cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

*** empty log message ***

Browse Source
pull/1/head
root 20 years ago
parent 05d4bedcdb
commit ad4325772f
94 changed files with 23782 additions and 0 deletions
Show Stats Download Patch File Download Diff File

46
LICENSE
Unescape Escape View File

@ -0,0 +1,46 @@
CAcert Inc.
Source Code License Terms
ATTENTION: The files you are about to download contain the source code for certain CAcert software. CAcert is making these source code files available to you for specific limited purposes and you may use these source code files only for these purposes. You should read these license terms carefully and decide whether you are willing to agree to these license terms.
* If you are not willing to agree to these license terms, CAcert is not willing to provide these source code files to you and you must not proceed with the download.
* The CAcert source code is protected by copyrights in Australia and other countries. If you download these source code files and use the source code in ways not permitted by these license terms, you will not only be in breach of these license terms, you will also be infringing CAcert's copyrights.
LICENSE TERMS
1. What You Can Do. Under this license, you have the right to:
1. download the CAcert source code files and make a reasonable number of copies on a single computer as necessary to exercise the rights granted below;
2. review the source code in these source code files in order to verify that there are no unknown vulnerabilities or the like and in order to make your own assessment of the security features of CAcert software;
3. compile the any C source code that may be contained in the CAcert software into an executable code version of the program;
4. run the executable code version on one computer solely in order to assist in your testing and analysis of the security features of the CAcert software; and
5. modify the source code in the course of exercising the rights granted above.
2.
What You Cannot Do. Under this license you do not have the right to, and you may not:
1. modify the source code beyond what is allowed above;
2. make copies of the source code files beyond what is allowed above;
3. remove or alter any notices in the source code files relating to copyrights, or other proprietary rights;
4. give (meaning sell, loan, distribute, or transfer) the source code files to anyone else (unless you are downloading the source code files in the course of performing duties for your employer, in which case you can share the source code files with fellow employees as long as you don't make additional copies and otherwise comply with these license terms ' if this seems overly restrictive, remember that other people who want to have access to these source code files can also come to the CAcert web site to download them, but for important legal reasons we need to require that each copy of the source code be obtained directly from CAcert);
5. use versions of CAcert software created for any purpose or reason other than verifying that there are no unknown vulnerabilities or the like or otherwise making your own assessment of the integrity of the source code and the security features of the CAcert software; or
If you have any questions about what is or is not permitted under these license terms or if you would like to obtain the right to use CAcert source code in ways that are not allowed under these license terms, you should contact CAcert at bugs@cacert.org .
3.
Reporting Bugs and the Like. If you discover any 'bug' or problem in the source code in these files, or anything you think is a 'bug' or problem in the source code or a deficiency or weakness in the security features of the CAcert software, you should report the bug, problem, deficiency, or weakness (including any suggested code fixes you have prepared or any other information you have that could help CAcert reproduce, verify, and correct it) to CAcert at bugs@cacert.org .
CAcert will endeavor to send an email acknowledgment (signed by CAcert) within five business days for those reports that describe a serious security bug, problem, deficiency, or weakness in the CAcert software. If you do not receive such an email acknowledgment to a report you submitted (and you think you should have), please re-submit the report to CAcert as soon as possible.
You agree that you will not post any information about any bug, problem, deficiency, or weakness in the CAcert software on any web site or electronic bulletin board, or otherwise disclose or provide any such information to anyone else, unless you have first reported it to CAcert and until at least 30 days after CAcert sends its email acknowledgment to you.
CAcert takes reported bugs and security weaknesses in its software very seriously and strives to offer its customers the most secure and reliable software products available (given the functionality, features, and price of the software). However, CAcert cannot promise that it will respond to, analyze, attempt to correct, or correct each and every bug or security weakness that is reported to CAcert, and hence CAcert will have no obligation to you under these license terms to respond to, analyze, attempt to correct, or correct any bug, problem, deficiency, or weakness you report to CAcert. If CAcert does correct a bug, problem, deficiency, or weakness in a CAcert software program you report to CAcert under these license terms, the correction will be made available to CAcert's customers in a subsequent patch, update, or general release of the affected CAcert software.
4.
Ownership of CAcert Software and Source Code. All rights not expressly granted to you in these license terms are reserved by CAcert. CAcert retains ownership of all copyrights and other intellectual property rights throughout the world in the CAcert source code and software. You agree that CAcert will be given a perpetual non-exclusive rights to any and all code, and you hereby assign rights in any modifications you make to the source code and in any bug reports you submit to CAcert.
5. Limitation of Liability.
CAcert is willing to provide these source code files to you at no charge as long as you understand and agree that, to the maximum extent allowed under applicable law:
1. THESE SOURCE CODE FILES ARE PROVIDED TO YOU "AS IS" AND CACERT MAKES NO REPRESENTATIONS, WARRANTIES, GUARANTEES, OR CONDITIONS OF ANY KIND REGARDING THESE SOURCE CODE FILES OR THE SOURCE CODE CONTAINED IN THESE FILES. WITHOUT LIMITING THE PREVIOUS SENTENCE, CACERT DISCLAIMS ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, CONDITIONS, OR DUTIES REGARDING (I) MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, OR ACCURACY, (II) THE CACERT SOFTWARE OR SOURCE CODE BEING FREE OF BUGS OR ERRORS, OR (III) USE OF THE CACERT SOFTWARE IN NUCLEAR POWER PLANTS, AIRCRAFT NAVIGATION OR COMMUNICATIONS, AIR TRAFFIC CONTROL, WEAPONS SYSTEMS, OR OTHER HIGH-RISK ACTIVITIES.
2. CACERT'S TOTAL, CUMULATIVE LIABILITY ARISING FROM OR RELATING TO THESE SOURCE CODE FILES AND THE SOURCE CODE CONTAINED IN THESE FILES, UNDER ANY AND ALL THEORIES OF LIABILITY AND CAUSES OF ACTION (WHETHER IN TORT, IN CONTRACT, OR OTHERWISE), WILL BE LIMITED TO DIRECT DAMAGES UP TO AN AGGREGATE AMOUNT OF ONE CUP OF CHEAP DECAFFEINATED COFFEE. WITHOUT LIMITING THE PREVIOUS SENTENCE, IN NO EVENT WILL CACERT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR OTHER CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THESE SOURCE CODE FILES AND THE SOURCE CODE CONTAINED IN THESE FILES.
6.
General Your rights under these license terms are nonexclusive and personal and cannot be assigned, sublicensed, or transferred in any other manner to anyone else, and any attempted assignment, sublicense, or transfer will be null and void. CAcert may terminate your rights under these license terms, by giving you notice of termination, if you breach or violate these license terms; upon termination, you must destroy all copies of the source code files, and all copies of executable code versions of the CAcert software created by compiling any source code files, in your possession or control. These license terms will be governed by Australian copyright laws and the laws of the State of New South Wales (regardless of conflicts of laws principles); the U.N. Convention on Contracts for the International Sale of Goods will not apply to these license terms. Any action or proceeding arising from or relating to this Agreement must be brought in the district court in Sydney Australia, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding. If these license terms are translated into any language other than English, the English version of these license terms will prevail in the event of any inconsistency. These license terms can be amended, and any waiver by CAcert of any right or remedy under these license terms will be effective, only by means of a written document signed by an authorized officer of CAcert that expressly states CAcert's agreement to amend these license terms or waive its rights or remedies.

