From 029a3b9f8914e5dd77c970ac76a8ac139611893c Mon Sep 17 00:00:00 2001 From: root Date: Fri, 3 Feb 2006 18:45:23 +0000 Subject: [PATCH] update --- includes/account.php | 184 ++++++++++++++++++++----------------- includes/account_stuff.php | 3 + includes/general.php | 5 +- includes/loggedin.php | 14 ++- locale/bg.po | 8 +- locale/it.po | 28 +++--- locale/ja.po | 4 +- locale/pl.po | 88 +++++++++--------- locale/sv.po | 86 ++++++++--------- pages/account/17.php | 1 + pages/account/25.php | 2 +- pages/account/40.php | 3 +- pages/account/50.php | 4 +- pages/account/53.php | 1 + pages/account/54.php | 47 +++++++++- pages/gpg/2.php | 6 +- pages/index/11.php | 3 +- pages/index/4.php | 1 + pages/index/8.php | 2 +- pages/wot/12.php | 5 +- pages/wot/13.php | 20 +++- pages/wot/9.php | 7 +- scripts/rungpg.c | 13 +++ scripts/servercerts.php | 18 ++-- tverify/index.php | 6 +- www/api/ccsr.php | 2 +- www/api/cemails.php | 2 +- www/gpg.php | 12 ++- www/index.php | 79 ++++++++++------ www/src-lic.php | 2 +- www/ttp.php | 2 +- www/wot.php | 25 +++-- 32 files changed, 412 insertions(+), 271 deletions(-) create mode 100644 scripts/rungpg.c diff --git a/includes/account.php b/includes/account.php index 2e0c18c..ca3df13 100644 --- a/includes/account.php +++ b/includes/account.php @@ -16,35 +16,38 @@ loadem("account"); - if($process != "" && $oldid == 1) + $id = intval($_REQUEST['id']); + $oldid = intval($_REQUEST['oldid']); + + if($_REQUEST['process'] != "" && $oldid == 1) { $id = 1; - if(strstr($newemail, "xn--") && $_SESSION['profile']['codesign'] <= 0) + if(strstr($_REQUEST['newemail'], "xn--") && $_SESSION['profile']['codesign'] <= 0) { showheader(_("My CAcert.org Account!")); echo _("Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."); showfooter(); exit; } - if(trim(mysql_escape_string(stripslashes($newemail))) == "") + if(trim(mysql_escape_string(stripslashes($_REQUEST['newemail']))) == "") { showheader(_("My CAcert.org Account!")); - printf(_("Not a valid email address. Can't continue."), $email); + printf(_("Not a valid email address. Can't continue."), $_REQUEST['email']); showfooter(); exit; } unset($oldid); - $email = trim(mysql_escape_string(stripslashes($newemail))); - $query = "select * from `email` where `email`='$email' and `deleted`=0"; + $_REQUEST['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['newemail']))); + $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { showheader(_("My CAcert.org Account!")); - printf(_("The email address '%s' is already in the system. Can't continue."), $email); + printf(_("The email address '%s' is already in the system. Can't continue."), $_REQUEST['email']); showfooter(); exit; } - $checkemail = checkEmail($newemail); + $checkemail = checkEmail($_REQUEST['newemail']); if($checkemail != true) { showheader(_("My CAcert.org Account!")); @@ -56,7 +59,7 @@ $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); - $query = "insert into `email` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; + $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $emailid = mysql_insert_id(); @@ -64,15 +67,15 @@ $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); - sendmail($email, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support"); + sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support"); showheader(_("My CAcert.org Account!")); - printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email); + printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_REQUEST['email']); showfooter(); exit; } - if($makedefault != "" && $oldid == 2) + if($_REQUEST['makedefault'] != "" && $oldid == 2) { $id = 2; $emailid = intval($emailid); @@ -95,7 +98,7 @@ exit; } - if($process != "" && $oldid == 2) + if($_REQUEST['process'] != "" && $oldid == 2) { $id = 2; showheader(_("My CAcert.org Account!")); @@ -128,7 +131,7 @@ exit; } - if($process != "" && $oldid == 3) + if($_REQUEST['process'] != "" && $oldid == 3) { if(!is_array($addid)) { @@ -197,12 +200,12 @@ $row = mysql_fetch_assoc($res); if(!$emails) $defaultemail = $row['email']; - $emails .= "$emailcount.emailAddress = ".$row['email']."\n"; - $emailcount++; + $emails .= "$count.emailAddress = ".$row['email']."\n"; + $count++; $addys[] = $row['id']; } } - if($emailcount <= 0) + if($count <= 0) { $id = 4; showheader(_("My CAcert.org Account!")); @@ -394,7 +397,7 @@ $_SESSION['_config']['domain'] = mysql_escape_string($newdomain); } - if($process != "" && $oldid == 8) + if($_REQUEST['process'] != "" && $oldid == 8) { unset($oldid); $id = 8; @@ -426,7 +429,7 @@ showfooter(); exit; } - $checkemail = checkEmail($newemail); + $checkemail = checkEmail($_REQUEST['newemail']); if($checkemail != true) { showheader(_("My CAcert.org Account!")); @@ -457,7 +460,7 @@ exit; } - if($process != "" && $oldid == 9) + if($_REQUEST['process'] != "" && $oldid == 9) { $id = 9; showheader(_("My CAcert.org Account!")); @@ -483,7 +486,7 @@ exit; } - if($process != "" && $oldid == 10) + if($_REQUEST['process'] != "" && $oldid == 10) { $CSR = trim($CSR); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "FOO"); @@ -521,10 +524,9 @@ } } - if($process != "" && $oldid == 11) + if($_REQUEST['process'] != "" && $oldid == 11) { $id = 11; - if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { showheader(_("My CAcert.org Account!")); @@ -542,20 +544,23 @@ if($count <= 1) { $subject .= "/CN=$row"; - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + $subject .= "/subjectAltName=DNS:$row"; + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; } else { - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + $subject .= "/subjectAltName=DNS:$row"; + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; } } if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $row) - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + { + if(substr($row, 0, 4) == "DNS:") + { + $row = substr($row, 4); + $subject .= "/subjectAltName=DNS:$row"; + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; + } + } if($_SESSION['_config']['rowid']['0'] > 0) { @@ -877,7 +882,7 @@ $_SESSION['_config']['user']['set'] = 1; } - if($oldid == 13 && $process != "") + if($oldid == 13 && $_REQUEST['process'] != "") { $_SESSION['_config']['user']['fname'] = trim(mysql_escape_string(stripslashes($fname))); $_SESSION['_config']['user']['mname'] = trim(mysql_escape_string(stripslashes($mname))); @@ -907,7 +912,7 @@ } } - if($oldid == 13 && $process != "") + if($oldid == 13 && $_REQUEST['process'] != "") { $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $ddres = mysql_query($ddquery); @@ -931,7 +936,7 @@ } } - if($oldid == 13 && $process != "") + if($oldid == 13 && $_REQUEST['process'] != "") { if($_SESSION['profile']['points'] == 0) { @@ -967,7 +972,7 @@ exit; } - if($oldid == 14 && $process != "") + if($oldid == 14 && $_REQUEST['process'] != "") { $_SESSION['_config']['user']['oldpass'] = trim(mysql_escape_string(stripslashes($oldpassword))); $_SESSION['_config']['user']['pword1'] = trim(mysql_escape_string(stripslashes($pword1))); @@ -983,7 +988,8 @@ $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']); $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and - `password`=password('".$_SESSION['_config']['user']['oldpass']."')"); + (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or + `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))"); if(strlen($_SESSION['_config']['user']['pword1']) < 6) { echo _("The Pass Phrase you submitted was too short."); @@ -992,7 +998,7 @@ } else if(mysql_num_rows($match) <= 0) { echo _("You failed to correctly enter your current Pass Phrase."); } else { - mysql_query("update `users` set `password`=password('".$_SESSION['_config']['user']['pword1']."') + mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); } @@ -1037,7 +1043,7 @@ exit; } - if($oldid == 16 && $process != "") + if($oldid == 16 && $_REQUEST['process'] != "") { $_SESSION['_config']['rootcert'] = intval($_POST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) @@ -1061,16 +1067,16 @@ exit; } - $emailcount = 0; + $count = 0; $emails = ""; $addys = array(); if(is_array($_SESSION['_config']['emails'])) - foreach($_SESSION['_config']['emails'] as $email) + foreach($_SESSION['_config']['emails'] as $_REQUEST['email']) { if(!$emails) - $defaultemail = $email; - $emails .= "$emailcount.emailAddress = $email\n"; - $emailcount++; + $defaultemail = $_REQUEST['email']; + $emails .= "$count.emailAddress = $_REQUEST[email]\n"; + $count++; } if($_SESSION['_config']['name'] != "") $emails .= "commonName = ".$_SESSION['_config']['name']."\n"; @@ -1114,11 +1120,11 @@ if($_SESSION['_config']['name'] != "") $csrsubject = "/CN=".$_SESSION['_config']['name']; if(is_array($_SESSION['_config']['emails'])) - foreach($_SESSION['_config']['emails'] as $email) + foreach($_SESSION['_config']['emails'] as $_REQUEST['email']) { if($defaultemail == "") - $defaultemail = $email; - $csrsubject .= "/emailAddress=$email"; + $defaultemail = $_REQUEST['email']; + $csrsubject .= "/emailAddress=$_REQUEST[email]"; } if($org['OU']) $csrsubject .= "/organizationalUnitName=".