*** empty log message ***

pull/1/head
root 20 years ago
parent 05d4bedcdb
commit ad4325772f

@ -0,0 +1,46 @@
CAcert Inc.
Source Code License Terms
ATTENTION: The files you are about to download contain the source code for certain CAcert software. CAcert is making these source code files available to you for specific limited purposes and you may use these source code files only for these purposes. You should read these license terms carefully and decide whether you are willing to agree to these license terms.
* If you are not willing to agree to these license terms, CAcert is not willing to provide these source code files to you and you must not proceed with the download.
* The CAcert source code is protected by copyrights in Australia and other countries. If you download these source code files and use the source code in ways not permitted by these license terms, you will not only be in breach of these license terms, you will also be infringing CAcert's copyrights.
LICENSE TERMS
1. What You Can Do. Under this license, you have the right to:
1. download the CAcert source code files and make a reasonable number of copies on a single computer as necessary to exercise the rights granted below;
2. review the source code in these source code files in order to verify that there are no unknown vulnerabilities or the like and in order to make your own assessment of the security features of CAcert software;
3. compile the any C source code that may be contained in the CAcert software into an executable code version of the program;
4. run the executable code version on one computer solely in order to assist in your testing and analysis of the security features of the CAcert software; and
5. modify the source code in the course of exercising the rights granted above.
2.
What You Cannot Do. Under this license you do not have the right to, and you may not:
1. modify the source code beyond what is allowed above;
2. make copies of the source code files beyond what is allowed above;
3. remove or alter any notices in the source code files relating to copyrights, or other proprietary rights;
4. give (meaning sell, loan, distribute, or transfer) the source code files to anyone else (unless you are downloading the source code files in the course of performing duties for your employer, in which case you can share the source code files with fellow employees as long as you don't make additional copies and otherwise comply with these license terms ' if this seems overly restrictive, remember that other people who want to have access to these source code files can also come to the CAcert web site to download them, but for important legal reasons we need to require that each copy of the source code be obtained directly from CAcert);
5. use versions of CAcert software created for any purpose or reason other than verifying that there are no unknown vulnerabilities or the like or otherwise making your own assessment of the integrity of the source code and the security features of the CAcert software; or
If you have any questions about what is or is not permitted under these license terms or if you would like to obtain the right to use CAcert source code in ways that are not allowed under these license terms, you should contact CAcert at bugs@cacert.org .
3.
Reporting Bugs and the Like. If you discover any 'bug' or problem in the source code in these files, or anything you think is a 'bug' or problem in the source code or a deficiency or weakness in the security features of the CAcert software, you should report the bug, problem, deficiency, or weakness (including any suggested code fixes you have prepared or any other information you have that could help CAcert reproduce, verify, and correct it) to CAcert at bugs@cacert.org .
CAcert will endeavor to send an email acknowledgment (signed by CAcert) within five business days for those reports that describe a serious security bug, problem, deficiency, or weakness in the CAcert software. If you do not receive such an email acknowledgment to a report you submitted (and you think you should have), please re-submit the report to CAcert as soon as possible.
You agree that you will not post any information about any bug, problem, deficiency, or weakness in the CAcert software on any web site or electronic bulletin board, or otherwise disclose or provide any such information to anyone else, unless you have first reported it to CAcert and until at least 30 days after CAcert sends its email acknowledgment to you.