1700
includes/account.php
View File

File diff suppressed because it is too large Load Diff

190
includes/account_stuff.php
Unescape Escape View File

@ -0,0 +1,190 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
function showheader($title = "CAcert.org", $title2 = "")
{
global $hostname, $id, $PHP_SELF;
$locrest = "";
if($_SESSION['profile']['ccid'] > 0)
$locrest .= "&ccid=".$_SESSION['profile']['ccid'];
if($_SESSION['profile']['regid'] > 0)
$locrest .= "&regid=".$_SESSION['profile']['regid'];
if($_SESSION['profile']['locid'] > 0)
$locrest .= "&locid=".$_SESSION['profile']['locid'];
$tmpid = $id;
if($PHP_SELF == "/wot.php")
$tmpid = $id + 500;
switch($tmpid)
{
case 1:
case 2: $expand = " explode('emailacc');"; break;
case 3:
case 4:
case 5:
case 6: $expand = " explode('clicerts');"; break;
case 7:
case 8:
case 9: $expand = " explode('domains');"; break;
case 10:
case 11:
case 12:
case 15: $expand = " explode('servercert');"; break;
case 13:
case 14:
case 36:
case 507:
case 508: $expand = " explode('mydetails');"; break;
case 16:
case 17:
case 18:
case 19: $expand = " explode('clientorg');"; break;
case 20:
case 21:
case 21:
case 23: $expand = " explode('serverorg');"; break;
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 30:
case 31:
case 32:
case 33:
case 34:
case 35: $expand = " explode('orgadmin');"; break;
case 500:
case 501:
case 502:
case 503:
case 504:
case 505:
case 506: $expand = " explode('WoT');"; break;
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<? // <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ?>
<title><?=$title?></title>
<link rel="stylesheet" href="styles/default.css" type="text/css">
<script language="JavaScript" type="text/javascript">
function explode(e) {
if (document.getElementById(e).style.display == 'none') {
document.getElementById(e).style.display = 'block';
} else {
document.getElementById(e).style.display = 'none';
}
}
function hideall() {
var Nodes = document.getElementsByTagName('ul')
var max = Nodes.length
for(var i = 0;i < max;i++) {
var nodeObj = Nodes.item(i)
if (nodeObj.className == "menu") {
nodeObj.style.display = 'none';
}
}
}
</script>
</head>
<body onload="hideall(); explode('home');<?=$expand?>">
<div id="pagecell1">
<div id="pageName"><br>
<h2><a href="http://www.CAcert.org"><img src="/images/cacert2.png" border="0"></a></h2>
<div id="googlead"><h2>¡Vive la Révolution!</h2></div>
</div>
<div id="pageNav">
<div class="relatedLinks">
<h3>CAcert.org</h3>
<ul class="menu" id="home"><li><a href="index.php"><?=_("Go Home")?></a></li><li><a href="account.php?id=logout"><?=_("Logout")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('mydetails')">+ <?=_("My Details")?></h3>
<ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=7<?=$locrest?>"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('emailacc')">+ <?=_("Email Accounts")?></h3>
<ul class="menu" id="emailacc"><li><a href="account.php?id=1"><?=_("Add")?></a></li><li><a href="account.php?id=2"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('clicerts')">+ <?=_("Client Certificates")?></h3>
<ul class="menu" id="clicerts"><li><a href="account.php?id=3"><?=_("New")?></a></li><li><a href="account.php?id=5"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('domains')">+ <?=_("Domains")?></h3>
<ul class="menu" id="domains"><li><a href="account.php?id=7"><?=_("Add")?></a></li><li><a href="account.php?id=9"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('servercert')">+ <?=_("Server Certificates")?></h3>
<ul class="menu" id="servercert"><li><a href="account.php?id=10"><?=_("New")?></a></li><li><a href="account.php?id=12"><?=_("View")?></a></li></ul>
</div>
<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".$_SESSION['profile']['id']."'")) > 0 || $_SESSION['profile']['admin'] == 1) { ?>
<div class="relatedLinks">
<h3 onclick="explode('clientorg')">+ <?=_("Org Client Certs")?></h3>
<ul class="menu" id="clientorg"><li><a href="account.php?id=16"><?=_("New")?></a></li><li><a href="account.php?id=18"><?=_("View")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 onclick="explode('serverorg')">+ <?=_("Org Server Certs")?></h3>
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['admin'] == 1) { ?>
<div class="relatedLinks">
<h3 onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['admin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
</div>
<? } ?>
<div class="relatedLinks">
<h3 onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3>
<ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=1"><?=_("Find a Notary")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['points'] < 100) { ?><a href="wot.php?id=2"><?=_("Becoming a Notary")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Notarise Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted Third Parties")?></a></li><li><a href="http://www.cacert.org/docs/CAP.pdf"><?=_("WoT Form")?></a></li><li><a href="http://www.cacert.org/docs/TTP.pdf"><?=_("TTP Form")?></a></li></ul>
</div>
<? if($_SESSION['profile']['id'] == -11) { ?>
<div class="relatedLinks">
<h3 onclick="explode('gpg')">+ <?=_("GPG/PGP Keys")?></h3>
<ul class="menu" id="gpg"><li><a href="#"><?=_("New")?></a></li><li><a href="#"><?=_("View")?></a></li></ul>
</div>
<? } ?>
</div>
<div id="content">
<div class="story">
<h3><?=$title2?></h3>
<? if($_SESSION['_config']['errmsg'] != "") { ?>
<p><? echo $_SESSION['_config']['errmsg']; $_SESSION['_config']['errmsg'] = ""; ?> </p>
<? } ?>
<?
}
function showfooter()
{
global $hostname;
?>
</div>
</div>
<div id="siteInfo"><a href="account.php?id=37"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> |
<a href="account.php?id=39"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2004 by CAcert</div>
</div>
</body>
</html><?
}
?>

