cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

stamp updates

Browse source
This commit is contained in:
root 2006-11-29 11:08:20 +00:00
parent ac5d02a307
commit 26aff1b003
4 changed files with 41 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
stamp/.htaccess
View file

@ -1,4 +1,4 @@
php_value auto_prepend_file /www/includes/general.php php_value auto_prepend_file /www/stamp/common.php
php_value output_buffering 1 php_value output_buffering 1
errordocument 404 /error404.php errordocument 404 /error404.php
errordocument 403 /error403.php errordocument 403 /error403.php

73
stamp/certdet.php
View file

@ -11,61 +11,18 @@
$arr = explode("/", $arr['1'], 2); $arr = explode("/", $arr['1'], 2);
$siteref = $arr['0']; $siteref = $arr['0'];
if($siteref != "")
$siterefer = $_SERVER['HTTP_REFERER'];
else
$siterefer = $_REQUEST['refer'];
if($ref == "" || ($ref != $siteref && $siteref != "")) if($ref == "" || ($ref != $siteref && $siteref != ""))
{ {
if($siteref != "")
$siterefer = $_SERVER['HTTP_REFERER'];
else
$siterefer = $_REQUEST['refer'];
$invalid = 2; $invalid = 2;
} else { } else {
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts` if($_SESSION['_stamp']['ref'] == "")
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and $_SESSION['_stamp']['ref'] = $siterefer;
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`"; list($invalid, $info) = checkhostname($ref);
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
{
if($ref2 != "")
$ref2 .= ".";
$ref2 .= $bits[$i];
}
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$invalid = 1;
} else {
$org = 1;
}
}
}
}
if($invalid == 0)
{
$cert = mysql_fetch_assoc($res);
if($org == 0)
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
$user = mysql_fetch_assoc(mysql_query($query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
$orgi = mysql_fetch_assoc(mysql_query($query));
}
} }
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <html>
@ -97,16 +54,16 @@ google_ad_channel = "";
<? if($invalid == 0) { ?> <? if($invalid == 0) { ?>
<p> <p>
Status: Valid<br /> Status: Valid<br />
Valid From: <?=$cert['issued']?> GMT<br /> Valid From: <?=$info['issued']?> GMT<br />
Valid To: <?=$cert['expire']?> GMT<br /> Valid To: <?=$info['expire']?> GMT<br />
Subject: <a href="#" title="<?=$cert['subject']?>" onClick="return false;"><?=substr($cert['subject'],0,80)?></a><br /> Subject: <a href="#" title="<?=$info['subject']?>" onClick="return false;"><?=substr($info['subject'],0,80)?></a><br />
Organisation: <? if($org == 0) { ?>N/A<? } else { echo $orgi['O'].", ".$orgi['L']." ".$orgi['ST']." ".$orgi['C']; } ?><br /> Organisation: <? if($info['org'] == 0) { ?>N/A<? } else { echo $info['O'].", ".$info['L']." ".$info['ST']." ".$info['C']; } ?><br />
Verification: <? if($user['total'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; } Verification: <? if($info['points'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; }
else if($org == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p> else if($info['org'] == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p>
<? } else { ?> <? } else { ?>
<p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p> <p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p>
<? } ?> <? } ?>
<p><a href="report.php?refer=<?=$siterefer?>">Problem with this site? Please report it</a></p> <p><a href="report.php">Problem with this site? Please report it</a></p>
</div> </div>
</div> </div>
</body> </body>

40
stamp/displogo.php
View file

@ -21,39 +21,15 @@
exit; exit;
} }
$query = "select * from `domlink`,`domains`,`domaincerts` list($invalid, $info) = checkhostname($ref);
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`"; if($invalid > 0)
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{ {
$bits = explode(".", $ref); $tc = imagecolorallocate ($im, 255, 0, 0);
for($i = 1; $i < count($bits); $i++) imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
{ imagestring ($im, 2, 1, 45, "Click to Report", $tc);
if($ref2 != "") imagepng($im);
$ref2 .= "."; exit;
$ref2 .= $bits[$i];
}
$query = "select * from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$query = "select * from `orgdomaincerts`,`orgdomlink`,`orgdomains` where `orgdomaincerts`.`revoked`=0 and
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$tc = imagecolorallocate ($im, 255, 0, 0);
imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
imagestring ($im, 2, 1, 45, "Click to Report", $tc);
imagepng($im);
exit;
}
}
} }
$tz = intval($_REQUEST['tz']); $tz = intval($_REQUEST['tz']);

24
stamp/report.php
View file

@ -1,20 +1,27 @@
<? <?
function clean($key) $arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2);
{
return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key]))));
}
$arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
$arr = explode("/", $arr['1'], 2); $arr = explode("/", $arr['1'], 2);
$ref = $arr['0']; $ref = $arr['0'];
$refer = clean('refer'); $refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref'])));
$name = clean('name'); $name = clean('name');
$email = clean('email'); $email = clean('email');
$comment = clean('comment'); $comment = clean('comment');
$reason = clean('reason'); $reason = clean('reason');
$process = clean('process'); $process = clean('process');
if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == ""))
{
$errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help.";
$process = "";
}
if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == ""))
{
$errmsg = "You must supply your name, a valid email address and comment.";
$process = "";
}
if($process != "") if($process != "")
{ {
$checkemail = checkEmail($email); $checkemail = checkEmail($email);
@ -23,6 +30,8 @@
$errmsg = $checkemail; $errmsg = $checkemail;
$process = ""; $process = "";
} }
} else {
$_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref);
} }
if($process != "") if($process != "")
@ -85,6 +94,7 @@ google_ad_channel = "";
</select><br /> </select><br />
<label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br /> <label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br />
<label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br /> <label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br />
<input type="hidden" name="pagehash" value="<?=$pagehash?>">
</form> </form>
<? } else { ?> <? } else { ?>
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p> <p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>