2004-10-16 00:28:17 +00:00
< ? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright ( C ) 2004 - 2008 CAcert Inc .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; version 2 of the License .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA
2004-10-16 00:28:17 +00:00
*/
session_name ( " cacert " );
session_start ();
session_register ( " _config " );
session_register ( " profile " );
session_register ( " signup " );
session_register ( " lostpw " );
2006-08-13 16:44:05 +00:00
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();
2006-04-30 08:30:54 +00:00
2005-07-01 13:12:14 +00:00
$junk = array ( _ ( " Face to Face Meeting " ), _ ( " Trusted Third Parties " ), _ ( " Thawte Points Transfer " ), _ ( " Administrative Increase " ),
_ ( " CT Magazine - Germany " ), _ ( " Temporary Increase " ), _ ( " Unknown " ));
2008-08-17 20:44:48 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] = " " ;
2008-08-17 20:41:07 +00:00
$id = 0 ; if ( array_key_exists ( " id " , $_REQUEST )) $id = intval ( $_REQUEST [ 'id' ]);
$oldid = 0 ; if ( array_key_exists ( " oldid " , $_REQUEST )) $oldid = intval ( $_REQUEST [ 'oldid' ]);
2006-02-03 18:45:23 +00:00
2004-12-09 01:48:16 +00:00
$_SESSION [ '_config' ][ 'filepath' ] = " /www " ;
2004-12-06 21:53:35 +00:00
require_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /includes/mysql.php " );
2008-08-25 20:47:49 +00:00
if ( array_key_exists ( 'HTTP_HOST' , $_SERVER ) &&
$_SERVER [ 'HTTP_HOST' ] != $_SESSION [ '_config' ][ 'normalhostname' ] &&
2005-03-12 19:40:24 +00:00
$_SERVER [ 'HTTP_HOST' ] != $_SESSION [ '_config' ][ 'securehostname' ] &&
2006-11-27 00:52:11 +00:00
$_SERVER [ 'HTTP_HOST' ] != $_SESSION [ '_config' ][ 'tverify' ] &&
$_SERVER [ 'HTTP_HOST' ] != " stamp.cacert.org " )
2004-12-06 21:53:35 +00:00
{
2008-08-25 20:47:49 +00:00
if ( array_key_exists ( 'HTTPS' , $_SERVER ) && $_SERVER [ 'HTTPS' ] == " on " )
2004-12-06 21:53:35 +00:00
header ( " location: https:// " . $_SESSION [ '_config' ][ 'normalhostname' ]);
else
header ( " location: http:// " . $_SESSION [ '_config' ][ 'normalhostname' ]);
exit ;
}
2008-08-25 20:47:49 +00:00
if ( array_key_exists ( 'HTTP_HOST' , $_SERVER ) &&
( $_SERVER [ 'HTTP_HOST' ] == $_SESSION [ '_config' ][ 'securehostname' ] ||
$_SERVER [ 'HTTP_HOST' ] == $_SESSION [ '_config' ][ 'tverify' ]))
2005-03-12 19:40:24 +00:00
{
2008-08-25 20:47:49 +00:00
if ( array_key_exists ( 'HTTPS' , $_SERVER ) && $_SERVER [ 'HTTPS' ] == " on " )
{
}
else
{
2008-11-23 04:21:50 +00:00
if ( $_SERVER [ 'HTTP_HOST' ] == $_SESSION [ '_config' ][ 'securehostname' ])
header ( " location: https:// " . $_SESSION [ '_config' ][ 'securehostname' ]);
if ( $_SERVER [ 'HTTP_HOST' ] == $_SESSION [ '_config' ][ 'tverify' ])
header ( " location: https:// " . $_SESSION [ '_config' ][ 'tverify' ]);
2008-08-25 20:47:49 +00:00
exit ;
}
2005-03-12 19:40:24 +00:00
}
2008-08-17 20:41:07 +00:00
$lang = " " ;
if ( array_key_exists ( " lang " , $_REQUEST ))
$lang = mysql_escape_string ( substr ( trim ( $_REQUEST [ 'lang' ]), 0 , 5 ));
2004-10-16 00:28:17 +00:00
if ( $lang != " " )
$_SESSION [ '_config' ][ 'language' ] = $lang ;
2008-08-31 21:52:53 +00:00
//if($_SESSION['profile']['id'] == 1 && 1 == 2)
// echo $_SESSION['_config']['language'];
2006-05-27 11:37:13 +00:00
2005-05-15 18:04:29 +00:00
$_SESSION [ '_config' ][ 'translations' ] = array (
2005-06-09 15:21:55 +00:00
" ar_JO " => " العربية " ,
2005-05-15 18:04:29 +00:00
" bg_BG " => " Български " ,
2005-06-09 15:21:55 +00:00
" cs_CZ " => " Čeština " ,
2005-05-15 18:04:29 +00:00
" da_DK " => " Dansk " ,
" de_DE " => " Deutsch " ,
2005-06-09 15:21:55 +00:00
" el_GR " => " Ελληνικά " ,
2005-05-15 18:04:29 +00:00
" en_AU " => " English " ,
" es_ES " => " Español " ,
2005-06-09 15:21:55 +00:00
" fi_FI " => " Suomi " ,
2005-05-15 18:04:29 +00:00
" fr_FR " => " Français " ,
2005-05-23 01:53:59 +00:00
" he_IL " => " עברית " ,
" hr_HR " => " Hrvatski " ,
2005-05-15 18:04:29 +00:00
" hu_HU " => " Magyar " ,
2005-11-08 10:06:04 +00:00
" is_IS " => " Íslenska " ,
2005-06-09 15:21:55 +00:00
" it_IT " => " Italiano " ,