475
includes/general.php
Unescape Escape View File

@ -0,0 +1,475 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
// header("Content-Type: text/html; charset=UTF-8");
// header("Content-Transfer-Encoding: 8bit");
if($_SERVER[HTTP_HOST] != "www.cacert.org" && $_SERVER[HTTP_HOST] != "secure.cacert.org" && $_SERVER[HTTP_HOST] != "202.87.16.201")
{
if($_SERVER[HTTPS] == "on")
header("location: https://www.cacert.org");
else
header("location: http://www.cacert.org");
exit;
}
session_name("cacert");
session_start();
session_register("_config");
session_register("profile");
session_register("signup");
session_register("lostpw");
$lang = mysql_escape_string(substr(trim($lang), 0, 5));
if($lang != "")
$_SESSION['_config']['language'] = $lang;
if($_SESSION['_config']['language'] == "")
{
$bits = explode(",", strtolower(str_replace(" ", "", $_SERVER[HTTP_ACCEPT_LANGUAGE])));
foreach($bits as $lang)
{
$b = explode(";", $lang);
if(substr($b[1], 0, 2) == "q=")
$c = floatval(substr($b[1], 2));
else
$c = 1;
$value["$c"] = trim($b[0]);
}
krsort($value);
reset($value);
foreach($value as $key => $val)
{
$short = substr($val, 0, 2);
if($val == "en" || $short == "en")
{
$_SESSION['_config']['language'] = "en";
break;
}
if(file_exists("/home/cacert/locale/$val/LC_MESSAGES/messages.mo"))
{
$_SESSION['_config']['language'] = $val;
break;
}
if(file_exists("/home/cacert/locale/$short/LC_MESSAGES/messages.mo"))
{
$_SESSION['_config']['language'] = $short;
break;
}
}
}
if(strlen($_SESSION['_config']['language']) != 5)
switch(substr($_SESSION['_config']['language'], 0, 2))
{
case 'da': $_SESSION['_config']['language'] = "da_DK"; break;
case 'de': $_SESSION['_config']['language'] = "de_DE"; break;
case 'es': $_SESSION['_config']['language'] = "es_ES"; break;
case 'nl': $_SESSION['_config']['language'] = "nl_NL"; break;
case 'pt': $_SESSION['_config']['language'] = "pt_PT"; break;
case 'hu': $_SESSION['_config']['language'] = "hu_HU"; break;
default: $_SESSION['_config']['language'] = "en_AU";
}
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$domain = 'messages';
bindtextdomain("$domain", "/home/cacert/locale");
textdomain("$domain");
$_SESSION['_config'][filepath] = "/home/cacert";
require_once("/home/cacert/includes/mysql.php");
if($_SESSION['profile']['id'] > 0)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
}
$hostname = "www.cacert.org";
function loadem($section = "index")
{
if($section != "index" && $section != "account" && $section != "help")
{
$section = "index";
}
if($section == "account")
include_once("/home/cacert/includes/account_stuff.php");
if($section == "index")
include_once("/home/cacert/includes/general_stuff.php");
if($section == "help")
include_once("/home/cacert/includes/general_stuff.php");
}
function includeit($id = "0", $section = "index")
{
$id = intval($id);
if($section != "index" && $section != "account" && $section != "wot")
{
$section = "index";
}
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else {
$id = "0";
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else {
$section = "index";
$id = "0";
if(file_exists("/home/cacert/www/$section/$id.php"))
include_once("/home/cacert/www/$section/$id.php");
else
include_once("/home/cacert/www/error404.php");
}
}
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = 0;
if(preg_match("/\d/", $pwd))
$points++;
if(preg_match("/[a-z]/", $pwd))
$points++;
if(preg_match("/[A-Z]/", $pwd))
$points++;
if(preg_match("/\W/", $pwd))
$points++;
if(preg_match("/\s/", $pwd))
$points++;
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
if(@strstr(strtolower($email), strtolower($pwd)))
$points--;
if(@strstr(strtolower($pwd), strtolower($fname)))
$points--;
if(@strstr(strtolower($fname), strtolower($pwd)))
$points--;
if($mname)
if(@strstr(strtolower($pwd), strtolower($mname)))
$points--;
if($mname)
if(@strstr(strtolower($mname), strtolower($pwd)))
$points--;
if(@strstr(strtolower($pwd), strtolower($lname)))
$points--;
if(@strstr(strtolower($lname), strtolower($pwd)))
$points--;
if($suffix)
if(@strstr(strtolower($pwd), strtolower($suffix)))
$points--;
if($suffix)
if(@strstr(strtolower($suffix), strtolower($pwd)))
$points--;
$do = `grep '$pwd' /usr/share/dict/american-english`;
if($do)
$points--;
return($points);
}
function extractit()
{
$bits = explode(": ", $_SESSION['_config'][subject], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", $bits['1']));
$bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
if(is_array($bits))
foreach($bits as $val)
{
if(!strstr($val, "="))
continue;
$split = explode("=", $val);
$k = $split[0];
$split['1'] = trim($split['1']);
if($k == "CN" && $split['1'])
{
$k = $_SESSION['_config']['cnc'].".".$k;
$_SESSION['_config']['cnc']++;
$_SESSION['_config'][$k] = $split['1'];
}
if($k == "subjectAltName" && $split['1'])
{
$k = $_SESSION['_config']['subaltc'].".".$k;
$_SESSION['_config']['subaltc']++;
$_SESSION['_config'][$k] = $split['1'];
}
}
}
function getcn()
{
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
}
if($_SESSION['_config']['row'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Unable to match '%s' against any domain validated against your account."), $CN);
showfooter();
exit;
} else
$rows[] = $CN;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}
function getalt()
{
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];
if(substr($subalt, 0, 4) != "DNS:")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt);
showfooter();
exit;
}
$alt = substr($subalt, 4);
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
}
if($_SESSION['_config']['altrow'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt);
showfooter();
exit;
} else
$altrows[] = $subalt;
}
$_SESSION['_config']['altrows'] = $altrows;
$_SESSION['_config']['altid'] = $altid;
}
function getcn2()
{
for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
{
$CN = $_SESSION['_config']["$cnc.CN"];
$bits = explode(".", $CN);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
$rowid[] = $_SESSION['_config']['row']['id'];
break;
}
}
if($_SESSION['_config']['row'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Unable to match '%s' against any domain validated against your account."), $CN);
showfooter();
exit;
} else
$rows[] = $CN;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}
function getalt2()
{
for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
{
$subalt = $_SESSION['_config']["$altc.subjectAltName"];
if(substr($subalt, 0, 4) != "DNS:")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt);
showfooter();
exit;
}
$alt = substr($subalt, 4);
$bits = explode(".", $alt);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$query = "select * from `orginfo`,`orgdomains`,`org` where
`org`.`memid`='".$_SESSION['profile']['id']."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
$altid[] = $_SESSION['_config']['altrow']['id'];
break;
}
}
if($_SESSION['_config']['altrow'] == "")
{
showheader(_("My CAcert.org Account!"));
printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt);
showfooter();
exit;
} else
$altrows[] = $subalt;
}
$_SESSION['_config']['altrows'] = $altrows;
$_SESSION['_config']['altid'] = $altid;
}
function checkownership($hostname)
{
$bits = explode(".", $hostname);
$dom = "";
for($i = count($bits) - 1; $i >= 0; $i--)
{
if($dom)
$dom = $bits[$i].".".$dom;
else
$dom = $bits[$i];
$query = "select * from `org`,`orgdomains`,`orginfo`
where `org`.`memid`='".$_SESSION['profile']['id']."'
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['_config']['row'] = mysql_fetch_assoc($res);
return(true);
}
}
return(false);
}
function maxpoints($id = 0)
{
if($id <= 0)
$id = $_SESSION['profile']['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
if($points >= 300)
return(200);
if($points >= 200)
return(150);
if($points >= 150)
return(35);
if($points >= 140)
return(30);
if($points >= 130)
return(25);
if($points >= 120)
return(20);
if($points >= 110)
return(15);
if($points >= 100)
return(10);
return(0);
}
?>