$org['OU']; @@ -1294,7 +1300,7 @@ exit; } - if($process != "" && $oldid == 20) + if($_REQUEST['process'] != "" && $oldid == 20) { $CSR = trim($CSR); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "FOO"); @@ -1343,7 +1349,7 @@ $_SESSION['_config']['rootcert'] = 1; } - if($process != "" && $oldid == 21) + if($_REQUEST['process'] != "" && $oldid == 21) { $id = 21; @@ -1567,7 +1573,7 @@ exit; } - if($oldid == 24 && $process != "") + if($oldid == 24 && $_REQUEST['process'] != "") { $id = intval($oldid); $_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O))); @@ -1594,7 +1600,7 @@ } } - if($oldid == 27 && $process != "") + if($oldid == 27 && $_REQUEST['process'] != "") { $id = intval($oldid); $_SESSION['_config']['O'] = trim(mysql_escape_string(stripslashes($O))); @@ -1622,7 +1628,7 @@ } } - if($oldid == 28 && $process != "") + if($oldid == 28 && $_REQUEST['process'] != "") { $domain = $_SESSION['_config']['domain'] = trim(mysql_escape_string(stripslashes($domainname))); $res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'"); @@ -1640,7 +1646,7 @@ $id = 25; } - if($oldid == 28 && $process != "") + if($oldid == 28 && $_REQUEST['process'] != "") { mysql_query("insert into `orgdomains` set `orgid`='".$_SESSION['_config']['orgid']."', `domain`='$domain'"); showheader(_("My CAcert.org Account!")); @@ -1650,7 +1656,7 @@ exit; } - if($oldid == 29 && $process != "") + if($oldid == 29 && $_REQUEST['process'] != "") { $domain = mysql_escape_string(stripslashes(trim($domainname))); @@ -1664,7 +1670,7 @@ } } - if(($oldid == 29 || $oldid == 30) && $process != _("Cancel")) + if(($oldid == 29 || $oldid == 30) && $_REQUEST['process'] != _("Cancel")) { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and @@ -1686,7 +1692,7 @@ $do = `../scripts/runclient`; } - if($oldid == 29 && $process != "") + if($oldid == 29 && $_REQUEST['process'] != "") { $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'")); mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".$_SESSION['_config']['domid']."'"); @@ -1697,7 +1703,7 @@ exit; } - if($oldid == 30 && $process != "") + if($oldid == 30 && $_REQUEST['process'] != "") { $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".$_SESSION['_config']['domid']."'")); $domain = $row['domain']; @@ -1715,7 +1721,7 @@ $orgid = 0; } - if($oldid == 31 && $process != _("Cancel")) + if($oldid == 31 && $_REQUEST['process'] != _("Cancel")) { $query = "select * from `orgdomains` where `orgid`='".$_SESSION['_config']['orgid']."'"; $dres = mysql_query($query); @@ -1795,21 +1801,21 @@ } } - if($oldid == 33 && $process != "") + if($oldid == 33 && $_REQUEST['process'] != "") { if($_SESSION['profile']['admin'] == 1) $masteracc = $_SESSION['_config'][masteracc] = intval($masteracc); else $masteracc = $_SESSION['_config'][masteracc] = 0; - $email = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($email))); + $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_escape_string(stripslashes(trim($_REQUEST['email']))); $OU = $_SESSION['_config']['OU'] = mysql_escape_string(stripslashes(trim($OU))); $comments = $_SESSION['_config']['comments'] = mysql_escape_string(stripslashes(trim($comments))); - $res = mysql_query("select * from `users` where `email`='$email'"); + $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."'"); if(mysql_num_rows($res) <= 0) { $id = $oldid; unset($oldid); - $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $email); + $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']); } else { $row = mysql_fetch_assoc($res); mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".$_SESSION['_config']['orgid']."', @@ -1817,7 +1823,7 @@ } } - if($oldid == 34 && $process != "") + if($oldid == 34 && $_REQUEST['process'] != "") { mysql_query("delete from `org` where `memid`='".$_SESSION['_config']['memid']."'"); } @@ -1901,7 +1907,7 @@ exit; } - if($oldid == 54 || ($id == 53 && $_REQUEST['action'] != "")) + if($oldid == 54 || ($id == 53 && $_REQUEST['action'] != "") || ($id == 54 && $_REQUEST['action'] != "" && $_REQUEST['action'] != "aliases")) { $id = 53; $ccid = intval($_REQUEST['ccid']); @@ -1912,7 +1918,7 @@ $long = mysql_escape_string($_REQUEST['longitude']); $lat = mysql_escape_string($_REQUEST['latitude']); - if($locid > 0 && $_REQUEST['action'] == "edit") + if($locid > 0 && $_REQUEST['action'] == "edit" && $name == htmlentities($name)) { $query = "update `locations` set `name`='$name', `lat`='$lat', `long`='$long' where `id`='$locid'"; mysql_query($query); @@ -1921,7 +1927,7 @@ unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); - } else if($regid > 0 && $_REQUEST['action'] == "edit") { + } else if($regid > 0 && $_REQUEST['action'] == "edit" && $name == htmlentities($name)) { $query = "update `regions` set `name`='$name' where `id`='$regid'"; mysql_query($query); $row = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); @@ -1929,7 +1935,7 @@ unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); - } else if($regid > 0 && $_REQUEST['action'] == "add") { + } else if($regid > 0 && $_REQUEST['action'] == "add" && $name == htmlentities($name)) { $row = mysql_fetch_assoc(mysql_query("select `ccid` from `regions` where `id`='$regid'")); $ccid = $row['ccid']; $query = "insert into `locations` set `ccid`='$ccid', `regid`='$regid', `name`='$name', `lat`='$lat', `long`='$long'"; @@ -1937,7 +1943,7 @@ unset($_REQUEST['ccid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); - } else if($ccid > 0 && $_REQUEST['action'] == "add") { + } else if($ccid > 0 && $_REQUEST['action'] == "add" && $name == htmlentities($name)) { $query = "insert into `regions` set `ccid`='$ccid', `name`='$name'"; mysql_query($query); $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); @@ -1947,6 +1953,7 @@ } else if($locid > 0 && $_REQUEST['action'] == "delete") { $row = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$locid'")); $_REQUEST['regid'] = $row['regid']; + mysql_query("delete from `localias` where `locid`='$locid'"); mysql_query("delete from `locations` where `id`='$locid'"); unset($_REQUEST['ccid']); unset($_REQUEST['locid']); @@ -1969,6 +1976,17 @@ unset($_REQUEST['regid']); unset($_REQUEST['locid']); unset($_REQUEST['action']); + } else if($locid > 0 && $_REQUEST['action'] == "alias") { + $id = 54; + $_REQUEST['action'] = "aliases"; + $_REQUEST['locid'] = $locid; + $name = htmlentities($name); + $row = mysql_query("insert into `localias` set `locid`='$locid',`name`='$name'"); + } else if($locid > 0 && $_REQUEST['action'] == "delalias") { + $id = 54; + $_REQUEST['action'] = "aliases"; + $_REQUEST['locid'] = $locid; + $row = mysql_query("delete from `localias` where `locid`='$locid' and `name`='$name'"); } } @@ -2014,7 +2032,7 @@ { echo _("No such user found."); } else { - mysql_query("update `users` set `password`=password('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'"); + mysql_query("update `users` set `password`=sha1('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); printf(_("The password for %s has been updated successfully in the system."), $row['email']); } @@ -2022,7 +2040,7 @@ exit; } - if($process != "" && $oldid == 45) + if($_REQUEST['process'] != "" && $oldid == 45) { $CSR = trim($CSR); $_SESSION['_config']['CSR'] = $CSR; @@ -2048,7 +2066,7 @@ } } - if($process != "" && $oldid == 46) + if($_REQUEST['process'] != "" && $oldid == 46) { $CSR = $_SESSION['_config']['CSR']; $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`); @@ -2158,33 +2176,33 @@ if($row['email'] == "") $id = 42; else - $_POST['email'] = $row['email']; + $_REQUEST['email'] = $row['email']; } if($oldid == 50) { $id = 43; - $_GET['userid'] = intval($_POST['userid']); + $_REQUEST['userid'] = intval($_REQUEST['userid']); } - if($oldid == 50 && $_POST['process'] != "") + if($oldid == 50 && $_REQUEST['process'] != "") { - $_POST['userid'] = intval($_POST['userid']); - $res = mysql_query("select * from `users` where `id`='".$_POST['userid']."'"); + $_REQUEST['userid'] = intval($_REQUEST['userid']); + $res = mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"); if(mysql_num_rows($res) > 0) { - $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`=NOW() - WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".$_POST['userid']."'"; + $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01' + WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".$_REQUEST['userid']."'"; mysql_query($query); - $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".$_POST['userid']."'"; + $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".$_REQUEST['userid']."'"; mysql_query($query); - $query = "update `emailcerts` SET `revoked`=NOW() WHERE `memid`='".$_POST['userid']."'"; + $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".$_REQUEST['userid']."'"; mysql_query($query); - $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".$_POST['userid']."'"; + $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".$_REQUEST['userid']."'"; mysql_query($query); - $query = "delete from `org` WHERE `memid`='".$_POST['userid']."'"; + $query = "delete from `org` WHERE `memid`='".$_REQUEST['userid']."'"; mysql_query($query); - $query = "update `users` SET `deleted`=NOW() WHERE `id`='".$_POST['userid']."'"; + $query = "update `users` SET `deleted`=NOW() WHERE `id`='".$_REQUEST['userid']."'"; mysql_query($query); } } diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 56fcf43..0948d13 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -13,6 +13,9 @@ PARTICULAR PURPOSE. See the License for more details. */ + $id = $_REQUEST['id']; + + function showheader($title = "CAcert.org", $title2 = "") { global $id, $PHP_SELF; diff --git a/includes/general.php b/includes/general.php index c0df476..67a673e 100644 --- a/includes/general.php +++ b/includes/general.php @@ -23,6 +23,9 @@ $junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"), _("CT Magazine - Germany"), _("Temporary Increase"), _("Unknown")); + $id = intval($_REQUEST['id']); + $oldid = intval($_REQUEST['oldid']); + $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); @@ -46,7 +49,7 @@ exit; } - $lang = mysql_escape_string(substr(trim($lang), 0, 5)); + $lang = mysql_escape_string(substr(trim($_REQUEST['lang']), 0, 5)); if($lang != "") $_SESSION['_config']['language'] = $lang; diff --git a/includes/loggedin.php b/includes/loggedin.php index e4e5970..d3e2a32 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -79,11 +79,17 @@ } } - if($id == "logout") + if($_REQUEST['id'] == "logout") { $_SESSION['profile']['loggedin'] = 0; - unset($_SESSION['profile']); - session_unregister('profile'); + $_SESSION['profile'] = ""; + foreach($_SESSION as $key) + { + unset($_SESSION[$key]); + unset($$key); + session_unregister($key); + } + unset($_SESSION); header("location: https://".