From 9c18d90676a5c16bc4c037b5836f800108b4fd86 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 7 Aug 2006 19:52:45 +0000 Subject: [PATCH] bug #14 --- tverify/index.php | 21 ++++++--------------- tverify/index/0.php | 9 ++------- 2 files changed, 8 insertions(+), 22 deletions(-) diff --git a/tverify/index.php b/tverify/index.php index 69109aa..1f24ddc 100644 --- a/tverify/index.php +++ b/tverify/index.php @@ -18,15 +18,15 @@ loadem("tverify"); $id = intval($_GET['id']); - if(intval($_POST['id']) > 0) - $id = intval($_POST['id']); + if(intval($_REQUEST['id']) > 0) + $id = intval($_REQUEST['id']); if($id == 1) { $nofile = 1; $filename = ""; $photoid = $_FILES['photoid']; - if($photoid['error'] == 0 && $_POST["notaryURL"] != "") + if($photoid['error'] == 0 && $_REQUEST["notaryURL"] != "") { $filename = $photoid['tmp_name']; $do = trim(`file -b -i $filename`); @@ -46,9 +46,9 @@ if($id == 1) { - $email = mysql_escape_string($_POST["email"]); - $password = mysql_escape_string($_POST["pword"]); - $URL = mysql_escape_string($_POST["notaryURL"]); + $email = mysql_escape_string($_REQUEST["email"]); + $password = mysql_escape_string($_REQUEST["pword"]); + $URL = mysql_escape_string($_REQUEST["notaryURL"]); $CN = mysql_escape_string($_SESSION['_config']['CN']); $memid = mysql_escape_string($_SESSION['_config']['uid']); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); @@ -136,15 +136,6 @@ $body = "There is a new valid request for thawte points tranfer, details as follows:\n\n"; $body .= "To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n"; -// $body .= "Primary email address: $email ($memid)\n"; -// $body .= "Certificate Subject: $CN\n"; -// if($URL != "") -// $body .= "Notary URL: $URL\n"; -// if($URL != "" && $nofile == 0) -// $body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n"; - -// $body .= "\nCurrent Points: ".$tmp['points']."\n\n"; - $body .= "We know that by signing into https://tverify.cacert.org that\n"; $body .= "1. they have possession of a cert issued from Thawte\n"; $body .= "2. the person named in the cert has been verified by Thawte's Web of Trust\n"; diff --git a/tverify/index/0.php b/tverify/index/0.php index d52e8d7..353e5ea 100644 --- a/tverify/index/0.php +++ b/tverify/index/0.php @@ -34,13 +34,8 @@ $row = mysql_fetch_assoc($account); $memid = $row['memid']; - $name = trim($_SERVER["SSL_CLIENT_S_DN_CN"]); - while(strstr($name, " ")) - $name = str_replace(" ", " ", $name); - $bits = explode(" ", $name); - - $firstname = $bits["0"]; - $lastname = $bits[count($bits) - 1]; + $firstname = trim($_SERVER["SSL_CLIENT_S_DN_G"]); + $lastname = trim($_SERVER["SSL_CLIENT_S_DN_S"]) $query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'"; if(mysql_num_rows(mysql_query($query)) <= 0)