diff --git a/includes/account.php b/includes/account.php
index bb9c5cf..92b6f06 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -44,6 +44,13 @@
 			showfooter();
 			exit;
 		}
+		if(!checkEmail($newemail))
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
+			showfooter();
+			exit;
+		}
 		$rnd = fopen("/dev/urandom", "r");
 		$hash = md5(fgets($rnd, 64));
 		fclose($rnd);
@@ -389,6 +396,13 @@
 			showfooter();
 			exit;
 		}
+		if(!checkEmail($authaddy))
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
+			showfooter();
+			exit;
+		}
 
 		$rnd = fopen("/dev/urandom", "r");
 		$hash = md5(fgets($rnd, 64));
@@ -446,16 +460,22 @@
 		fclose($fp);
 		$CSR = $_SESSION['_config']['tmpfname'];
 		$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep Subject:`);
+		$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		foreach($bits as $val)
+		{
+			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
+		}
 		$id = 11;
 
+		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
 		extractit();
 		getcn();
 		getalt();
 
-		if($_SESSION['_config']['0.CN'] == "")
+		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 		{
 			showheader(_("My CAcert.org Account!"));
-			echo _("CommonName field was blank. Can't continue.");
+			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 			showfooter();
 			exit;
 		}
@@ -465,31 +485,50 @@
 	{
 		$id = 11;
 
-		if($_SESSION['_config']['0.CN'] == "")
+		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 		{
 			showheader(_("My CAcert.org Account!"));
-			echo _("CommonName field was blank. Can't continue.");
+			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 			showfooter();
 			exit;
 		}
 
 		$subject = "";
-		foreach($_SESSION['_config']['rows'] as $row)
-			$subject .= "/CN=$row";
+		if(is_array($_SESSION['_config']['rows']))
+			foreach($_SESSION['_config']['rows'] as $row)
+				$subject .= "/CN=$row";
+		if(is_array($_SESSION['_config']['altrows']))
+			foreach($_SESSION['_config']['altrows'] as $row)
+				$subject .= "/subjectAltName=$row";
 
-		$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
+		if($_SESSION['_config']['rowid']['0'] > 0)
+		{
+			$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
 						`domid`='".$_SESSION['_config']['rowid']['0']."',
 						`created`=NOW(),`subject`='$subject'";
+		} else {
+			$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."',
+						`domid`='".$_SESSION['_config']['altid']['0']."',
+						`created`=NOW(),`subject`='$subject'";
+		}
 		mysql_query($query);
 		$CSRid = mysql_insert_id();
 
-		foreach($_SESSION['_config']['rowid'] as $dom)
-			mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+		if(is_array($_SESSION['_config']['rowid']))
+			foreach($_SESSION['_config']['rowid'] as $dom)
+				mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
 		if(is_array($_SESSION['_config']['altid']))
 		foreach($_SESSION['_config']['altid'] as $dom)
 			mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
 
 		$CSRname = $_SESSION['_config']['filepath']."/csr/server-$CSRid.csr";
+		if(!file_exists($_SESSION['_config']['tmpfname']))
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("Your certificate request has failed to be processed correctly, please try submitting it again.");
+			showfooter();
+			exit;
+		}
 		rename($_SESSION['_config']['tmpfname'], $CSRname);
 		mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
 		$do = `../scripts/runserver`;
@@ -527,6 +566,7 @@
 					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
 					continue;
 				}
+				mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
 				$row = mysql_fetch_assoc($res);
 				$query = "insert into `domaincerts` set `domid`='".$row['domid']."', `CN`='".$row['CN']."',
 						`csr_name`='".$row['csr_name']."', `created`='".$row['created']."',
@@ -536,22 +576,31 @@
 				$newfile = $_SESSION['_config']['filepath']."/csr/server-$newid.csr";
 				copy($row['csr_name'], $newfile);
 				$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|grep Subject:`);
-
+				$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+				foreach($bits as $val)
+				{
+					$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
+				}
+				$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
 				extractit();
 				getcn();
 				getalt();
 
-				if($_SESSION['_config']['0.CN'] == "")
+				if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 				{
 					showheader(_("My CAcert.org Account!"));
-					echo _("CommonName field was blank. Can't continue.");
+					echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 					showfooter();
 					exit;
 				}
 
 				$subject = "";
-				foreach($_SESSION['_config']['rows'] as $row)
-					$subject .= "/CN=$row";
+				if(is_array($_SESSION['_config']['rows']))
+					foreach($_SESSION['_config']['rows'] as $row)
+						$subject .= "/CN=$row";
+				if(is_array($_SESSION['_config']['altrows']))
+					foreach($_SESSION['_config']['altrows'] as $row)
+						$subject .= "/subjectAltName=$row";
 
 				mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
 
@@ -654,6 +703,7 @@
 					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
 					continue;
 				}
+				mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
 				$row = mysql_fetch_assoc($res);
 				$query = "insert into `emailcerts` set `memid`='".$row['memid']."', `CN`='".$row['CN']."',
 						`keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', 
@@ -1052,6 +1102,7 @@
 					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
 					continue;
 				}
+				mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
 				$row = mysql_fetch_assoc($res);
 				if($row[revoke] > 0)
 				{
@@ -1154,8 +1205,14 @@
 		fclose($fp);
 		$CSR = $_SESSION['_config']['tmpfname'];
 		$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep Subject:`);
+		$bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		foreach($bits as $val)
+		{
+			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
+		}
 		$id = 21;
 
+		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
 		extractit();
 		getcn2();
 		getalt2();
@@ -1165,13 +1222,20 @@
 				`org`.`orgid`=`orginfo`.`id` and
 				`org`.`orgid`=`orgdomains`.`orgid` and
 				`orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
-		$_SESSION['_config'][org] = mysql_fetch_assoc(mysql_query($query));
+		$_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
+		$query = "select * from `orginfo`,`org`,`orgdomains` where
+				`org`.`memid`='".$_SESSION['profile']['id']."' and
+				`org`.`orgid`=`orginfo`.`id` and
+				`org`.`orgid`=`orgdomains`.`orgid` and
+				`orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
+		$_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
+//echo "<pre>"; print_r($_SESSION['_config']); die;
 