CAcert takes reported bugs and security weaknesses in its software very seriously and strives to offer its customers the most secure and reliable software products available (given the functionality, features, and price of the software). However, CAcert cannot promise that it will respond to, analyze, attempt to correct, or correct each and every bug or security weakness that is reported to CAcert, and hence CAcert will have no obligation to you under these license terms to respond to, analyze, attempt to correct, or correct any bug, problem, deficiency, or weakness you report to CAcert. If CAcert does correct a bug, problem, deficiency, or weakness in a CAcert software program you report to CAcert under these license terms, the correction will be made available to CAcert's customers in a subsequent patch, update, or general release of the affected CAcert software.
4.
Ownership of CAcert Software and Source Code. All rights not expressly granted to you in these license terms are reserved by CAcert. CAcert retains ownership of all copyrights and other intellectual property rights throughout the world in the CAcert source code and software. You agree that CAcert will be given a perpetual non-exclusive rights to any and all code, and you hereby assign rights in any modifications you make to the source code and in any bug reports you submit to CAcert.
5. Limitation of Liability.
CAcert is willing to provide these source code files to you at no charge as long as you understand and agree that, to the maximum extent allowed under applicable law:
1. THESE SOURCE CODE FILES ARE PROVIDED TO YOU "AS IS" AND CACERT MAKES NO REPRESENTATIONS, WARRANTIES, GUARANTEES, OR CONDITIONS OF ANY KIND REGARDING THESE SOURCE CODE FILES OR THE SOURCE CODE CONTAINED IN THESE FILES. WITHOUT LIMITING THE PREVIOUS SENTENCE, CACERT DISCLAIMS ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, CONDITIONS, OR DUTIES REGARDING (I) MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, OR ACCURACY, (II) THE CACERT SOFTWARE OR SOURCE CODE BEING FREE OF BUGS OR ERRORS, OR (III) USE OF THE CACERT SOFTWARE IN NUCLEAR POWER PLANTS, AIRCRAFT NAVIGATION OR COMMUNICATIONS, AIR TRAFFIC CONTROL, WEAPONS SYSTEMS, OR OTHER HIGH-RISK ACTIVITIES.
2. CACERT'S TOTAL, CUMULATIVE LIABILITY ARISING FROM OR RELATING TO THESE SOURCE CODE FILES AND THE SOURCE CODE CONTAINED IN THESE FILES, UNDER ANY AND ALL THEORIES OF LIABILITY AND CAUSES OF ACTION (WHETHER IN TORT, IN CONTRACT, OR OTHERWISE), WILL BE LIMITED TO DIRECT DAMAGES UP TO AN AGGREGATE AMOUNT OF ONE CUP OF CHEAP DECAFFEINATED COFFEE. WITHOUT LIMITING THE PREVIOUS SENTENCE, IN NO EVENT WILL CACERT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR OTHER CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THESE SOURCE CODE FILES AND THE SOURCE CODE CONTAINED IN THESE FILES.
6.
General Your rights under these license terms are nonexclusive and personal and cannot be assigned, sublicensed, or transferred in any other manner to anyone else, and any attempted assignment, sublicense, or transfer will be null and void. CAcert may terminate your rights under these license terms, by giving you notice of termination, if you breach or violate these license terms; upon termination, you must destroy all copies of the source code files, and all copies of executable code versions of the CAcert software created by compiling any source code files, in your possession or control. These license terms will be governed by Australian copyright laws and the laws of the State of New South Wales (regardless of conflicts of laws principles); the U.N. Convention on Contracts for the International Sale of Goods will not apply to these license terms. Any action or proceeding arising from or relating to this Agreement must be brought in the district court in Sydney Australia, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding. If these license terms are translated into any language other than English, the English version of these license terms will prevail in the event of any inconsistency. These license terms can be amended, and any waiver by CAcert of any right or remedy under these license terms will be effective, only by means of a written document signed by an authorized officer of CAcert that expressly states CAcert's agreement to amend these license terms or waive its rights or remedies.