" ja_JP " => " 日本語 " ,
2005-07-24 13:56:10 +00:00
" ka_GE " => " Georgian " ,
2005-05-15 18:04:29 +00:00
" nl_NL " => " Nederlands " ,
2005-06-09 15:21:55 +00:00
" pl_PL " => " Polski " ,
2005-05-15 18:04:29 +00:00
" pt_PT " => " Português " ,
" pt_BR " => " Português Brasileiro " ,
" ru_RU " => " Русский " ,
2005-05-25 03:41:55 +00:00
" ro_RO " => " Română " ,
2005-05-15 18:04:29 +00:00
" sv_SE " => " Svenska " ,
" tr_TR " => " Türkçe " ,
2004-12-06 14:02:02 +00:00
" zh_CN " => " 中文(简体) " );
2004-10-16 14:45:32 +00:00
2008-08-25 21:00:20 +00:00
$value = array ();
if ( ! ( array_key_exists ( 'language' , $_SESSION [ '_config' ]) && $_SESSION [ '_config' ][ 'language' ] != " " ))
2004-10-16 00:28:17 +00:00
{
2008-09-28 22:08:11 +00:00
$bits = explode ( " , " , strtolower ( str_replace ( " " , " " , mysql_real_escape_string ( array_key_exists ( 'HTTP_ACCEPT_LANGUAGE' , $_SERVER ) ? $_SERVER [ 'HTTP_ACCEPT_LANGUAGE' ] : " " ))));
2004-10-16 00:28:17 +00:00
foreach ( $bits as $lang )
{
$b = explode ( " ; " , $lang );
2008-08-27 23:09:27 +00:00
if ( count ( $b ) > 1 && substr ( $b [ 1 ], 0 , 2 ) == " q= " )
2004-10-16 00:28:17 +00:00
$c = floatval ( substr ( $b [ 1 ], 2 ));
else
$c = 1 ;
$value [ " $c " ] = trim ( $b [ 0 ]);
}
krsort ( $value );
reset ( $value );
foreach ( $value as $key => $val )
{
2006-08-12 19:39:00 +00:00
$val = substr ( escapeshellarg ( $val ), 1 , - 1 );
2004-10-16 00:28:17 +00:00
$short = substr ( $val , 0 , 2 );
if ( $val == " en " || $short == " en " )
{
$_SESSION [ '_config' ][ 'language' ] = " en " ;
break ;
}
2004-12-06 21:53:35 +00:00
if ( file_exists ( $_SESSION [ '_config' ][ 'filepath' ] . " /locale/ $val /LC_MESSAGES/messages.mo " ))
2004-10-16 00:28:17 +00:00
{
$_SESSION [ '_config' ][ 'language' ] = $val ;
break ;
}
2004-12-06 21:53:35 +00:00
if ( file_exists ( $_SESSION [ '_config' ][ 'filepath' ] . " /locale/ $short /LC_MESSAGES/messages.mo " ))
2004-10-16 00:28:17 +00:00
{
$_SESSION [ '_config' ][ 'language' ] = $short ;
break ;
}
}
}
2008-09-28 22:08:11 +00:00
if ( ! array_key_exists ( '_config' , $_SESSION ) || ! array_key_exists ( 'language' , $_SESSION [ '_config' ]) || strlen ( $_SESSION [ '_config' ][ 'language' ]) != 5 )
2004-10-16 14:45:32 +00:00
{
2008-09-28 22:08:11 +00:00
$lang = array_key_exists ( 'language' , $_SESSION [ '_config' ]) ? $_SESSION [ '_config' ][ 'language' ] : " " ;
2004-10-16 14:45:32 +00:00
$_SESSION [ '_config' ][ 'language' ] = " en_AU " ;
foreach ( $_SESSION [ '_config' ][ 'translations' ] as $key => $val )
2004-10-16 00:28:17 +00:00
{
2004-10-16 14:45:32 +00:00
if ( substr ( $lang , 0 , 2 ) == substr ( $key , 0 , 2 ))
{
$_SESSION [ '_config' ][ 'language' ] = $val ;
break ;
}
2004-10-16 00:28:17 +00:00
}
2004-10-16 14:45:32 +00:00
}
2004-10-16 00:28:17 +00:00
2005-07-01 13:12:14 +00:00
$_SESSION [ '_config' ][ 'recode' ] = " html..latin-1 " ;
2004-10-26 07:50:08 +00:00
if ( $_SESSION [ '_config' ][ 'language' ] == " zh_CN " )
{
2005-07-01 13:12:14 +00:00
$_SESSION [ '_config' ][ 'recode' ] = " html..gb2312 " ;
} else if ( $_SESSION [ '_config' ][ 'language' ] == " pl_PL " || $_SESSION [ '_config' ][ 'language' ] == " hu_HU " ) {
$_SESSION [ '_config' ][ 'recode' ] = " html..ISO-8859-2 " ;
} else if ( $_SESSION [ '_config' ][ 'language' ] == " ja_JP " ) {
$_SESSION [ '_config' ][ 'recode' ] = " html..SHIFT-JIS " ;
2004-12-06 14:02:02 +00:00
} else if ( $_SESSION [ '_config' ][ 'language' ] == " ru_RU " ) {
2005-07-01 13:12:14 +00:00
$_SESSION [ '_config' ][ 'recode' ] = " html..ISO-8859-5 " ;
2006-08-14 15:05:23 +00:00
} else if ( $_SESSION [ '_config' ][ 'language' ] == " lt_LT " ) {
$_SESSION [ '_config' ][ 'recode' ] = " html..ISO-8859-13 " ;
2004-10-26 07:50:08 +00:00
}
2004-10-16 00:28:17 +00:00
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'language' ]);
2005-11-08 10:06:04 +00:00
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'language' ]);
2004-10-16 00:28:17 +00:00
$domain = 'messages' ;
2006-08-03 13:20:55 +00:00
bindtextdomain ( $domain , $_SESSION [ '_config' ][ 'filepath' ] . " /locale " );
textdomain ( $domain );