-		if($_SESSION['_config']['0.CN'] == "")
+		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 		{
 			$id = 20;
 			showheader(_("My CAcert.org Account!"));
-			echo _("CommonName field was blank. Can't continue.");
+			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 			showfooter();
 			exit;
 		}
@@ -1181,18 +1245,26 @@
 	{
 		$id = 21;
 
-		if($_SESSION['_config']['0.CN'] == "")
+		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 		{
 			showheader(_("My CAcert.org Account!"));
-			echo _("CommonName field was blank. Can't continue.");
+			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 			showfooter();
 			exit;
 		}
 
-		$query = "select * from `org`,`orginfo` where
-				`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
-				`orginfo`.`id`=`org`.`orgid` and
-				`org`.`memid`='".$_SESSION['profile']['id']."'";
+                if($_SESSION['_config']['rowid']['0'] > 0)
+                {
+			$query = "select * from `org`,`orginfo` where
+					`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
+					`orginfo`.`id`=`org`.`orgid` and
+					`org`.`memid`='".$_SESSION['profile']['id']."'";
+		} else {
+			$query = "select * from `org`,`orginfo` where
+					`orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
+					`orginfo`.`id`=`org`.`orgid` and
+					`org`.`memid`='".$_SESSION['profile']['id']."'";
+		}
 		$org = mysql_fetch_assoc(mysql_query($query));
 
 		if($org['OU'])
@@ -1213,21 +1285,36 @@
 				$csrsubject .= "/commonName=$row";
 		if(is_array($_SESSION['_config']['altrows']))
 			foreach($_SESSION['_config']['altrows'] as $subalt)
-				$csrsubject .= "/subjectAltName=$subalt";
+			{
+				if($SAN != "")
+					$SAN .= ",";
+				$SAN .= "$subalt";
+			}
 
-		$query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['0.CN']."',
-						`orgid`='".$_SESSION['_config']['row']['id']."',
-						`created`=NOW(), `subject`='$csrsubject'";
-		mysql_query($query);
+		if($SAN != "")
+			$csrsubject .= "/subjectAltName=".$SAN."/commonName=*.cacert.org";
+
+                if($_SESSION['_config']['rowid']['0'] > 0)
+                {
+                        $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
+						`orgid`='".$org['id']."',
+                                                `created`=NOW(),`subject`='$csrsubject'";
+                } else {
+                        $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."',
+						`orgid`='".$org['id']."',
+                                                `created`=NOW(),`subject`='$csrsubject'";
+                }
+                mysql_query($query);
 		$CSRid = mysql_insert_id();
 		$CSRname = $_SESSION['_config']['filepath']."/csr/orgserver-$CSRid.csr";
 		rename($_SESSION['_config']['tmpfname'], $CSRname);
 		mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
-		foreach($_SESSION['_config']['rowid'] as $id)
-			mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
+		if(is_array($_SESSION['_config']['rowid']))
+			foreach($_SESSION['_config']['rowid'] as $id)
+				mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
 		if(is_array($_SESSION['_config']['altid']))
-		foreach($_SESSION['_config']['altid'] as $id)
-			mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
+			foreach($_SESSION['_config']['altid'] as $id)
+				mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
 		$do = `../scripts/runserver`;
 		$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
 		$res = mysql_query($query);
@@ -1263,6 +1350,7 @@
 					printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
 					continue;
 				}
+				mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
 				$row = mysql_fetch_assoc($res);
 				if($row[revoke] > 0)
 				{
@@ -1752,17 +1840,23 @@
 	{
 		$CSR = trim($CSR);
 		$_SESSION['_config']['CSR'] = $CSR;
-		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text|grep Subject:`);
+		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep Subject:`);
+		$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		foreach($bits as $val)
+		{
+			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
+		}
 		$id = 46;
 
+		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
 		extractit();
 		getcn();
 		getalt();
 
-		if($_SESSION['_config']['0.CN'] == "")
+		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 		{
 			showheader(_("My CAcert.org Account!"));
-			echo _("CommonName field was blank. Can't continue.");
+			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 			showfooter();
 			exit;
 		}
@@ -1771,17 +1865,23 @@
 	if($process != "" && $oldid == 46)
 	{
 		$CSR = $_SESSION['_config']['CSR'];
-		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text|grep Subject:`);
+		$_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep Subject:`);
+		$bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+		foreach($bits as $val)
+		{
+			$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
+		}
 		$id = 11;
 
+		$_SESSION['_config']['0.CN'] = $_SESSION['_config']['0.subjectAltName'] = "";
 		extractit();
 		getcn();
 		getalt();
 
-		if($_SESSION['_config']['0.CN'] == "")
+		if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
 		{
 			showheader(_("My CAcert.org Account!"));
-			echo _("CommonName field was blank. Can't continue.");
+			echo _("CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.");
 			showfooter();
 			exit;
 		}
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 428eeb0..8228fab 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -91,7 +91,10 @@
 		case 503:
 		case 504:
 		case 505:
-		case 506: $expand = " explode('WoT');"; break;
+		case 506:
+		case 509:
+		case 510:
+		case 511: $expand = " explode('WoT');"; break;
 		case 1000:
 		case 1001:
 		case 1002:
@@ -192,7 +195,7 @@ function hideall() {
 <? } ?>
     <div class="relatedLinks">
       <h3 onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3>
-      <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=1"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['points'] < 100) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted Third Parties")?></a></li><li><a href="/docs/CAP.pdf"><?=_("WoT Form")?></a></li><li><a href="/docs/TTP.pdf"><?=_("TTP Form")?></a></li></ul>
+      <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=1"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['points'] < 100) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted Third Parties")?></a></li><li><a href="/docs/CAP.pdf"><?=_("WoT Form")?></a></li><li><a href="/docs/TTP.pdf"><?=_("TTP Form")?></a></li><? if($_SESSION['profile']['points'] > 50) { ?><li><a href="wot.php?id=11"><nobr><?=_("Organisation Assurance")?></nobr></a></li><? } ?></ul>
     </div>
 <? if($_SESSION['profile']['points'] >= 50) { ?>
     <div class="relatedLinks">
diff --git a/includes/general.php b/includes/general.php
index 21829f5..c40fd97 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -187,6 +187,10 @@
 
