updates

18 years ago · 81ef702a6c
parent 3af71ece2a
commit 81ef702a6c
8 changed files with 78 additions and 80 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -56,9 +56,7 @@
 			showfooter();
 			exit;
 		}
-		$rnd = fopen("/dev/urandom", "r");
-		$hash = md5(fgets($rnd, 64));
-		fclose($rnd);
+		$hash = make_hash();
 		$query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
 		mysql_query($query);
 		$emailid = mysql_insert_id();
@ -438,10 +436,7 @@
 			exit;
 		}

-		$rnd = fopen("/dev/urandom", "r");
-		$hash = md5(fgets($rnd, 64));
-		fclose($rnd);
-
+		$hash = make_hash();
 		$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
 					`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
 		mysql_query($query);
@ -883,23 +878,23 @@

 	if($oldid == 13 && $_REQUEST['process'] != "")
 	{
-		$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes($fname)));
-		$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes($mname)));
-		$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes($lname)));
-		$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes($suffix)));
+		$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($fname))));
+		$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($mname))));
+		$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($lname))));
+		$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($suffix))));
 		$_SESSION['_config']['user']['day'] = intval($day);
 		$_SESSION['_config']['user']['month'] = intval($month);
 		$_SESSION['_config']['user']['year'] = intval($year);
-		$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes($Q1)));
-		$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes($Q2)));
-		$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes($Q3)));
-		$_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes($Q4)));
-		$_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes($Q5)));
-		$_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes($A1)));
-		$_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes($A2)));
-		$_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes($A3)));
-		$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes($A4)));
-		$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes($A5)));
+		$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q1))));
+		$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q2))));
+		$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q3))));
+		$_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q4))));
+		$_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q5))));
+		$_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A1))));
+		$_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A2))));
+		$_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A3))));
+		$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A4))));
+		$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A5))));

 		if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
 			$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@ -973,9 +968,9 @@

 	if($oldid == 14 && $_REQUEST['process'] != "")
 	{
-		$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
-		$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
-		$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
+		$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes(strip_tags($oldpassword))));
+		$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword1))));
+		$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword2))));

 		$id = 14;
 		showheader(_("My CAcert.org Account!"));
--- a/includes/general.php
+++ b/includes/general.php
@ -20,6 +20,9 @@
 	session_register("signup");
 	session_register("lostpw");

+	if($_SESSION['profile']['id'] > 0)
+		session_regenerate_id();
+
 	$junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"),
 			_("CT Magazine - Germany"), _("Temporary Increase"), _("Unknown"));

