cacert-webdb/stamp/report.php

122 lines
4.9 KiB
PHP
Raw Permalink Normal View History

2008-04-06 19:45:09 +00:00
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
2006-11-29 11:08:20 +00:00
$arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2);
2006-11-27 00:52:11 +00:00
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
2006-11-29 11:08:20 +00:00
$refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref'])));
2006-11-27 00:52:11 +00:00
$name = clean('name');
$email = clean('email');
$comment = clean('comment');
$reason = clean('reason');
$process = clean('process');
2006-11-29 11:08:20 +00:00
if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == ""))
{
$errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help.";
$process = "";
}
if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == ""))
{
$errmsg = "You must supply your name, a valid email address and comment.";
$process = "";
}
2006-11-27 00:52:11 +00:00
if($process != "")
{
$checkemail = checkEmail($email);
if($checkemail != "OK")
{
$errmsg = $checkemail;
$process = "";
}
2006-11-29 11:08:20 +00:00
} else {
$_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref);
2006-11-27 00:52:11 +00:00
}
if($process != "")
{
$IP = mysql_real_escape_string(trim($_SERVER['REMOTE_ADDR']));
$iplong = ip2long($IP);
mysql_query("insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email',
`comment`='$comment', `reason`='$reason'");
$id = mysql_insert_id();
$body = "New Abuse Report has been lodged via the the Stamp Interface:\n\n";
$body .= "Reported ID: $id\n";
$body .= "Reported IP: $IP\n";
$body .= "From: $name <$email>\n";
$body .= "URL: $refer\n";
$body .= "Reason: $reason\n";
$body .= "Comment: $comment\n";
2006-11-27 23:10:08 +00:00
sendmail("cacert-abuse@lists.cacert.org", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website");
2006-11-27 00:52:11 +00:00
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CAcert.org Abuse Report!</title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<div id="pagecell1">
<div id="pageName"><br>
<h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org">
<img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2>
<? if($_SERVER['HTTPS']!="on") { ?>
<div id="googlead"><br><script type="text/javascript"><!--
google_ad_client = "pub-0959373285729680";
google_alternate_color = "ffffff";
google_ad_width = 234;
google_ad_height = 60;
google_ad_format = "234x60_as";
google_ad_type = "text";
google_ad_channel = "";
//--></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div>
<? } ?>
</div>
<div id="content">
<div class="story">
<h3>Report abuse for <?=$ref?></h3>
<? if($process == "") { ?>
<? if($errmsg != "") { ?><p style="color:red"><?=$errmsg?></p><? } else { ?><br /><? } ?>
<form method="post" action="report.php">
<label for="refer">URL: </label><input type="text" name="refer" value="<?=$refer?>" readonly="1" /><br />
<label for="name">Name: </label><input type="text" name="name" value="<?=$name?>" /><br />
<label for="email">Email: </label><input type="text" name="email" value="<?=$email?>" /><br />
<label for="reason">Reason: </label><select name="reason">
<option value='invalid'<? if($reason == "invalid") { echo " selected"; } ?>>Invalid Domain</option>
<option value='phishing'<? if($reason == "phishing") { echo " selected"; } ?>>Phishing Site</option>
<option value='spam'<? if($reason == "spam") { echo " selected"; } ?>>Spam</option>
<option value='other'<? if($reason == "other") { echo " selected"; } ?>>Other</option>
</select><br />
<label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br />
<label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br />
2006-11-29 11:08:20 +00:00
<input type="hidden" name="pagehash" value="<?=$pagehash?>">
2006-11-27 00:52:11 +00:00
</form>
<? } else { ?>
2006-11-27 23:10:08 +00:00
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>
2006-11-27 00:52:11 +00:00
<? } ?>
</div>
</div>
</body>
</html>