 		if(strlen($pwd) > 15)
 			$points++;
+		if(strlen($pwd) > 20)
+			$points++;
+		if(strlen($pwd) > 25)
+			$points++;
 		if(strlen($pwd) > 30)
 			$points++;
 
@@ -248,7 +252,7 @@
 
 	function extractit()
 	{
-		$bits = explode(": ", $_SESSION['_config'][subject], 2);
+		$bits = explode(": ", $_SESSION['_config']['subject'], 2);
 		$bits = str_replace(", ", "|", str_replace("/", "|", $bits['1']));
 		$bits = explode("|", $bits);    
 
@@ -281,11 +285,15 @@
 
 	function getcn()
 	{
+		unset($_SESSION['_config']['rows']);
+		unset($_SESSION['_config']['rowid']);
+		unset($_SESSION['_config']['rejected']);
 		for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
 		{
 			$CN = $_SESSION['_config']["$cnc.CN"];
 			$bits = explode(".", $CN);
 			$dom = "";
+			$cnok = 0;
 			for($i = count($bits) - 1; $i >= 0; $i--)
 			{
 				if($dom)
@@ -297,22 +305,26 @@
 				$res = mysql_query($query);
 				if(mysql_num_rows($res) > 0)
 				{
+					$cnok = 1;
 					$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
 					$rowid[] = $_SESSION['_config']['row']['id'];
 					break;
 				}
 			}
 
+			if($cnok == 0)
+				$_SESSION['_config']['rejected'][] = $CN;
+
 			if($_SESSION['_config']['row'] != "")
 				$rows[] = $CN;
 		}
-		if(count($rows) <= 0)
-		{
-			showheader(_("My CAcert.org Account!"));
-			echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
-			showfooter();
-			exit;
-		}
+//		if(count($rows) <= 0)
+//		{
+//			showheader(_("My CAcert.org Account!"));
+//			echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
+//			showfooter();
+//			exit;
+//		}
 
 		$_SESSION['_config']['rows'] = $rows;
 		$_SESSION['_config']['rowid'] = $rowid;
@@ -320,15 +332,19 @@
 
 	function getalt()
 	{
+		unset($_SESSION['_config']['altrows']);
+		unset($_SESSION['_config']['altid']);
 		for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
 		{
 			$subalt = $_SESSION['_config']["$altc.subjectAltName"];
-			if(substr($subalt, 0, 4) != "DNS:")
+			if(substr($subalt, 0, 4) == "DNS:")
+				$alt = substr($subalt, 4);
+			else
 				continue;
 
-			$alt = substr($subalt, 4);
 			$bits = explode(".", $alt);
 			$dom = "";
+			$altok = 0;
 			for($i = count($bits) - 1; $i >= 0; $i--)
 			{
 				if($dom)
@@ -340,12 +356,16 @@
 				$res = mysql_query($query);
 				if(mysql_num_rows($res) > 0)
 				{
+					$altok = 1;
 					$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
 					$altid[] = $_SESSION['_config']['altrow']['id'];
 					break;
 				}
 			}
 
+			if($altok == 0)
+				$_SESSION['_config']['rejected'][] = $alt;
+
 			if($_SESSION['_config']['altrow'] != "")
 				$altrows[] = $subalt;
 		}
@@ -384,13 +404,13 @@
 			if($_SESSION['_config']['row'] != "")
 				$rows[] = $CN;
 		}
-		if(count($rows) <= 0)
-		{
-			showheader(_("My CAcert.org Account!"));
-			echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
-			showfooter();
-			exit;
-		}
+//		if(count($rows) <= 0)
+//		{
+//			showheader(_("My CAcert.org Account!"));
+//			echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
+//			showfooter();
+//			exit;
+//		}
 		$_SESSION['_config']['rows'] = $rows;
 		$_SESSION['_config']['rowid'] = $rowid;
 	}
@@ -400,10 +420,11 @@
 		for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
 		{
 			$subalt = $_SESSION['_config']["$altc.subjectAltName"];
-			if(substr($subalt, 0, 4) != "DNS:")
+			if(substr($subalt, 0, 4) == "DNS:")
+				$alt = substr($subalt, 4);
+			else
 				continue;
 
-			$alt = substr($subalt, 4);
 			$bits = explode(".", $alt);
 			$dom = "";
 			for($i = count($bits) - 1; $i >= 0; $i--)
@@ -466,9 +487,18 @@
 
 		$query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`";
 		$row = mysql_fetch_assoc(mysql_query($query));
-
 		$points = $row['points'];
 