File diff suppressed because it is too large Load Diff

@ -0,0 +1,190 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
function showheader($title = "CAcert.org", $title2 = "")
{
global $hostname, $id, $PHP_SELF;
$locrest = "";
if($_SESSION['profile']['ccid'] > 0)
$locrest .= "&ccid=".$_SESSION['profile']['ccid'];
if($_SESSION['profile']['regid'] > 0)
$locrest .= "&regid=".$_SESSION['profile']['regid'];
if($_SESSION['profile']['locid'] > 0)
$locrest .= "&locid=".$_SESSION['profile']['locid'];
$tmpid = $id;
if($PHP_SELF == "/wot.php")
$tmpid = $id + 500;
switch($tmpid)
{
case 1:
case 2: $expand = " explode('emailacc');"; break;
case 3:
case 4:
case 5:
case 6: $expand = " explode('clicerts');"; break;
case 7:
case 8:
case 9: $expand = " explode('domains');"; break;
case 10:
case 11:
case 12:
case 15: $expand = " explode('servercert');"; break;
case 13:
case 14:
case 36:
case 507:
case 508: $expand = " explode('mydetails');"; break;
case 16:
case 17:
case 18:
case 19: $expand = " explode('clientorg');"; break;
case 20:
case 21:
case 21:
case 23: $expand = " explode('serverorg');"; break;
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 30:
case 31:
case 32:
case 33:
case 34:
case 35: $expand = " explode('orgadmin');"; break;
case 500:
case 501:
case 502:
case 503:
case 504:
case 505:
case 506: $expand = " explode('WoT');"; break;
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<? // <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ?>
<title><?=$title?></title>
<link rel="stylesheet" href="styles/default.css" type="text/css">
<script language="JavaScript" type="text/javascript">
function explode(e) {
if (document.getElementById(e).style.display == 'none') {
document.getElementById(e).style.display = 'block';
} else {
document.getElementById(e).style.display = 'none';
}
}
function hideall() {
var Nodes = document.getElementsByTagName('ul')
var max = Nodes.length
for(var i = 0;i < max;i++) {
var nodeObj = Nodes.item(i)
if (nodeObj.className == "menu") {
nodeObj.style.display = 'none';
}
}
}
</script>
</head>
<body onload="hideall(); explode('home');<?=$expand?>">
<div id="pagecell1">
<div id="pageName"><br>
<h2><a href="http://www.CAcert.org"><img src="/images/cacert2.png" border="0"></a></h2>
<div id="googlead"><h2>¡Vive la Révolution!</h2></div>
</div>
<div id="pageNav">
<div class="relatedLinks">
<h3>CAcert.org</h3>
<ul class="menu" id="home"><li><a href="index.php"><?=_("Go Home")?></a></li><li><a href="account.php?id=logout"><?=_("Logout")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('mydetails')">+ <?=_("My Details")?></h3>
<ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=7<?=$locrest?>"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('emailacc')">+ <?=_("Email Accounts")?></h3>
<ul class="menu" id="emailacc"><li><a href="account.php?id=1"><?=_("Add")?></a></li><li><a href="account.php?id=2"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('clicerts')">+ <?=_("Client Certificates")?></h3>
<ul class="menu" id="clicerts"><li><a href="account.php?id=3"><?=_("New")?></a></li><li><a href="account.php?id=5"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('domains')">+ <?=_("Domains")?></h3>
<ul class="menu" id="domains"><li><a href="account.php?id=7"><?=_("Add")?></a></li><li><a href="account.php?id=9"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('servercert')">+ <?=_("Server Certificates")?></h3>
<ul class="menu" id="servercert"><li><a href="account.php?id=10"><?=_("New")?></a></li><li><a href="account.php?id=12"><?=_("View")?></a></li></ul>
</div>
<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".$_SESSION['profile']['id']."'")) > 0 || $_SESSION['profile']['admin'] == 1) { ?>
<div class="relatedLinks">
<h3 onclick="explode('clientorg')">+ <?=_("Org Client Certs")?></h3>
<ul class="menu" id="clientorg"><li><a href="account.php?id=16"><?=_("New")?></a></li><li><a href="account.php?id=18"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('serverorg')">+ <?=_("Org Server Certs")?></h3>
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['admin'] == 1) { ?>
<div class="relatedLinks">
<h3 onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['admin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
</div>
<? } ?>
<div class="relatedLinks">
<h3 onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3>
<ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=1"><?=_("Find a Notary")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['points'] < 100) { ?><a href="wot.php?id=2"><?=_("Becoming a Notary")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Notarise Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted Third Parties")?></a></li><li><a href="http://www.cacert.org/docs/CAP.pdf"><?=_("WoT Form")?></a></li><li><a href="http://www.cacert.org/docs/TTP.pdf"><?=_("TTP Form")?></a></li></ul>
</div>
<? if($_SESSION['profile']['id'] == -11) { ?>
<div class="relatedLinks">
<h3 onclick="explode('gpg')">+ <?=_("GPG/PGP Keys")?></h3>
<ul class="menu" id="gpg"><li><a href="#"><?=_("New")?></a></li><li><a href="#"><?=_("View")?></a></li></ul>
</div>
<? } ?>
</div>
<div id="content">
<div class="story">
<h3><?=$title2?></h3>
<? if($_SESSION['_config']['errmsg'] != "") { ?>
<p><? echo $_SESSION['_config']['errmsg']; $_SESSION['_config']['errmsg'] = ""; ?> </p>
<? } ?>
<?
}
function showfooter()
{
global $hostname;
?>
</div>
</div>
<div id="siteInfo"><a href="account.php?id=37"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> |
<a href="account.php?id=39"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2004 by CAcert</div>
</div>
</body>
</html><?
}
?>