117
includes/general_stuff.php
Unescape Escape View File

@ -0,0 +1,117 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
if(!function_exists("showheader"))
{
function showheader($title = "CAcert.org", $title2 = "")
{
global $hostname, $id;
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<? // <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ?>
<title><?=$title?></title>
<link rel="stylesheet" href="styles/default.css" type="text/css">
</head>
<body>
<div id="pagecell1">
<div id="pageName"><br>
<h2><a href="http://www.cacert.org"><img src="/images/cacert2.png" border="0"></a></h3>
<div id="googlead"><? if($_SERVER['HTTPS'] != "on") { ?><script type="text/javascript">
<!--
google_ad_client = "pub-0959373285729680";
google_alternate_ad_url = "http://text.happysnapper.net/?userid=06f45be90b9c7456f98f304d0cae3405&border=FFFFFF&bg=FFFFFF&nourl=www.cacert.org";
google_ad_width = 468;
google_ad_height = 60;
google_ad_format = "468x60_as";
google_color_link = "000000";
google_color_url = "000000";
google_color_text = "000000";
google_color_border = "FFFFFF";
//-->
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script><? } else {
?><h2>¡Vive la Révolution!</h2><? } ?></div>
</div>
<div id="pageNav">
<div class="relatedLinks">
<h3><?=_("Join CAcert.org")?></h3>
<a href="https://<?=$hostname?>/index.php?id=1"><?=_("Join")?></a>
</div>
<div class="relatedLinks">
<h3><?=_("My Account")?></h3>
<a href="https://www.cacert.org/index.php?id=4"><?=_("Normal Login")?></a>
<a href="https://secure.cacert.org/index.php?id=4"><?=_("Cert Login")?></a>
<a href="https://www.cacert.org/index.php?id=5"><?=_("Lost Password")?></a>
</div>
<div class="relatedLinks">
<h3><?=_("Miscellaneous")?></h3>
<a href="news.php"><?=_("CAcert News")?></a>
<a href="index.php?id=3"><?=_("Root Certificate")?></a>
<a href="revoke.crl"><?=_("CRL")?></a>
<? if($_SESSION['profile']['admin'] == 1) { ?>
<a href="index.php?id=5"><?=_("OCSP Details")?></a>
<? } ?>
<a href="index.php?id=7"><?=_("Credits")?></a>
<a href="index.php?id=8">CAcert Board</a>
</div>
<div class="relatedLinks">
<h3><?=_("Translations")?></h3>
<a href="index.php?id=<?=$id?>&lang=da_DK">Dansk</a>
<a href="index.php?id=<?=$id?>&lang=de_DE">Deutsch</a>
<a href="index.php?id=<?=$id?>&lang=en_EN">English</a>
<a href="index.php?id=<?=$id?>&lang=es_ES">Español</a>
<a href="index.php?id=<?=$id?>&lang=hu_HU">Magyar</a>
<a href="index.php?id=<?=$id?>&lang=nl_NL">Nederlands</a>
<a href="index.php?id=<?=$id?>&lang=pt_PT">Português</a>
</div>
</div>
<div id="content">
<div class="story">
<h3><?=$title2?></h3>
<? if($_SESSION['_config']['errmsg'] != "") { ?>
<p><? echo $_SESSION['_config']['errmsg']; $_SESSION['_config']['errmsg'] = ""; ?> </p>
<? } ?>
<?
}
}
if(!function_exists("showfooter"))
{
function showfooter()
{
global $hostname;
?>
</div>
</div>
<div id="siteInfo">
<? if(!$_SERVER["HTTPS"]) { ?><!--ONESTAT SCRIPTCODE START-->
<script type="text/javascript" src="onestat.js"></script>
<noscript>
<a href="http://www.onestat.com/asp/login.asp?sid=164863">
<img src="http://stat.onestat.com/asp/stat.asp?tagver=1&amp;sid=164863&amp;js=no&amp;" alt="this site tracked by onestat.com" />
</a>
</noscript>
<!--ONESTAT SCRIPTCODE END--><? } ?>
<a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> |
<a href="index.php?id=10"><?=_("Privacy Policy")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
&copy;2004 by CAcert</div>
</div>
</body>
</html><?
}
}
?>