+		$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
+		$query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'";
+		if(mysql_num_rows(mysql_query($query)) < 1)
+		{
+			if($points >= 100)
+				return(10);
+			else
+				return(0);
+		}
+
 		if($points >= 300)
 			return(200);
 		if($points >= 200)
@@ -520,4 +550,52 @@
 		$do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`;
 		@unlink($tmpfname);
 	}
+
+	function checkEmail($email)
+	{
+		if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
+		{
+			list($username,$domain)=split('@',$email);
+			$dom = escapeshellarg($domain);
+			$line = trim(`dig +short MX '$dom' 2>&1`);
+			$list = explode("\n", $line);
+			foreach($list as $row)
+				list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1));
+			$mxhosts[] = $domain;
+//echo $email."<br>\n";
+//print_r($mxhosts); die;
+			foreach($mxhosts as $key => $domain)
+			{
+				$fp = @fsockopen($domain,25,$errno,$errstr,5);
+				if(!$fp)
+				{
+					return false;
+				} else {
+				
+					$line = fgets($fp, 4096);
+					if(substr($line, 0, 3) != "220")
+						continue;
+					fputs($fp, "helo hlin.cacert.org\r\n");
+					$line = fgets($fp, 4096);
+					if(substr($line, 0, 3) != "250")
+						continue;
+					fputs($fp, "mail from: returns@cacert.org\r\n");
+					$line = fgets($fp, 4096);
+					if(substr($line, 0, 3) != "250")
+						continue;
+					fputs($fp, "rcpt to: $email\r\n");
+					$line = trim(fgets($fp, 4096));
+					fputs($fp, "quit\r\n");
+					fclose($fp);
+
+					if(substr($line, 0, 3) != "250")
+						return false;
+					else
+						break;
+				}
+			}
+			return true;
+		}
+		return false;
+	}
 ?>
diff --git a/pages/account/1.php b/pages/account/1.php
index 070840b..f8fa42c 100644
--- a/pages/account/1.php
+++ b/pages/account/1.php
@@ -28,4 +28,4 @@
 </table>     
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form> 
-<p><?=_("Currently we do not issue certificates for Punycode domains as these have big security risks.")?></p>
+<p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p>
diff --git a/pages/account/11.php b/pages/account/11.php
index 2d4e326..4b89bea 100644
--- a/pages/account/11.php
+++ b/pages/account/11.php
@@ -15,25 +15,36 @@
 <p>
 <?=_("Please make sure the following details are correct before proceeding any further.")?>
 </p>
-
+<?// print_r($_SESSION['_config']['altrows']); ?>
 <p>
-<? if(is_array($_SESSION[_config][rows]))
-	foreach($_SESSION[_config][rows] as $row) { ?>
+<? if(is_array($_SESSION['_config']['rows']))
+	foreach($_SESSION['_config']['rows'] as $row) { ?>
 <?=_("CommonName")?>: <?=$row?><br>
 <? } ?>
-<? if(is_array($_SESSION[_config][altrows]))
-	foreach($_SESSION[_config][altrows] as $row) { ?>
-<?=_("SubjectAltName")?>: <?=$row?><br>
+<? if(is_array($_SESSION['_config']['altrows']))
+	foreach($_SESSION['_config']['altrows'] as $row) { ?>
+<?=_("subjectAltName")?>: <?=$row?><br>
 <? } ?>
-<?=_("Organisation")?>: <?=$_SESSION[_config][O]?><br>
-<?=_("Org. Unit")?>: <?=$_SESSION[_config][OU]?><br>
-<?=_("Location")?>: <?=$_SESSION[_config][L]?><br>
-<?=_("State/Province")?>: <?=$_SESSION[_config][ST]?><br>
-<?=_("Country")?>: <?=$_SESSION[_config][C]?><br>
-<?=_("Email Address")?>: <?=$_SESSION[_config][emailAddress]?><br>
-
+<? if(1 == 0) { ?>
+<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br>
+<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br>
+<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br>
+<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br>
+<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br>
+<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br>
+<? } ?>
+<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?>
+<? if(is_array($_SESSION['_config']['rejected'])) { ?>
+<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br>
+<? foreach($_SESSION['_config']['rejected'] as $row) { ?>
+<?=_("Rejected")?>: <a href="account.php?id=7&newdomain=<?=$row?>"><?=$row?></a><br>
+<? } } ?>
+<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?>
 <form method="post" action="account.php">
 <input type="submit" name="process" value="<?=_("Submit")?>">
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
+<? } else { ?>
+<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b>
+<? } ?>
 </p>
diff --git a/pages/account/12.php b/pages/account/12.php
index c6b158d..2fb4b87 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -15,7 +15,7 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="5" class="title"><?=_("Domain Certificates")?></td>
+    <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=intval(!$_GET['viewall'])?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@@ -31,8 +31,10 @@
 			`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
 			from `domaincerts`,`domains`
-			where `memid`='".$_SESSION[profile][id]."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id`
-			ORDER BY `domaincerts`.`modified` desc";
+			where `memid`='".$_SESSION[profile][id]."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
+	if($_GET['viewall'] != 1)
+		$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
+	$query .= "ORDER BY `domaincerts`.`modified` desc";
 //echo $query."<br>\n";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
diff --git a/pages/account/18.php b/pages/account/18.php
index bd03fa7..1f07ee1 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -32,8 +32,10 @@
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id`
 			from `orgemailcerts`, `org`
 			where `memid`='".$_SESSION['profile']['id']."' and
-				`org`.`orgid`=`orgemailcerts`.`orgid`
-			ORDER BY `modified` desc";
+				`org`.`orgid`=`orgemailcerts`.`orgid` ";
+	if($_GET['viewall'] != 1)
+		$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
+	$query .= "ORDER BY `modified` desc";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
 	{
diff --git a/pages/account/21.php b/pages/account/21.php
index 0b6765c..a2fe125 100644
--- a/pages/account/21.php
+++ b/pages/account/21.php
@@ -13,26 +13,28 @@
     PARTICULAR PURPOSE.  See the License for more details.
 */ ?>
 <?
-	$org = $_SESSION[_config][org];
+	$org = $_SESSION['_config']['row'];
+	if($org['id'] <= 0)
+		$org = $_SESSION['_config']['altrow'];
 ?>
 <p>
 <?=_("Please make sure the following details are correct before proceeding any further.")?>
 </p>
 