2004-10-16 00:28:17 +00:00
2008-08-31 22:15:21 +00:00
//if($_SESSION['profile']['id'] == -1)
// echo $_SESSION['_config']['language']." - ".$_SESSION['_config']['filepath']."/locale";
2006-05-27 11:37:13 +00:00
2008-08-31 22:15:21 +00:00
if ( array_key_exists ( 'profile' , $_SESSION ) && is_array ( $_SESSION [ 'profile' ]) && array_key_exists ( 'id' , $_SESSION [ 'profile' ]) && $_SESSION [ 'profile' ][ 'id' ] > 0 )
2004-10-16 00:28:17 +00:00
{
2006-08-16 06:08:12 +00:00
$locked = mysql_fetch_assoc ( mysql_query ( " select `locked` from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ));
if ( $locked [ 'locked' ] == 0 )
{
$query = " select sum(`points`) as `total` from `notary` where `to`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' group by `to` " ;
$res = mysql_query ( $query );
$row = mysql_fetch_assoc ( $res );
$_SESSION [ 'profile' ][ 'points' ] = $row [ 'total' ];
} else {
$_SESSION [ 'profile' ] = " " ;
unset ( $_SESSION [ 'profile' ]);
}
2004-10-16 00:28:17 +00:00
}
function loadem ( $section = " index " )
{
2005-03-12 19:40:24 +00:00
if ( $section != " index " && $section != " account " && $section != " tverify " )
2004-10-16 00:28:17 +00:00
{
$section = " index " ;
}
if ( $section == " account " )
2004-12-06 21:53:35 +00:00
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /includes/account_stuff.php " );
2004-10-16 00:28:17 +00:00
if ( $section == " index " )
2004-12-06 21:53:35 +00:00
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /includes/general_stuff.php " );
2005-03-12 19:40:24 +00:00
if ( $section == " tverify " )
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /includes/tverify_stuff.php " );
2004-10-16 00:28:17 +00:00
}
function includeit ( $id = " 0 " , $section = " index " )
{
$id = intval ( $id );
2006-12-09 14:26:30 +00:00
if ( $section != " index " && $section != " account " && $section != " wot " && $section != " help " && $section != " gpg " && $section != " disputes " && $section != " tverify " && $section != " advertising " )
2004-10-16 00:28:17 +00:00
{
$section = " index " ;
}
2005-03-12 19:40:24 +00:00
if ( $section == " tverify " && file_exists ( $_SESSION [ '_config' ][ 'filepath' ] . " /tverify/index/ $id .php " ))
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /tverify/index/ $id .php " );
2006-04-20 20:08:31 +00:00
else if ( file_exists ( $_SESSION [ '_config' ][ 'filepath' ] . " /pages/ $section / $id .php " ))
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /pages/ $section / $id .php " );
2004-10-16 00:28:17 +00:00
else {
$id = " 0 " ;
2006-04-20 20:08:31 +00:00
if ( file_exists ( $_SESSION [ '_config' ][ 'filepath' ] . " /pages/ $section / $id .php " ))
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /pages/ $section / $id .php " );
2004-10-16 00:28:17 +00:00
else {
$section = " index " ;
$id = " 0 " ;
2006-04-20 20:08:31 +00:00
if ( file_exists ( $_SESSION [ '_config' ][ 'filepath' ] . " /pages/ $section / $id .php " ))
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /pages/ $section / $id .php " );
2004-10-16 00:28:17 +00:00
else
2004-12-06 21:53:35 +00:00
include_once ( $_SESSION [ '_config' ][ 'filepath' ] . " /www/error404.php " );
2004-10-16 00:28:17 +00:00
}
}
}
function checkpw ( $pwd , $email , $fname , $mname , $lname , $suffix )
{
$points = 0 ;
2004-12-06 21:53:35 +00:00
if ( strlen ( $pwd ) > 15 )
$points ++ ;
2005-05-13 15:34:39 +00:00
if ( strlen ( $pwd ) > 20 )
$points ++ ;
if ( strlen ( $pwd ) > 25 )
$points ++ ;
2004-12-06 21:53:35 +00:00
if ( strlen ( $pwd ) > 30 )
$points ++ ;
2007-06-20 09:07:27 +00:00
//echo "Points due to length: $points<br/>";
2004-10-16 00:28:17 +00:00
if ( preg_match ( " / \ d/ " , $pwd ))
$points ++ ;
if ( preg_match ( " /[a-z]/ " , $pwd ))
$points ++ ;
if ( preg_match ( " /[A-Z]/ " , $pwd ))
$points ++ ;
if ( preg_match ( " / \ W/ " , $pwd ))
$points ++ ;
if ( preg_match ( " / \ s/ " , $pwd ))
$points ++ ;
2007-06-20 09:07:27 +00:00
//echo "Points due to length and charset: $points<br/>";
2004-10-16 00:28:17 +00:00
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $email )))
