From 26aff1b00379ac16ffba2d659d6f7cd6590f0baa Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Wed, 29 Nov 2006 11:08:20 +0000
Subject: [PATCH] stamp updates

---
 stamp/.htaccess    |  2 +-
 stamp/certdet.php  | 73 ++++++++++------------------------------------
 stamp/displogo.php | 40 +++++--------------------
 stamp/report.php   | 24 ++++++++++-----
 4 files changed, 41 insertions(+), 98 deletions(-)

diff --git a/stamp/.htaccess b/stamp/.htaccess
index bb5fe0e..3ad2abb 100644
--- a/stamp/.htaccess
+++ b/stamp/.htaccess
@@ -1,4 +1,4 @@
-php_value auto_prepend_file /www/includes/general.php
+php_value auto_prepend_file /www/stamp/common.php
 php_value output_buffering 1
 errordocument 404 /error404.php
 errordocument 403 /error403.php
diff --git a/stamp/certdet.php b/stamp/certdet.php
index fd74812..b664d2a 100644
--- a/stamp/certdet.php
+++ b/stamp/certdet.php
@@ -11,61 +11,18 @@
         $arr = explode("/", $arr['1'], 2);
         $siteref = $arr['0'];
 
+	if($siteref != "")
+		$siterefer = $_SERVER['HTTP_REFERER'];
+	else
+		$siterefer = $_REQUEST['refer'];
+
         if($ref == "" || ($ref != $siteref && $siteref != ""))
         {
-		if($siteref != "")
-			$siterefer = $_SERVER['HTTP_REFERER'];
-		else
-			$siterefer = $_REQUEST['refer'];
 		$invalid = 2;
         } else {
-		$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
-				where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
-				`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
-		$res = mysql_query($query);
-		if(mysql_num_rows($res) <= 0)
-		{
-			$bits = explode(".", $ref);
-			for($i = 1; $i < count($bits); $i++)
-			{
-				if($ref2 != "")
-					$ref2 .= ".";
-				$ref2 .= $bits[$i];
-			}
-			$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
-					where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
-					(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
-					order by `domaincerts`.`id`";
-			$res = mysql_query($query);
-			if(mysql_num_rows($res) <= 0)
-			{
-				$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
-						(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
-						`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
-						`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
-				$res = mysql_query($query);
-				if(mysql_num_rows($res) <= 0)
-				{
-					$invalid = 1;
-				} else {
-					$org = 1;
-				}
-			}
-		}
-	}
-
-	if($invalid == 0)
-	{
-		$cert = mysql_fetch_assoc($res);
-		if($org == 0)
-		{
-			$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
-					`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
-			$user = mysql_fetch_assoc(mysql_query($query));
-		} else {
-			$query = "select * from `orginfo` where `id`='$cert[orgid]'";
-			$orgi = mysql_fetch_assoc(mysql_query($query));
-		}
+		if($_SESSION['_stamp']['ref'] == "")
+			$_SESSION['_stamp']['ref'] = $siterefer;
+		list($invalid, $info) = checkhostname($ref);
 	}
 ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <html>
@@ -97,16 +54,16 @@ google_ad_channel = "";
 <? if($invalid == 0) { ?>
       <p>
 	Status: Valid<br />
-	Valid From: <?=$cert['issued']?> GMT<br />
-	Valid To: <?=$cert['expire']?> GMT<br />
-	Subject: <a href="#" title="<?=$cert['subject']?>" onClick="return false;"><?=substr($cert['subject'],0,80)?></a><br />
-	Organisation: <? if($org == 0) { ?>N/A<? } else { echo $orgi['O'].", ".$orgi['L']." ".$orgi['ST']." ".$orgi['C']; } ?><br />
-	Verification: <? if($user['total'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; } 
-		else if($org == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p>
+	Valid From: <?=$info['issued']?> GMT<br />
+	Valid To: <?=$info['expire']?> GMT<br />
+	Subject: <a href="#" title="<?=$info['subject']?>" onClick="return false;"><?=substr($info['subject'],0,80)?></a><br />
+	Organisation: <? if($info['org'] == 0) { ?>N/A<? } else { echo $info['O'].", ".$info['L']." ".$info['ST']." ".$info['C']; } ?><br />
+	Verification: <? if($info['points'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; } 
+		else if($info['org'] == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p>
 <? } else { ?>
 	<p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p>
 <? } ?>
-	<p><a href="report.php?refer=<?=$siterefer?>">Problem with this site? Please report it</a></p>
+	<p><a href="report.php">Problem with this site? Please report it</a></p>
     </div>
    </div>
 </body>
diff --git a/stamp/displogo.php b/stamp/displogo.php
index 4045d63..8578186 100644
--- a/stamp/displogo.php
+++ b/stamp/displogo.php
@@ -21,39 +21,15 @@
 		exit;	
 	}
 
-	$query = "select * from `domlink`,`domains`,`domaincerts`
-			where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
-			`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
-	$res = mysql_query($query);
-	if(mysql_num_rows($res) <= 0)
+	list($invalid, $info) = checkhostname($ref);
+
+	if($invalid > 0)
 	{
-		$bits = explode(".", $ref);
-		for($i = 1; $i < count($bits); $i++)
-		{
-			if($ref2 != "")
-				$ref2 .= ".";
-			$ref2 .= $bits[$i];
-		}
-		$query = "select * from `domlink`,`domains`,`domaincerts`
-				where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
-				(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
-				order by `domaincerts`.`id`";
-		$res = mysql_query($query);
-		if(mysql_num_rows($res) <= 0)
-		{
-			$query = "select * from `orgdomaincerts`,`orgdomlink`,`orgdomains` where `orgdomaincerts`.`revoked`=0 and
-					(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
-					`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id`";
-			$res = mysql_query($query);
-			if(mysql_num_rows($res) <= 0)
-			{
-				$tc = imagecolorallocate ($im, 255, 0, 0);
-				imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
-				imagestring ($im, 2, 1, 45, "Click to Report", $tc);
-				imagepng($im);
-				exit;
-			}
-		}
+		$tc = imagecolorallocate ($im, 255, 0, 0);
+		imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
+		imagestring ($im, 2, 1, 45, "Click to Report", $tc);
+		imagepng($im);
+		exit;
 	}
 
 	$tz = intval($_REQUEST['tz']);
diff --git a/stamp/report.php b/stamp/report.php
index 58ca22c..359a482 100644
--- a/stamp/report.php
+++ b/stamp/report.php
@@ -1,20 +1,27 @@
 <?
-	function clean($key)
-	{
-		return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key]))));
-	}
-
-	$arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
+	$arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2);
 	$arr = explode("/", $arr['1'], 2);
 	$ref = $arr['0'];
 
-	$refer = clean('refer');
+	$refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref'])));
 	$name = clean('name');
 	$email = clean('email');
 	$comment = clean('comment');
 	$reason = clean('reason');
 	$process = clean('process');
 
+	if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == ""))
+	{
+		$errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help.";
+		$process = "";
+	}
+
+	if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == ""))
+	{
+		$errmsg = "You must supply your name, a valid email address and comment.";
+		$process = "";
+	}
+
 	if($process != "")
 	{
 		$checkemail = checkEmail($email);
@@ -23,6 +30,8 @@
 			$errmsg = $checkemail;
 			$process = "";
 		}
+	} else {
+		$_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref);
 	}
 
 	if($process != "")
@@ -85,6 +94,7 @@ google_ad_channel = "";
 		</select><br />
 	<label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br />
 	<label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br />
+	<input type="hidden" name="pagehash" value="<?=$pagehash?>">
       </form>
 <? } else { ?>
       <p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>