@ -0,0 +1,475 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
// header("Content-Type: text/html; charset=UTF-8");
// header("Content-Transfer-Encoding: 8bit");
if($_SERVER[HTTP_HOST] != "www.cacert.org" && $_SERVER[HTTP_HOST] != "secure.cacert.org" && $_SERVER[HTTP_HOST] != "202.87.16.201")
{
if($_SERVER[HTTPS] == "on")
header("location: https://www.cacert.org");
else
header("location: http://www.cacert.org");
exit;
}
session_name("cacert");
session_start();
session_register("_config");
session_register("profile");
session_register("signup");
session_register("lostpw");
$lang = mysql_escape_string(substr(trim($lang), 0, 5));
if($lang != "")
$_SESSION['_config']['language'] = $lang;
if($_SESSION['_config']['language'] == "")
{
$bits = explode(",", strtolower(str_replace(" ", "", $_SERVER[HTTP_ACCEPT_LANGUAGE])));
foreach($bits as $lang)
{
$b = explode(";", $lang);
if(substr($b[1], 0, 2) == "q=")
$c = floatval(substr($b[1], 2));
else
$c = 1;
$value["$c"] = trim($b[0]);
}
krsort($value);
reset($value);
foreach($value as $key => $val)
{
$short = substr($val, 0, 2);
if($val == "en" || $short == "en")
{
$_SESSION['_config']['language'] = "en";
break;
}
if(file_exists("/home/cacert/locale/$val/LC_MESSAGES/messages.mo"))
{
$_SESSION['_config']['language'] = $val;
break;
}
if(file_exists("/home/cacert/locale/$short/LC_MESSAGES/messages.mo"))
{
$_SESSION['_config']['language'] = $short;
break;
}
}
}
if(strlen($_SESSION['_config']['language']) != 5)
switch(substr($_SESSION['_config']['language'], 0, 2))
{
case 'da': $_SESSION['_config']['language'] = "da_DK"; break;
case 'de': $_SESSION['_config']['language'] = "de_DE"; break;
case 'es': $_SESSION['_config']['language'] = "es_ES"; break;
case 'nl': $_SESSION['_config']['language'] = "nl_NL"; break;
case 'pt': $_SESSION['_config']['language'] = "pt_PT"; break;
case 'hu': $_SESSION['_config']['language'] = "hu_HU"; break;
default: $_SESSION['_config']['language'] = "en_AU";
}
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$domain = 'messages';
bindtextdomain("$domain", "/home/cacert/locale");
textdomain("$domain");
$_SESSION['_config'][filepath] = "/home/cacert";
require_once("/home/cacert/includes/mysql.php");
if($_SESSION['profile']['id'] > 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
}
$hostname = "www.cacert.org";
function loadem($section = "index")
{
if($section != "index" && $section != "account" && $section != "help")
{
$section = "index";
}
if($section == "account")
include_once("/home/cacert/includes/account_stuff.php");
if($section == "index")
include_once("/home/cacert/includes/general_stuff.php");
if($section == "help")
include_once("/home/cacert/includes/general_stuff.php");
}
function includeit($id = "0", $section = "index")
{
$id = intval($id);
if($section != "index" && $section != "account" && $section != "wot")
{
$section = "index";
}
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else {
$id = "0";
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else {
$section = "index";
$id = "0";
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else
include_once("/home/cacert/www/error404.php");
}
}
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = 0;
if(preg_match("/\d/", $pwd))
$points++;
if(preg_match("/[a-z]/", $pwd))
$points++;
if(preg_match("/[A-Z]/", $pwd))
$points++;
if(preg_match("/\W/", $pwd))
$points++;
if(preg_match("/\s/", $pwd))
$points++;
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
if(@strstr(strtolower($email), strtolower($pwd)))
$points--;
if(@strstr(strtolower($pwd), strtolower($fname)))
$points--;
if(@strstr(strtolower($fname), strtolower($pwd)))
$points--;
if($mname)
if(@strstr(strtolower($pwd), strtolower($mname)))
$points--;
if($mname)
if(@strstr(strtolower($mname), strtolower($pwd)))
$points--;
if(@strstr(strtolower($pwd), strtolower($lname)))
$points--;
if(@strstr(strtolower($lname), strtolower($pwd)))
$points--;
if($suffix)
if(@strstr(strtolower($pwd), strtolower($suffix)))
$points--;
if($suffix)
if(@strstr(strtolower($suffix), strtolower($pwd)))
$points--;
$do = `grep '$pwd' /usr/share/dict/american-english`;
if($do)
$points--;
return($points);
}
function extractit()
{
$bits = explode(": ", $_SESSION['_config'][subject], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", $bits['1']));
$bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
if(is_array($bits))
foreach($bits as $val)
{
if(!strstr($val, "="))
continue;
$split = explode("=", $val);
$k = $split[0];
$split['1'] = trim($split['1']);
if($k == "CN" && $split['1'])
{
$k = $_SESSION['_config']['cnc'].".".$k;
$_SESSION['_config']['cnc']++;
$_SESSION['_config'][$k] = $split['1'];
}
if($k == "subjectAltName" && $split['1'])
{
$k = $_SESSION['_config']['subaltc'].".".$k;
$_SESSION['_config']['subaltc']++;
$_SESSION['_config'][$k] = $split['1'];
}
}
}
function getcn()
{
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
}
if($_SESSION['_config']['row'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Unable to match '%s' against any domain validated against your account."), $CN);
showfooter();
exit;
} else
$rows[] = $CN;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}
function getalt()
{
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];
if(substr($subalt, 0, 4) != "DNS:")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt);
showfooter();
exit;
}
$alt = substr($subalt, 4);
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
}
if($_SESSION['_config']['altrow'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt);
showfooter();
exit;
} else
$altrows[] = $subalt;
}
$_SESSION['_config']['altrows'] = $altrows;
$_SESSION['_config']['altid'] = $altid;
}
function getcn2()
{
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
}
if($_SESSION['_config']['row'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Unable to match '%s' against any domain validated against your account."), $CN);
showfooter();
exit;
} else
$rows[] = $CN;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}
function getalt2()
{
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];
if(substr($subalt, 0, 4) != "DNS:")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt);
showfooter();
exit;
}
$alt = substr($subalt, 4);
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
}
if($_SESSION['_config']['altrow'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt);
showfooter();
exit;
} else
$altrows[] = $subalt;
}
$_SESSION['_config']['altrows'] = $altrows;
$_SESSION['_config']['altid'] = $altid;
}
function checkownership($hostname)
{
$bits = explode(".", $hostname);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$query = "select * from `org`,`orgdomains`,`orginfo`
where `org`.`memid`='".$_SESSION['profile']['id']."'
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
return(true);
}
}
return(false);
}
function maxpoints($id = 0)
{
if($id <= 0)
$id = $_SESSION['profile']['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
if($points >= 300)
return(200);
if($points >= 200)
return(150);
if($points >= 150)
return(35);
if($points >= 140)
return(30);
if($points >= 130)
return(25);
if($points >= 120)
return(20);
if($points >= 110)
return(15);
if($points >= 100)
return(10);
return(0);
}
?>

