2004-10-16 00:28:17 +00:00
< ? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright ( C ) 2004 - 2008 CAcert Inc .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; version 2 of the License .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2004-10-16 00:28:17 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA
2004-10-16 00:28:17 +00:00
*/ ?>
< ?
2008-09-19 18:04:35 +00:00
loadem ( " index " );
2004-10-16 00:28:17 +00:00
2008-09-19 17:37:56 +00:00
if ( array_key_exists ( 'Notify' , $_REQUEST ) && $_REQUEST [ 'Notify' ] != " " )
2006-08-13 18:54:45 +00:00
{
echo " do something here " ;
exit ;
}
2008-09-19 17:37:56 +00:00
$type = array_key_exists ( 'type' , $_REQUEST ) ? $_REQUEST [ 'type' ] : " " ;
2006-08-13 18:54:45 +00:00
2004-10-16 00:28:17 +00:00
if ( $type == " email " )
{
$id = 1 ;
2006-08-13 18:14:27 +00:00
$emailid = intval ( $_REQUEST [ 'emailid' ]);
$hash = mysql_escape_string ( stripslashes ( $_REQUEST [ 'hash' ]));
2004-10-16 00:28:17 +00:00
$query = " select * from `email` where `id`=' $emailid ' and hash!='' and deleted=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
2005-03-12 19:40:24 +00:00
$row [ 'attempts' ] ++ ;
2006-08-13 18:54:45 +00:00
if ( $row [ 'attempts' ] >= 6 )
2004-10-16 00:28:17 +00:00
{
mysql_query ( " update `email` set `hash`='', `attempts`=' $row[attempts] ', `deleted`=NOW() where `id`=' $emailid ' " );
showheader ( _ ( " Error! " ), _ ( " Error! " ));
2005-03-12 19:40:24 +00:00
echo _ ( " You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
mysql_query ( " update `email` set `attempts`=' $row[attempts] ' where `id`=' $emailid ' " );
}
2006-08-13 19:06:30 +00:00
$query = " select * from `email` where `id`=' $emailid ' and `hash`=' $hash ' and hash!='' and deleted=0 " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " The ID or Hash has already been verified, or something weird happened. " );
showfooter ();
exit ;
}
$row = mysql_fetch_assoc ( $res );
2008-09-19 17:37:56 +00:00
if ( array_key_exists ( 'Yes' , $_REQUEST ) && $_REQUEST [ 'Yes' ] != " " )
2006-08-13 18:14:27 +00:00
{
$query = " update `email` set `hash`='',`modified`=NOW() where `id`=' $emailid ' " ;
mysql_query ( $query );
2008-09-19 17:47:10 +00:00
$query = " update `users` set `verified`='1' where `id`=' " . intval ( $row [ 'memid' ]) . " ' and `email`=' " . $row [ 'email' ] . " ' and `verified`='0' " ;
2006-08-13 18:14:27 +00:00
mysql_query ( $query );
showheader ( _ ( " Updated " ), _ ( " Updated " ));
echo _ ( " Your account and/or email address has been verified. You can now start issuing certificates for this address. " );
2008-09-19 17:37:56 +00:00
} else if ( array_key_exists ( 'No' , $_REQUEST ) && $_REQUEST [ 'No' ] != " " ) {
2006-08-13 18:54:45 +00:00
header ( " location: /index.php " );
exit ;
2006-08-13 18:14:27 +00:00
} else {
2006-08-13 18:54:45 +00:00
showheader ( _ ( " Updated " ), _ ( " Updated " ));
2006-08-13 18:14:27 +00:00
printf ( _ ( " Are you sure you want to verify the email %s? " ), $row [ 'email' ]);
2006-08-13 18:54:45 +00:00
echo " <br> \n <form method='post' action='/verify.php'> " ;
echo " <input type='hidden' name='emailid' value=' $emailid '> " ;
echo " <input type='hidden' name='hash' value=' $hash '> " ;
echo " <input type='hidden' name='type' value='email'> " ;
echo " <input type='submit' name='Yes' value=' " . _ ( " Yes verify this email " ) . " '><br> \n " ;
echo " <input type='submit' name='Notify' value=' " . _ ( " Notify support about this " ) . " '><br> \n " ;
echo " <input type='submit' name='No' value=' " . _ ( " Do not verify this email " ) . " '></form> \n " ;
2006-08-13 18:14:27 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-19 17:37:56 +00:00
elseif ( $type == " domain " )
2004-10-16 00:28:17 +00:00
{
$id = 7 ;
2006-08-13 18:14:27 +00:00
$domainid = intval ( $_REQUEST [ 'domainid' ]);
$hash = mysql_escape_string ( stripslashes ( $_REQUEST [ 'hash' ]));
2004-10-16 00:28:17 +00:00
$query = " select * from `domains` where `id`=' $domainid ' and hash!='' and deleted=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
2008-09-19 17:37:56 +00:00
$row [ 'attempts' ] ++ ;
if ( $row [ 'attempts' ] >= 6 )
2004-10-16 00:28:17 +00:00
{
$query = " update `domains` set `hash`='', `attempts`=' $row[attempts] ', `deleted`=NOW() where `id`=' $domainid ' " ;
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system " );
showfooter ();
exit ;
}
2008-09-19 17:47:10 +00:00
$query = " update `domains` set `attempts`=' " . intval ( $row [ 'attempts' ]) . " ' where `id`=' $domainid ' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
}
$query = " select * from `domains` where `id`=' $domainid ' and `hash`=' $hash ' and hash!='' and deleted=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened. " );
showfooter ();
exit ;
}
$row = mysql_fetch_assoc ( $res );
2006-08-13 18:54:45 +00:00
if ( $_REQUEST [ 'Yes' ] != " " )
2006-08-13 18:14:27 +00:00
{
$query = " update `domains` set `hash`='',`modified`=NOW() where `id`=' $domainid ' " ;
mysql_query ( $query );
showheader ( _ ( " Updated " ), _ ( " Updated " ));
echo _ ( " Your domain has been verified. You can now start issuing certificates for this domain. " );
2006-08-13 18:54:45 +00:00
} else if ( $_REQUEST [ 'No' ] != " " ) {
header ( " location: /index.php " );
exit ;
2006-08-13 18:14:27 +00:00
} else {
2006-08-13 18:54:45 +00:00
showheader ( _ ( " Updated " ), _ ( " Updated " ));
2006-08-13 18:14:27 +00:00
printf ( _ ( " Are you sure you want to verify the domain %s? " ), $row [ 'name' ]);
2006-08-13 18:54:45 +00:00
echo " <br> \n <form method='post' action='/verify.php'> " ;
echo " <input type='hidden' name='domainid' value=' $domainid '> " ;
echo " <input type='hidden' name='hash' value=' $hash '> " ;
echo " <input type='hidden' name='type' value='domain'> " ;
2006-08-13 19:06:30 +00:00
echo " <input type='submit' name='Yes' value=' " . _ ( " Yes verify this domain " ) . " '><br> \n " ;
2006-08-13 18:54:45 +00:00
echo " <input type='submit' name='Notify' value=' " . _ ( " Notify support about this " ) . " '><br> \n " ;
2006-08-13 19:06:30 +00:00
echo " <input type='submit' name='No' value=' " . _ ( " Do not verify this domain " ) . " '></form> \n " ;
2006-08-13 18:14:27 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
2008-09-19 17:37:56 +00:00
else
{
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " Parameters are missing. Please try the complete URL. " );
showfooter ();
exit ;
}
2004-10-16 00:28:17 +00:00
?>