patch Request Bug #782, #1173, #1176, #1186, Wytze van der Raay, 07/17/2013
Archive powered by MHonArc 2.6.16.