$_SERVER['HTTP_HOST']."/index.php"); exit; @@ -93,7 +99,7 @@ { unset($_SESSION['_config']['oldlocation']); - foreach($_GET as $key => $val) + foreach($_REQUEST as $key => $val) { if($_SESSION['_config']['oldlocation']) $_SESSION['_config']['oldlocation'] .= "&"; diff --git a/locale/bg.po b/locale/bg.po index 624083b..ddf33d8 100644 --- a/locale/bg.po +++ b/locale/bg.po @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: de\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2005-01-09 08:25:26+0000\n" -"PO-Revision-Date: 2005-11-15 07:20:32+0000\n" +"PO-Revision-Date: 2005-12-24 20:02:35+0000\n" "Last-Translator: Someone \n" "Language-Team: \n" "MIME-Version: 1.0\n" @@ -2010,15 +2010,15 @@ msgstr "Десет риска #: www/account/38.php:23 www/index/13.php:23 msgid "Thank you very much for your support, your donations help CAcert to continue to operate." -msgstr "" +msgstr "Благодарим Ви много за подкрепата. С помощта на Вашето дарение CAcert може да продължи да функционира." #: www/index.php:314 msgid "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!" -msgstr "" +msgstr "Благодарим Ви, че се регистрирахте в CAcert.org. По-долу е връзката, която трябва да отворите за да потвърдите регистрацията си. След като го направите ще можете да издавате сертификати до насита!" #: www/help/2.php:47 msgid "That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy." -msgstr "" +msgstr "Тази ситуация се промени и Internet Explorer, като най-очевиден пример, сега твърди, че всички Сертифициращи институции са 'контролирани' от 'независима' организация, Американският институт за сертифицирани обществени счетоводители (AICPA). Така че сега, ако имате неоходимите средства (от US$75000 до US$250000 и повече), можете да повикате тези счетоводители, които очевидно знаят много за парите, за да Ви одобрят като имащи необходимите техническа инфраструктура и бизнес практика за да бъдете Сертифицираща институция. И получават хубава пачкапари за удоволствието да го направят. А Сертифициращите институции, имайки един вид монопол в резултат на това, вземат много за издаването на сертификати и също получават хубава пачка. И всички са щастливи." #: www/account/17.php:89 www/account/4.php:89 msgid "The 1024-bit key generation failed. Would you like to try 512 instead?" diff --git a/locale/it.po b/locale/it.po index 86b9b0a..7afa476 100644 --- a/locale/it.po +++ b/locale/it.po @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: de\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2005-01-09 08:25:26+0000\n" -"PO-Revision-Date: 2005-11-24 01:31:00+0000\n" +"PO-Revision-Date: 2005-12-24 20:02:25+0000\n" "Last-Translator: Someone \n" "Language-Team: \n" "MIME-Version: 1.0\n" @@ -2495,12 +2495,12 @@ msgstr "Ricevi questo messaggio perché hai ricevuto un incremento tempora #: www/wot.php:230 #, php-format msgid "You are receiving this email because you have assured %s %s (%s)." -msgstr "Hai ricevuto questo messaggio di posta elettronica perché hai verificato l'identità di %s %s (%s)." +msgstr "Ricevi questo messaggio di posta elettronica perché hai verificato l'identità di %s %s (%s)." #: www/wot.php:206 #, php-format msgid "You are receiving this email because you have been assured by %s %s (%s)." -msgstr "Hai ricevuto questo messaggio di posta elettronica perché sei stato certificato da %s %s (%s)." +msgstr "Ricevi questo messaggio di posta elettronica perché sei stato certificato da %s %s (%s)." #: includes/general_stuff.php:112 includes/tverify_stuff.php:78 msgid "Further Information" @@ -2867,7 +2867,7 @@ msgstr "Certificati digitali gratutiti!" #: www/wot.php:240 #, php-format msgid "You issued %s points and they now have %s points in total." -msgstr "Hai assegnato %s punti così ora hanno un totale di %s punti." +msgstr "Hai assegnato %s punti così ora ha un totale di %s punti." #: www/wot.php:238 #, php-format @@ -3381,7 +3381,7 @@ msgstr "Firma del richiedente" #: www/cap.php:39 msgid "As the assurer, you are required to keep the signed document on file for 7 years. Should Cacert Inc. have any concerns about a meeting taking place, Cacert Inc. can request proof, in the form of this signed document, to ensure the process is being followed correctly. After 7 years if you wish to dispose of this form it's preferred that you shred and burn it. You do not need to retain copies of ID at all." -msgstr "Come il Certificatore, anche tu sei tenuto a conservare il documento firmato per 7 anni. Se Cacert Inc. avesse dubbi circa l'incontro avvenuto, Cacert Inc. può chiederne la prova, sotto forma di questo documento firmato, per accertare il processo di certificazione sia stato seguito correttamente. Dopo 7 anni se desideri liberartene è preferibile strapparla e bruciarla. Non sei tenuto conservare le copie del documento di identificazione." +msgstr "Come Certificatore, sei tenuto a conservare il documento firmato per 7 anni. Se Cacert Inc. avesse dubbi circa l'incontro avvenuto può chiederne riscontro, sotto forma di questo documento firmato, per accertare che il processo di certificazione sia stato seguito correttamente. Dopo 7 anni se desideri liberartene è preferibile strapparlo e bruciarlo. Non sei tenuto conservare le copie del documento di identificazione." #: www/cap.php:103 www/cap.php:107 msgid "Assurer's Name" @@ -3401,7 +3401,7 @@ msgstr "Data (AAAA-MM-GG)" #: www/cap.php:81 msgid "I hereby confirm that the information stated above is both true and correct, and request the CAcert Assurer (identified below) to witness my identity in the CAcert Assurance Programme." -msgstr "Confermo con ciò che le informazioni dichiarate sopra sono sia vere che corrette ed invito il Certificatore di CAcert (identificato sotto) a testimoniare la mia identità nel Programma di Certificazione di CAcert." +msgstr "Dichiaro che le informazioni riportate sopra sono sia vere che corrette e invito il Certificatore di CAcert (identificato sotto) a testimoniare la mia identità nel Programma di Certificazione di CAcert." #: www/cap.php:15 www/ttp.php:24 msgid "Identity Verification Form" @@ -3417,7 +3417,7 @@ msgstr "Punti Massimi" #: www/cap.php:51 www/ttp.php:75 msgid "Names" -msgstr "Nomi" +msgstr "Nome" #: www/cap.php:123 msgid "Photo ID Shown: (ID types, not numbers. eg Drivers license, Passport)" @@ -3430,7 +3430,7 @@ msgstr "Punti Assegnati" #: www/cap.php:37 #, php-format msgid "To the Assurer: The CAcert Assurance Programme (CAP) aims to verify the identities of Internet users through face-to-face witnessing of government issued identity documents. The Applicant asks you to verify to CAcert.org that you have met them and verified their identity against one or more original, trusted, government photo identity documents. If you have ANY doubts or concerns about the Applicant's identity, DO NOT COMPLETE OR SIGN this form. For more information about the CAcert Assurance Programme, including detailed guides for CAcert Assurers, please visit: %s" -msgstr "Al Certificatore: Il programma di certificazione di CAcert (CAP) mira a verificare le identità degli utenti di Internet attraverso la testimonianza di persona dei documenti di identità governativi. Il richiedente ti chiede di confermare a CAcert.org che lo hai incontrato personalmente e che hai verificato la sua identità attraverso uno o più documenti governativi ufficiali completi di fotografia. Se hai dubbi o preoccupazioni circa l'identità del candidato, NON COMPILARE O FIRMARE IL MODULO. Per maggiori informazioni sul programma di certificazione di CAcert, compreso le guide dettagliate per i certificatori di CAcert, vai a: %s" +msgstr "Al Certificatore: Il programma di certificazione di CAcert (CAP) mira a verificare le identità degli utenti di Internet attraverso la verifica diretta di documenti di identità personale rilasciati dalla Pubblica Amministrazione. Il candidato ti chiede di confermare a CAcert.org che lo hai incontrato personalmente e che hai verificato la sua identità attraverso uno o più documenti d'identità muniti di fotografia. Se hai dubbi o preoccupazioni circa l'identità del candidato, NON COMPILARE O FIRMARE IL MODULO. Per maggiori informazioni sul programma di certificazione di CAcert, comprese le guide dettagliate per i certificatori di CAcert, vai a: %s" #: www/cap.php:46 msgid "Applicant's Statement" @@ -3447,7 +3447,7 @@ msgstr "Informazioni del Richiedente" #: www/ttp.php:84 msgid "Bar Association, CPA Number or Bank Name and Branch, JP/Notary Number" msgstr "" -"Numero di iscrizione a Ordine degli Avvocati, Ordine dei Commercialisti, Ordine dei notai, Giudici di pace; Nome della banca e filiale " +"Numero di iscrizione all'Ordine; Nome della banca e filiale " "" #: www/ttp.php:91 @@ -3469,7 +3469,7 @@ msgstr "Se sussiste è QUALUNQUE dubbio o preoccupazione circa l'identit&a #: www/ttp.php:82 msgid "Justice of the Peace, Public Notary, Lawyer, Accountant, or Bank Manager" -msgstr "Giudice di Pace, Notaio, Avvocato, Dottore Commercialista, o