<?php
require_once('session/start.php');
require_once('x509.php');
require_role(ROLE_SYSTEMUSER);
if ($_GET['action'] == 'new')
{
check_form_token('clientcert_add');
if (! isset($_SESSION['clientcert_cert']))
system_failure('Kein Zertifikat');
add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer']);
// Räume session auf
unset($_SESSION['clientcert_cert']);
unset($_SESSION['clientcert_dn']);
unset($_SESSION['clientcert_issuer']);
header('Location: cert');
}
elseif ($_GET['action'] == 'delete')
{
$cert = get_cert_by_id($_GET['id']);
if (! $cert)
system_failure('no ID');
if ($cert['username'] != $_SESSION['userinfo']['username'])
system_failure('Das Zertifikat ist nicht für Ihren Zugang eingerichtet');
$sure = user_is_sure();
if ($sure === NULL)
{
are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« wirklich löschen?");
}
elseif ($sure === true)
{
delete_clientcert($cert['id']);
if (! $debugmode)
header("Location: cert");
}
elseif ($sure === false)
{
if (! $debugmode)
header("Location: cert");
}
}
else
system_failure('Kein Kommando');