<? /*
Copyright (C) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert.
CAcert has been released under a CAcert license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
if($_SERVER[HTTP_HOST] != "www.cacert.org" & & $_SERVER[HTTP_HOST] != "secure.cacert.org" & & $_SERVER[HTTP_HOST] != "202.87.16.201")
{
if($_SERVER[HTTPS] == "on")
header("location: https://www.cacert.org");
else
header("location: http://www.cacert.org");
exit;
}
session_name("cacert");
session_start();
session_register("_config");
session_register("profile");
session_register("signup");
session_register("lostpw");
$lang = mysql_escape_string(substr(trim($lang), 0, 5));
if($lang != "")
$_SESSION['_config']['language'] = $lang;
$_SESSION['_config']['translations'] = array("da_DK" => "Dansk", "de_DE" => "Deutsch", "en_AU" => "English",
"es_ES" => "Espa<70> ol", "fr_FR" => "Fran<61> ais", "it_IT" => "Italiano",
"hu_HU" => "Magyar", "nl_NL" => "Nederlands", "pt_PT" => "Portugu<67> s",
"zh_CN" => "Chinese");
if($_SESSION['_config']['language'] == "")
{
$bits = explode(",", strtolower(str_replace(" ", "", $_SERVER[HTTP_ACCEPT_LANGUAGE])));
foreach($bits as $lang)
{
$b = explode(";", $lang);
if(substr($b[1], 0, 2) == "q=")
$c = floatval(substr($b[1], 2));
else
$c = 1;
$value["$c"] = trim($b[0]);
}
krsort($value);
reset($value);
foreach($value as $key => $val)
{
$short = substr($val, 0, 2);
if($val == "en" || $short == "en")
{
$_SESSION['_config']['language'] = "en";
break;
}
if(file_exists("/home/cacert/locale/$val/LC_MESSAGES/messages.mo"))
{
$_SESSION['_config']['language'] = $val;
break;
}
if(file_exists("/home/cacert/locale/$short/LC_MESSAGES/messages.mo"))
{
$_SESSION['_config']['language'] = $short;
break;
}
}
}
if(strlen($_SESSION['_config']['language']) != 5)
{
$lang = $_SESSION['_config']['language'];
$_SESSION['_config']['language'] = "en_AU";
foreach($_SESSION['_config']['translations'] as $key => $val)
{
if(substr($lang, 0, 2) == substr($key, 0, 2))
{
$_SESSION['_config']['language'] = $val;
break;
}
}
}
if($_SESSION['_config']['language'] == "zh_CN")
{
header("Content-Type: text/html; charset=gb2312");
// header("Content-Transfer-Encoding: 8bit");
}
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$domain = 'messages';
bindtextdomain("$domain", "/home/cacert/locale");
textdomain("$domain");
$_SESSION['_config'][filepath] = "/home/cacert";
require_once("/home/cacert/includes/mysql.php");
if($_SESSION['profile']['id'] > 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
}
$hostname = "www.cacert.org";
function loadem($section = "index")
{
if($section != "index" & & $section != "account")
{
$section = "index";
}
if($section == "account")
include_once("/home/cacert/includes/account_stuff.php");
if($section == "index")
include_once("/home/cacert/includes/general_stuff.php");
}
function includeit($id = "0", $section = "index")
{
$id = intval($id);
if($section != "index" & & $section != "account" & & $section != "wot" & & $section != "help")
{
$section = "index";
}
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else {
$id = "0";
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else {
$section = "index";
$id = "0";
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else
include_once("/home/cacert/www/error404.php");
}
}
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = 0;
if(preg_match("/\d/", $pwd))
$points++;
if(preg_match("/[a-z]/", $pwd))
$points++;
if(preg_match("/[A-Z]/", $pwd))
$points++;
if(preg_match("/\W/", $pwd))
$points++;
if(preg_match("/\s/", $pwd))
$points++;
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
if(@strstr(strtolower($email), strtolower($pwd)))
$points--;
if(@strstr(strtolower($pwd), strtolower($fname)))
$points--;
if(@strstr(strtolower($fname), strtolower($pwd)))
$points--;
if($mname)
if(@strstr(strtolower($pwd), strtolower($mname)))
$points--;
if($mname)
if(@strstr(strtolower($mname), strtolower($pwd)))
$points--;
if(@strstr(strtolower($pwd), strtolower($lname)))
$points--;
if(@strstr(strtolower($lname), strtolower($pwd)))
$points--;
if($suffix)
if(@strstr(strtolower($pwd), strtolower($suffix)))
$points--;
if($suffix)
if(@strstr(strtolower($suffix), strtolower($pwd)))
$points--;
$do = `grep '$pwd' /usr/share/dict/american-english`;
if($do)
$points--;
return($points);
}
function extractit()
{
$bits = explode(": ", $_SESSION['_config'][subject], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", $bits['1']));
$bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
if(is_array($bits))
foreach($bits as $val)
{
if(!strstr($val, "="))
continue;
$split = explode("=", $val);
$k = $split[0];
$split['1'] = trim($split['1']);
if($k == "CN" & & $split['1'])
{
$k = $_SESSION['_config']['cnc'].".".$k;
$_SESSION['_config']['cnc']++;
$_SESSION['_config'][$k] = $split['1'];
}
if($k == "subjectAltName" & & $split['1'])
{
$k = $_SESSION['_config']['subaltc'].".".$k;
$_SESSION['_config']['subaltc']++;
$_SESSION['_config'][$k] = $split['1'];
}
}
}
function getcn()
{
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
}
if($_SESSION['_config']['row'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Unable to match '%s' against any domain validated against your account."), $CN);
showfooter();
exit;
} else
$rows[] = $CN;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}
function getalt()
{
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];
if(substr($subalt, 0, 4) != "DNS:")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt);
showfooter();
exit;
}
$alt = substr($subalt, 4);
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
}
if($_SESSION['_config']['altrow'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt);
showfooter();
exit;
} else
$altrows[] = $subalt;
}
$_SESSION['_config']['altrows'] = $altrows;
$_SESSION['_config']['altid'] = $altid;
}
function getcn2()
{
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
}
if($_SESSION['_config']['row'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Unable to match '%s' against any domain validated against your account."), $CN);
showfooter();
exit;
} else
$rows[] = $CN;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}
function getalt2()
{
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];
if(substr($subalt, 0, 4) != "DNS:")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt);
showfooter();
exit;
}
$alt = substr($subalt, 4);
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
}
if($_SESSION['_config']['altrow'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt);
showfooter();
exit;
} else
$altrows[] = $subalt;
}
$_SESSION['_config']['altrows'] = $altrows;
$_SESSION['_config']['altid'] = $altid;
}
function checkownership($hostname)
{
$bits = explode(".", $hostname);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$query = "select * from `org`,`orgdomains`,`orginfo`
where `org`.`memid`='".$_SESSION['profile']['id']."'
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
return(true);
}
}
return(false);
}
function maxpoints($id = 0)
{
if($id < = 0)
$id = $_SESSION['profile']['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
if($points >= 300)
return(200);
if($points >= 200)
return(150);
if($points >= 150)
return(35);
if($points >= 140)
return(30);
if($points >= 130)
return(25);
if($points >= 120)
return(20);
if($points >= 110)
return(15);
if($points >= 100)
return(10);
return(0);
}
?>
