@ -7,49 +7,65 @@
$arr = explode("/", $arr['1'], 2);
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
$ref = $arr['0'];
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
$arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
$arr = explode("/", $arr['1'], 2);
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
$siteref = $arr['0'];
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
if($ref == "" || ($ref != $siteref & & $siteref != ""))
{
{
$bits = explode(".", $ref);
if($siteref != "")
for($i = 1; $i < count ( $ bits ) ; $ i + + )
$siterefer = $_SERVER['HTTP_REFERER'];
{
else
if($ref2 != "")
$siterefer = $_REQUEST['refer'];
$ref2 .= ".";
$invalid = 2;
$ref2 .= $bits[$i];
} else {
}
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
order by `domaincerts`.`id`";
$res = mysql_query($query);
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
if(mysql_num_rows($res) < = 0)
{
{
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
$bits = explode(".", $ref);
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
for($i = 1; $i < count ( $ bits ) ; $ i + + )
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
{
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
if($ref2 != "")
$ref2 .= ".";
$ref2 .= $bits[$i];
}
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
$res = mysql_query($query);
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
if(mysql_num_rows($res) < = 0)
{
{
$invalid = 1;
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
} else {
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
$org = 1;
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) < = 0)
{
$invalid = 1;
} else {
$org = 1;
}
}
}
}
}
}
}
$cert = mysql_fetch_assoc($res);
if($invalid == 0)
if($org == 0)
{
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
$cert = mysql_fetch_assoc($res);
`notary`.`to` = `users`.`id` and `notary`.`when` < = '$cert[issued]' GROUP BY `notary`.`to`";
if($org == 0)
$user = mysql_fetch_assoc(mysql_query($query));
{
} else {
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
`notary`.`to` = `users`.`id` and `notary`.`when` < = '$cert[issued]' GROUP BY `notary`.`to`";
$orgi = mysql_fetch_assoc(mysql_query($query));
$user = mysql_fetch_assoc(mysql_query($query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
$orgi = mysql_fetch_assoc(mysql_query($query));
}
}
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
< html >
< html >
@ -90,7 +106,7 @@ google_ad_channel = "";
<? } else { ?>
<? } else { ?>
< p style = "color:red" > This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.< / p >
< p style = "color:red" > This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.< / p >
<? } ?>
<? } ?>
< p >< a href = "report.php?refer= <? = $ _REQUEST[ 'refer' ] ?> " > Problem with this site? Please report it</ a ></ p >
< p >< a href = "report.php?refer= <? = $ siterefer ?> " > Problem with this site? Please report it</ a ></ p >
< / div >
< / div >
< / div >
< / div >
< / body >
< / body >