From 1c415919cb72c218d9491d8cdcf6498142b23f68 Mon Sep 17 00:00:00 2001
From: Christian Weiske <cweiske@cweiske.de>
Date: Wed, 11 May 2011 07:33:15 +0200
Subject: deleting ssl client certificates from profile page works now

---
 src/SemanticScuttle/Service/User/SslClientCert.php | 34 +++++++++++++++++++++-
 www/profile.php                                    | 19 ++++++++++--
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php
index b6545df..f277994 100644
--- a/src/SemanticScuttle/Service/User/SslClientCert.php
+++ b/src/SemanticScuttle/Service/User/SslClientCert.php
@@ -181,6 +181,38 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
     }
 
 
+
+    /**
+     * Fetches the certificate with the given ID from database.
+     *
+     * @param integer $id Certificate ID in database
+     *
+     * @return SemanticScuttle_Model_User_SslClientCert Certificate object
+     *                                                  or null if not found
+     */
+    public function getCert($id)
+    {
+        $query = 'SELECT * FROM ' . $this->getTableName()
+            . ' WHERE id = ' . (int)$id;
+        if (!($dbresult = $this->db->sql_query($query))) {
+            message_die(
+                GENERAL_ERROR, 'Could not load SSL client certificate',
+                '', __LINE__, __FILE__, $query, $this->db
+            );
+            return null;
+        }
+
+        if ($row = $this->db->sql_fetchrow($dbresult)) {
+            $cert = SemanticScuttle_Model_User_SslClientCert::fromDb($row);
+        } else {
+            $cert = null;
+        }
+        $this->db->sql_freeresult($dbresult);
+        return $cert;
+    }
+
+
+
     /**
      * Fetches all registered certificates for the user from the database
      * and returns it.
@@ -234,7 +266,7 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
         }
 
         $query = 'DELETE FROM ' . $this->getTableName()
-            .' WHERE uId = ' . $id;
+            .' WHERE id = ' . $id;
 
         if (!($dbresult = $this->db->sql_query($query))) {
             message_die(
diff --git a/www/profile.php b/www/profile.php
index 9a58d79..c2c256c 100644
--- a/www/profile.php
+++ b/www/profile.php
@@ -122,12 +122,27 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
         } else if (false !== $scert->getUserIdFromCert()) {
             $tplvars['error'] = T_('This certificate is already registered');
         } else if (false === $scert->registerCurrentCertificate($currentUser->getId())) {
-            $tplvars['error'] = T_('SSL client certificate registration failed');
+            $tplvars['error'] = T_('Failed to register SSL client certificate.');
         } else {
-            $tplVars['msg'] = T_('SSL client certificate registered');
+            $tplVars['msg'] = T_('SSL client certificate registered.');
+        }
+    } else if (isset($_POST['action']) && $_POST['action'] == 'deleteClientCert'
+        && isset($_POST['certId'])
+    ) {
+        $certId = (int)$_POST['certId'];
+        $cert = $scert->getCert($certId);
+        if ($cert === null) {
+            $tplvars['error'] = T_('Certificate not found.');
+        } else if ($cert->uId != $currentUser->getId()) {
+            $tplvars['error'] = T_('The certificate does not belong to you.');
+        } else if (false === $scert->delete($certId)) {
+            $tplvars['error'] = T_('Failed to delete SSL client certificate.');
+        } else {
+            $tplVars['msg'] = T_('SSL client certificate deleted.');
         }
     }
 
+
 	//Token Init
 	$_SESSION['token'] = md5(uniqid(rand(), true));
 	$_SESSION['token_stamp'] = time();
-- 
cgit v1.2.3