2004-10-16 00:28:17 +00:00
< ? /*
Copyright ( C ) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert .
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address :
http :// www . cacert . org / src - lic . php
CAcert is distributed WITHOUT ANY WARRANTY ; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE . See the License for more details .
*/ ?>
< ?
loadem ( " account " );
2006-08-13 18:54:45 +00:00
if ( $_REQUEST [ 'Notify' ] != " " )
{
echo " do something here " ;
exit ;
}
$type = $_REQUEST [ 'type' ];
2004-10-16 00:28:17 +00:00
if ( $type == " email " )
{
$id = 1 ;
2006-08-13 18:14:27 +00:00
$emailid = intval ( $_REQUEST [ 'emailid' ]);
$hash = mysql_escape_string ( stripslashes ( $_REQUEST [ 'hash' ]));
2004-10-16 00:28:17 +00:00
$query = " select * from `email` where `id`=' $emailid ' and hash!='' and deleted=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
2005-03-12 19:40:24 +00:00
$row [ 'attempts' ] ++ ;
2006-08-13 18:54:45 +00:00
if ( $row [ 'attempts' ] >= 6 )
2004-10-16 00:28:17 +00:00
{
mysql_query ( " update `email` set `hash`='', `attempts`=' $row[attempts] ', `deleted`=NOW() where `id`=' $emailid ' " );
showheader ( _ ( " Error! " ), _ ( " Error! " ));
2005-03-12 19:40:24 +00:00
echo _ ( " You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system " );
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
mysql_query ( " update `email` set `attempts`=' $row[attempts] ' where `id`=' $emailid ' " );
}
2006-08-13 18:54:45 +00:00
$query = " select * from `email` where `id`=' $emailid ' and `hash`=' $hash ' and hash!='' and deleted=0 and `attempts` <= 6 " ;
2004-10-16 00:28:17 +00:00
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " The ID or Hash has already been verified, or something weird happened. " );
showfooter ();
exit ;
}
$row = mysql_fetch_assoc ( $res );
2006-08-13 18:54:45 +00:00
if ( $_REQUEST [ 'Yes' ] != " " )
2006-08-13 18:14:27 +00:00
{
$query = " update `email` set `hash`='',`modified`=NOW() where `id`=' $emailid ' " ;
mysql_query ( $query );
$query = " update `users` set `verified`='1' where `id`=' $row[memid] ' and `email`=' $row[email] ' and `verified`='0' " ;
mysql_query ( $query );
showheader ( _ ( " Updated " ), _ ( " Updated " ));
echo _ ( " Your account and/or email address has been verified. You can now start issuing certificates for this address. " );
2006-08-13 18:54:45 +00:00
} else if ( $_REQUEST [ 'No' ] != " " ) {
header ( " location: /index.php " );
exit ;
2006-08-13 18:14:27 +00:00
} else {
2006-08-13 18:54:45 +00:00
showheader ( _ ( " Updated " ), _ ( " Updated " ));
2006-08-13 18:14:27 +00:00
printf ( _ ( " Are you sure you want to verify the email %s? " ), $row [ 'email' ]);
2006-08-13 18:54:45 +00:00
echo " <br> \n <form method='post' action='/verify.php'> " ;
echo " <input type='hidden' name='emailid' value=' $emailid '> " ;
echo " <input type='hidden' name='hash' value=' $hash '> " ;
echo " <input type='hidden' name='type' value='email'> " ;
echo " <input type='submit' name='Yes' value=' " . _ ( " Yes verify this email " ) . " '><br> \n " ;
echo " <input type='submit' name='Notify' value=' " . _ ( " Notify support about this " ) . " '><br> \n " ;
echo " <input type='submit' name='No' value=' " . _ ( " Do not verify this email " ) . " '></form> \n " ;
2006-08-13 18:14:27 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
if ( $type == " domain " )
{
$id = 7 ;
2006-08-13 18:14:27 +00:00
$domainid = intval ( $_REQUEST [ 'domainid' ]);
$hash = mysql_escape_string ( stripslashes ( $_REQUEST [ 'hash' ]));
2004-10-16 00:28:17 +00:00
$query = " select * from `domains` where `id`=' $domainid ' and hash!='' and deleted=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) > 0 )
{
$row = mysql_fetch_assoc ( $res );
$row [ attempts ] ++ ;
if ( $row [ attempts ] == 4 )
{
$query = " update `domains` set `hash`='', `attempts`=' $row[attempts] ', `deleted`=NOW() where `id`=' $domainid ' " ;
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system " );
showfooter ();
exit ;
}
$query = " update `domains` set `attempts`=' $row[attempts] ' where `id`=' $domainid ' " ;
mysql_query ( $query );
}
$query = " select * from `domains` where `id`=' $domainid ' and `hash`=' $hash ' and hash!='' and deleted=0 " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
showheader ( _ ( " Error! " ), _ ( " Error! " ));
echo _ ( " The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened. " );
showfooter ();
exit ;
}
$row = mysql_fetch_assoc ( $res );
2006-08-13 18:54:45 +00:00
if ( $_REQUEST [ 'Yes' ] != " " )
2006-08-13 18:14:27 +00:00
{
$query = " update `domains` set `hash`='',`modified`=NOW() where `id`=' $domainid ' " ;
mysql_query ( $query );
showheader ( _ ( " Updated " ), _ ( " Updated " ));
echo _ ( " Your domain has been verified. You can now start issuing certificates for this domain. " );
2006-08-13 18:54:45 +00:00
} else if ( $_REQUEST [ 'No' ] != " " ) {
header ( " location: /index.php " );
exit ;
2006-08-13 18:14:27 +00:00
} else {
2006-08-13 18:54:45 +00:00
showheader ( _ ( " Updated " ), _ ( " Updated " ));
2006-08-13 18:14:27 +00:00
printf ( _ ( " Are you sure you want to verify the domain %s? " ), $row [ 'name' ]);
2006-08-13 18:54:45 +00:00
echo " <br> \n <form method='post' action='/verify.php'> " ;
echo " <input type='hidden' name='domainid' value=' $domainid '> " ;
echo " <input type='hidden' name='hash' value=' $hash '> " ;
echo " <input type='hidden' name='type' value='domain'> " ;
echo " <input type='submit' name='Yes' value=' " . _ ( " Yes verify this email " ) . " '><br> \n " ;
echo " <input type='submit' name='Notify' value=' " . _ ( " Notify support about this " ) . " '><br> \n " ;
echo " <input type='submit' name='No' value=' " . _ ( " Do not verify this email " ) . " '></form> \n " ;
2006-08-13 18:14:27 +00:00
}
2004-10-16 00:28:17 +00:00
showfooter ();
exit ;
}
?>