Direttore di Banca" +msgstr "Giudice di Pace, Notaio, Avvocato, Dottore Commercialista, Direttore di Banca" #: www/ttp.php:119 msgid "Main email (so we can find you)" @@ -3477,11 +3477,11 @@ msgstr "Email principale (così possiamo trovarti)" #: www/ttp.php:89 msgid "Office Phone" -msgstr "Telefono dell'Ufficio" +msgstr "Telefono dell'ufficio" #: www/ttp.php:77 msgid "Office Street Address" -msgstr "Indirizzo dell'Ufficio" +msgstr "Indirizzo dell'ufficio" #: www/ttp.php:58 msgid "PLEASE NOTE: You must get 2 fully completed TTP forms before sending anything to CAcert. Failure to do so will only cause your application to be delayed until all forms have been received by CAcert!" @@ -3512,7 +3512,7 @@ msgid "The Applicant asks you to certify to CAcert that you have met with the Ap msgstr "" "Il candidato chiede di certificare a CAcert di averlo incontrato personalmente e di evere verificato il nome completo, la data di nascita e i numeri di documento riportati rispetto a due diversi documenti di identificazione personale muniti di fotografia. " " " -"Allorché le copie sono state verificate rispetto agli originali e sono state firmate, il candidato le deve accludere al presente modulo firmato e restituirle a CAcert inc. " +"Allorché le copie sono state verificate rispetto agli originali e sono state firmate, il candidato deve accluderle al presente modulo firmato e restituirle a CAcert inc. " "" #: www/ttp.php:46 @@ -3535,7 +3535,7 @@ msgstr "" #: www/ttp.php:86 msgid "as applicable" -msgstr "in quanto applicabile" +msgstr "se applicabile" #: www/cap.php:102 msgid "CAcert Assurer" diff --git a/locale/ja.po b/locale/ja.po index 87cca51..4c78a9c 100644 --- a/locale/ja.po +++ b/locale/ja.po @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: de\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2005-01-09 08:25:26+0000\n" -"PO-Revision-Date: 2005-09-16 11:40:14+0000\n" +"PO-Revision-Date: 2005-12-24 20:02:16+0000\n" "Last-Translator: Someone \n" "Language-Team: \n" "MIME-Version: 1.0\n" @@ -400,7 +400,7 @@ msgstr "証明書の有効期限は #: www/index/0.php:54 msgid "Certificates expires in 12 months; only the email address itself can be entered into the certificate (not your full name)" -msgstr "証明書は 12 カ月で期限切れとなります。証明書に入れることができるのは、メールアドレスのみです (あなたのフルネームを入れることはできません) " +msgstr "証明書の有効期限は12カ月です。証明書に入れることができるのは、メールアドレスのみです (あなたのフルネームを入れることはできません) " #: www/index/0.php:84 msgid "Certificates expires in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.)." diff --git a/locale/pl.po b/locale/pl.po index 24f5b4a..8cd1dde 100644 --- a/locale/pl.po +++ b/locale/pl.po @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: de\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2005-01-09 08:25:26+0000\n" -"PO-Revision-Date: 2005-10-31 00:56:42+0000\n" +"PO-Revision-Date: 2005-12-24 20:02:11+0000\n" "Last-Translator: Someone \n" "Language-Team: \n" "MIME-Version: 1.0\n" @@ -61,11 +61,11 @@ msgstr "... potem naciśnij 'Dalej'." #: www/wot/3.php:42 msgid "A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable." -msgstr "" +msgstr "Kontroler CAcert (gwarant), który umyślnie ręczy za Kandydata w sprzeczności do tej polityki, powienien wiedzieć, że może zostać pociągnięty do odpowiedzialności." #: www/wot/4.php:17 msgid "A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers." -msgstr "" +msgstr "Zaufana osoba trzecia (3rd party) to po prostu ktoś w Twoim kraju odpowiedzialny za poświadczanie podpisów i numerów identyfikacyjnych (ID) dokumentów. Ta rola może być spełniona przez wiele różnych osób np. notariuszy, mężów zaufania, itp. Oczywiście inne osoby takie, jak: bankowcy, księgowi i prawnicy są tu także autorytetami." #: www/account/38.php:21 www/index/13.php:21 msgid "ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community." @@ -162,7 +162,7 @@ msgstr "Wszystkie ważne certyfikaty zostaną również uniewa #: www/help/7.php:5 msgid "Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again." -msgstr "" +msgstr "Pomijając pliki bootujące, wszystkie dane spoczywają na szyfrowanej partycji serwera głównego (root store) i tylko ręczna interwencja w proces uruchamiania - poprzez wprowadzenie hasła - rozpocznie je na nowo." #: www/index/17.php:61 msgid "Can't start the CEnroll control:" @@ -176,16 +176,16 @@ msgstr "Czy jesteś pewien, że chcesz usunąć %s i wszystkie c #: www/account/31.php:27 #, php-format msgid "Are you really sure you want to remove %s and all certificates issued under this organisation?" -msgstr "" +msgstr "Czy napewno chcesz usunąć %s i wszystkie certyfikaty wydane dla tej organizacji?" #: www/account/34.php:31 #, php-format msgid "Are you really sure you want to remove %s from administering this organisation?" -msgstr "" +msgstr "Czy napewno chcesz odsunąć %s od administrowania tą organizacją?" #: www/help/2.php:22 msgid "As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control." -msgstr "" +msgstr "Każdy, kto otrzymał e-mail zawierający wirusa z obcego adresu, wie, że protokół e-mail może być bardzo prosto oszukany. Tożsamość nadawcy jest bardzo łatwo skraść w ten sposób. Dlatego wielkim udogodnieniem jest cyfrowe podpisywanie e-maili, zapewniające odbiorcę, że osoba od której e-mail otrzymujemy, jest tą, za którą się podaje. Gdyby każdy podpisywał cyfrowo swoje wiadomości, byłoby znacznie łatwiej stwierdzić, czy e-mail jest prawdziwy i niezmieniony. Ponadto większość spamu i wirusów, podkradających tożsamość nadawcy, można by było w sposób oczywisty rozpoznać oraz łatwiej kontrolować." #: www/wot/6.php:24 msgid "Assurance Confirmation" @@ -201,7 +201,7 @@ msgstr "Punkty które wydałeś" #: www/stats.php:51 msgid "Assurances Made" -msgstr "" +msgstr "Zapewnienie stworzone" #: includes/account_stuff.php:182 www/wot/5.php:19 msgid "Assure Someone" @@ -221,7 +221,7 @@ msgstr "Kontrolerzy" #: www/index/51.php:28 msgid "Based on OpenSSL, PHP, a little bit of C and MySQL, we were able to build not only a free certificate authority that could verify your email address or domain, but actually build in a highly effective trust model. Our model goes further than that used by some commercial CAs to prove your identity." -msgstr "" +msgstr "Opierając się o OpenSSL, PHP, trochę C i MySQL, byliśmy zdolni do stworzenia nie tylko darmowego centrum autoryzacji (gdzie możesz zweryfikować e-mail lub domenę) ale także do zbudowania wysoce efektywnego modelu zaufania. Nasz system idzie dalej, niż wielu innych komercyjnych Centrów Autoryzacji (CA), by udowodnić Twoją tożsamość." #: www/index/0.php:110 msgid "Become a member of the CAcert Association" @@ -237,15 +237,17 @@ msgstr "Zostań Kontrolerem" #: www/account/40.php:19 www/index/11.php:19 msgid "Before contacting us, be sure to read over the inforation on our official and unofficial HowTo and FAQ pages." -msgstr "" +msgstr "Przed skontaktowaniem się z nami, upewnij się, że przeczytałeś informacje z naszego oficjalnego i nie oficjalnego HowTo i FAQ!" #: www/account/0.php:24 msgid "Before you can start issuing certificates for your website, irc server, smtp server, pop3, imap etc you will need to add domains to your account under the domain menu. You can also remove domains from here as well. Once you've added a domain you are free then to go into the Server Certificate section and start pasting CSR into the website and have the website return you a valid certificate for up to 2 years if you have 50 trust points, or 6 months for no trust points." msgstr "" +"Zanim będziesz mógł wystawiać certyfikaty dla Twojej stron www, serwera IRC, SMTP, POP3, IMAP, itp., musisz dodać domeny do Twojego konta - w menu Domeny. Stamtąd możesz także usuwać domeny. Gdy już dodałeś domenę możesz przejść do sekcji Certyfikatów Serwera i rozpocząć wklejanie CSR na stronę, która następnie zwróci dla Ciebie certyfikat ważny do 2 lat, jeśli masz już 50 punktów zaufania lub na 6 miesięcy, jeśli nie masz punktów. " +"" #: includes/account.php:47 includes/account.php:387 msgid "Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!" -msgstr "" +msgstr "Poniżej jest odnośnik (link), który musisz otworzyć, aby zweryfikować Twój adres e-mail. Po weryfikacji adresu będzie możliwe wystawianie certyfikatów." #: www/account/15.php:32 www/account/23.php:32 msgid "Below is your Server Certificate" @@ -267,27 +269,27 @@ msgstr "Członek Zarządu" #: www/help/3.php:60 msgid "Browse to the location you saved the .cer file to in step 1" -msgstr "" +msgstr "Przeglądaj katalog do którego zapisano plik .cer w 1 kroku" #: www/help/2.php:25 msgid "But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption." -msgstr "" +msgstr "Ale prawdopodobnie, podstawowym, a za razem najważniejszym powodem cyfrowego podpisywania jest przezorność i chęć zachowania prywatności. To uświadamia nam istnienie zabezpieczeń (lub ich brak) w Internecie i narzędzi, w które uzbrojeni możemy na własną rękę zapewnić sobie bezpieczeństwo. Wyczulając ludzi na istnienie cyfrowego podpisu, stajemy się świadomi możliwości zachowania prywatności." #: www/help/2.php:7 www/help/2.php:35 msgid "But, er, is this really proof of your email identity?" -msgstr "" +msgstr "Ale... czy to naprawdę jest dowód Twojej e-mailowej tożsamości?" #: www/help/2.php:48 msgid "But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!" -msgstr "" +msgstr "Ale z tymi wszystkimi pieniędzmi i całą odpowiedzialnością, muszą oni z należytą troską dbać o to, by Centra Autoryzacji wywiązywały się dobrze ze swojej pracy, prawda? Heh..Jasne?!" #: www/account/10.php:15 www/account/20.php:15 www/account/3.php:15 msgid "CAcert Certficate Acceptable Use Policy" -msgstr "" +msgstr "Polityka Użytkowania Certyfikatów CAcert" #: www/account/38.php:19 www/index/13.php:19 msgid "CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via" -msgstr "" +msgstr "CAcert Inc. jest stoważyszeniem non-profit, które może legalnie przyjmować dofinansowanie. CAcert wywiązuje się ze ścisłych wytycznych dotyczących tego, jak pieniądze mogą być wykorzystane. Jeśli chcesz nas dofinansować możesz to zrobić przy użyciu" #: www/account/10.php:20 www/account/20.php:20 www/account/3.php:20 msgid "CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at" @@ -328,7 +330,7 @@ msgstr "" #: www/index/51.php:15 msgid "CAcert.org Mission Statement" -msgstr "" +msgstr "Misja CAcert.org" #: includes/account.php:49 includes/account.php:389 www/index.php:316 msgid "CAcert.org Support!" @@ -353,7 +355,7 @@ msgstr "Anuluj" #: includes/general_stuff.php:58 msgid "Cert Login" -msgstr "Zaloguj z użyciem certyfikatu" +msgstr "Zaloguj z certyfikatem" #: www/account/19.php:101 www/account/6.php:99 msgid "Certificate Installation Complete!" @@ -443,11 +445,11 @@ msgstr "Certyfikaty (nie uwierzytelnione)" #: www/account/3.php:63 msgid "Code Signing" -msgstr "" +msgstr "Podpisywanie Kodu (Code Signing)" #: www/index/0.php:70 msgid "Code signing certificates" -msgstr "" +msgstr "Certyfikaty podpisujące kod (Code signing certificates)" #: www/account/24.php:41 www/account/27.php:44 www/account/32.php:27 #: www/account/33.php:43 @@ -456,12 +458,12 @@ msgstr "Komentarze" #: www/help/4.php:14 msgid "Common Name (eg, YOUR name) []:" -msgstr "" +msgstr "Popularna Nazwa (np. TWOJE imię) []:" #: www/account/11.php:22 www/account/12.php:23 www/account/18.php:23 #: www/account/21.php:25 www/account/22.php:23 msgid "CommonName" -msgstr "" +msgstr "CommonName" #: www/account/11.php:26 www/account/21.php:31 msgid "subjectAltName" @@ -477,15 +479,15 @@ msgstr "Statystyki CAcert" #: www/wot/3.php:23 msgid "Compare and verify that the copy of the identification sighted is a true and correct copy;" -msgstr "" +msgstr "Porównaj i sprawdź czy widziana kopia identyfikacji jest prawdziwą i poprawną kopią;" #: www/wot/3.php:31 msgid "Compare the online information to the information recorded on the paper form;" -msgstr "" +msgstr "Porównaj informacje on-line i te zapisane na formularzu papierowym;" #: www/wot/3.php:24 msgid "Complete the assurance form if the applicant has not already done so. Ensure that all information matches." -msgstr "" +msgstr "Wypełnij formularz kontrolny, jeśli Kandydat jeszcze tego nie zrobił. Upewnij się, że wszystkie informacje się zgadzają." #: www/help/3.php:39 msgid "Confirm your request details" @@ -522,11 +524,11 @@ msgstr "Ciasteczka [Cookies]" #: www/help/2.php:38 msgid "Cool man! How do I create my own digital signature?!" -msgstr "Super! Jak moge stworzyć mój własny cyfrowy podpis?" +msgstr "Super! Jak mogę stworzyć mój własny cyfrowy podpis?" #: www/help/3.php:47 msgid "Copy the contents of the email including the" -msgstr "" +msgstr "Skopiuj zawartość e-maila włączając w to" #: www/index/51.php:20 msgid "Core members of CAcert generally have a strong information technology and security background, and a stronger desire to give back to the community." @@ -545,7 +547,7 @@ msgstr "Państwo" #: www/account/36.php:23 www/index/1.php:112 msgid "Country Announcements" -msgstr "" +msgstr "Ogłoszenia krajowe" #: www/help/4.php:9 msgid "Country Name (2 letter code) [AU]:" @@ -616,11 +618,11 @@ msgstr "Departament/Dział" #: www/help/2.php:17 msgid "Digital signing thus provides security on the Internet." -msgstr "" +msgstr "Cyfrowe podpisywanie zapewnia bezpieczeństwo w Internecie." #: www/index/0.php:73 msgid "Digitally sign code, web applets, installers, etc. including your name and location in the certificates." -msgstr "" +msgstr "Podpisuj cyfrowo kod, applety, setup-y, itp. załączając swoje dane personalne w certyfikatach." #: www/wot/8.php:22 msgid "Directory Listing" @@ -656,7 +658,7 @@ msgstr "Darowizny" #: www/error404.php:21 msgid "Due to recent site changes bookmarks may no longer be valid, please update your bookmarks." -msgstr "" +msgstr "Ze względu na niedawne zmiany serwisu, zakładki/ulubione mogą być już nieaktualne, proszę uaktualnij je." #: www/help/2.php:39 msgid "Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it." @@ -706,11 +708,11 @@ msgstr "Próba Maila" #: www/help/2.php:20 msgid "Emails are not secure. In fact emails are VERY not secure!" -msgstr "Elektroniczne listy email nie są bezpieczne. Faktycznie są BARDZO słabo zabezpieczone!" +msgstr "Elektroniczne listy email nie są bezpieczne... a właściwie są BARDZO niebezpieczne!" #: www/index/0.php:83 msgid "Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates are allowed." -msgstr "" +msgstr "Uruchom szyfrowaną transmisję danych dla użytkowników stron www, e-maila i innych usług opartych o SSL na swoim serwerze. Dopuszczamy certyfikaty subdomen w stylu *.domena.com." #: www/help/3.php:58 msgid "Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'." @@ -760,7 +762,7 @@ msgstr "" #: www/account/12.php:50 www/account/18.php:50 www/account/22.php:50 #: www/account/5.php:54 msgid "Expired" -msgstr "Wygasa" +msgstr "Wygasł" #: www/account/12.php:25 www/account/18.php:25 www/account/22.php:25 #: www/account/5.php:25 @@ -847,7 +849,7 @@ msgstr "Tutaj możesz usunąć przetwarzane żądania albo u #: www/stats.php:55 msgid "Users with 50-99 Points" -msgstr "Użytkownicy w przedziale od 55 do 90 punktów" +msgstr "Użytkownicy w przedziale od 55 do 99 punktów" #: includes/account_stuff.php:185 msgid "GPG/PGP Keys" @@ -1487,7 +1489,7 @@ msgstr "Niepoprawny adres email. Nie mogę kontynuować." #: www/help/2.php:10 www/help/2.php:44 msgid "Notes for the strangely curious" -msgstr "" +msgstr "Informacje dla ciekawskich" #: www/account/39.php:45 www/index/10.php:45 msgid "Notification of changes" @@ -1756,7 +1758,7 @@ msgstr "" #: www/account/36.php:24 www/index/1.php:113 msgid "Regional Announcements" -msgstr "" +msgstr "Ogłoszenia Regionalne" #: includes/account.php:623 includes/account.php:732 includes/account.php:1131 #: includes/account.php:1349 @@ -1789,7 +1791,7 @@ msgstr "" #: www/account/12.php:72 www/account/18.php:78 www/account/22.php:74 #: www/account/5.php:78 msgid "Revoke/Delete" -msgstr "Przedłuż/Usuń" +msgstr "Cofnij/Usuń" #: www/account/12.php:24 www/account/12.php:54 www/account/18.php:24 #: www/account/18.php:54 www/account/22.php:24 www/account/22.php:54 @@ -1908,7 +1910,7 @@ msgstr "Wyślij" #: www/account/40.php:40 www/index/11.php:40 msgid "Sensitive Information" -msgstr "" +msgstr "Ważne Informacje" #: includes/account_stuff.php:161 msgid "Server Certificates" @@ -2239,7 +2241,7 @@ msgstr "Suma Punktów Wydanych" #: www/account/24.php:29 www/account/27.php:32 msgid "Town/Suburb" -msgstr "" +msgstr "Miasto/Przedmieścia" #: includes/general_stuff.php:76 msgid "Translations" @@ -2251,7 +2253,7 @@ msgstr "Skarbnik" #: includes/account_stuff.php:205 includes/general.php:23 www/wot/4.php:15 msgid "Trusted Third Parties" -msgstr "" +msgstr "Zaufane Osoby Trzecie (TTP)" #: www/help/2.php:60 msgid "U.K. e-mail snooping bill passed" @@ -2259,7 +2261,7 @@ msgstr "" #: www/help/2.php:21 msgid "UK Government has done this since the year 2000" -msgstr "" +msgstr "Rząd brytyjski zrobił to przed rokiem 2000" #: www/index.php:126 msgid "Unable to match your details with any user accounts on file" diff --git a/locale/sv.po b/locale/sv.po index 42b1437..35bf085 100644 --- a/locale/sv.po +++ b/locale/sv.po @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: de\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2005-01-09 08:25:26+0000\n" -"PO-Revision-Date: 2005-11-24 01:31:09+0000\n" +"PO-Revision-Date: 2005-12-24 20:02:07+0000\n" "Last-Translator: Someone \n" "Language-Team: \n" "MIME-Version: 1.0\n" @@ -61,11 +61,11 @@ msgstr "... klicka sedan på 'Nästa'." #: www/wot/3.php:42 msgid "A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable." -msgstr "En CAcert-notarie som medvetet eller genom okunskap bekräftar en identitet, i konflikt med det här regelverket, kan hållas ansvarsskyldig." +msgstr "En CAcert-notarie som medvetet, eller genom okunskap, bekräftar en identitet i konflikt med detta regelverk, kan hållas ansvarig." #: www/wot/4.php:17 msgid "A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers." -msgstr "" +msgstr "En pålitlig tredje-part är helt enkelt en person som är officiellt betrodd att bevittna namnteckningar och identifikationshandlingar. Detta är, i Sverige, t.ex. Notarius Publicus och auktoriserade revisorer men även godkända revisorer, advokater och banktjänstemän kan användas." #: www/account/38.php:21 www/index/13.php:21 msgid "ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community." @@ -781,19 +781,19 @@ msgstr "" #: includes/account_stuff.php:191 msgid "Find Domain" -msgstr "" +msgstr "Hitta domän" #: includes/account_stuff.php:191 www/account/42.php:19 msgid "Find User" -msgstr "" +msgstr "Hitta användare" #: www/account/48.php:19 msgid "Find User by Domain" -msgstr "" +msgstr "Hitta användare via domän-namnet" #: includes/account_stuff.php:182 msgid "Find an Assurer" -msgstr "" +msgstr "Hitta en notarie" #: www/help/3.php:41 msgid "Finish up and exit IIS Certificate Wizard" @@ -1290,7 +1290,7 @@ msgstr "" #: www/account/43.php:82 msgid "Middle Name" -msgstr "" +msgstr "Andranamn" #: www/account/13.php:31 www/account/13.php:79 www/index/1.php:26 msgid "Middle Name(s)" @@ -1383,11 +1383,11 @@ msgstr "Ny administratör (admin) för %s" #: www/stats.php:71 www/stats.php:107 msgid "New