@ -0,0 +1,117 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
if(!function_exists("showheader"))
{
function showheader($title = "CAcert.org", $title2 = "")
{
global $hostname, $id;
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<? // <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ?>
<title><?=$title?></title>
<link rel="stylesheet" href="styles/default.css" type="text/css">
</head>
<body>
<div id="pagecell1">
<div id="pageName"><br>
<h2><a href="http://www.cacert.org"><img src="/images/cacert2.png" border="0"></a></h3>
<div id="googlead"><? if($_SERVER['HTTPS'] != "on") { ?><script type="text/javascript">
<!--
google_ad_client = "pub-0959373285729680";
google_alternate_ad_url = "http://text.happysnapper.net/?userid=06f45be90b9c7456f98f304d0cae3405&border=FFFFFF&bg=FFFFFF&nourl=www.cacert.org";
google_ad_width = 468;
google_ad_height = 60;
google_ad_format = "468x60_as";
google_color_link = "000000";
google_color_url = "000000";
google_color_text = "000000";
google_color_border = "FFFFFF";
//-->
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script><? } else {
?><h2>¡Vive la Révolution!</h2><? } ?></div>
</div>
<div id="pageNav">
<div class="relatedLinks">
<h3><?=_("Join CAcert.org")?></h3>
<a href="https://<?=$hostname?>/index.php?id=1"><?=_("Join")?></a>
</div>
<div class="relatedLinks">
<h3><?=_("My Account")?></h3>
<a href="https://www.cacert.org/index.php?id=4"><?=_("Normal Login")?></a>
<a href="https://secure.cacert.org/index.php?id=4"><?=_("Cert Login")?></a>
<a href="https://www.cacert.org/index.php?id=5"><?=_("Lost Password")?></a>
</div>
<div class="relatedLinks">
<h3><?=_("Miscellaneous")?></h3>
<a href="news.php"><?=_("CAcert News")?></a>
<a href="index.php?id=3"><?=_("Root Certificate")?></a>
<a href="revoke.crl"><?=_("CRL")?></a>
<? if($_SESSION['profile']['admin'] == 1) { ?>
<a href="index.php?id=5"><?=_("OCSP Details")?></a>
<? } ?>
<a href="index.php?id=7"><?=_("Credits")?></a>
<a href="index.php?id=8">CAcert Board</a>
</div>
<div class="relatedLinks">
<h3><?=_("Translations")?></h3>
<a href="index.php?id=<?=$id?>&lang=da_DK">Dansk</a>
<a href="index.php?id=<?=$id?>&lang=de_DE">Deutsch</a>
<a href="index.php?id=<?=$id?>&lang=en_EN">English</a>
<a href="index.php?id=<?=$id?>&lang=es_ES">Español</a>
<a href="index.php?id=<?=$id?>&lang=hu_HU">Magyar</a>
<a href="index.php?id=<?=$id?>&lang=nl_NL">Nederlands</a>
<a href="index.php?id=<?=$id?>&lang=pt_PT">Português</a>
</div>
</div>
<div id="content">
<div class="story">
<h3><?=$title2?></h3>
<? if($_SESSION['_config']['errmsg'] != "") { ?>
<p><? echo $_SESSION['_config']['errmsg']; $_SESSION['_config']['errmsg'] = ""; ?> </p>
<? } ?>
<?
}
}
if(!function_exists("showfooter"))
{
function showfooter()
{
global $hostname;
?>
</div>
</div>
<div id="siteInfo">
<? if(!$_SERVER["HTTPS"]) { ?><!--ONESTAT SCRIPTCODE START-->
<script type="text/javascript" src="onestat.js"></script>
<noscript>
<a href="http://www.onestat.com/asp/login.asp?sid=164863">
<img src="http://stat.onestat.com/asp/stat.asp?tagver=1&amp;sid=164863&amp;js=no&amp;" alt="this site tracked by onestat.com" />
</a>
</noscript>
<!--ONESTAT SCRIPTCODE END--><? } ?>
<a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> |
<a href="index.php?id=10"><?=_("Privacy Policy")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
&copy;2004 by CAcert</div>
</div>
</body>
</html><?
}
}
?>