$points -- ;
if ( @ strstr ( strtolower ( $email ), strtolower ( $pwd )))
$points -- ;
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $fname )))
$points -- ;
if ( @ strstr ( strtolower ( $fname ), strtolower ( $pwd )))
$points -- ;
if ( $mname )
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $mname )))
$points -- ;
if ( $mname )
if ( @ strstr ( strtolower ( $mname ), strtolower ( $pwd )))
$points -- ;
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $lname )))
$points -- ;
if ( @ strstr ( strtolower ( $lname ), strtolower ( $pwd )))
$points -- ;
if ( $suffix )
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $suffix )))
$points -- ;
if ( $suffix )
if ( @ strstr ( strtolower ( $suffix ), strtolower ( $pwd )))
$points -- ;
2007-06-20 09:07:27 +00:00
//echo "Points due to name matches: $points<br/>";
2004-10-16 00:28:17 +00:00
$do = `grep '$pwd' /usr/share/dict/american-english` ;
if ( $do )
$points -- ;
2007-06-20 09:07:27 +00:00
//echo "Points due to wordlist: $points<br/>";
2004-10-16 00:28:17 +00:00
return ( $points );
}
function extractit ()
{
2005-05-13 15:34:39 +00:00
$bits = explode ( " : " , $_SESSION [ '_config' ][ 'subject' ], 2 );
2008-09-03 16:13:28 +00:00
$bits = str_replace ( " , " , " | " , str_replace ( " / " , " | " , array_key_exists ( '1' , $bits ) ? $bits [ '1' ] : " " ));
2004-10-16 00:28:17 +00:00
$bits = explode ( " | " , $bits );
$_SESSION [ '_config' ][ 'cnc' ] = $_SESSION [ '_config' ][ 'subaltc' ] = 0 ;
2006-08-14 02:12:45 +00:00
$_SESSION [ '_config' ][ 'OU' ] = " " ;
2004-10-16 00:28:17 +00:00
if ( is_array ( $bits ))
foreach ( $bits as $val )
{
if ( ! strstr ( $val , " = " ))
continue ;
$split = explode ( " = " , $val );
$k = $split [ 0 ];
$split [ '1' ] = trim ( $split [ '1' ]);
if ( $k == " CN " && $split [ '1' ])
{
$k = $_SESSION [ '_config' ][ 'cnc' ] . " . " . $k ;
$_SESSION [ '_config' ][ 'cnc' ] ++ ;
$_SESSION [ '_config' ][ $k ] = $split [ '1' ];
}
2006-08-14 02:12:45 +00:00
if ( $k == " OU " && $split [ '1' ] && $_SESSION [ '_config' ][ 'OU' ] == " " )
{
$_SESSION [ '_config' ][ 'OU' ] = $split [ '1' ];
}
2004-10-16 00:28:17 +00:00
if ( $k == " subjectAltName " && $split [ '1' ])
{
$k = $_SESSION [ '_config' ][ 'subaltc' ] . " . " . $k ;
$_SESSION [ '_config' ][ 'subaltc' ] ++ ;
$_SESSION [ '_config' ][ $k ] = $split [ '1' ];
}
}
}
function getcn ()
{
2005-05-13 15:34:39 +00:00
unset ( $_SESSION [ '_config' ][ 'rows' ]);
unset ( $_SESSION [ '_config' ][ 'rowid' ]);
unset ( $_SESSION [ '_config' ][ 'rejected' ]);
2008-09-03 16:13:28 +00:00
$rows = array ();
$rowid = array ();
2004-10-16 00:28:17 +00:00
for ( $cnc = 0 ; $cnc < $_SESSION [ '_config' ][ 'cnc' ]; $cnc ++ )
{
$CN = $_SESSION [ '_config' ][ " $cnc .CN " ];
$bits = explode ( " . " , $CN );
$dom = " " ;
2005-05-13 15:34:39 +00:00
$cnok = 0 ;
2004-10-16 00:28:17 +00:00
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'row' ] = " " ;
2006-08-14 08:36:15 +00:00
$dom = mysql_real_escape_string ( $dom );
2005-02-16 18:11:53 +00:00
$query = " select * from domains where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `domain` like ' $dom ' and `deleted`=0 and `hash`='' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
2005-05-13 15:34:39 +00:00
$cnok = 1 ;
2004-10-16 00:28:17 +00:00
$_SESSION [ '_config' ][ 'row' ] = mysql_fetch_assoc ( $res );
$rowid [] = $_SESSION [ '_config' ][ 'row' ][ 'id' ];
break ;
}
}
2005-05-13 15:34:39 +00:00
if ( $cnok == 0 )
$_SESSION [ '_config' ][ 'rejected' ][] = $CN ;
2004-11-26 01:39:57 +00:00
if ( $_SESSION [ '_config' ][ 'row' ] != " " )
2004-10-16 00:28:17 +00:00
$rows [] = $CN ;
}
2005-05-13 15:34:39 +00:00
// if(count($rows) <= 0)
// {
// echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
// exit;
// }
2004-12-09 01:48:16 +00:00
2004-10-16 00:28:17 +00:00
$_SESSION [ '_config' ][ 'rows' ] = $rows ;
$_SESSION [ '_config' ][ 'rowid' ] = $rowid ;
}
function getalt ()
{
2005-05-13 15:34:39 +00:00
unset ( $_SESSION [ '_config' ][ 'altrows' ]);
unset ( $_SESSION [ '_config' ][ 'altid' ]);
2008-09-03 16:13:28 +00:00
$altrows = array ();
$altid = array ();