 <p>
-<? if(is_array($_SESSION[_config][rows]))
-	foreach($_SESSION[_config][rows] as $row) { ?>
+<? if(is_array($_SESSION['_config']['rows']))
+	foreach($_SESSION['_config']['rows'] as $row) { ?>
 <?=_("CommonName")?>: <?=$row?><br>
 <? } ?>
-<? if(is_array($_SESSION[_config][altrows]))
-	foreach($_SESSION[_config][altrows] as $row) { ?>
-<?=_("SubjectAltName")?>: <?=$row?><br>
+<? if(is_array($_SESSION['_config']['altrows']))
+	foreach($_SESSION['_config']['altrows'] as $row) { ?>
+<?=_("subjectAltName")?>: <?=$row?><br>
 <? } ?>
-<?=_("Organisation")?>: <?=$org[O]?><br>
-<?=_("Org. Unit")?>: <?=$org[OU]?><br>
-<?=_("Location")?>: <?=$org[L]?><br>
-<?=_("State/Province")?>: <?=$org[ST]?><br>
-<?=_("Country")?>: <?=$org[C]?><br>
+<?=_("Organisation")?>: <?=$org['O']?><br>
+<?=_("Org. Unit")?>: <?=$org['OU']?><br>
+<?=_("Location")?>: <?=$org['L']?><br>
+<?=_("State/Province")?>: <?=$org['ST']?><br>
+<?=_("Country")?>: <?=$org['C']?><br>
 
 <form method="post" action="account.php">
 <input type="submit" name="process" value="<?=_("Submit")?>">
diff --git a/pages/account/22.php b/pages/account/22.php
index d1ce10c..886bbe3 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -31,8 +31,10 @@
 			`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id`
 			from `orgdomaincerts`,`org`
-			where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomaincerts`.`orgid`=`org`.`orgid`
-			ORDER BY `orgdomaincerts`.`modified` desc";
+			where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
+	if($_GET['viewall'] != 1)
+		$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
+	$query .= "ORDER BY `orgdomaincerts`.`modified` desc";
 //echo $query."<br>\n";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
diff --git a/pages/account/43.php b/pages/account/43.php
index 89fe485..cd7747a 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -18,8 +18,7 @@
 		$email = mysql_escape_string(stripslashes($_POST['email']));
 		$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
 				where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' and
-				`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and
-				`users`.`verified`=1
+				`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
 				group by `users`.`id` limit 100";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 1) { ?>
@@ -55,7 +54,7 @@
 	if(intval($_GET['userid']) > 0)
 	{
 		$id = intval($_GET['userid']);
-		$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0 and `users`.`verified`=1";
+		$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) <= 0)
 		{
diff --git a/pages/account/5.php b/pages/account/5.php
index 1d8d8fd..c389b14 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -15,7 +15,7 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="5" class="title"><?=_("Client Certificates")?></td>
+    <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=intval(!$_GET['viewall'])?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@@ -35,8 +35,10 @@
 			where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
 			and `emailcerts`.`id`=`emaillink`.`emailcertsid`
 			and `emaillink`.`emailid` = `email`.`id`
-			GROUP BY `emailcerts`.`id`
-			ORDER BY `emailcerts`.`modified` desc";
+			GROUP BY `emailcerts`.`id` ";
+	if($_GET['viewall'] != 1)
+                $query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
+	$query .= "ORDER BY `emailcerts`.`modified` desc";
 // echo $query."<br>\n";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
diff --git a/pages/account/51.php b/pages/account/51.php
index 11f5df7..e9532cc 100644
--- a/pages/account/51.php
+++ b/pages/account/51.php
@@ -19,6 +19,13 @@
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) > 0) { ?>
 <img src="account.php?id=51&photoid=<?=$_GET['photoid']?>&img=show" border="0" width="800">
-<? } else { ?>
-<?=_("Unable to locate a valid request for that UID.")?>
-<? } } ?>
+<? } else {
+        $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
+        $res = mysql_query($query);
+        if(mysql_num_rows($res) > 0)
+        {
+                echo _("This UID has already been voted on.");
+        } else {
+                echo _("Unable to locate a valid request for that UID.");
+        }
+ } } ?>
diff --git a/pages/account/52.php b/pages/account/52.php
index ede8867..8072e80 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -25,14 +25,22 @@
 		$notary = mysql_fetch_assoc(mysql_query($query));
 		$query = "select * from `users` where `id`='$memid'";
 		$user = mysql_fetch_assoc(mysql_query($query));
+		$tobe = 50 - $notary['points'];
+		if($row['URL'] != '' && $row['photoid'] != '')
+			$tobe = 150 - $notary['points'];
+		else if($row['URL'] != '')
+			$tobe = 90 - $notary['points'];
+		if(intval($tobe) <= 0)
+			$tobe = 0;
 ?>
 <?=_("Request Details")?>:<br>
 <?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
 <?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
 <?=_("Certificate Subject")?>: <?=$row['CN']?><br>
-<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
-<?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=$row['id']?>"><?=_("Here")?></a><br>
+<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
+<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=$row['id']?>"><?=_("Here")?></a><br><? } ?>
 <?=_("Current Points")?>: <?=intval($notary['points'])?><br>
+<?=_("Potential Points")?>: <?=intval($tobe)?><br>
 <?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
 
 <br>
@@ -43,6 +51,13 @@
 <input type="hidden" name="oldid" value="<?=$_GET['id']?>">
 <input type="hidden" name="uid" value="<?=$uid?>">
 </form>
-<? } else { ?>
-<?=_("Unable to locate a valid request for that UID.")?>
-<? } } ?>
+<? } else { 
+	$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
+	$res = mysql_query($query);
+	if(mysql_num_rows($res) > 0)
+	{
+		echo _("This UID has already been voted on.");
+	} else {
+		echo _("Unable to locate a valid request for that UID.");
+	}
+ } } ?>
diff --git a/pages/account/7.php b/pages/account/7.php
index 7bb7f7a..f528e06 100644
--- a/pages/account/7.php
+++ b/pages/account/7.php
@@ -12,6 +12,7 @@
     the implied warranty of MERCHANTABILITY or FITNESS FOR A
     PARTICULAR PURPOSE.  See the License for more details.
 */ ?>
+<p><?=_("Please Note: You only need to enter the main part of your domain, eg. mydomain.com rather then www.mydomain.com. Once you have verified your domain you are able to enter any sub-domain, such as www.mydomain.com or www.this.is.mydomain.com as the system checks from right to left, rather then specific hostnames when you upload a CSR to the system.")?></p>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 
@@ -20,7 +21,7 @@
   </tr>
   <tr>
     <td class="DataTD" width="125"><?=_("Domain")?>: </td>
-    <td class="DataTD" width="125"><input type="text" name="newdomain"></td>
+    <td class="DataTD" width="125"><input type="text" name="newdomain" value="<?=$_GET['newdomain']?>"></td>
   </tr>
 