Assurers" -msgstr "" +msgstr "Nya notarier" #: www/stats.php:72 www/stats.php:108 msgid "New Certificates" -msgstr "" +msgstr "Vya certifikat" #: www/account/16.php:18 www/account/3.php:27 msgid "New Client Certificate" @@ -1416,7 +1416,7 @@ msgstr "Ändra lösenord" #: www/stats.php:70 www/stats.php:106 msgid "New Users" -msgstr "" +msgstr "Nya användare" #: www/account/16.php:40 www/account/24.php:45 www/account/3.php:70 #: www/account/42.php:26 www/account/44.php:30 www/account/48.php:26 @@ -1478,7 +1478,7 @@ msgstr "Normal inloggning" #: www/account/12.php:56 www/account/18.php:56 www/account/22.php:56 #: www/account/5.php:60 msgid "Not Revoked" -msgstr "" +msgstr "Ej annulerat" #: includes/account.php:25 #, php-format @@ -1495,7 +1495,7 @@ msgstr "Ändringsmeddelande" #: www/help/3.php:12 msgid "Now 'Create a new certificate'." -msgstr "" +msgstr "... och nu, 'Skapa ett nytt certifikat'." #: includes/account.php:600 includes/account.php:711 includes/account.php:1109 #: includes/account.php:1325 @@ -1877,7 +1877,7 @@ msgstr "" #: www/help/3.php:11 msgid "Select 'Create a new certificate'" -msgstr "" +msgstr "Välj 'Skapa ett nytt certifikat'" #: www/help/3.php:55 msgid "Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section." @@ -2051,7 +2051,7 @@ msgstr "" #: www/account/0.php:28 msgid "The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons. You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu" -msgstr "" +msgstr "Systemet som CAcert:s Web of Trust använder liknar de som GPG/PGP-system använder, man träffas personligen verifierar att ID-handlingar matchar GPG/PGP-informationen. CAcert skiljer sig något för att fungera med PKI-ramverket. För att du ska kunna bli betrodd måste du först hitta en någon som redan är betrodd (CAcert-notarie). Hur många poäng notarien får utfärda beror på hur notarien blivit verifierad och / eller hur många personer notarien själv verifierat. Det antal poäng en notarie högst kan ge visas i notarieregistret. När ni träffas visar du din ID-handling och fyller i ett CAP-formulär som notarien sparar för kunna visa vid en revision. Du kan även erhålla trust-poäng via TTP (Trust Third Party - pålitlig tredje part)-systemet, där t.ex. Notarius Publicus, revisorer eller banktjänstemän kan verifiera din identitet. Mer information om TTP-systemet finns under TTP-menyn." #: www/index/0.php:103 msgid "The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust." @@ -2304,7 +2304,7 @@ msgstr "Giltig" #: www/stats.php:43 msgid "Valid Certificates" -msgstr "" +msgstr "Giltiga certifikat" #: www/index/0.php:55 www/index/0.php:65 www/index/0.php:75 www/index/0.php:85 #: www/index/0.php:95 www/index/0.php:105 www/index/0.php:115 @@ -2317,15 +2317,15 @@ msgstr "Verifierad" #: www/stats.php:20 www/account/43.php:175 msgid "Verified Domains" -msgstr "" +msgstr "Verifierade domän-namn" #: www/stats.php:16 msgid "Verified Emails" -msgstr "" +msgstr "Verifierade e-postadresser" #: www/stats.php:12 msgid "Verified Users" -msgstr "" +msgstr "Verifierade användare" #: www/index/8.php:3 msgid "Vice President" @@ -2417,7 +2417,7 @@ msgstr "Vem" #: www/index/51.php:19 msgid "Who?" -msgstr "" +msgstr "Vem?" #: www/help/2.php:3 www/help/2.php:19 msgid "Why digitally sign your own emails?! (weirdo..)" @@ -2469,11 +2469,11 @@ msgstr "Du kommer nu att installera ett certifikat. Om du använde #: www/wot.php:54 msgid "You are never allowed to Assure yourself!" -msgstr "" +msgstr "Du får inte verifiera dig själv!" #: www/wot.php:68 msgid "You are only allowed to Assure someone once!" -msgstr "" +msgstr "Du kan endast verifiera en och samma person en gång!" #: www/help/2.php:45 msgid "You are putting your trust in people you don't know!" @@ -2486,16 +2486,16 @@ msgstr "" #: www/wot.php:230 #, php-format msgid "You are receiving this email because you have assured %s %s (%s)." -msgstr "" +msgstr "Du får detta e-postmeddelande eftersom du har verifierat %s %s (%s)." #: www/wot.php:206 #, php-format msgid "You are receiving this email because you have been assured by %s %s (%s)." -msgstr "" +msgstr "Du får detta e-postmeddelande eftersom du har verifierats av %s %s (%s)." #: includes/general_stuff.php:112 includes/tverify_stuff.php:78 msgid "Further Information" -msgstr "" +msgstr "Ytterligare information" #: www/index/7.php:26 msgid "Has been involved in translating this website into Portuguese" @@ -2520,7 +2520,7 @@ msgstr "" #: www/wot/4.php:19 msgid "You can become a CAcert Assurer by seeking out trusted 3rd parties. You will also need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:" -msgstr "" +msgstr "Du kan bli CAcert-notarie genom att använda två pålitliga tredje-parter. Du behöver ladda ner och skriva ut två exemplar av TTP.pdf och fylla i dina delar. Du behöver även kopiera din legitimationshandling (ID). När de båda tredje-parterna konstaterat att din legitimation är äkta och giltig så signerar de baksidan av ID-kopian och fyller i sina delar av TTP-dokumentet. När du har fått din identitet verifierad av två olika personer, stoppa de signerade ID-kopiorna och TTP-dokumenten i ett kuvert och skicka till:" #: www/index/0.php:53 msgid "You can send digitally signed/encrypted emails; others can send encrypted emails to you." @@ -2553,7 +2553,7 @@ msgstr "Den hemliga frasen du angav är felaktig." #: www/wot.php:109 msgid "You failed to enter a location of your meeting." -msgstr "" +msgstr "Du har inte angett plats för ert möte." #: www/index.php:97 msgid "You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified." @@ -2561,7 +2561,7 @@ msgstr "" #: www/gpg.php:24 msgid "You failed to paste a valid GPG/PGP key." -msgstr "" +msgstr "Du lyckades inte klistra in en giltig GPG/PGP-nyckel." #: www/index/0.php:113 msgid "You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board." @@ -2602,7 +2602,7 @@ msgstr "Du mÃ¥ste fÃ¥ förevisat Ã¥ #: www/wot.php:216 msgid "You now have over 100 points and can start assuring others." -msgstr "" +msgstr "Du har nu över 100 poäng och kan börja verifiera andra användare." #: www/wot.php:211 msgid "You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years." @@ -2655,7 +2655,7 @@ msgstr "" #: www/wot.php:237 msgid "You've Assured Another Member." -msgstr "" +msgstr "Du har verifierat ytterligare en medlem." #: www/verify.php:77 msgid "You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system" @@ -2663,7 +2663,7 @@ msgstr "Du har försökt verifiera samma domÃ&cur #: www/wot.php:225 msgid "You've been Assured." -msgstr "" +msgstr "Du har blivit verifierad." #: www/account/43.php:190 www/wot/10.php:19 msgid "Your Assurance Points" @@ -2847,7 +2847,7 @@ msgstr "" #: includes/account_stuff.php:153 includes/general_stuff.php:48 #: includes/tverify_stuff.php:34 msgid "Free digital certificates!" -msgstr "" +msgstr "Gratis digitala certifikat!" #: www/wot.php:240 #, php-format @@ -2866,7 +2866,7 @@ msgstr "" #: www/wot.php:49 msgid "A reminder notice has been sent." -msgstr "" +msgstr "En påminnelse har skickats." #: includes/account_stuff.php:214 www/disputes/0.php:19 msgid "Abuses" @@ -2930,11 +2930,11 @@ msgstr "" #: www/disputes/2.php:20 msgid "Dispute Domain" -msgstr "" +msgstr "Tvistanmäl domän" #: www/disputes.php:286 www/disputes.php:420 msgid "Dispute Probe" -msgstr "" +msgstr "Förfrågan i tvistärende" #: www/disputes/0.php:17 msgid "Disputes" @@ -2955,11 +2955,11 @@ msgstr "" #: www/disputes.php:377 www/disputes.php:422 www/disputes/2.php:15 #: www/disputes/6.php:15 www/disputes/6.php:20 msgid "Domain Dispute" -msgstr "" +msgstr "Domäntvist" #: www/disputes.php:399 msgid "Domain Dispute!" -msgstr "" +msgstr "Domäntvist!" #: www/disputes.php:428 msgid "Domain and Email Disputes" @@ -2980,7 +2980,7 @@ msgstr "" #: www/disputes.php:268 www/disputes.php:288 www/disputes/1.php:15 #: www/disputes/4.php:15 www/disputes/4.php:20 msgid "Email Dispute" -msgstr "" +msgstr "E-post-tvist" #: www/disputes/1.php:27 www/disputes/2.php:28 msgid "File Dispute" @@ -3049,7 +3049,7 @@ msgstr "" #: www/disputes.php:91 www/disputes.php:115 www/disputes.php:182 #: www/disputes.php:206 msgid "Invalid request. Can't continue." -msgstr "" +msgstr "Ogiltig förfrågan Kan inte fortsätta." #: includes/tverify_stuff.php:39 msgid "Main Website" @@ -3142,7 +3142,7 @@ msgstr "" #: www/disputes.php:310 #, php-format msgid "The domain '%s' already exists in the dispute system. Can't continue." -msgstr "" +msgstr "Domänen '%s' finns redan i tvist-systemet. Kan inte fortsätta." #: www/gpg/3.php:28 msgid "Below is your PGP/GPG Certificate" @@ -3165,7 +3165,7 @@ msgstr "" #: www/disputes.php:236 #, php-format msgid "The email address '%s' already exists in the dispute system. Can't continue." -msgstr "" +msgstr "E-postadressen '%s' finns redan i tvist-systemet. Kan inte fortsätta." #: www/wot/9.php:48 #, php-format @@ -3235,7 +3235,7 @@ msgstr "" #: www/disputes/4.php:32 www/disputes/5.php:29 www/disputes/6.php:32 msgid "Update Dispute" -msgstr "" +msgstr "Uppdatera tvistärende" #: www/wot/2.php:26 msgid "Upon receiving your documents you will be notified, and points will be added to your account." @@ -3259,7 +3259,7 @@ msgstr "" #: www/disputes.php:257 www/disputes.php:329 msgid "You aren't allowed to dispute your own email addresses. Can't continue." -msgstr "" +msgstr "Du kan inte tvistanmäla din egen e-postadress. Kan inte fortsätta." #: www/wot/2.php:19 msgid "You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:" diff --git a/pages/account/17.php b/pages/account/17.php index c844035..fd09bd1 100644 --- a/pages/account/17.php +++ b/pages/account/17.php @@ -22,6 +22,7 @@ +