18
includes/mysql.php.sample
Unescape Escape View File

@ -0,0 +1,18 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of LibreSSL.
LibreSSL has been released under a LibreSSL license
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
LibreSSL is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
mysql_connect("localhost", "username", "password");
mysql_select_db("database");
?>

2062
locale/da.po
View File

File diff suppressed because it is too large Load Diff

2072
locale/de.po
View File

File diff suppressed because it is too large Load Diff

1911
locale/es.po
View File

File diff suppressed because it is too large Load Diff

1978
locale/fr.po
View File

File diff suppressed because it is too large Load Diff

2334
locale/hu.po
View File

File diff suppressed because it is too large Load Diff

2201
locale/nl.po
View File

File diff suppressed because it is too large Load Diff

2063
locale/pt.po
View File

File diff suppressed because it is too large Load Diff

1592
messages.po
View File

File diff suppressed because it is too large Load Diff

28
pages/account/0.php
Unescape Escape View File

@ -0,0 +1,28 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("My Account")?></H3>
<p><?=_("Welcome to your account section of the website. Below is a description of the different sections and what they're for.")?></p>
<H4><?=_("CAcert.org")?></H4>
<p><?=_("If you would like to view news items or change languages you can click the logout or go home links. Go home doesn't log you out of the system, just returns you to the front of the website. Logout logs you out of the system.")?></p>
<H4><?=_("My Details")?></H4>
<p><?=_("In this section you will be able to edit your personal information (if you haven't been notarised), update your pass phrase, and lost pass phrase questions. You will also be able to set your location for the Web of Trust, it also effects the email announcement settings which among other things can be set to notify you if you're within 200km of a planned notarisation event. You'll also be able to set additional contact information when you become fully trusted, so others can contact you to meet up outside official events.")?></p>
<h4><?=_("Email Accounts and Client Certificates")?></h4>
<p><?=_("The email account section is for adding/updating/removing email accounts which can be used to issue client certificates against. The client certificate section steps you through generating a certificate signing request for one or more emails you've registered in the email account section.")?></p>
<h4><?=_("Domains and Server Certificates.")?></h4>
<p><?=_("Before you can start issuing certificates for your website, irc server, smtp server, pop3, imap etc you will need to add domains to your account under the domain menu. You can also remove domains from here as well. Once you've added a domain you are free then to go into the Server Certificate section and start pasting CSR into the website and have the website return you a valid certificate for up to 2 years if you have 50 trust points, or 6 months for no trust points.")?></p>
<h4><?=_("Org Client and Server Certificates")?></h4>
<p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p>
<h4><?=_("CAcert Web of Trust")?></h4>
<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate notary section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person notarising your details must retain for verification reasons. You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu")?></p>

30
pages/account/1.php
Unescape Escape View File

@ -0,0 +1,30 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Add Email")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="newemail" value="<?=$_SESSION[profile][newemail]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

29
pages/account/10.php
Unescape Escape View File

@ -0,0 +1,29 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("CAcert Certficiate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/docs/">http://www.cacert.org/docs/</a></p>
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<p><?=_("Paste your CSR below...")?></p>
<form method="post" action="account.php">
<textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

39
pages/account/11.php
Unescape Escape View File

@ -0,0 +1,39 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p>
<?=_("Please make sure the following details are correct before proceeding any further.")?>
</p>
<p>
<? if(is_array($_SESSION[_config][rows]))
foreach($_SESSION[_config][rows] as $row) { ?>
<?=_("CommonName")?>: <?=$row?><br>
<? } ?>
<? if(is_array($_SESSION[_config][altrows]))
foreach($_SESSION[_config][altrows] as $row) { ?>
<?=_("SubjectAltName")?>: <?=$row?><br>
<? } ?>
<?=_("Organisation")?>: <?=$_SESSION[_config][O]?><br>
<?=_("Org. Unit")?>: <?=$_SESSION[_config][OU]?><br>
<?=_("Location")?>: <?=$_SESSION[_config][L]?><br>
<?=_("State/Province")?>: <?=$_SESSION[_config][ST]?><br>
<?=_("Country")?>: <?=$_SESSION[_config][C]?><br>
<?=_("Email Address")?>: <?=$_SESSION[_config][emailAddress]?><br>
<form method="post" action="account.php">
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</p>

78
pages/account/12.php
Unescape Escape View File

@ -0,0 +1,78 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Domain Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
from `domaincerts`,`domains`
where `memid`='".$_SESSION[profile][id]."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id`
ORDER BY `domaincerts`.`modified` desc";
//echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[timeleft] > 0)
$verified = _("Valid");
if($row[timeleft] < 0)
$verified = _("Expired");
if($row[expired] == 0)
$verified = _("Pending");
if($row[revoked] > 0)
$verified = _("Revoked");
?>
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row[id]?>"></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<td class="DataTD"><?=$row[revoke]?></td>
<td class="DataTD"><?=$row[expires]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="process" value="<?=_("Renew")?>">
<input type="submit" name="process" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