--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@ -70,7 +70,8 @@ google_color_border = "FFFFFF";
  <div id="pageNav">
    <div class="relatedLinks">
      <h3><?=_("Join CAcert.org")?></h3>
-      <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a> 
+      <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
+      <a href="index.php?id=3"><?=_("Root Certificate")?></a>
    </div>
    <div class="relatedLinks">
      <h3><?=_("My Account")?></h3>
@ -80,7 +81,7 @@ google_color_border = "FFFFFF";
    </div>
    <div class="relatedLinks">
      <h3 onclick="explode('misc')"><?=_("Miscellaneous")?></h3>
-      <ul class="menu" id="misc"><li><a href="news.php"><?=_("CAcert News")?></a></li><li><a href="help.php"><?=_("Howto Information")?></a></li><li><a href="http://wiki.CAcert.org"><?=_("Wiki Documentation")?></li><li><a href="http://bugs.CAcert.org"><?=_("Bug Database")?></a></li><li><a href="logos.php"><?=_("CAcert Logos")?></a></li><li><a href="stats.php"><?=_("CAcert Statistics")?></a></li><li><a href="index.php?id=3"><?=_("Root Certificate")?></a></li><li><a href="revoke.crl"><?=_("CRL")?></a></li><li><a href="http://my.rsscache.com/blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li><li><? if($_SESSION['profile']['admin'] == 1) { ?><a href="index.php?id=5"><?=_("OCSP Details")?></a><? } ?></li><li><a href="index.php?id=7"><?=_("Credits")?></a></li><li><a href="index.php?id=8"><?=_("CAcert Board")?></a></li></ul>
+      <ul class="menu" id="misc"><li><a href="news.php"><?=_("CAcert News")?></a></li><li><a href="help.php"><?=_("Howto Information")?></a></li><li><a href="http://wiki.CAcert.org"><?=_("Wiki Documentation")?></li><li><a href="index.php?id=19"><?=_("Point System")?></a></li><li><a href="http://bugs.CAcert.org"><?=_("Bug Database")?></a></li><li><a href="logos.php"><?=_("CAcert Logos")?></a></li><li><a href="stats.php"><?=_("CAcert Statistics")?></a></li><li><a href="revoke.crl"><?=_("CRL")?></a></li><li><a href="http://my.rsscache.com/blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li><li><? if($_SESSION['profile']['admin'] == 1) { ?><a href="index.php?id=5"><?=_("OCSP Details")?></a><? } ?></li><li><a href="index.php?id=7"><?=_("Credits")?></a></li><li><a href="index.php?id=8"><?=_("CAcert Board")?></a></li></ul>
    </div>
    <div class="relatedLinks">
      <h3 onclick="explode('trans')"><?=_("Translations")?></h3>
@ -116,7 +117,7 @@ if(!function_exists("showfooter"))
 	<a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> |
        <a href="index.php?id=10"><?=_("Privacy Policy")?></a> |
        <a href="index.php?id=51"><?=_("Mission Statement")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
-	<a href="index.php?id=19"><?=_("Further Information")?></a> | &copy;2002-2005 by CAcert</div>
+	&copy;2002-2005 by CAcert</div>
 </div>  
 </body>             
 </html><?
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@ -64,4 +64,18 @@
 			fclose($smtp);
 		}
 	}
+
+        function make_hash()
+        {
+                if(function_exists("dio_open"))
+                {
+                        $rnd = dio_open("/dev/urandom",O_RDONLY);
+                        $hash = md5(dio_read($rnd,64));
+                        dio_close($rnd);
+                } else {
+                        $rnd = fopen("/dev/urandom", "r");
+                        $hash = md5(fgets($rnd, 64));
+                        fclose($rnd);
+                }
+        }
 ?>
--- a/pages/account/17.php
+++ b/pages/account/17.php
@ -124,12 +124,7 @@ GetProviderList()
 <p>
 <form method="post" action="account.php">
 <input type="hidden" name="keytype" value="NS">
-<?
-	$rnd = fopen("/dev/urandom", "r");
-	$hash = md5(fgets($rnd, 64));
-	fclose($rnd);
-?>
-<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
+<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=make_hash()?>">

 <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
 <input type="hidden" name="oldid" value="<?=$id?>">
--- a/pages/account/4.php
+++ b/pages/account/4.php
@ -123,12 +123,7 @@ GetProviderList()
 <p>
 <form method="post" action="account.php">
 <input type="hidden" name="keytype" value="NS">
-<?
-	$rnd = fopen("/dev/urandom", "r");
-	$hash = md5(fgets($rnd, 64));
-	fclose($rnd);
-?>
-<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
+<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=make_hash()?>">

 <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
 <input type="hidden" name="oldid" value="<?=$id?>">
--- a/www/disputes.php
+++ b/www/disputes.php
@ -271,9 +271,7 @@
 			exit;
 		}

