cacert-webdb/www/verify.php

165 lines
6.5 KiB
PHP
Raw Permalink Normal View History

2004-10-16 00:28:17 +00:00
<? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2004-10-16 00:28:17 +00:00
*/ ?>
<?
2008-09-19 18:04:35 +00:00
loadem("index");
2004-10-16 00:28:17 +00:00
$type = array_key_exists('type',$_REQUEST)?$_REQUEST['type']:"";
if(array_key_exists('Notify',$_REQUEST) && $_REQUEST['Notify'] != "")
{
$body = sprintf("An abuse of the CAcert Email Ping system has been reported.\n\n");
if($type=="email") $body .= "EmailID: ".intval($_REQUEST['emailid'])."\n";
if($type=="domain") $body .= "DomainID: ".intval($_REQUEST['domainid'])."\n";
$body .= "Hash: ".sanitizeHTML($_REQUEST['hash'])."\n\n";
$body .= "Best regards"."\n";
$body .= "CAcert Website";
sendmail("support@cacert.org", "[CAcert.org] Verification Abuse", $body, "support@cacert.org", "", "", "");
showheader(_("Notification"), _("Notification"));
echo _("Email has been sent.");
showfooter();
2006-08-13 18:54:45 +00:00
exit;
}
2006-08-13 18:54:45 +00:00
2004-10-16 00:28:17 +00:00
if($type == "email")
{
$id = 1;
2006-08-13 18:14:27 +00:00
$emailid = intval($_REQUEST['emailid']);
$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
2004-10-16 00:28:17 +00:00
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
2005-03-12 19:40:24 +00:00
$row['attempts']++;
2006-08-13 18:54:45 +00:00
if($row['attempts'] >= 6)
2004-10-16 00:28:17 +00:00
{
mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
showheader(_("Error!"), _("Error!"));
2005-03-12 19:40:24 +00:00
echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
2004-10-16 00:28:17 +00:00
showfooter();
exit;
}
mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
}
2006-08-13 19:06:30 +00:00
$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0";
2004-10-16 00:28:17 +00:00
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, or something weird happened.");
2004-10-16 00:28:17 +00:00
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
2006-08-13 18:14:27 +00:00
{
$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
mysql_query($query);
2008-09-19 17:47:10 +00:00
$query = "update `users` set `verified`='1' where `id`='".intval($row['memid'])."' and `email`='".$row['email']."' and `verified`='0'";
2006-08-13 18:14:27 +00:00
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
2006-08-13 18:54:45 +00:00
header("location: /index.php");
exit;
2006-08-13 18:14:27 +00:00
} else {
2006-08-13 18:54:45 +00:00
showheader(_("Updated"), _("Updated"));
2006-08-13 18:14:27 +00:00
printf(_("Are you sure you want to verify the email %s?"), $row['email']);
2006-08-13 18:54:45 +00:00
echo "<br>\n<form method='post' action='/verify.php'>";
echo "<input type='hidden' name='emailid' value='$emailid'>";
echo "<input type='hidden' name='hash' value='$hash'>";
echo "<input type='hidden' name='type' value='email'>";
echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
2006-08-13 18:14:27 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter();
exit;
}
elseif($type == "domain")
2004-10-16 00:28:17 +00:00
{
$id = 7;
2006-08-13 18:14:27 +00:00
$domainid = intval($_REQUEST['domainid']);
$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
2004-10-16 00:28:17 +00:00
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$row['attempts']++;
if($row['attempts'] >= 6)
2004-10-16 00:28:17 +00:00
{
$query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
showheader(_("Error!"), _("Error!"));
echo _("You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system");
showfooter();
exit;
}
2008-09-19 17:47:10 +00:00
$query = "update `domains` set `attempts`='".intval($row['attempts'])."' where `id`='$domainid'";
2004-10-16 00:28:17 +00:00
mysql_query($query);
}
$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
2006-08-13 18:14:27 +00:00
{
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
2006-08-13 18:54:45 +00:00
header("location: /index.php");
exit;
2006-08-13 18:14:27 +00:00
} else {
2006-08-13 18:54:45 +00:00
showheader(_("Updated"), _("Updated"));
printf(_("Are you sure you want to verify the domain %s?"), $row['domain']);
2006-08-13 18:54:45 +00:00
echo "<br>\n<form method='post' action='/verify.php'>";
echo "<input type='hidden' name='domainid' value='$domainid'>";
echo "<input type='hidden' name='hash' value='$hash'>";
echo "<input type='hidden' name='type' value='domain'>";
2006-08-13 19:06:30 +00:00
echo "<input type='submit' name='Yes' value='"._("Yes verify this domain")."'><br>\n";
2006-08-13 18:54:45 +00:00
echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
2006-08-13 19:06:30 +00:00
echo "<input type='submit' name='No' value='"._("Do not verify this domain")."'></form>\n";
2006-08-13 18:14:27 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter();
exit;
}
else
{
showheader(_("Error!"), _("Error!"));
echo _("Parameters are missing. Please try the complete URL.");
showfooter();
exit;
}
2004-10-16 00:28:17 +00:00
?>