cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

bug #14

Browse Source
pull/1/head
root 18 years ago
parent 53bc3b971d
commit 9c18d90676
2 changed files with 8 additions and 22 deletions
Show Stats Download Patch File Download Diff File

21
tverify/index.php
Unescape Escape View File

@ -18,15 +18,15 @@
loadem("tverify");
$id = intval($_GET['id']);
if(intval($_POST['id']) > 0)
$id = intval($_POST['id']);
if(intval($_REQUEST['id']) > 0)
$id = intval($_REQUEST['id']);
if($id == 1)
{
$nofile = 1;
$filename = "";
$photoid = $_FILES['photoid'];
if($photoid['error'] == 0 && $_POST["notaryURL"] != "")
if($photoid['error'] == 0 && $_REQUEST["notaryURL"] != "")
{
$filename = $photoid['tmp_name'];
$do = trim(`file -b -i $filename`);
@ -46,9 +46,9 @@
if($id == 1)
{
$email = mysql_escape_string($_POST["email"]);
$password = mysql_escape_string($_POST["pword"]);
$URL = mysql_escape_string($_POST["notaryURL"]);
$email = mysql_escape_string($_REQUEST["email"]);
$password = mysql_escape_string($_REQUEST["pword"]);
$URL = mysql_escape_string($_REQUEST["notaryURL"]);
$CN = mysql_escape_string($_SESSION['_config']['CN']);
$memid = mysql_escape_string($_SESSION['_config']['uid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
@ -136,15 +136,6 @@
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
$body .= "To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
// $body .= "Primary email address: $email ($memid)\n";
// $body .= "Certificate Subject: $CN\n";
// if($URL != "")
// $body .= "Notary URL: $URL\n";
// if($URL != "" && $nofile == 0)
// $body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
// $body .= "\nCurrent Points: ".$tmp['points']."\n\n";
$body .= "We know that by signing into https://tverify.cacert.org that\n";
$body .= "1. they have possession of a cert issued from Thawte\n";
$body .= "2. the person named in the cert has been verified by Thawte's Web of Trust\n";

9
tverify/index/0.php
Unescape Escape View File

@ -34,13 +34,8 @@
$row = mysql_fetch_assoc($account);
$memid = $row['memid'];
$name = trim($_SERVER["SSL_CLIENT_S_DN_CN"]);
while(strstr($name, " "))
$name = str_replace(" ", " ", $name);
$bits = explode(" ", $name);
$firstname = $bits["0"];
$lastname = $bits[count($bits) - 1];
$firstname = trim($_SERVER["SSL_CLIENT_S_DN_G"]);
$lastname = trim($_SERVER["SSL_CLIENT_S_DN_S"])
$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";
if(mysql_num_rows(mysql_query($query)) <= 0)

Write Preview
Loading…
Cancel
Save