2004-10-16 00:28:17 +00:00
< ? /*
Copyright ( C ) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert .
CAcert has been released under a CAcert license
which can be found included with these source files or can
be downloaded from the internet from the following address :
http :// www . cacert . org / src - lic . php
CAcert is distributed WITHOUT ANY WARRANTY ; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE . See the License for more details .
*/
// header("Content-Type: text/html; charset=UTF-8");
// header("Content-Transfer-Encoding: 8bit");
if ( $_SERVER [ HTTP_HOST ] != " www.cacert.org " && $_SERVER [ HTTP_HOST ] != " secure.cacert.org " && $_SERVER [ HTTP_HOST ] != " 202.87.16.201 " )
{
if ( $_SERVER [ HTTPS ] == " on " )
header ( " location: https://www.cacert.org " );
else
header ( " location: http://www.cacert.org " );
exit ;
}
session_name ( " cacert " );
session_start ();
session_register ( " _config " );
session_register ( " profile " );
session_register ( " signup " );
session_register ( " lostpw " );
$lang = mysql_escape_string ( substr ( trim ( $lang ), 0 , 5 ));
if ( $lang != " " )
$_SESSION [ '_config' ][ 'language' ] = $lang ;
2004-10-16 14:45:32 +00:00
$_SESSION [ '_config' ][ 'translations' ] = array ( " da_DK " => " Dansk " , " de_DE " => " Deutsch " , " en_AU " => " English " ,
" es_ES " => " Espa<EFBFBD> ol " , " fr_FR " => " Fran<EFBFBD> ais " , " hu_HU " => " Magyar " ,
" nl_NL " => " Nederlands " , " pt_PT " => " Portugu<EFBFBD> s " );
2004-10-16 00:28:17 +00:00
if ( $_SESSION [ '_config' ][ 'language' ] == " " )
{
$bits = explode ( " , " , strtolower ( str_replace ( " " , " " , $_SERVER [ HTTP_ACCEPT_LANGUAGE ])));
foreach ( $bits as $lang )
{
$b = explode ( " ; " , $lang );
if ( substr ( $b [ 1 ], 0 , 2 ) == " q= " )
$c = floatval ( substr ( $b [ 1 ], 2 ));
else
$c = 1 ;
$value [ " $c " ] = trim ( $b [ 0 ]);
}
krsort ( $value );
reset ( $value );
foreach ( $value as $key => $val )
{
$short = substr ( $val , 0 , 2 );
if ( $val == " en " || $short == " en " )
{
$_SESSION [ '_config' ][ 'language' ] = " en " ;
break ;
}
if ( file_exists ( " /home/cacert/locale/ $val /LC_MESSAGES/messages.mo " ))
{
$_SESSION [ '_config' ][ 'language' ] = $val ;
break ;
}
if ( file_exists ( " /home/cacert/locale/ $short /LC_MESSAGES/messages.mo " ))
{
$_SESSION [ '_config' ][ 'language' ] = $short ;
break ;
}
}
}
if ( strlen ( $_SESSION [ '_config' ][ 'language' ]) != 5 )
2004-10-16 14:45:32 +00:00
{
$lang = $_SESSION [ '_config' ][ 'language' ];
$_SESSION [ '_config' ][ 'language' ] = " en_AU " ;
foreach ( $_SESSION [ '_config' ][ 'translations' ] as $key => $val )
2004-10-16 00:28:17 +00:00
{
2004-10-16 14:45:32 +00:00
if ( substr ( $lang , 0 , 2 ) == substr ( $key , 0 , 2 ))
{
$_SESSION [ '_config' ][ 'language' ] = $val ;
break ;
}
2004-10-16 00:28:17 +00:00
}
2004-10-16 14:45:32 +00:00
}
2004-10-16 00:28:17 +00:00
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'language' ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'language' ]);
$domain = 'messages' ;
bindtextdomain ( " $domain " , " /home/cacert/locale " );
textdomain ( " $domain " );
$_SESSION [ '_config' ][ filepath ] = " /home/cacert " ;
require_once ( " /home/cacert/includes/mysql.php " );
if ( $_SESSION [ 'profile' ][ 'id' ] > 0 )
{
$query = " select sum(`points`) as `total` from `notary` where `to`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' group by `to` " ;
$res = mysql_query ( $query );
$row = mysql_fetch_assoc ( $res );
$_SESSION [ 'profile' ][ 'points' ] = $row [ 'total' ];
}
$hostname = " www.cacert.org " ;
function loadem ( $section = " index " )
{
if ( $section != " index " && $section != " account " && $section != " help " )
{
$section = " index " ;
}
if ( $section == " account " )
include_once ( " /home/cacert/includes/account_stuff.php " );
if ( $section == " index " )
include_once ( " /home/cacert/includes/general_stuff.php " );
if ( $section == " help " )
include_once ( " /home/cacert/includes/general_stuff.php " );
