From 26aff1b00379ac16ffba2d659d6f7cd6590f0baa Mon Sep 17 00:00:00 2001
From: root
Status: Valid
- Valid From: =$cert['issued']?> GMT
- Valid To: =$cert['expire']?> GMT
- Subject: =substr($cert['subject'],0,80)?>
- Organisation: if($org == 0) { ?>N/A } else { echo $orgi['O'].", ".$orgi['L']." ".$orgi['ST']." ".$orgi['C']; } ?>
- Verification: if($user['total'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; }
- else if($org == 1) { ?>This organisation was assured at the time the certificate was issued. } ?>
+ Valid To: =$info['expire']?> GMT
+ Subject: =substr($info['subject'],0,80)?>
+ Organisation: if($info['org'] == 0) { ?>N/A } else { echo $info['O'].", ".$info['L']." ".$info['ST']." ".$info['C']; } ?>
+ Verification: if($info['points'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; }
+ else if($info['org'] == 1) { ?>This organisation was assured at the time the certificate was issued. } ?>
This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.
} ?> -Problem with this site? Please report it
+Problem with this site? Please report it
diff --git a/stamp/displogo.php b/stamp/displogo.php index 4045d63..8578186 100644 --- a/stamp/displogo.php +++ b/stamp/displogo.php @@ -21,39 +21,15 @@ exit; } - $query = "select * from `domlink`,`domains`,`domaincerts` - where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and - `domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) + list($invalid, $info) = checkhostname($ref); + + if($invalid > 0) { - $bits = explode(".", $ref); - for($i = 1; $i < count($bits); $i++) - { - if($ref2 != "") - $ref2 .= "."; - $ref2 .= $bits[$i]; - } - $query = "select * from `domlink`,`domains`,`domaincerts` - where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and - (`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%') - order by `domaincerts`.`id`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - $query = "select * from `orgdomaincerts`,`orgdomlink`,`orgdomains` where `orgdomaincerts`.`revoked`=0 and - (`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and - `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id`"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - $tc = imagecolorallocate ($im, 255, 0, 0); - imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc); - imagestring ($im, 2, 1, 45, "Click to Report", $tc); - imagepng($im); - exit; - } - } + $tc = imagecolorallocate ($im, 255, 0, 0); + imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc); + imagestring ($im, 2, 1, 45, "Click to Report", $tc); + imagepng($im); + exit; } $tz = intval($_REQUEST['tz']); diff --git a/stamp/report.php b/stamp/report.php index 58ca22c..359a482 100644 --- a/stamp/report.php +++ b/stamp/report.php @@ -1,20 +1,27 @@ - function clean($key) - { - return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key])))); - } - - $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2); + $arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2); $arr = explode("/", $arr['1'], 2); $ref = $arr['0']; - $refer = clean('refer'); + $refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref']))); $name = clean('name'); $email = clean('email'); $comment = clean('comment'); $reason = clean('reason'); $process = clean('process'); + if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == "")) + { + $errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help."; + $process = ""; + } + + if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == "")) + { + $errmsg = "You must supply your name, a valid email address and comment."; + $process = ""; + } + if($process != "") { $checkemail = checkEmail($email); @@ -23,6 +30,8 @@ $errmsg = $checkemail; $process = ""; } + } else { + $_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref); } if($process != "") @@ -85,6 +94,7 @@ google_ad_channel = "";We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.