102
pages/account/13.php
Unescape Escape View File

@ -0,0 +1,102 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$year = intval(substr($_SESSION['_config']['user'][dob], 0, 4));
$month = intval(substr($_SESSION['_config']['user'][dob], 5, 2));
$day = intval(substr($_SESSION['_config']['user'][dob], 8, 2));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("My Details")?></td>
</tr>
<? if($_SESSION['profile']['points'] < 100) { ?>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=$_SESSION['_config']['user']['fname']?>"></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
<td class="DataTD"><input type="text" name="mname" value="<?=$_SESSION['_config']['user']['mname']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><input type="text" name="lname" value="<?=$_SESSION['_config']['user']['lname']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$_SESSION['_config']['user']['suffix']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><nobr><select name="day">
<?
for($i = 1; $i <= 31; $i++)
{
echo "<option";
if($day == $i)
echo " selected";
echo ">$i</option>";
}
?>
</select>
<select name="month">
<?
for($i = 1; $i <= 12; $i++)
{
echo "<option value='$i'";
if($month == $i)
echo " selected";
echo ">".date("F", mktime(0, 0, 0, $i, 1, 0))."</option>";
}
?>
</select>
<input type="text" name="year" value="<?=$year?>" size="4"></nobr>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
<td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=$_SESSION['_config']['user']['Q1']?>"></td>
<td class="DataTD"><input type="text" name="A1" value="<?=$_SESSION['_config']['user']['A1']?>"></td>
</tr>
<tr>
<td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=$_SESSION['_config']['user']['Q2']?>"></td>
<td class="DataTD"><input type="text" name="A2" value="<?=$_SESSION['_config']['user']['A2']?>"></td>
</tr>
<tr>
<td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=$_SESSION['_config']['user']['Q3']?>"></td>
<td class="DataTD"><input type="text" name="A3" value="<?=$_SESSION['_config']['user']['A3']?>"></td>
</tr>
<tr>
<td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=$_SESSION['_config']['user']['Q4']?>"></td>
<td class="DataTD"><input type="text" name="A4" value="<?=$_SESSION['_config']['user']['A4']?>"></td>
</tr>
<tr>
<td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=$_SESSION['_config']['user']['Q5']?>"></td>
<td class="DataTD"><input type="text" name="A5" value="<?=$_SESSION['_config']['user']['A5']?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

40
pages/account/14.php
Unescape Escape View File

@ -0,0 +1,40 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("Change Pass Phrase")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Old Pass Phrase")?>: </td>
<td class="DataTD"><input type="password" name="oldpassword"></td>
</tr>
<tr>
<td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword1"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword2"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Pass Phrase")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

35
pages/account/15.php
Unescape Escape View File

@ -0,0 +1,35 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$certid = $_SESSION[_config][cert];
$query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
`domains`.`memid`='".$_SESSION[profile][id]."' and
`domains`.`id`=`domaincerts`.`domid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
<?=$cert?>
</pre>

44
pages/account/16.php
Unescape Escape View File

@ -0,0 +1,44 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
<? if(is_array($_SESSION[_config][emails]))
foreach($_SESSION[_config][emails] as $val) { ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="emails[]"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Name")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=$_SESSION[_config][name]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>">
<input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

137
pages/account/17.php
Unescape Escape View File

@ -0,0 +1,137 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if(strstr($_SESSION[_config][agent], "MSIE")) { ?>
<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work.")?>
</object>
<form method="post" action="account.php" name="CertReqForm"><p>
<input type="hidden" name="session" value="UsedXenroll">
<?=_("Key Strength:")?> <select name="CspProvider"></select>
<input type="hidden" name="oldid" value="<?=$id?>">
<INPUT TYPE=HIDDEN NAME="CSR">
<input type="hidden" name="keytype" value="MS">
<input type="submit" name="GenReq" value="Create Certificate"><br>
</p></form>
<script type="text/vbscript" language="vbscript">
<!--
Function GetProviderList()
Dim CspList, cspIndex, ProviderName
On Error Resume Next
count = 0
base = 0
enhanced = 0
CspList = ""
ProviderName = ""
For ProvType = 0 to 13
cspIndex = 0
cec.ProviderType = ProvType
ProviderName = cec.enumProviders(cspIndex,0)
while ProviderName <> ""
Set oOption = document.createElement("OPTION")
oOption.text = ProviderName
oOption.value = ProvType
Document.CertReqForm.CspProvider.add(oOption)
if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
base = count
end if
if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
enhanced = count
end if
cspIndex = cspIndex +1
ProviderName = ""
ProviderName = cec.enumProviders(cspIndex,0)
count = count + 1
wend
Next
Document.CertReqForm.CspProvider.selectedIndex = base
if enhanced then
Document.CertReqForm.CspProvider.selectedIndex = enhanced
end if
End Function
Function CSR(keyflags)
CSR = ""
szName = ""
cec.HashAlgorithm = "MD5"
err.clear
On Error Resume Next
set options = document.all.CspProvider.options
index = options.selectedIndex
cec.providerName = options(index).text
tmpProviderType = options(index).value
cec.providerType = tmpProviderType
cec.KeySpec = 2
if tmpProviderType < 2 Then
cec.KeySpec = 1
end if
cec.GenKeyFlags = &h04000001 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = &h04000000 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
else
Exit Function
end if
end if
cec.GenKeyFlags = 1 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = 0
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
End Function
Sub GenReq_OnClick
Dim TheForm
Set TheForm = Document.CertReqForm
err.clear
result = CSR(2)
if len(result)=0 Then
result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
Exit Sub
end if
TheForm.CSR.Value = result
TheForm.Submit
Exit Sub
End Sub
GetProviderList()
-->
</script>
<? } else { ?>
<p>
<form method="post" action="account.php">
<input type="hidden" name="keytype" value="NS">
<?
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
?>
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</p>
<? } ?>