-		$rnd = fopen("/dev/urandom", "r");
-		$hash = md5(fgets($rnd, 64));
-		fclose($rnd);
+		$hash = make_hash();
 		$query = "insert into `disputeemail` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',
 				`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$emailid',
 				`IP`='".$_SERVER['REMOTE_ADDR']."'";
@ -407,9 +405,8 @@
 		$memid = intval($_SESSION['_config']['memid']);
 		$oldmemid = intval($_SESSION['_config']['oldmemid']);
 		$domain = mysql_escape_string($_SESSION['_config']['domain']);
-		$rnd = fopen("/dev/urandom", "r");
-		$hash = md5(fgets($rnd, 64));
-		fclose($rnd);
+
+		$hash = make_hash();
 		$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
 				`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
 		mysql_query($query);
--- a/www/index.php
+++ b/www/index.php
@ -45,47 +45,47 @@
 		unset($_REQUEST['oldid']);
 		if($Q1)
 		{
-			$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
+			$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($A1))));

 			if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
 				$answers++;
-			$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes($_SESSION['lostpw']['A1'])."\n";
+			$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
 		}
 		if($Q2)
 		{
-			$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
+			$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($A2))));

 			if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
 				$answers++;
-			$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes($_SESSION['lostpw']['A2'])."\n";
+			$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
 		}
 		if($Q3)
 		{
-			$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
+			$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($A3))));

 			if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
 				$answers++;
-			$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes($_SESSION['lostpw']['A3'])."\n";
+			$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
 		}
 		if($Q4)
 		{
-			$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
+			$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($A4))));

 			if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
 				$answers++;
-			$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes($_SESSION['lostpw']['A4'])."\n";
+			$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
 		}
 		if($Q5)
 		{
-			$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
+			$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($A5))));

 			if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
 				$answers++;
-			$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes($_SESSION['lostpw']['A5'])."\n";
+			$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
 		}

-		$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass1'])));
-		$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass2'])));
+		$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
+		$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));

 		if($answers < $_SESSION['lostpw']['total'] || $answers < 1)
 		{
@ -123,7 +123,7 @@

 	if($_REQUEST['oldid'] == 5 && $_REQUEST['process'] != "")
 	{
-		$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email'])));
+		$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
 		$_SESSION['lostpw']['day'] = intval($day);
 		$_SESSION['lostpw']['month'] = intval($month);
 		$_SESSION['lostpw']['year'] = intval($year);
@ -174,8 +174,8 @@

 		$_SESSION['_config']['errmsg'] = "";

-		$email = mysql_escape_string(stripslashes(trim($_REQUEST['email'])));
-		$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
+		$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
+		$pword = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['pword']))));
 		$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
 						`password`=password('$pword')) and `verified`=1 and `deleted`=0";
 		$res = mysql_query($query);
@ -231,26 +231,26 @@

 		$_SESSION['_config']['errmsg'] = "";

-		$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email'])));
-		$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
-		$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
-		$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
-		$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
+		$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
+		$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($fname))));
+		$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($mname))));
+		$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($lname))));
+		$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($suffix))));
 		$_SESSION['signup']['day'] = intval($day);
 		$_SESSION['signup']['month'] = intval($month);
 		$_SESSION['signup']['year'] = intval($year);
-		$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
-		$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
-		$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
-		$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
-		$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
-		$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
-		$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
-		$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
-		$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
-		$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
-		$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
-		$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
+		$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes(strip_tags($pword1))));
+		$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes(strip_tags($pword2))));
+		$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
+		$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
+		$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));
+		$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($Q4))));
+		$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($Q5))));
+		$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($A1))));
+		$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($A2))));
+		$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($A3))));
+		$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($A4))));
+		$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($A5))));
 		$_SESSION['signup']['general'] = intval($_POST['general']);
 		$_SESSION['signup']['country'] = intval($_POST['country']);
 		$_SESSION['signup']['regional'] = intval($_POST['regional']);
@ -333,9 +333,7 @@

 		if($id == 2)
 		{
-			$rnd = fopen("/dev/urandom", "r");
-			$hash = md5(fgets($rnd, 64));
-			fclose($rnd);
+			$hash = make_hash();

 			$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
 							`password`=sha1('".$_SESSION['signup']['pword1']."'),