cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 2 Projects Releases Wiki Activity

stamp updates

Browse Source
pull/1/head
root 18 years ago
parent ac5d02a307
commit 26aff1b003
4 changed files with 41 additions and 98 deletions
Show Stats Download Patch File Download Diff File

2
stamp/.htaccess
Unescape Escape View File

@ -1,4 +1,4 @@
php_value auto_prepend_file /www/includes/general.php
php_value auto_prepend_file /www/stamp/common.php
php_value output_buffering 1
errordocument 404 /error404.php
errordocument 403 /error403.php

73
stamp/certdet.php
Unescape Escape View File

@ -11,61 +11,18 @@
$arr = explode("/", $arr['1'], 2);
$siteref = $arr['0'];
if($siteref != "")
$siterefer = $_SERVER['HTTP_REFERER'];
else
$siterefer = $_REQUEST['refer'];
if($ref == "" || ($ref != $siteref && $siteref != ""))
{
if($siteref != "")
$siterefer = $_SERVER['HTTP_REFERER'];
else
$siterefer = $_REQUEST['refer'];
$invalid = 2;
} else {
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
{
if($ref2 != "")
$ref2 .= ".";
$ref2 .= $bits[$i];
}
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$invalid = 1;
} else {
$org = 1;
}
}
}
}
if($invalid == 0)
{
$cert = mysql_fetch_assoc($res);
if($org == 0)
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
$user = mysql_fetch_assoc(mysql_query($query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
$orgi = mysql_fetch_assoc(mysql_query($query));
}
if($_SESSION['_stamp']['ref'] == "")
$_SESSION['_stamp']['ref'] = $siterefer;
list($invalid, $info) = checkhostname($ref);
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -97,16 +54,16 @@ google_ad_channel = "";
<? if($invalid == 0) { ?>
<p>
Status: Valid<br />
Valid From: <?=$cert['issued']?> GMT<br />
Valid To: <?=$cert['expire']?> GMT<br />
Subject: <a href="#" title="<?=$cert['subject']?>" onClick="return false;"><?=substr($cert['subject'],0,80)?></a><br />
Organisation: <? if($org == 0) { ?>N/A<? } else { echo $orgi['O'].", ".$orgi['L']." ".$orgi['ST']." ".$orgi['C']; } ?><br />
Verification: <? if($user['total'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; }
else if($org == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p>
Valid From: <?=$info['issued']?> GMT<br />
Valid To: <?=$info['expire']?> GMT<br />
Subject: <a href="#" title="<?=$info['subject']?>" onClick="return false;"><?=substr($info['subject'],0,80)?></a><br />
Organisation: <? if($info['org'] == 0) { ?>N/A<? } else { echo $info['O'].", ".$info['L']." ".$info['ST']." ".$info['C']; } ?><br />
Verification: <? if($info['points'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; }
else if($info['org'] == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p>
<? } else { ?>
<p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p>
<? } ?>
<p><a href="report.php?refer=<?=$siterefer?>">Problem with this site? Please report it</a></p>
<p><a href="report.php">Problem with this site? Please report it</a></p>
</div>
</div>
</body>

40
stamp/displogo.php
Unescape Escape View File

@ -21,39 +21,15 @@
exit;
}
$query = "select * from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
list($invalid, $info) = checkhostname($ref);
if($invalid > 0)
{
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
{
if($ref2 != "")
$ref2 .= ".";
$ref2 .= $bits[$i];
}
$query = "select * from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$query = "select * from `orgdomaincerts`,`orgdomlink`,`orgdomains` where `orgdomaincerts`.`revoked`=0 and
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$tc = imagecolorallocate ($im, 255, 0, 0);
imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
imagestring ($im, 2, 1, 45, "Click to Report", $tc);
imagepng($im);
exit;
}
}
$tc = imagecolorallocate ($im, 255, 0, 0);
imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
imagestring ($im, 2, 1, 45, "Click to Report", $tc);
imagepng($im);
exit;
}
$tz = intval($_REQUEST['tz']);

24
stamp/report.php
Unescape Escape View File

@ -1,20 +1,27 @@
<?
function clean($key)
{
return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key]))));
}
$arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
$arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2);
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
$refer = clean('refer');
$refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref'])));
$name = clean('name');
$email = clean('email');
$comment = clean('comment');
$reason = clean('reason');
$process = clean('process');
if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == ""))
{
$errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help.";
$process = "";
}
if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == ""))
{
$errmsg = "You must supply your name, a valid email address and comment.";
$process = "";
}
if($process != "")
{
$checkemail = checkEmail($email);
@ -23,6 +30,8 @@
$errmsg = $checkemail;
$process = "";
}
} else {
$_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref);
}
if($process != "")
@ -85,6 +94,7 @@ google_ad_channel = "";
</select><br />
<label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br />
<label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br />
<input type="hidden" name="pagehash" value="<?=$pagehash?>">
</form>
<? } else { ?>
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>

Write Preview
Loading…
Cancel
Save