@ -0,0 +1,18 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of LibreSSL.
LibreSSL has been released under a LibreSSL license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
LibreSSL is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
mysql_connect("localhost", "username", "password");
mysql_select_db("database");
?>

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -0,0 +1,28 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("My Account")?></H3>
<p><?=_("Welcome to your account section of the website. Below is a description of the different sections and what they're for.")?></p>
<H4><?=_("CAcert.org")?></H4>
<p><?=_("If you would like to view news items or change languages you can click the logout or go home links. Go home doesn't log you out of the system, just returns you to the front of the website. Logout logs you out of the system.")?></p>
<H4><?=_("My Details")?></H4>
<p><?=_("In this section you will be able to edit your personal information (if you haven't been notarised), update your pass phrase, and lost pass phrase questions. You will also be able to set your location for the Web of Trust, it also effects the email announcement settings which among other things can be set to notify you if you're within 200km of a planned notarisation event. You'll also be able to set additional contact information when you become fully trusted, so others can contact you to meet up outside official events.")?></p>
<h4><?=_("Email Accounts and Client Certificates")?></h4>
<p><?=_("The email account section is for adding/updating/removing email accounts which can be used to issue client certificates against. The client certificate section steps you through generating a certificate signing request for one or more emails you've registered in the email account section.")?></p>
<h4><?=_("Domains and Server Certificates.")?></h4>
<p><?=_("Before you can start issuing certificates for your website, irc server, smtp server, pop3, imap etc you will need to add domains to your account under the domain menu. You can also remove domains from here as well. Once you've added a domain you are free then to go into the Server Certificate section and start pasting CSR into the website and have the website return you a valid certificate for up to 2 years if you have 50 trust points, or 6 months for no trust points.")?></p>
<h4><?=_("Org Client and Server Certificates")?></h4>
<p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p>
<h4><?=_("CAcert Web of Trust")?></h4>
<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate notary section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person notarising your details must retain for verification reasons. You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu")?></p>