82
pages/account/18.php
Unescape Escape View File

@ -0,0 +1,82 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Client Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
$query = "select UNIX_TIMESTAMP(`created`) as `created`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id`
from `orgemailcerts`, `org`
where `memid`='".$_SESSION[profile][id]."' and
`org`.`orgid`=`orgemailcerts`.`orgid`
ORDER BY `modified` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="5" class="DataTD">No client certificates are currently listed.</td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[timeleft] > 0)
$verified = _("Valid");
if($row[timeleft] < 0)
$verified = _("Expired");
if($row[expired] == 0)
$verified = _("Pending");
if($row[revoked] > 0)
$verified = _("Revoked");
?>
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row[id]?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=$row[CN]?></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<? } ?>
<td class="DataTD"><?=$row[revoke]?></td>
<td class="DataTD"><?=$row[expires]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="process" value="<?=_("Renew")?>">
<input type="submit" name="process" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

110
pages/account/19.php
Unescape Escape View File

@ -0,0 +1,110 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$certid = intval($cert);
$query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='$certid' and
`org`.`memid`='".$_SESSION[profile][id]."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
if($row[keytype] == "NS")
{
if($install == 1)
{
header("Content-Type: application/x-x509-user-cert");
header("Content-Length: ".strlen($cert));
header('Content-Disposition: inline; filename="'.$row[CN].'.crt"');
echo $cert;
exit;
} else {
showheader(_("My CAcert.org Account!"));
echo "<h3>"._("Installing your certificate")."</h3>\n";
echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n";
echo "<p><a href='account.php?id=19&amp;cert=$certid&amp;install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n";
showfooter();
exit;
}
} else {
showheader(_("My CAcert.org Account!"));
?>
<h3><?=_("Installing your certificate")?></h3>
<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?>
<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work.")?>
</OBJECT>
<FORM >
<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>">
</FORM>
</P>
<SCRIPT LANGUAGE=VBS>
Sub CertInst_OnClick
certchain = _
<?
$lines = explode("\n", $cert);
if(is_array($lines))
foreach($lines as $line)
{
$line = trim($line);
if($line != "-----END CERTIFICATE-----")
echo "\"$line\" & _\n";
else {
echo "\"$line\"\n";
break;
}
}
?>
On Error Resume Next
cec.DeleteRequestCert = FALSE
err.clear
cec.WriteCertToCSP = TRUE
cec.acceptPKCS7(certchain)
if err.number <> 0 Then
cec.WriteCertToCSP = FALSE
end if
err.clear
cec.acceptPKCS7(certchain)
if err.number <> 0 then
errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _
"(Error code " & err.number & ")"
msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>")
else
okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _
"See Tools->Internet Options->Content->Certificates"
msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>")
end if
End Sub
</SCRIPT>
<?
showfooter();
exit;
}
?>

57
pages/account/2.php
Unescape Escape View File

@ -0,0 +1,57 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="4" class="title"><?=_("Email Accounts")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Default")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Delete")?></td>
<td class="DataTD"><?=_("Address")?></td>
<?
$query = "select * from `email` where `memid`='".$_SESSION[profile][id]."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
if($row[hash] == "")
$verified = _("Verified");
else
$verified = _("Unverified");
?>
<tr>
<td class="DataTD"><input type="radio" name="emailid" value="<?=$row[id]?>"
<? if($row[email] == $_SESSION[profile][email]) echo " checked"; ?>></td>
<td class="DataTD"><?=$verified?></td>
<? if($row[email] == $_SESSION[profile][email]) { ?>
<td class="DataTD"><?=_("N/A")?></td>
<? } else { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
<? } ?>
<td class="DataTD"><?=$row[email]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Make Default")?>"></td>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p>
<?=_("Please Note: You can not set an unverified account as a default account, and you can not remove a default account. To remove the default account you must set another verified account as the default.")?>
</p>

22
pages/account/20.php
Unescape Escape View File

@ -0,0 +1,22 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p><i><?=_("Insert AUP for certificate use to cover our ass...")?></i></p>
<p><?=_("Paste your CSR below...")?></p>
<form method="post" action="account.php">
<textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

41
pages/account/21.php
Unescape Escape View File

@ -0,0 +1,41 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$org = $_SESSION[_config][org];
?>
<p>
<?=_("Please make sure the following details are correct before proceeding any further.")?>
</p>
<p>
<? if(is_array($_SESSION[_config][rows]))
foreach($_SESSION[_config][rows] as $row) { ?>
<?=_("CommonName")?>: <?=$row?><br>
<? } ?>
<? if(is_array($_SESSION[_config][altrows]))
foreach($_SESSION[_config][altrows] as $row) { ?>
<?=_("SubjectAltName")?>: <?=$row?><br>
<? } ?>
<?=_("Organisation")?>: <?=$org[O]?><br>
<?=_("Org. Unit")?>: <?=$org[OU]?><br>
<?=_("Location")?>: <?=$org[L]?><br>
<?=_("State/Province")?>: <?=$org[ST]?><br>
<?=_("Country")?>: <?=$org[C]?><br>
<form method="post" action="account.php">
<input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</p>

78
pages/account/22.php
Unescape Escape View File

@ -0,0 +1,78 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Domain Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
$query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id`
from `orgdomaincerts`,`org`
where `org`.`memid`='".$_SESSION[profile][id]."' and `orgdomaincerts`.`orgid`=`org`.`orgid`
ORDER BY `orgdomaincerts`.`modified` desc";
//echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[timeleft] > 0)
$verified = _("Valid");
if($row[timeleft] < 0)
$verified = _("Expired");
if($row[expired] == 0)
$verified = _("Pending");
if($row[revoked] > 0)
$verified = _("Revoked");
?>
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row[id]?>"></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=23&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<td class="DataTD"><?=$row[revoke]?></td>
<td class="DataTD"><?=$row[expires]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="process" value="<?=_("Renew")?>">
<input type="submit" name="process" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

35
pages/account/23.php
Unescape Escape View File

@ -0,0 +1,35 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$certid = $_SESSION[_config][cert];
$query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and
`org`.`memid`='".$_SESSION[profile][id]."' and
`org`.`orgid`=`orgdomaincerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
<?=$cert?>
</pre>