}
function includeit ( $id = " 0 " , $section = " index " )
{
$id = intval ( $id );
if ( $section != " index " && $section != " account " && $section != " wot " )
{
$section = " index " ;
}
if ( file_exists ( " /home/cacert/www/ $section / $id .php " ))
include_once ( " /home/cacert/www/ $section / $id .php " );
else {
$id = " 0 " ;
if ( file_exists ( " /home/cacert/www/ $section / $id .php " ))
include_once ( " /home/cacert/www/ $section / $id .php " );
else {
$section = " index " ;
$id = " 0 " ;
if ( file_exists ( " /home/cacert/www/ $section / $id .php " ))
include_once ( " /home/cacert/www/ $section / $id .php " );
else
include_once ( " /home/cacert/www/error404.php " );
}
}
}
function checkpw ( $pwd , $email , $fname , $mname , $lname , $suffix )
{
$points = 0 ;
if ( preg_match ( " / \ d/ " , $pwd ))
$points ++ ;
if ( preg_match ( " /[a-z]/ " , $pwd ))
$points ++ ;
if ( preg_match ( " /[A-Z]/ " , $pwd ))
$points ++ ;
if ( preg_match ( " / \ W/ " , $pwd ))
$points ++ ;
if ( preg_match ( " / \ s/ " , $pwd ))
$points ++ ;
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $email )))
$points -- ;
if ( @ strstr ( strtolower ( $email ), strtolower ( $pwd )))
$points -- ;
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $fname )))
$points -- ;
if ( @ strstr ( strtolower ( $fname ), strtolower ( $pwd )))
$points -- ;
if ( $mname )
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $mname )))
$points -- ;
if ( $mname )
if ( @ strstr ( strtolower ( $mname ), strtolower ( $pwd )))
$points -- ;
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $lname )))
$points -- ;
if ( @ strstr ( strtolower ( $lname ), strtolower ( $pwd )))
$points -- ;
if ( $suffix )
if ( @ strstr ( strtolower ( $pwd ), strtolower ( $suffix )))
$points -- ;
if ( $suffix )
if ( @ strstr ( strtolower ( $suffix ), strtolower ( $pwd )))
$points -- ;
$do = `grep '$pwd' /usr/share/dict/american-english` ;
if ( $do )
$points -- ;
return ( $points );
}
function extractit ()
{
$bits = explode ( " : " , $_SESSION [ '_config' ][ subject ], 2 );
$bits = str_replace ( " , " , " | " , str_replace ( " / " , " | " , $bits [ '1' ]));
$bits = explode ( " | " , $bits );
$_SESSION [ '_config' ][ 'cnc' ] = $_SESSION [ '_config' ][ 'subaltc' ] = 0 ;
if ( is_array ( $bits ))
foreach ( $bits as $val )
{
if ( ! strstr ( $val , " = " ))
continue ;
$split = explode ( " = " , $val );
$k = $split [ 0 ];
$split [ '1' ] = trim ( $split [ '1' ]);
if ( $k == " CN " && $split [ '1' ])
{
$k = $_SESSION [ '_config' ][ 'cnc' ] . " . " . $k ;
$_SESSION [ '_config' ][ 'cnc' ] ++ ;
$_SESSION [ '_config' ][ $k ] = $split [ '1' ];
}
if ( $k == " subjectAltName " && $split [ '1' ])
{
$k = $_SESSION [ '_config' ][ 'subaltc' ] . " . " . $k ;
$_SESSION [ '_config' ][ 'subaltc' ] ++ ;
$_SESSION [ '_config' ][ $k ] = $split [ '1' ];
}
}
}
function getcn ()
{
for ( $cnc = 0 ; $cnc < $_SESSION [ '_config' ][ 'cnc' ]; $cnc ++ )
{
$CN = $_SESSION [ '_config' ][ " $cnc .CN " ];
$bits = explode ( " . " , $CN );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'row' ] = " " ;
$query = " select * from domains where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `domain` like ' $dom ' and `deleted`=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'row' ] = mysql_fetch_assoc ( $res );
$rowid [] = $_SESSION [ '_config' ][ 'row' ][ 'id' ];
break ;
}
}
if ( $_SESSION [ '_config' ][ 'row' ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Unable to match '%s' against any domain validated against your account. " ), $CN );
showfooter ();
exit ;
} else
$rows [] = $CN ;
}
$_SESSION [ '_config' ][ 'rows' ] = $rows ;
$_SESSION [ '_config' ][ 'rowid' ] = $rowid ;
}
function getalt ()
{
for ( $altc = 0 ; $altc < $_SESSION [ '_config' ][ 'subaltc' ]; $altc ++ )
{
$subalt = $_SESSION [ '_config' ][ " $altc .subjectAltName " ];
if ( substr ( $subalt , 0 , 4 ) != " DNS: " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com " ), $subalt );
showfooter ();
exit ;
}