2004-10-16 00:28:17 +00:00
for ( $altc = 0 ; $altc < $_SESSION [ '_config' ][ 'subaltc' ]; $altc ++ )
{
$subalt = $_SESSION [ '_config' ][ " $altc .subjectAltName " ];
2005-05-13 15:34:39 +00:00
if ( substr ( $subalt , 0 , 4 ) == " DNS: " )
$alt = substr ( $subalt , 4 );
else
2004-11-26 01:39:57 +00:00
continue ;
2004-10-16 00:28:17 +00:00
$bits = explode ( " . " , $alt );
$dom = " " ;
2005-05-13 15:34:39 +00:00
$altok = 0 ;
2004-10-16 00:28:17 +00:00
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'altrow' ] = " " ;
2006-08-14 08:36:15 +00:00
$dom = mysql_real_escape_string ( $dom );
2005-02-16 18:11:53 +00:00
$query = " select * from domains where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `domain` like ' $dom ' and `deleted`=0 and `hash`='' " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
2005-05-13 15:34:39 +00:00
$altok = 1 ;
2004-10-16 00:28:17 +00:00
$_SESSION [ '_config' ][ 'altrow' ] = mysql_fetch_assoc ( $res );
$altid [] = $_SESSION [ '_config' ][ 'altrow' ][ 'id' ];
break ;
}
}
2005-05-13 15:34:39 +00:00
if ( $altok == 0 )
$_SESSION [ '_config' ][ 'rejected' ][] = $alt ;
2004-11-26 01:39:57 +00:00
if ( $_SESSION [ '_config' ][ 'altrow' ] != " " )
2004-10-16 00:28:17 +00:00
$altrows [] = $subalt ;
}
$_SESSION [ '_config' ][ 'altrows' ] = $altrows ;
$_SESSION [ '_config' ][ 'altid' ] = $altid ;
}
function getcn2 ()
{
2008-09-03 18:04:50 +00:00
$rows = array ();
$rowid = array ();
2004-10-16 00:28:17 +00:00
for ( $cnc = 0 ; $cnc < $_SESSION [ '_config' ][ 'cnc' ]; $cnc ++ )
{
$CN = $_SESSION [ '_config' ][ " $cnc .CN " ];
$bits = explode ( " . " , $CN );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'row' ] = " " ;
2006-08-14 08:36:15 +00:00
$dom = mysql_real_escape_string ( $dom );
2004-10-29 01:02:13 +00:00
$query = " select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where
2004-10-16 00:28:17 +00:00
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`orgdomains` . `orgid` = `orginfo` . `id` and
`orgdomains` . `domain` = '$dom' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'row' ] = mysql_fetch_assoc ( $res );
$rowid [] = $_SESSION [ '_config' ][ 'row' ][ 'id' ];
break ;
}
}
2004-11-26 01:39:57 +00:00
if ( $_SESSION [ '_config' ][ 'row' ] != " " )
2004-10-16 00:28:17 +00:00
$rows [] = $CN ;
}
2005-05-13 15:34:39 +00:00
// if(count($rows) <= 0)
// {
// echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
// exit;
// }
2004-10-16 00:28:17 +00:00
$_SESSION [ '_config' ][ 'rows' ] = $rows ;
$_SESSION [ '_config' ][ 'rowid' ] = $rowid ;
}
function getalt2 ()
{
2008-09-03 18:04:50 +00:00
$altrows = array ();
$altid = array ();
2004-10-16 00:28:17 +00:00
for ( $altc = 0 ; $altc < $_SESSION [ '_config' ][ 'subaltc' ]; $altc ++ )
{
$subalt = $_SESSION [ '_config' ][ " $altc .subjectAltName " ];
2005-05-13 15:34:39 +00:00
if ( substr ( $subalt , 0 , 4 ) == " DNS: " )
$alt = substr ( $subalt , 4 );
else
2004-11-26 01:39:57 +00:00
continue ;
2004-10-16 00:28:17 +00:00
$bits = explode ( " . " , $alt );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'altrow' ] = " " ;
2006-08-14 08:36:15 +00:00
$dom = mysql_real_escape_string ( $dom );
2004-10-16 00:28:17 +00:00
$query = " select * from `orginfo`,`orgdomains`,`org` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`orgdomains` . `orgid` = `orginfo` . `id` and
`orgdomains` . `domain` = '$dom' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'altrow' ] = mysql_fetch_assoc ( $res );
$altid [] = $_SESSION [ '_config' ][ 'altrow' ][ 'id' ];
break ;
}
}
2004-11-26 01:39:57 +00:00
if ( $_SESSION [ '_config' ][ 'altrow' ] != " " )
2004-10-16 00:28:17 +00:00
$altrows [] = $subalt ;
}
$_SESSION [ '_config' ][ 'altrows' ] = $altrows ;
$_SESSION [ '_config' ][ 'altid' ] = $altid ;
}
function checkownership ( $hostname )
{
$bits = explode ( " . " , $hostname );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
2006-08-14 08:36:15 +00:00
$dom = mysql_real_escape_string ( $dom );
2004-10-16 00:28:17 +00:00
$query = " select * from `org`,`orgdomains`,`orginfo`
where `org` . `memid` = '".$_SESSION[' profile '][' id ']."'