   <tr>
@@ -29,5 +30,4 @@
 </table>     
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
-<p><?=_("Please Note: You only need to enter the main part of your domain, eg. mydomain.com rather then www.mydomain.com. Once you have verified your domain you are able to enter any sub-domain, such as www.mydomain.com or www.this.is.mydomain.com as the system checks from right to left, rather then specific hostnames when you upload a CSR to the system.")?></p>
-<p><?=_("Currently we do not issue certificates for Punycode domains as these have big security risks.")?></p>
+<p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p>
diff --git a/pages/index/0.php b/pages/index/0.php
index c48db0e..eb7b5fe 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -72,7 +72,7 @@
     <td class="DataTD">
       <u><?=_("Benefits")?>:</u> <?=_("Digitally sign code, web applets, installers, etc. including your name and location in the certificates.")?><br><br>
       <u><?=_("Limitations")?>:</u> <?=_("Certificates expires in 12 months; certificates <u>must</u> include your full name.")?><br><br>
-      <u><?=_("Verification needed")?>:</u> <?=_("Same as above plus get 100 assurance points by meeting with mulitple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
+      <u><?=_("Verification needed")?>:</u> <?=_("Same as above plus get 100 assurance points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
     </td>
   </tr>
   <tr>
diff --git a/pages/index/16.php b/pages/index/16.php
index 62e33d7..ae74545 100644
--- a/pages/index/16.php
+++ b/pages/index/16.php
@@ -14,7 +14,7 @@
 */ ?>
 <p>
 <?=_("PKI Key")?><br>
-<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Exporler")?></a><br>
+<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer")?></a><br>
 <a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br>
 <a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a>
 </p>
diff --git a/pages/index/3.php b/pages/index/3.php
index 62e33d7..ae74545 100644
--- a/pages/index/3.php
+++ b/pages/index/3.php
@@ -14,7 +14,7 @@
 */ ?>
 <p>
 <?=_("PKI Key")?><br>
-<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Exporler")?></a><br>
+<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer")?></a><br>
 <a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br>
 <a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a>
 </p>
diff --git a/pages/index/6.php b/pages/index/6.php
index 1f426fe..eb98d27 100644
--- a/pages/index/6.php
+++ b/pages/index/6.php
@@ -32,9 +32,11 @@
 	foreach($nums as $num)
 	{
 		$q = "Q$num"; $a = "A$num";
+		if($_SESSION['lostpw']['user'][$q] == "")
+			continue;
 ?>
   <tr>
-    <td class="DataTD"><?=$_SESSION[lostpw][user][$q]?></td>
+    <td class="DataTD"><?=$_SESSION['lostpw']['user'][$q]?></td>
     <td class="DataTD"><input type="text" name="<?=$a?>" value="<?=$_SESSION['lostpw'][$a]?>">
 	<input type="hidden" name="<?=$q?>" value="<?=$_SESSION['lostpw']['user'][$q]?>"></td>
   </tr>
diff --git a/pages/wot/1.php b/pages/wot/1.php
index 0c442bd..24a54e1 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -68,6 +68,10 @@
 					order by `countries`.`long`");
 		while($row = mysql_fetch_assoc($res))
 		{
+			$query = "select sum(`users`.`id`) as `listed` from `users`,`notary`
+					where `listme`='1' and `ccid` = '$row[ccid]' and `users`.`id`=`notary`.`to`
+					group by `notary`.`to` HAVING SUM(`points`) >= 100";
+			$listed = mysql_num_rows(mysql_query($query));
 			echo "<li><a href='wot.php?id=1&ccid=$row[ccid]'>$row[long] ("._("Listed").": $listed)</a></li>\n";
 		}
 
@@ -80,6 +84,10 @@
 		$res = mysql_query($query);
 		while($row = mysql_fetch_assoc($res))
 		{
+			$query = "select sum(`users`.`id`) as `listed` from `users`,`notary`
+					where `listme`='1' and `regid` = '$row[regid]' and `users`.`id`=`notary`.`to`
+					group by `notary`.`to` HAVING SUM(`points`) >= 100";
+			$listed = mysql_num_rows(mysql_query($query));
 			echo "<li><a href='wot.php?id=1&regid=$row[regid]'>$row[long] ("._("Listed").": $listed)</a></li>\n";
 		}
 		echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
diff --git a/pages/wot/10.php b/pages/wot/10.php
index a5713c8..f19112f 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -14,6 +14,27 @@
 */ ?>
 <?
 ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+  <tr>
+    <td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
+  </tr>
+  <tr>
+<?
+	$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
+			WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
+			AND `from`='".$_SESSION['profile']['id']."' GROUP BY `notary`.`from`";
+	$res = mysql_query($query);
+	$row = mysql_fetch_assoc($res);
+	$rc = $row['list'];
+	$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
+			WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
+			GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `list` DESC";
+	$rank = mysql_num_rows(mysql_query($query)) + 1;
+?>
+    <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td>
+  </tr>
+</table>
+<br>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
     <td colspan="5" class="title"><?=_("Your Assurance Points")?></td>
diff --git a/scripts/servercerts.php b/scripts/servercerts.php
index 54cff1e..767e3bb 100755
--- a/scripts/servercerts.php
+++ b/scripts/servercerts.php
@@ -47,16 +47,40 @@
 				$days = 730;
 		}
 
