deleting ssl client certificates from profile page works now

2011-05-11 07:33:15 +02:00 · 2011-05-11 07:33:15 +02:00 · 1c415919cb
commit 1c415919cb
parent b0665b03d1
2 changed files with 50 additions and 3 deletions
--- a/src/SemanticScuttle/Service/User/SslClientCert.php
+++ b/src/SemanticScuttle/Service/User/SslClientCert.php
@ -181,6 +181,38 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
    }


+
+    /**
+     * Fetches the certificate with the given ID from database.
+     *
+     * @param integer $id Certificate ID in database
+     *
+     * @return SemanticScuttle_Model_User_SslClientCert Certificate object
+     *                                                  or null if not found
+     */
+    public function getCert($id)
+    {
+        $query = 'SELECT * FROM ' . $this->getTableName()
+            . ' WHERE id = ' . (int)$id;
+        if (!($dbresult = $this->db->sql_query($query))) {
+            message_die(
+                GENERAL_ERROR, 'Could not load SSL client certificate',
+                '', __LINE__, __FILE__, $query, $this->db
+            );
+            return null;
+        }
+
+        if ($row = $this->db->sql_fetchrow($dbresult)) {
+            $cert = SemanticScuttle_Model_User_SslClientCert::fromDb($row);
+        } else {
+            $cert = null;
+        }
+        $this->db->sql_freeresult($dbresult);
+        return $cert;
+    }
+
+
+
    /**
     * Fetches all registered certificates for the user from the database
     * and returns it.
@ -234,7 +266,7 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
        }

        $query = 'DELETE FROM ' . $this->getTableName()
-            .' WHERE uId = ' . $id;
+            .' WHERE id = ' . $id;

        if (!($dbresult = $this->db->sql_query($query))) {
            message_die(
--- a/www/profile.php
+++ b/www/profile.php
@ -122,12 +122,27 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
        } else if (false !== $scert->getUserIdFromCert()) {
            $tplvars['error'] = T_('This certificate is already registered');
        } else if (false === $scert->registerCurrentCertificate($currentUser->getId())) {
-            $tplvars['error'] = T_('SSL client certificate registration failed');
+            $tplvars['error'] = T_('Failed to register SSL client certificate.');
        } else {
-            $tplVars['msg'] = T_('SSL client certificate registered');
+            $tplVars['msg'] = T_('SSL client certificate registered.');
+        }
+    } else if (isset($_POST['action']) && $_POST['action'] == 'deleteClientCert'
+        && isset($_POST['certId'])
+    ) {
+        $certId = (int)$_POST['certId'];
+        $cert = $scert->getCert($certId);
+        if ($cert === null) {
+            $tplvars['error'] = T_('Certificate not found.');
+        } else if ($cert->uId != $currentUser->getId()) {
+            $tplvars['error'] = T_('The certificate does not belong to you.');
+        } else if (false === $scert->delete($certId)) {
+            $tplvars['error'] = T_('Failed to delete SSL client certificate.');
+        } else {
+            $tplVars['msg'] = T_('SSL client certificate deleted.');
        }
    }

+
 	//Token Init
 	$_SESSION['token'] = md5(uniqid(rand(), true));
 	$_SESSION['token_stamp'] = time();