and `orgdomains` . `orgid` = `org` . `orgid`
and `orginfo` . `id` = `org` . `orgid`
and `orgdomains` . `domain` = '$dom' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'row' ] = mysql_fetch_assoc ( $res );
return ( true );
}
}
return ( false );
}
function maxpoints ( $id = 0 )
{
if ( $id <= 0 )
$id = $_SESSION [ 'profile' ][ 'id' ];
$query = " select sum(`points`) as `points` from `notary` where `to`=' $id ' group by `to` " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$points = $row [ 'points' ];
2005-05-13 15:34:39 +00:00
$dob = date ( " Y-m-d " , mktime ( 0 , 0 , 0 , date ( " m " ), date ( " d " ), date ( " Y " ) - 18 ));
$query = " select * from `users` where `id`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `dob` < ' $dob ' " ;
if ( mysql_num_rows ( mysql_query ( $query )) < 1 )
{
if ( $points >= 100 )
return ( 10 );
else
return ( 0 );
}
2004-10-16 00:28:17 +00:00
if ( $points >= 300 )
return ( 200 );
if ( $points >= 200 )
return ( 150 );
if ( $points >= 150 )
return ( 35 );
if ( $points >= 140 )
return ( 30 );
if ( $points >= 130 )
return ( 25 );
if ( $points >= 120 )
return ( 20 );
if ( $points >= 110 )
return ( 15 );
if ( $points >= 100 )
return ( 10 );
return ( 0 );
}
2004-11-10 06:12:43 +00:00
function hex2bin ( $data )
{
while ( strstr ( $data , " \\ x " ))
{
$pos = strlen ( $data ) - strlen ( strstr ( $data , " \\ x " ));
$before = substr ( $data , 0 , $pos );
$char = chr ( hexdec ( substr ( $data , $pos + 2 , 2 )));
$after = substr ( $data , $pos + 4 );
$data = $before . $char . $after ;
}
return ( utf8_decode ( $data ));
}
2004-12-02 11:34:07 +00:00
function screenshot ( $img )
{
if ( file_exists ( " ../screenshots/ " . $_SESSION [ '_config' ][ 'language' ] . " / $img " ))
return ( " /screenshots/ " . $_SESSION [ '_config' ][ 'language' ] . " / $img " );
else
return ( " /screenshots/en/ $img " );
}
2004-12-06 14:02:02 +00:00
function signmail ( $to , $subject , $message , $from , $replyto = " " )
{
if ( $replyto == " " )
$replyto = $from ;
$tmpfname = tempnam ( " /tmp " , " CSR " );
$fp = fopen ( $tmpfname , " w " );
fputs ( $fp , $message );
fclose ( $fp );
$do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"` ;
@ unlink ( $tmpfname );
}
2005-05-13 15:34:39 +00:00
function checkEmail ( $email )
{
2006-08-14 01:01:36 +00:00
$myemail = mysql_real_escape_string ( $email );
2005-07-01 13:12:14 +00:00
if ( preg_match ( " /^([a-zA-Z0-9])+([a-zA-Z0-9 \ + \ ._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9 \ ._-]+)+ $ / " , $email ))
2005-05-13 15:34:39 +00:00
{
list ( $username , $domain ) = split ( '@' , $email );
$dom = escapeshellarg ( $domain );
2007-06-20 09:07:27 +00:00
$line = trim ( `dig +short MX $dom 2>&1` );
#echo $email."-$dom-$line-\n";
#echo `dig +short mx heise.de 2>&1`."-<br>\n";
2005-05-13 15:34:39 +00:00
$list = explode ( " \n " , $line );
foreach ( $list as $row )
list ( $pri , $mxhosts []) = explode ( " " , substr ( trim ( $row ), 0 , - 1 ));
$mxhosts [] = $domain ;
2007-06-20 09:07:27 +00:00
#print_r($mxhosts); die;
2005-05-13 15:34:39 +00:00
foreach ( $mxhosts as $key => $domain )
{
$fp = @ fsockopen ( $domain , 25 , $errno , $errstr , 5 );
2005-05-14 11:01:27 +00:00
if ( $fp )
2005-05-13 15:34:39 +00:00
{
$line = fgets ( $fp , 4096 );
if ( substr ( $line , 0 , 3 ) != " 220 " )
continue ;
2005-05-23 01:53:59 +00:00
fputs ( $fp , " HELO hlin.cacert.org \r \n " );
2005-05-13 15:34:39 +00:00
$line = fgets ( $fp , 4096 );
2006-11-23 22:22:31 +00:00
while ( substr ( $line , 0 , 3 ) == " 220 " )
$line = fgets ( $fp , 4096 );
2005-05-13 15:34:39 +00:00
if ( substr ( $line , 0 , 3 ) != " 250 " )
continue ;
2008-01-23 15:06:50 +00:00
fputs ( $fp , " MAIL FROM: <returns@cacert.org> \r \n " );
2005-05-13 15:34:39 +00:00
$line = fgets ( $fp , 4096 );
2006-11-23 22:22:31 +00:00
2005-05-13 15:34:39 +00:00
if ( substr ( $line , 0 , 3 ) != " 250 " )
continue ;
2005-05-23 01:53:59 +00:00
fputs ( $fp , " RCPT TO: < $email > \r \n " );
2005-05-13 15:34:39 +00:00
$line = trim ( fgets ( $fp , 4096 ));
2005-05-23 01:53:59 +00:00
fputs ( $fp , " QUIT \r \n " );