-
 		$row['crt_name'] = "../crt/server-".$row['id'].".crt";
 		$row['csr_name'] = "../..".$row['csr_name'];
 
-		$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
+		$tmpname = tempnam("/tmp", "servercert");
+		$newsubject = "";
+		$fp = fopen($tmpname, "w");
+		fputs($fp, "basicConstraints = critical, CA:FALSE\n");
+		fputs($fp, "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n");
+		fputs($fp, "keyUsage = digitalSignature, keyEncipherment\n");
+		$bits = explode("/", $row['subject']);
+		foreach($bits as $val)
+		{
+			$bit = explode("=", $val);
+			if($bit['0'] == "subjectAltName")
+			{
+				if($SAN != "")
+					$SAN .= ", ";
+				$SAN .= trim($bit['1']);
+			} else {
+				$newsubject .= "/".$val;
+			}
+		}
+		if($SAN != "")
+			fputs($fp, "subjectAltName = $SAN\n");
+		fclose($fp);
+		$newsubject = str_replace("//", "/", $newsubject);
+//echo "/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'\n"; die;
+		$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' 2>&1`;
+		unlink($tmpname);
 		$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'"));
 		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'"));
-		if(filesize($row[crt_name]) > 0 && intval($user['id']) > 0)
+		if(filesize($row['crt_name']) > 0 && intval($user['id']) > 0)
 		{
-			$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
+			$end = trim(`/usr/bin/openssl x509 -in '$row[crt_name]' -noout -enddate`);
 			$bits = explode("=", $end, 2);
 			$end = trim($bits[1]);
 
@@ -74,7 +98,7 @@
 			$sec = $bits['2'];
 			$date = gmmktime($hour, $min, $sec, $month, $day, $year);
 			$cert = trim(`/usr/bin/openssl x509 -in $row[crt_name]`);
-			$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
+			$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in '$row[crt_name]'`), 2);
 			$serial = $bits['1'];
 			$query = "update `domaincerts` set `crt_name`='".$row['crt_name']."',
 					`modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
@@ -121,9 +145,34 @@
 	{
 		$row['crt_name'] = "../crt/orgserver-".$row['id'].".crt";
 		$days = 730;
-		$row[csr_name] = "../../".$row[csr_name];
-		$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server-org.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
-		if(filesize($row[crt_name]) > 0)
+		$row['csr_name'] = "../../".$row['csr_name'];
+		$tmpname = tempnam("/tmp", "serverorgcert");
+		$newsubject = "";
+		$fp = fopen($tmpname, "w");
+		fputs($fp, "basicConstraints = critical, CA:FALSE\n");
+		fputs($fp, "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n");
+		fputs($fp, "keyUsage = digitalSignature, keyEncipherment\n");
+		$bits = explode("/", $row['subject']);
+		foreach($bits as $val)
+		{
+			$bit = explode("=", $val);
+			if($bit['0'] == "subjectAltName")
+			{
+				if($SAN != "")
+					$SAN .= ", ";
+				$SAN .= trim($bit['1']);
+			} else {
+				$newsubject .= "/".$val;
+			}
+		}
+		if($SAN != "")
+			fputs($fp, "subjectAltName = $SAN\n");
+		fclose($fp);
+		$newsubject = str_replace("//", "/", $newsubject);
+//echo "/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'\n"; die;
+		$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server-org.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' > /dev/null 2>&1`;
+		unlink($tmpname);
+		if(filesize($row['crt_name']) > 0)
 		{
 			$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
 			$bits = explode("=", $end, 2);
diff --git a/tverify/index.php b/tverify/index.php
index c5c5f4f..3f07a25 100644
--- a/tverify/index.php
+++ b/tverify/index.php
@@ -24,10 +24,13 @@
 	if($id == 1)
 	{
 		$nofile = 1;
+		$filename = "";
 		$photoid = $_FILES['photoid'];
-		if($photoid['error'] == 0)
+		if($photoid['error'] == 0 && $_POST["notaryURL"] != "")
 		{
-			$type = strtolower($photoid['type']);
+			$filename = $photoid['tmp_name'];
+			$do = trim(`file -b -i $filename`);
+			$type = strtolower($do);
 			switch($type)
 			{
 				case 'image/gif': $ext = "gif"; $nofile = 0; break;
@@ -36,28 +39,39 @@
 				case 'image/png': $ext = "png"; $nofile = 0; break;
 				default:
 					$id = 0;
-					$_SESSION['_config']['errmsg'] = _("On jpg, gif and png file types are acceptable");
+					$_SESSION['_config']['errmsg'] = _("Only jpg, gif and png file types are acceptable, your browser sent a file of type: ").$type;
 			}
 		}
 	}
 
 	if($id == 1)
 	{
+		$email = mysql_escape_string($_POST["email"]);
+		$password = mysql_escape_string($_POST["pword"]);
+		$URL = mysql_escape_string($_POST["notaryURL"]);
+		$CN = mysql_escape_string($_SESSION['_config']['CN']);
 		$memid = mysql_escape_string($_SESSION['_config']['uid']);
-		if(mysql_num_rows(mysql_query("select * from `tverify` where `memid`='$memid'")) > 0)
+		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
+		$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
+
+		if($URL != "" && $nofile == 0)
+			$max = 150;
+		else if($URL != "")
+			$max = 90;
+		else
+			$max = 50;
+
+		if($tmp['points'] >= $max)
 		{
-			$id = 0;
-			$_SESSION['_config']['errmsg'] = _("Unable to continue, request already exists.");
+			showheader(_("Thawte Points Transfer"));
+			echo _("Your request would not gain you any more points and will not be taken any further.").sprintf(_("You have %s points already and you would have been issued up to %s points."), $tmp['points'], $max);
+			showfooter();
+			exit;
 		}
 	}
 
