diff --git a/www/verify.php b/www/verify.php
index 42791bd..6f603e4 100644
--- a/www/verify.php
+++ b/www/verify.php
@@ -18,13 +18,26 @@
loadem("index");
- if(array_key_exists('Notify',$_REQUEST) && $_REQUEST['Notify'] != "")
- {
- echo "do something here";
+ $type = array_key_exists('type',$_REQUEST)?$_REQUEST['type']:"";
+
+ if(array_key_exists('Notify',$_REQUEST) && $_REQUEST['Notify'] != "")
+ {
+ $body = sprintf("An abuse of the CAcert Email Ping system has been reported.\n\n");
+ if($type=="email") $body .= "EmailID: ".intval($_REQUEST['emailid'])."\n";
+ if($type=="domain") $body .= "DomainID: ".intval($_REQUEST['domainid'])."\n";
+ $body .= "Hash: ".sanitizeHTML($_REQUEST['hash'])."\n\n";
+
+ $body .= "Best regards"."\n";
+ $body .= "CAcert Website";
+
+ sendmail("support@cacert.org", "[CAcert.org] Verification Abuse", $body, "support@cacert.org", "", "", "");
+
+ showheader(_("Notification"), _("Notification"));
+ echo _("Email has been sent.");
+ showfooter();
exit;
- }
+ }
- $type = array_key_exists('type',$_REQUEST)?$_REQUEST['type']:"";
if($type == "email")
{
@@ -118,18 +131,18 @@
exit;
}
$row = mysql_fetch_assoc($res);
- if($_REQUEST['Yes'] != "")
+ if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
{
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
- } else if($_REQUEST['No'] != "") {
+ } else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
header("location: /index.php");
exit;
} else {
showheader(_("Updated"), _("Updated"));
- printf(_("Are you sure you want to verify the domain %s?"), $row['name']);
+ printf(_("Are you sure you want to verify the domain %s?"), $row['domain']);
echo "
\n