2005-05-13 15:34:39 +00:00
fclose ( $fp );
2006-08-14 01:01:36 +00:00
$line = mysql_real_escape_string ( trim ( strip_tags ( $line )));
2008-09-28 20:11:19 +00:00
$query = " insert into `pinglog` set `when`=NOW(), `email`=' $myemail ', `result`=' $line ' " ;
if ( is_array ( $_SESSION [ 'profile' ])) $query .= " , `uid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' " ;
2006-08-14 01:01:36 +00:00
mysql_query ( $query );
2005-05-13 15:34:39 +00:00
if ( substr ( $line , 0 , 3 ) != " 250 " )
2006-08-14 01:01:36 +00:00
return $line ;
2005-05-13 15:34:39 +00:00
else
2006-08-14 01:01:36 +00:00
return " OK " ;
2005-05-13 15:34:39 +00:00
}
}
}
2006-08-14 01:03:40 +00:00
$query = " insert into `pinglog` set `when`=NOW(), `uid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ',
2006-08-14 01:01:36 +00:00
`email` = '$myemail' , `result` = 'Failed to make a connection to the mail server' " ;
mysql_query ( $query );
2005-07-01 13:12:14 +00:00
return _ ( " Failed to make a connection to the mail server " );
2005-05-13 15:34:39 +00:00
}
2007-01-28 18:54:50 +00:00
2008-01-16 00:59:03 +00:00
function waitForResult ( $table , $certid , $id = 0 , $show = 1 )
2007-01-28 18:54:50 +00:00
{
$found = $trycount = 0 ;
while ( $trycount ++ <= 30 )
{
if ( $table == " gpg " )
2008-08-17 15:14:48 +00:00
$query = " select * from ` $table ` where `id`=' " . intval ( $certid ) . " ' and `crt` != '' " ;
2007-01-28 18:54:50 +00:00
else
2008-08-17 15:14:48 +00:00
$query = " select * from ` $table ` where `id`=' " . intval ( $certid ) . " ' and `crt_name` != '' " ;
2007-01-28 18:54:50 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$found = 1 ;
break ;
}
2007-02-07 15:34:10 +00:00
sleep ( 2 );
2007-01-28 18:54:50 +00:00
}
if ( ! $found )
{
2008-01-16 00:59:03 +00:00
if ( $show ) showheader ( _ ( " My CAcert.org Account! " ));
2008-08-17 15:14:48 +00:00
$query = " select * from ` $table ` where `id`=' " . intval ( $certid ) . " ' " ;
2007-01-28 18:54:50 +00:00
$res = mysql_query ( $query );
2008-10-19 22:12:00 +00:00
$body = " " ;
2007-01-28 18:54:50 +00:00
if ( mysql_num_rows ( $res ) > 0 )
2008-10-19 22:12:00 +00:00
{
2007-01-28 18:54:50 +00:00
printf ( _ ( " Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status. " ));
2008-10-19 22:12:00 +00:00
$body = " A certificate has timed out! \n \n " ;
}
2007-01-28 18:54:50 +00:00
else
2008-10-19 22:12:00 +00:00
{
2008-08-17 15:14:48 +00:00
printf ( _ ( " Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions. " ) . " certid: $table : " . intval ( $certid ), " <a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'> " , " </a> " );
2008-10-19 22:12:00 +00:00
$body = " A certificate has failed! \n \n " ;
}
2008-10-04 00:01:30 +00:00
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
sendmail ( " philipp@cacert.org " , " [CAcert.org] Certificate TIMEOUT " , $body , " philipp@cacert.org " , " " , " " , " CAcert Support " );
2008-01-16 00:59:03 +00:00
if ( $show ) showfooter ();
if ( $show ) exit ;
2007-01-28 18:54:50 +00:00
}
}
2007-03-08 20:48:22 +00:00
function generateTicket ()
{
$query = " insert into tickets (timestamp) values (now()) " ;
mysql_query ( $query );
$ticket = mysql_insert_id ();
return $ticket ;
}
2007-07-13 16:55:05 +00:00
function sanitizeHTML ( $input )
{
2008-09-22 16:46:33 +00:00
return htmlentities ( strip_tags ( $input ), ENT_QUOTES );
//In case of problems, please use the following line again:
//return htmlentities(strip_tags(utf8_decode($input)), ENT_QUOTES);
2007-07-13 16:55:05 +00:00
//return htmlspecialchars(strip_tags($input));
}
2008-09-19 22:10:18 +00:00
2008-09-07 02:44:55 +00:00
function make_hash ()
{
if ( function_exists ( " dio_open " ))
{
$rnd = dio_open ( " /dev/urandom " , O_RDONLY );
$hash = md5 ( dio_read ( $rnd , 64 ));
dio_close ( $rnd );
} else {
$rnd = fopen ( " /dev/urandom " , " r " );
$hash = md5 ( fgets ( $rnd , 64 ));
fclose ( $rnd );
}
return ( $hash );
}
function csrf_check ( $nam , $show = 1 )
{
2008-09-07 19:20:40 +00:00
if ( ! array_key_exists ( 'csrf' , $_REQUEST ) || ! array_key_exists ( 'csrf_' . $nam , $_SESSION ))