$alt = substr ( $subalt , 4 );
$bits = explode ( " . " , $alt );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'altrow' ] = " " ;
$query = " select * from domains where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `domain` like ' $dom ' and `deleted`=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'altrow' ] = mysql_fetch_assoc ( $res );
$altid [] = $_SESSION [ '_config' ][ 'altrow' ][ 'id' ];
break ;
}
}
if ( $_SESSION [ '_config' ][ 'altrow' ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account. " ), $alt );
showfooter ();
exit ;
} else
$altrows [] = $subalt ;
}
$_SESSION [ '_config' ][ 'altrows' ] = $altrows ;
$_SESSION [ '_config' ][ 'altid' ] = $altid ;
}
function getcn2 ()
{
for ( $cnc = 0 ; $cnc < $_SESSION [ '_config' ][ 'cnc' ]; $cnc ++ )
{
$CN = $_SESSION [ '_config' ][ " $cnc .CN " ];
$bits = explode ( " . " , $CN );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'row' ] = " " ;
$query = " select * from `orginfo`,`orgdomains`,`org` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`orgdomains` . `orgid` = `orginfo` . `id` and
`orgdomains` . `domain` = '$dom' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'row' ] = mysql_fetch_assoc ( $res );
$rowid [] = $_SESSION [ '_config' ][ 'row' ][ 'id' ];
break ;
}
}
if ( $_SESSION [ '_config' ][ 'row' ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Unable to match '%s' against any domain validated against your account. " ), $CN );
showfooter ();
exit ;
} else
$rows [] = $CN ;
}
$_SESSION [ '_config' ][ 'rows' ] = $rows ;
$_SESSION [ '_config' ][ 'rowid' ] = $rowid ;
}
function getalt2 ()
{
for ( $altc = 0 ; $altc < $_SESSION [ '_config' ][ 'subaltc' ]; $altc ++ )
{
$subalt = $_SESSION [ '_config' ][ " $altc .subjectAltName " ];
if ( substr ( $subalt , 0 , 4 ) != " DNS: " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com " ), $subalt );
showfooter ();
exit ;
}
$alt = substr ( $subalt , 4 );
$bits = explode ( " . " , $alt );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$_SESSION [ '_config' ][ 'altrow' ] = " " ;
$query = " select * from `orginfo`,`orgdomains`,`org` where
`org` . `memid` = '".$_SESSION[' profile '][' id ']."' and
`org` . `orgid` = `orginfo` . `id` and
`orgdomains` . `orgid` = `orginfo` . `id` and
`orgdomains` . `domain` = '$dom' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'altrow' ] = mysql_fetch_assoc ( $res );
$altid [] = $_SESSION [ '_config' ][ 'altrow' ][ 'id' ];
break ;
}
}
if ( $_SESSION [ '_config' ][ 'altrow' ] == " " )
{
showheader ( _ ( " My CAcert.org Account! " ));
printf ( _ ( " Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account. " ), $alt );
showfooter ();
exit ;
} else
$altrows [] = $subalt ;
}
$_SESSION [ '_config' ][ 'altrows' ] = $altrows ;
$_SESSION [ '_config' ][ 'altid' ] = $altid ;
}
function checkownership ( $hostname )
{
$bits = explode ( " . " , $hostname );
$dom = " " ;
for ( $i = count ( $bits ) - 1 ; $i >= 0 ; $i -- )
{
if ( $dom )
$dom = $bits [ $i ] . " . " . $dom ;
else
$dom = $bits [ $i ];
$query = " select * from `org`,`orgdomains`,`orginfo`
where `org` . `memid` = '".$_SESSION[' profile '][' id ']."'
and `orgdomains` . `orgid` = `org` . `orgid`
and `orginfo` . `id` = `org` . `orgid`
and `orgdomains` . `domain` = '$dom' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$_SESSION [ '_config' ][ 'row' ] = mysql_fetch_assoc ( $res );
return ( true );
}
}
return ( false );
}
function maxpoints ( $id = 0 )
{
if ( $id <= 0 )
$id = $_SESSION [ 'profile' ][ 'id' ];
$query = " select sum(`points`) as `points` from `notary` where `to`=' $id ' group by `to` " ;
$row = mysql_fetch_assoc ( mysql_query ( $query ));
$points = $row [ 'points' ];
if ( $points >= 300 )
return ( 200 );
if ( $points >= 200 )
return ( 150 );
if ( $points >= 150 )
return ( 35 );
if ( $points >= 140 )
return ( 30 );
if ( $points >= 130 )
return ( 25 );
if ( $points >= 120 )
return ( 20 );
if ( $points >= 110 )
return ( 15 );
if ( $points >= 100 )
return ( 10 );
return ( 0 );
}
?>