@ -0,0 +1,30 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Add Email")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="newemail" value="<?=$_SESSION[profile][newemail]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

@ -0,0 +1,29 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("CAcert Certficiate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/docs/">http://www.cacert.org/docs/</a></p>
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<p><?=_("Paste your CSR below...")?></p>
<form method="post" action="account.php">
<textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

@ -0,0 +1,39 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p>
<?=_("Please make sure the following details are correct before proceeding any further.")?>
</p>
<p>
<? if(is_array($_SESSION[_config][rows]))
foreach($_SESSION[_config][rows] as $row) { ?>
<?=_("CommonName")?>: <?=$row?><br>
<? } ?>
<? if(is_array($_SESSION[_config][altrows]))
foreach($_SESSION[_config][altrows] as $row) { ?>
<?=_("SubjectAltName")?>: <?=$row?><br>
<? } ?>
<?=_("Organisation")?>: <?=$_SESSION[_config][O]?><br>
<?=_("Org. Unit")?>: <?=$_SESSION[_config][OU]?><br>
<?=_("Location")?>: <?=$_SESSION[_config][L]?><br>
<?=_("State/Province")?>: <?=$_SESSION[_config][ST]?><br>
<?=_("Country")?>: <?=$_SESSION[_config][C]?><br>
<?=_("Email Address")?>: <?=$_SESSION[_config][emailAddress]?><br>
<form method="post" action="account.php">
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</p>

@ -0,0 +1,78 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Domain Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
from `domaincerts`,`domains`
where `memid`='".$_SESSION[profile][id]."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id`
ORDER BY `domaincerts`.`modified` desc";
//echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[timeleft] > 0)
$verified = _("Valid");
if($row[timeleft] < 0)
$verified = _("Expired");
if($row[expired] == 0)
$verified = _("Pending");
if($row[revoked] > 0)
$verified = _("Revoked");
?>
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row[id]?>"></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<td class="DataTD"><?=$row[revoke]?></td>
<td class="DataTD"><?=$row[expires]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="process" value="<?=_("Renew")?>">
<input type="submit" name="process" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

@ -0,0 +1,102 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$year = intval(substr($_SESSION['_config']['user'][dob], 0, 4));
$month = intval(substr($_SESSION['_config']['user'][dob], 5, 2));
$day = intval(substr($_SESSION['_config']['user'][dob], 8, 2));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("My Details")?></td>
</tr>
<? if($_SESSION['profile']['points'] < 100) { ?>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=$_SESSION['_config']['user']['fname']?>"></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
<td class="DataTD"><input type="text" name="mname" value="<?=$_SESSION['_config']['user']['mname']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><input type="text" name="lname" value="<?=$_SESSION['_config']['user']['lname']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$_SESSION['_config']['user']['suffix']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><nobr><select name="day">
<?
for($i = 1; $i <= 31; $i++)
{
echo "<option";
if($day == $i)
echo " selected";
echo ">$i</option>";
}
?>
</select>
<select name="month">
<?
for($i = 1; $i <= 12; $i++)
{
echo "<option value='$i'";
if($month == $i)
echo " selected";
echo ">".date("F", mktime(0, 0, 0, $i, 1, 0))."</option>";
}
?>
</select>
<input type="text" name="year" value="<?=$year?>" size="4"></nobr>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
<td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=$_SESSION['_config']['user']['Q1']?>"></td>
<td class="DataTD"><input type="text" name="A1" value="<?=$_SESSION['_config']['user']['A1']?>"></td>
</tr>
<tr>
<td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=$_SESSION['_config']['user']['Q2']?>"></td>
<td class="DataTD"><input type="text" name="A2" value="<?=$_SESSION['_config']['user']['A2']?>"></td>
</tr>
<tr>
<td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=$_SESSION['_config']['user']['Q3']?>"></td>
<td class="DataTD"><input type="text" name="A3" value="<?=$_SESSION['_config']['user']['A3']?>"></td>
</tr>
<tr>
<td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=$_SESSION['_config']['user']['Q4']?>"></td>
<td class="DataTD"><input type="text" name="A4" value="<?=$_SESSION['_config']['user']['A4']?>"></td>
</tr>
<tr>
<td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=$_SESSION['_config']['user']['Q5']?>"></td>
<td class="DataTD"><input type="text" name="A5" value="<?=$_SESSION['_config']['user']['A5']?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