 	if($id == 1)
 	{
-		$email = mysql_escape_string($_POST["email"]);
-		$password = mysql_escape_string($_POST["pword"]);
-		$URL = mysql_escape_string($_POST["notaryURL"]);
-		$CN = mysql_escape_string($_SESSION['_config']['CN']);
-
 		$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
 		if(mysql_num_rows(mysql_query($query)) <= 0)
 		{
@@ -80,6 +94,34 @@
 
 	if($id == 1)
 	{
+		$points = 0;
+		if($URL != "" && $newfile != "")
+			$points = 150 - intval($tmp['points']);
+		else if($URL != "")
+			$points = 90 - intval($tmp['points']);
+		else
+			$points = 50 - intval($tmp['points']);
+
+		if($points < 0)
+			$points = 0;
+	}
+
+	if($id == 1 && $max == 50)
+	{
+		if($points > 0)
+		{
+			mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
+					`method`='Thawte Points Transfer', `when`=NOW()");
+		}
+		$totalpoints = intval($tmp['points']) + $points;
+		mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
+
+		$body  = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
+
+		$body .= _("Best regards")."\n";
+		$body .= _("CAcert Support Team");
+		sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+	} else if($id == 1) {
 		$body  = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
 		$body .= "Primary email address: $email ($memid)\n";
 		$body .= "Certificate Subject: $CN\n";
@@ -88,10 +130,7 @@
 		if($URL != "" && $nofile == 0)
 			$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
 
-		$query = "SELECT sum(`points`) as `points` FROM `notary` WHERE `to`='$memid'";
-		$row = mysql_fetch_assoc(mysql_query($query));
-
-		$body .= "\nCurrent Points: ".$row['points']."\n\n";
+		$body .= "\nCurrent Points: ".$tmp['points']."\n\n";
 
 		$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
 
diff --git a/tverify/index/0.php b/tverify/index/0.php
index a6b291c..d52e8d7 100644
--- a/tverify/index/0.php
+++ b/tverify/index/0.php
@@ -74,7 +74,7 @@
   </tr>
   <tr>
     <td class="DataTD" width="125"><?=_("Notary URL")?>: </td>
-    <td class="DataTD" width="125"><input type="text" name="notaryURL"></td>
+    <td class="DataTD" width="125"><input type="text" name="notaryURL" value="<?=$_POST['notaryURL']?>"></td>
   </tr>
   <tr>
     <td class="DataTD" width="125"><?=_("Photo ID")?>: </td>
diff --git a/www/docs/CAP.pdf b/www/docs/CAP.pdf
index eafecb4..14204c3 100644
Binary files a/www/docs/CAP.pdf and b/www/docs/CAP.pdf differ
diff --git a/www/docs/CAcert Assurance Programme.sxw b/www/docs/CAcert Assurance Programme.sxw
index 82c8942..51b29b1 100644
Binary files a/www/docs/CAcert Assurance Programme.sxw and b/www/docs/CAcert Assurance Programme.sxw differ
diff --git a/www/index.php b/www/index.php
index acffd1b..a989ed6 100644
--- a/www/index.php
+++ b/www/index.php
@@ -41,6 +41,7 @@
 		unset($oldid);
 		if($Q1)
 		{
+			$tanswers++;
 			$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
 
 			if(strtolower($_SESSION['lostpw']['A1']) == strtolower($_SESSION['lostpw']['user']['A1']))
@@ -49,6 +50,7 @@
 		}
 		if($Q2)
 		{
+			$tanswers++;
 			$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
 
 			if(strtolower($_SESSION['lostpw']['A2']) == strtolower($_SESSION['lostpw']['user']['A2']))
@@ -57,6 +59,7 @@
 		}
 		if($Q3)
 		{
+			$tanswers++;
 			$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
 
 			if(strtolower($_SESSION['lostpw']['A3']) == strtolower($_SESSION['lostpw']['user']['A3']))
@@ -65,6 +68,7 @@
 		}
 		if($Q4)
 		{
+			$tanswers++;
 			$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
 
 			if(strtolower($_SESSION['lostpw']['A4']) == strtolower($_SESSION['lostpw']['user']['A4']))
@@ -73,6 +77,7 @@
 		}
 		if($Q5)
 		{
+			$tanswers++;
 			$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
 
 			if(strtolower($_SESSION['lostpw']['A5']) == strtolower($_SESSION['lostpw']['user']['A5']))
@@ -83,7 +88,7 @@
 		$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($newpass1)));
 		$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($newpass2)));
 
-		if($answers < 3)
+		if($answers < $tanswers)
 		{
 			$body = "Someone has just attempted to update the pass phrase on the following account:\n".
 				"Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
@@ -268,15 +273,24 @@
 			$_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
 		}
 
-		$query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
-		$res1 = mysql_query($query);
+		if($id == 2)
+		{
+			$query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
+			$res1 = mysql_query($query);
+
+			$query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
+			$res2 = mysql_query($query);
+			if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+			{
+				$id = 1;
+				$_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
+			}
+		}
 
-		$query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
-		$res2 = mysql_query($query);
-		if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
+		if($id == 2 && !checkEmail($_SESSION['signup']['email']))
 		{
 			$id = 1;
-			$_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
+			$_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."<br>\n";
 		}
 
 		if($id == 2)
diff --git a/www/wot.php b/www/wot.php
index 0b6e341..09bbfc6 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -252,6 +252,10 @@
 		if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
 		{
 			$body .= _("You now have over 100 points and can start assuring others.")."\n\n";
+			$body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntry), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
+			$body .= "https://www.cacert.org/wot.php?id=8\n\n";
+			$body .= _("You can list your location by going to:")."\n\n";
+			$body .= "https://www.cacert.org/wot.php?id=7\n\n";
 		}
 
 		if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)