0 && $_REQUEST['action'] == "move") { $locid = intval($_REQUEST['locid']); $query = "select * from `locations` where `id`='$locid'"; @@ -134,7 +179,7 @@ : +

", "");?>

diff --git a/pages/index/8.php b/pages/index/8.php index eff41b9..2332069 100644 --- a/pages/index/8.php +++ b/pages/index/8.php @@ -2,7 +2,7 @@

Duane Groth -
Mark Lipscombe -
Tina Kubota -
-N/A -
+Robert Cruikshank -
Ryan Verner -
Matthew Asham -
Calum Morrell -

diff --git a/pages/wot/12.php b/pages/wot/12.php index 631311d..8867d81 100644 --- a/pages/wot/12.php +++ b/pages/wot/12.php @@ -75,8 +75,8 @@ document.f.location.focus(); $locid = intval($_REQUEST['location']); $query = "select * from `locations` where `id`='$locid'"; $loc = mysql_fetch_assoc(mysql_query($query)); - $query = "SELECT (6378.137 * ACOS((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) * - COS(PI() * `locations`.`lat` / 180) * COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))) AS `distance`, + $query = "SELECT ROUND(6378.137 * ACOS((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) * + COS(PI() * `locations`.`lat` / 180) * COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180))), -1) AS `distance`, `locations`.`name` AS `location`, concat(`users`.`fname`, ' ', LEFT(`users`.`lname`, 1)) AS `name`, `long`, `lat`, `users`.`id` as `uid`, `contactinfo` FROM `locations`, `users`, `notary` WHERE `users`.`locid` = `locations`.`id` AND `users`.`id` = `notary`.`to` AND `users`.`listme` = 1 GROUP BY `notary`.`to` @@ -92,7 +92,6 @@ document.f.location.focus(); 35) $points = 35; diff --git a/pages/wot/13.php b/pages/wot/13.php index 1128254..d27a262 100644 --- a/pages/wot/13.php +++ b/pages/wot/13.php @@ -41,7 +41,18 @@ } else { echo "

"._("I was unable to match your location with places in my database.")."

\n"; } -} ?> +} + + $query = "select `name` from `locations` where `id`='".$_SESSION['profile']['locid']."'"; + $res = mysql_query($query); + $loc = mysql_fetch_assoc($res); + $query = "select `name` from `regions` where `id`='".$_SESSION['profile']['regid']."'"; + $res = mysql_query($query); + $reg = mysql_fetch_assoc($res); + $query = "select `name` from `countries` where `id`='".$_SESSION['profile']['ccid']."'"; + $res = mysql_query($query); + $cc = mysql_fetch_assoc($res); +?> -

Please enter your town or suburb name, followed by region or state or province and then the country (please separate by commas)
-eg Sydney, New South Wales, Australia

-

This is an AJAX form which depends heavily on javascript for auto-complete functionality and while it will work without javascript the usability will be heavily degraded.

+


+

+

+

diff --git a/pages/wot/9.php b/pages/wot/9.php index 2a452d2..391f10a 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -13,10 +13,10 @@ PARTICULAR PURPOSE. See the License for more details. */ ?>
ERROR:
@@ -60,6 +61,8 @@
">
+ +

[ Go Back ]