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CSRF Hash is missing. Please try again. " ) . " \n " ;
showfooter ();
exit ();
}
if ( strlen ( $_REQUEST [ 'csrf' ]) != 32 )
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CSRF Hash is wrong. Please try again. " ) . " \n " ;
showfooter ();
exit ();
}
if ( ! array_key_exists ( $_REQUEST [ 'csrf' ], $_SESSION [ 'csrf_' . $nam ]))
{
showheader ( _ ( " My CAcert.org Account! " ));
echo _ ( " CSRF Hash is wrong. Please try again. " ) . " \n " ;
showfooter ();
exit ();
}
2008-09-07 02:44:55 +00:00
}
function make_csrf ( $nam )
{
2008-09-07 19:20:40 +00:00
$hash = make_hash ();
$_SESSION [ 'csrf_' . $nam ][ $hash ] = 1 ;
return ( $hash );
2008-09-07 02:44:55 +00:00
}
function clean_csr ( $CSR )
{
return ( preg_replace ( " /[^A-Za-z0-9 \n \r \ - \ : \ = \ + \ / ]/ " , " " , $CSR ));
}
2008-11-23 04:21:50 +00:00
function sanitizeFilename ( $text )
{
$text = preg_replace ( " /[^ \ w-.@]/ " , " " , $text );
return ( $text );
}
2009-01-01 16:02:52 +00:00
function fix_assurer_flag ( $userID )
{
// Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
// Note: If other tests are implemented an additional restriction for cats_passed would be needed here...
$query = mysql_query ( 'UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \'' . ( int ) intval ( $userID ) .
'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`)' .
' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100' ); // Challenge has been passed and non-expired points >= 100
// Reset flag if requirements are not met
$query = mysql_query ( 'UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \'' . ( int ) intval ( $userID ) .
'\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`)' .
' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)' );
}
// returns 0 if $userID is an Assurer
// Otherwise :
// Bit 0 is always set
// Bit 1 is set if 100 Assurance Points are not reached
// Bit 2 is set if Assurer Test is missing
// Bit 3 is set if the user is not allowed to be an Assurer (assurer_blocked > 0)
function is_no_assurer ( $userID )
{
$Result = 0 ;
// Note: If other tests are implemented an additional restriction for cats_passed would be needed here...
$query = mysql_query ( 'SELECT * FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = \'' . ( int ) intval ( $userID ) . '\'' );
if ( mysql_num_rows ( $query ) < 1 )
{
$Result |= 5 ;
}
$query = mysql_query ( 'SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \'' . ( int ) intval ( $userID ) . '\' AND `n`.`expire` < now()' );
$row = mysql_fetch_assoc ( $query );
if ( $row [ 'points' ] < 100 ) {
$Result |= 3 ;
}
$query = mysql_query ( 'SELECT `assurer_blocked` FROM `users` WHERE `id` = \'' . ( int ) intval ( $userID ) . '\'' );
$row = mysql_fetch_assoc ( $query );
if ( $row [ 'assurer_blocked' ] > 0 ) {
$Result |= 9 ;
}
return $Result ;
}
// returns text message to be shown to the user given the result of is_no_assurer
function no_assurer_text ( $Status )
{
if ( $Status == 0 ) {
$Result = _ ( " You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer. " );
} elseif ( $Status == 3 ) {
$Result = _ ( " You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points! " );
} elseif ( $Status == 5 ) {
$Result = _ ( " You have at least 100 Assurance Points, if you want to become an assurer try the " ) . '<a href="https://cats.cacert.org/">Assurer Challenge</a>!' ;
} elseif ( $Status == 7 ) {
$Result = _ ( " To become an Assurer have to collect 100 Assurance Points and pass the " ) . '<a href="https://cats.cacert.org/">Assurer Challenge</a>!' ;
} elseif ( $Status & 8 > 0 ) {
$Result = _ ( " Sorry, you are not allowed to be an Assurer. Please contact " ) . '<a href="mailto:support@cacert.org">support@cacert.org</a>' . _ ( " if you feel that this is not corect. " );
} else {
$Result = _ ( " You are not an Assurer, but the reason is not stored in the database. Please contact " ) . '<a href="mailto:support@cacert.org">support@cacert.org</a>.' ;
}
return $Result ;
}
2007-07-13 16:55:05 +00:00
2004-10-16 00:28:17 +00:00
?>