cacert-webdb/www/account.php

<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<?
	include("../includes/account.php");

	if($id == 6)
	{
		include_once("../pages/account/6.php");
		exit;
	} else if($id == 19) {
		include_once("../pages/account/19.php");
		exit;
	} else if($oldid == 40 && $_REQUEST['process'] != "") {
		$who = stripslashes($_REQUEST['who']);
		$email = stripslashes($_REQUEST['email']);
		$subject = stripslashes($_REQUEST['subject']);
		$message = stripslashes($_REQUEST['message']);

		//check for spam via honeypot
		if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){ 
			echo _("Form could not be sent.");
			showfooter();
			exit;
		}

		$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
		if (isset($process[0])){
			sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
			showheader(_("Welcome to CAcert.org"));
			echo _("Your message has been sent to the general support list.");
			showfooter();
			exit;
		}
		if (isset($process[1])){
			sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
			showheader(_("Welcome to CAcert.org"));
			echo _("Your message has been sent.");
			showfooter();
			exit;
		}

	} else if($id == 51 && $_GET['img'] == "show") {
		$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res))
		{
			$row = mysql_fetch_assoc($res);
			readfile($row['photoid']);
		} else {
			die("No such file.");
		}
		exit;
	} else if ($id == 37) {
		$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
		$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
		header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved    	
	} else {
		showheader(_("My CAcert.org Account!"));
		includeit($id, "account");
		showfooter();
		exit;
	}
?>
* empty log message * 2004-10-16 00:28:17 +00:00			`<? /*`
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`LibreSSL - CAcert web application`
			`Copyright (C) 2004-2008 CAcert Inc.`
* empty log message * 2004-10-16 00:28:17 +00:00
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; version 2 of the License.`
* empty log message * 2004-10-16 00:28:17 +00:00
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`
* empty log message * 2004-10-16 00:28:17 +00:00
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA`
* empty log message * 2004-10-16 00:28:17 +00:00			`*/ ?>`
			`<?`
			`include("../includes/account.php");`

			`if($id == 6)`
			`{`
moved special files out of webroot 2006-04-20 20:08:31 +00:00			`include_once("../pages/account/6.php");`
updates 2005-12-04 21:04:05 +00:00			`exit;`
* empty log message * 2004-10-16 00:28:17 +00:00			`} else if($id == 19) {`
moved special files out of webroot 2006-04-20 20:08:31 +00:00			`include_once("../pages/account/19.php");`
updates 2005-12-04 21:04:05 +00:00			`exit;`
Fix for https://bugs.cacert.org/view.php?id=795 "contact form does not signal whether filed request is senstive or open" 2013-01-17 15:08:07 +00:00			`} else if($oldid == 40 && $_REQUEST['process'] != "") {`
Fixed register_globals issue. Some more work to secure the contact form is needed 2009-03-09 22:39:39 +00:00			`$who = stripslashes($_REQUEST['who']);`
			`$email = stripslashes($_REQUEST['email']);`
			`$subject = stripslashes($_REQUEST['subject']);`
			`$message = stripslashes($_REQUEST['message']);`

Fix for https://bugs.cacert.org/view.php?id=795 "contact form does not signal whether filed request is senstive or open" 2013-01-17 15:08:07 +00:00			`//check for spam via honeypot`
			`if(!isset($_REQUEST['robotest']) \|\| !empty($_REQUEST['robotest'])){`
			`echo _("Form could not be sent.");`
			`showfooter();`
			`exit;`
			`}`
dynamic pdf generation + translation updates + slight bug fix 2005-06-12 03:51:48 +00:00
Fix for https://bugs.cacert.org/view.php?id=795 "contact form does not signal whether filed request is senstive or open" 2013-01-17 15:08:07 +00:00			`$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;`
			`if (isset($process[0])){`
			`sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");`
			`showheader(_("Welcome to CAcert.org"));`
			`echo _("Your message has been sent to the general support list.");`
			`showfooter();`
			`exit;`
			`}`
			`if (isset($process[1])){`
			`sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");`
			`showheader(_("Welcome to CAcert.org"));`
			`echo _("Your message has been sent.");`
			`showfooter();`
			`exit;`
			`}`
bug updates, tweaks etc 2004-11-30 23:31:18 +00:00
new code + updates and bug fixes 2005-03-12 19:40:24 +00:00			`} else if($id == 51 && $_GET['img'] == "show") {`
Fixed a SQL injection 2008-08-14 09:35:40 +00:00			$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
updates/bug fixes 2006-03-05 11:18:16 +00:00			`$res = mysql_query($query);`
			`if(mysql_num_rows($res))`
			`{`
			`$row = mysql_fetch_assoc($res);`
			`readfile($row['photoid']);`
			`} else {`
			`die("No such file.");`
			`}`
updates 2005-12-04 21:04:05 +00:00			`exit;`
Fixes for https://bugs.cacert.org/view.php?id=965 : Outsource / fix Webdb text pages id=12, 13, (17) 2011-11-25 11:28:37 +00:00			`} else if ($id == 37) {`
			`$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';`
			`$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';`
			`header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved`
* empty log message * 2004-10-16 00:28:17 +00:00			`} else {`
			`showheader(_("My CAcert.org Account!"));`
			`includeit($id, "account");`
			`showfooter();`
updates 2005-12-04 21:04:05 +00:00			`exit;`
* empty log message * 2004-10-16 00:28:17 +00:00			`}`
			`?>`