diff --git a/scripts/rungpg.c b/scripts/rungpg.c new file mode 100644 index 0000000..6b2caad --- /dev/null +++ b/scripts/rungpg.c @@ -0,0 +1,13 @@ +#include + +int main(int argc, char *argv[]) +{ + char *args[1]; + + args[0] = NULL; + + setuid(0); + setgid(0); + + execv("../scripts/gpgcerts.php", args); +} diff --git a/scripts/servercerts.php b/scripts/servercerts.php index 6e85fed..32f982c 100755 --- a/scripts/servercerts.php +++ b/scripts/servercerts.php @@ -72,7 +72,7 @@ if($bit['0'] == "subjectAltName") { if($SAN != "") - $SAN .= ", "; + $SAN .= ","; $SAN .= trim($bit['1']); } else { $newsubject .= "/".$val; @@ -90,7 +90,7 @@ $do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'" >> /tmp/openssl.tmp`; $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' 2>&1`; - unlink($tmpname); +// unlink($tmpname); $dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'")); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'")); if(filesize($row['crt_name']) > 0 && intval($user['id']) > 0) @@ -182,8 +182,8 @@ if($SAN != "") $SAN .= ", "; $SAN .= trim($bit['1']); - } else { - $newsubject .= "/".$val; + } else if($bit['0'] != "") { + $newsubject .= "/$val"; } } if($SAN != "") @@ -192,13 +192,13 @@ $newsubject = str_replace("//", "/", $newsubject); if($row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-server.cnf"; + $opensslcnf = "/etc/ssl/class3-server-org.cnf"; else - $opensslcnf = "/etc/ssl/openssl-server.cnf"; + $opensslcnf = "/etc/ssl/openssl-server-org.cnf"; $do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'" >> /tmp/openssl.tmp`; $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' > /dev/null 2>&1`; - unlink($tmpname); +// unlink($tmpname); if(filesize($row['crt_name']) > 0) { $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); @@ -235,9 +235,9 @@ while($row = mysql_fetch_assoc($res)) { if($row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-server.cnf"; + $opensslcnf = "/etc/ssl/class3-server-org.cnf"; else - $opensslcnf = "/etc/ssl/openssl-server.cnf"; + $opensslcnf = "/etc/ssl/openssl-server-org.cnf"; $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`; $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`; diff --git a/tverify/index.php b/tverify/index.php index 7a2dfaa..69109aa 100644 --- a/tverify/index.php +++ b/tverify/index.php @@ -62,8 +62,7 @@ $max = 50; if($URL != "") - if(substr($URL, 0, strlen("https://www.thawte.com/cgi/personal/wot/directory.exe?node=")) != - "https://www.thawte.com/cgi/personal/wot/directory.exe?node=") + if(!preg_match("/^https:\/\/www\.thawte\.com\/cgi\/personal\/wot\/directory\.exe\?(.*?&)?node=\d+(&.*)?$/",$URL)) { showheader(_("Thawte Points Transfer")); echo _("You failed to enter a valid Thawte Notary URL."); @@ -83,7 +82,8 @@ if($id == 1) { - $query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')"; + $query = "select * from `users`,`email` where `email`.`memid`='$memid' and `email`.`email`='$email' and `users`.`id`=`email`.`memid` and + (`password`=old_password('$password') or `password`=sha1('$password') or `password`=password('$password'))"; if(mysql_num_rows(mysql_query($query)) <= 0) { $_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system."); diff --git a/www/api/ccsr.php b/www/api/ccsr.php index 6bbbfbe..d4c5b46 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -2,7 +2,7 @@ $username = mysql_escape_string($_REQUEST['username']); $password = mysql_escape_string($_REQUEST['password']); - $query = "select * from `users` where `email`='$username' and `password`=password('$password')"; + $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; $res = mysql_query($query); if(mysql_num_rows($res) != 1) die("403,That username couldn't be found\n"); diff --git a/www/api/cemails.php b/www/api/cemails.php index 6ee2662..039ceb5 100644 --- a/www/api/cemails.php +++ b/www/api/cemails.php @@ -2,7 +2,7 @@ $username = mysql_escape_string($_REQUEST['username']); $password = mysql_escape_string($_REQUEST['password']); - $query = "select * from `users` where `email`='$username' and `password`=password('$password')"; + $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; $res = mysql_query($query); if(mysql_num_rows($res) != 1) die("403,That username couldn't be found\n"); diff --git a/www/gpg.php b/www/gpg.php index 6db3f0e..c62af26 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -15,6 +15,12 @@ $val) + $key = $val; + + $id = intval($_REQUEST['id']); + $oldid = $_REQUEST['oldid'] = intval($_REQUEST['oldid']); + if($_SESSION['profile']['points'] < 50) { header("location: /account.php"); @@ -25,7 +31,7 @@ if($oldid == "0") { - if($_POST['process'] != _("Submit") || $_POST['CSR'] == "") + if($_POST['process'] == _("Submit") && $_POST['CSR'] == "") { $_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key."); $id = $oldid; @@ -33,7 +39,7 @@ } } - if($oldid == "0") + if($oldid == "0" && $_POST['CSR'] != "") { $gpgkey = $_POST['CSR']; $gpg = `echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`; @@ -133,7 +139,7 @@ } } - if($oldid == "0") + if($oldid == "0" && $_POST['CSR'] != "") { $query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."', `email`='".$emailaddies['0']."', diff --git a/www/index.php b/www/index.php index 1ed2d7f..e3ea42b 100644 --- a/www/index.php +++ b/www/index.php @@ -14,8 +14,11 @@ */ ?> $val) + $key = $val; + + $id = intval($_REQUEST['id']); + $_REQUEST['oldid'] = intval($_REQUEST['oldid']); if($id == 17 || $id == 20) { @@ -27,18 +30,18 @@ $_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST']; - if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1) + if(($_REQUEST['oldid'] == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1) { - unset($oldid); + unset($_REQUEST['oldid']); $id = 5; } - if($oldid == 6 && $process != "") + if($_REQUEST['oldid'] == 6 && $_REQUEST['process'] != "") { $answers = 0; $qs = array(); - $id = $oldid; - unset($oldid); + $id = $_REQUEST['oldid']; + unset($_REQUEST['oldid']); if($Q1) { $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes($A1))); @@ -80,8 +83,8 @@ $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes($_SESSION['lostpw']['A5'])."\n"; } - $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($newpass1))); - $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($newpass2))); + $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass1']))); + $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass2']))); if($answers < $_SESSION['lostpw']['total'] || $answers < 1) { @@ -106,7 +109,7 @@ { $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else { - $query = "update `users` set `password`=password('".$_SESSION['lostpw']['pw1']."') + $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."') where `id`='".$_SESSION['lostpw']['user']['id']."'"; mysql_query($query) || die(mysql_error()); showheader(_("Welcome to CAcert.org")); @@ -117,9 +120,9 @@ } } - if($oldid == 5 && $process != "") + if($_REQUEST['oldid'] == 5 && $_REQUEST['process'] != "") { - $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($email))); + $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email']))); $_SESSION['lostpw']['day'] = intval($day); $_SESSION['lostpw']['month'] = intval($month); $_SESSION['lostpw']['year'] = intval($year); @@ -128,8 +131,8 @@ $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { - $id = $oldid; - unset($oldid); + $id = $_REQUEST['oldid']; + unset($_REQUEST['oldid']); $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file"); } else { $id = 6; @@ -163,20 +166,26 @@ exit; } - if($oldid == 4) + if($_REQUEST['oldid'] == 4) { - unset($oldid); + unset($_REQUEST['oldid']); $id = 4; $_SESSION['_config']['errmsg'] = ""; - $email = mysql_escape_string(stripslashes(trim($email))); - $pword = mysql_escape_string(stripslashes(trim($pword))); - $query = "select * from `users` where `email`='$email' and `password`=password('$pword') and `verified`=1 and `deleted`=0"; + $email = mysql_escape_string(stripslashes(trim($_REQUEST['email']))); + $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword']))); + $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { + $_SESSION['profile'] = ""; + unset($_SESSION['profile']); $_SESSION['profile'] = mysql_fetch_assoc($res); + $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".$_SESSION['_config']['language']."' @@ -189,7 +198,7 @@ setlocale(LC_ALL, $_SESSION['_config']['language']); $domain = 'messages'; - bindtextdomain("$domain", $_SESSION['_config'][filepath]."/locale"); + bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale"); textdomain("$domain"); } $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; @@ -214,14 +223,14 @@ $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase."); } - if($process && $oldid == 1) + if($_REQUEST['process'] && $_REQUEST['oldid'] == 1) { $id = 2; - unset($oldid); + unset($_REQUEST['oldid']); $_SESSION['_config']['errmsg'] = ""; - $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($email))); + $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email']))); $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes($fname))); $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes($mname))); $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes($lname))); @@ -299,6 +308,16 @@ $id = 1; $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."
\n"; } + + $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $domain = mysql_fetch_assoc($res); + $domain = $domain['domain']; + $id = 1; + $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."
\n"; + } } if($id == 2) @@ -318,7 +337,7 @@ fclose($rnd); $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."', - `password`=password('".$_SESSION['signup']['pword1']."'), + `password`=sha1('".$_SESSION['signup']['pword1']."'), `fname`='".$_SESSION['signup']['fname']."', `mname`='".$_SESSION['signup']['mname']."', `lname`='".$_SESSION['signup']['lname']."', @@ -361,22 +380,22 @@ } } - if($oldid == 11 && $process != "") + if($_REQUEST['oldid'] == 11 && $_REQUEST['process'] != "") { $who = stripslashes($who); - $email = stripslashes($email); + $email = stripslashes($_REQUEST['email']); $subject = stripslashes($subject); $message = stripslashes($message); if($who == "" || $email == "" || $subject == "" || $message == "") { - $id = $oldid; + $id = $_REQUEST['oldid']; $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."
\n"; - unset($oldid); + unset($_REQUEST['oldid']); } } - if($oldid == 11 && $process != "" && $_POST['support'] != "yes") + if($_REQUEST['oldid'] == 11 && $_REQUEST['process'] != "" && $_POST['support'] != "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; @@ -387,7 +406,7 @@ exit; } - if($oldid == 11 && $process != "" && $_POST['support'] == "yes") + if($_REQUEST['oldid'] == 11 && $_REQUEST['process'] != "" && $_POST['support'] == "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; diff --git a/www/src-lic.php b/www/src-lic.php index ce5180e..6dc45e6 100644 --- a/www/src-lic.php +++ b/www/src-lic.php @@ -1,7 +1,7 @@ SetFont('SJIS','',10); $this->Write(4, recode($_SESSION['_config']['recode'], _("The CAcert Trusted Third Party (TTP) Programme is designed to assure Internet user identities through personal verification of government issued identity documents."))); $this->Ln(7); - $this->Write(4, recode($_SESSION['_config']['recode'], _("The Applicant asks you to certify to CAcert that you have met with the Applicant and verified the Full Name, Date of Birth, and ID Numbers of the Applicant against two separate original trusted photo-identity documents. Once the documents have been verified against the originals and signed, the applicant must attach the copies to the signed forms and return them to CAcert Inc."))); + $this->Write(4, recode($_SESSION['_config']['recode'], _("The Applicant asks you to certify to CAcert that you have met with the Applicant and verified the Full Name, Date of Birth, and ID Numbers of the Applicant against two separate original government issued photo-identity documents. Once the documents have been verified against the originals and signed, the applicant must attach the copies to the signed forms and return them to CAcert Inc."))); $this->Ln(7); $this->Write(4, recode($_SESSION['_config']['recode'], _("Please complete and sign this form, and sign the photocopies of the IDs, to acknowledge that").":")); $this->Ln(7); diff --git a/www/wot.php b/www/wot.php index d501c3d..3fec4dc 100644 --- a/www/wot.php +++ b/www/wot.php @@ -378,15 +378,22 @@ if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0) { - $body = $_POST['message']; - $subject = $_POST['subject']; - sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'], - $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); - showheader(_("My CAcert.org Account!")); - echo "

"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".

"; - echo "

[ Go Back ]

\n"; - showfooter(); - exit; + if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid']) + { + unset($oldid); + $id = 9; + $error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."); + } else { + $body = $_POST['message']; + $subject = $_POST['subject']; + sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'], + $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); + showheader(_("My CAcert.org Account!")); + echo "

"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".

"; + echo "

[ Go Back ]

\n"; + showfooter(); + exit; + } } elseif($oldid == 9) { unset($oldid); $error = _("There was an error and I couldn't proceed");