cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

bug #14

Browse source
This commit is contained in:
root 2006-08-07 19:52:45 +00:00
parent 53bc3b971d
commit 9c18d90676
2 changed files with 8 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
tverify/index.php
View file

@ -18,15 +18,15 @@
loadem("tverify"); loadem("tverify");
$id = intval($_GET['id']); $id = intval($_GET['id']);
if(intval($_POST['id']) > 0) if(intval($_REQUEST['id']) > 0)
$id = intval($_POST['id']); $id = intval($_REQUEST['id']);
if($id == 1) if($id == 1)
{ {
$nofile = 1; $nofile = 1;
$filename = ""; $filename = "";
$photoid = $_FILES['photoid']; $photoid = $_FILES['photoid'];
if($photoid['error'] == 0 && $_POST["notaryURL"] != "") if($photoid['error'] == 0 && $_REQUEST["notaryURL"] != "")
{ {
$filename = $photoid['tmp_name']; $filename = $photoid['tmp_name'];
$do = trim(`file -b -i $filename`); $do = trim(`file -b -i $filename`);
@ -46,9 +46,9 @@
if($id == 1) if($id == 1)
{ {
$email = mysql_escape_string($_POST["email"]); $email = mysql_escape_string($_REQUEST["email"]);
$password = mysql_escape_string($_POST["pword"]); $password = mysql_escape_string($_REQUEST["pword"]);
$URL = mysql_escape_string($_POST["notaryURL"]); $URL = mysql_escape_string($_REQUEST["notaryURL"]);
$CN = mysql_escape_string($_SESSION['_config']['CN']); $CN = mysql_escape_string($_SESSION['_config']['CN']);
$memid = mysql_escape_string($_SESSION['_config']['uid']); $memid = mysql_escape_string($_SESSION['_config']['uid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
@ -136,15 +136,6 @@
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n"; $body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
$body .= "To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n"; $body .= "To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
// $body .= "Primary email address: $email ($memid)\n";
// $body .= "Certificate Subject: $CN\n";
// if($URL != "")
// $body .= "Notary URL: $URL\n";
// if($URL != "" && $nofile == 0)
// $body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
// $body .= "\nCurrent Points: ".$tmp['points']."\n\n";
$body .= "We know that by signing into https://tverify.cacert.org that\n"; $body .= "We know that by signing into https://tverify.cacert.org that\n";
$body .= "1. they have possession of a cert issued from Thawte\n"; $body .= "1. they have possession of a cert issued from Thawte\n";
$body .= "2. the person named in the cert has been verified by Thawte's Web of Trust\n"; $body .= "2. the person named in the cert has been verified by Thawte's Web of Trust\n";

9
tverify/index/0.php
View file

@ -34,13 +34,8 @@
$row = mysql_fetch_assoc($account); $row = mysql_fetch_assoc($account);
$memid = $row['memid']; $memid = $row['memid'];
$name = trim($_SERVER["SSL_CLIENT_S_DN_CN"]); $firstname = trim($_SERVER["SSL_CLIENT_S_DN_G"]);
while(strstr($name, " ")) $lastname = trim($_SERVER["SSL_CLIENT_S_DN_S"])
$name = str_replace(" ", " ", $name);
$bits = explode(" ", $name);
$firstname = $bits["0"];
$lastname = $bits[count($bits) - 1];
$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'"; $query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";
if(mysql_num_rows(mysql_query($query)) <= 0) if(mysql_num_rows(mysql_query($query)) <= 0)