@ -0,0 +1,40 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("Change Pass Phrase")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Old Pass Phrase")?>: </td>
<td class="DataTD"><input type="password" name="oldpassword"></td>
</tr>
<tr>
<td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword1"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword2"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Pass Phrase")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

@ -0,0 +1,35 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$certid = $_SESSION[_config][cert];
$query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
`domains`.`memid`='".$_SESSION[profile][id]."' and
`domains`.`id`=`domaincerts`.`domid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
<?=$cert?>
</pre>

@ -0,0 +1,44 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
<? if(is_array($_SESSION[_config][emails]))
foreach($_SESSION[_config][emails] as $val) { ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="emails[]"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Name")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=$_SESSION[_config][name]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>">
<input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

@ -0,0 +1,137 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if(strstr($_SESSION[_config][agent], "MSIE")) { ?>
<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work.")?>
</object>
<form method="post" action="account.php" name="CertReqForm"><p>
<input type="hidden" name="session" value="UsedXenroll">
<?=_("Key Strength:")?> <select name="CspProvider"></select>
<input type="hidden" name="oldid" value="<?=$id?>">
<INPUT TYPE=HIDDEN NAME="CSR">
<input type="hidden" name="keytype" value="MS">
<input type="submit" name="GenReq" value="Create Certificate"><br>
</p></form>
<script type="text/vbscript" language="vbscript">
<!--
Function GetProviderList()
Dim CspList, cspIndex, ProviderName
On Error Resume Next
count = 0
base = 0
enhanced = 0
CspList = ""
ProviderName = ""
For ProvType = 0 to 13
cspIndex = 0
cec.ProviderType = ProvType
ProviderName = cec.enumProviders(cspIndex,0)
while ProviderName <> ""
Set oOption = document.createElement("OPTION")
oOption.text = ProviderName
oOption.value = ProvType
Document.CertReqForm.CspProvider.add(oOption)
if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
base = count
end if
if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
enhanced = count
end if
cspIndex = cspIndex +1
ProviderName = ""
ProviderName = cec.enumProviders(cspIndex,0)
count = count + 1
wend
Next
Document.CertReqForm.CspProvider.selectedIndex = base
if enhanced then
Document.CertReqForm.CspProvider.selectedIndex = enhanced
end if
End Function
Function CSR(keyflags)
CSR = ""
szName = ""
cec.HashAlgorithm = "MD5"
err.clear
On Error Resume Next
set options = document.all.CspProvider.options
index = options.selectedIndex
cec.providerName = options(index).text
tmpProviderType = options(index).value
cec.providerType = tmpProviderType
cec.KeySpec = 2
if tmpProviderType < 2 Then
cec.KeySpec = 1
end if
cec.GenKeyFlags = &h04000001 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = &h04000000 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
else
Exit Function
end if
end if
cec.GenKeyFlags = 1 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = 0
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
End Function
Sub GenReq_OnClick
Dim TheForm
Set TheForm = Document.CertReqForm
err.clear
result = CSR(2)
if len(result)=0 Then
result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
Exit Sub
end if
TheForm.CSR.Value = result
TheForm.Submit
Exit Sub
End Sub
GetProviderList()
-->
</script>
<? } else { ?>
<p>
<form method="post" action="account.php">
<input type="hidden" name="keytype" value="NS">
<?
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
?>
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</p>
<? } ?>

@ -0,0 +1,82 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Client Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
$query = "select UNIX_TIMESTAMP(`created`) as `created`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id`
from `orgemailcerts`, `org`
where `memid`='".$_SESSION[profile][id]."' and
`org`.`orgid`=`orgemailcerts`.`orgid`
ORDER BY `modified` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="5" class="DataTD">No client certificates are currently listed.</td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[timeleft] > 0)
$verified = _("Valid");
if($row[timeleft] < 0)
$verified = _("Expired");
if($row[expired] == 0)
$verified = _("Pending");
if($row[revoked] > 0)
$verified = _("Revoked");
?>
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row[id]?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<? } else if($verified == _("Pending")) { ?>