49
pages/account/24.php
Unescape Escape View File

@ -0,0 +1,49 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Organisation")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Organisation Name")?>:</td>
<td class="DataTD"><input type="text" name="O" value="<?=$_SESSION[_config][O]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Contact Email")?>:</td>
<td class="DataTD"><input type="text" name="contact" value="<?=$_SESSION[_config][contact]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Town/Suburb")?>:</td>
<td class="DataTD"><input type="text" name="L" value="<?=$_SESSION[_config][L]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("State/Province")?>:</td>
<td class="DataTD"><input type="text" name="ST" value="<?=$_SESSION[_config][ST]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Country")?>:</td>
<td class="DataTD"><input type="text" name="C" value="<?=$_SESSION[_config][C]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><textarea name="comments" cols=15 rows=5><?=$_SESSION[_config][comments]?></textarea></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

44
pages/account/25.php
Unescape Escape View File

@ -0,0 +1,44 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
<tr>
<td colspan="5" class="title"><?=_("Organisations")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Organisation")?></td>
<td class="DataTD"><?=_("Domains")?></td>
<td class="DataTD"><?=_("Admins")?></td>
<td class="DataTD"><?=_("Edit")?></td>
<td class="DataTD"><?=_("Delete")?></td>
</tr>
<?
$query = "select * from `orginfo`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$r2 = mysql_query("select * from `org` where `orgid`='$row[id]'");
$admincount = mysql_num_rows($r2);
$r2 = mysql_query("select * from `orgdomains` where `orgid`='$row[id]'");
$domcount = mysql_num_rows($r2);
?>
<tr>
<td class="DataTD"><?=$row[O]?>, <?=$row[ST]?> <?=$row[C]?></td>
<td class="DataTD"><a href="account.php?id=26&orgid=<?=$row[id]?>"><?=_("Domains")?> (<?=$domcount?>)</a></td>
<td class="DataTD"><a href="account.php?id=32&orgid=<?=$row[id]?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
<td class="DataTD"><a href="account.php?id=27&orgid=<?=$row[id]?>"><?=_("Edit")?></a></td>
<td class="DataTD"><a href="account.php?id=31&orgid=<?=$row[id]?>"><?=_("Delete")?></a></td>
</tr>
<? } ?>
</table>

39
pages/account/26.php
Unescape Escape View File

@ -0,0 +1,39 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="3" class="title"><? printf(_("%s's Domains"), $row[O]); ?> (<a href="account.php?id=28"><?=_("Add")?></a>)</td>
</tr>
<tr>
<td class="DataTD"><?=_("Domain")?></td>
<td class="DataTD"><?=_("Edit")?></td>
<td class="DataTD"><?=_("Delete")?></td>
</tr>
<?
$query = "select * from `orgdomains` where `orgid`='".$_SESSION[_config][orgid]."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=$row[domain]?></a></td>
<td class="DataTD"><a href="account.php?id=29&domid=<?=$row[id]?>"><?=_("Edit")?></a></td>
<td class="DataTD"><a href="account.php?id=30&domid=<?=$row[id]?>"><?=_("Delete")?></a></td>
</tr>
<? } ?>
</table>

52
pages/account/27.php
Unescape Escape View File

@ -0,0 +1,52 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'"));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Edit Organisation")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Organisation Name")?>:</td>
<td class="DataTD"><input type="text" name="O" value="<?=$row[O]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Contact Email")?>:</td>
<td class="DataTD"><input type="text" name="contact" value="<?=$row[contact]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Town/Suburb")?>:</td>
<td class="DataTD"><input type="text" name="L" value="<?=$row[L]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("State/Province")?>:</td>
<td class="DataTD"><input type="text" name="ST" value="<?=$row[ST]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Country")?>:</td>
<td class="DataTD"><input type="text" name="C" value="<?=$row[C]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><textarea name="comments" cols=15 rows=5><?=$row[comments]?></textarea></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

33
pages/account/28.php
Unescape Escape View File

@ -0,0 +1,33 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("New Domain for %s"), $row[O]); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><input type="text" name="domainname" value="<?=$_SESSION[_config][domain]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

39
pages/account/29.php
Unescape Escape View File

@ -0,0 +1,39 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".$_SESSION[_config][domid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$org = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
?>
<h3><?=_("Warning!")?></h3>
<p><?=_("Hitting update will also revoke all existing certificates issued under this domain")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Update Domain for %s"), $org[O]); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><input type="text" name="domainname" value="<?=$_SESSION[_config][domain]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

66
pages/account/3.php
Unescape Escape View File

@ -0,0 +1,66 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("CAcert Certficiate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/docs/">http://www.cacert.org/docs/</a></p>
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
<?
$query = "select * from `email` where `memid`='".$_SESSION[profile][id]."' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" name="addid[]" value="<?=$row[id]?>"></td>
<td class="DataTD"><?=$row[email]?></td>
</tr>
<? }
if($_SESSION['profile']['points'] > 50)
{
$fname = $_SESSION[profile][fname];
$mname = $_SESSION[profile][mname];
$lname = $_SESSION[profile][lname];
$suffix = $_SESSION[profile][suffix];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
<? if($fname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname?>'<br><? } ?>
<? if($fname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="5"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

39
pages/account/30.php
Unescape Escape View File

@ -0,0 +1,39 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".$_SESSION[_config][domid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$org = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
?>
<h3><?=_("Warning!")?></h3>
<p><?=_("Hitting delete will also revoke all existing certificates issued under this domain")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Delete Domain for %s"), $org[O]); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), $_SESSION[_config][domain]); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
<input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

35
pages/account/31.php
Unescape Escape View File

@ -0,0 +1,35 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$org = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Delete Organisation"), $org[O]); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), $row[O]); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
<input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

49
pages/account/32.php
Unescape Escape View File

@ -0,0 +1,49 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
<tr>
<td colspan="5" class="title"><? printf(_("%s's Administrators"), $row[O]); ?> (<a href="account.php?id=33"><?=_("Add")?></a>)</td>
</tr>
<tr>
<td class="DataTD"><?=_("Administrator")?></td>
<td class="DataTD"><?=_("Master Account")?></td>
<td class="DataTD"><?=_("Department")?></td>
<td class="DataTD"><?=_("Comments")?></td>
<td class="DataTD"><?=_("Delete")?></td>
</tr>
<?
$query = "select * from `org` where `orgid`='".$_SESSION[_config][orgid]."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
?>
<tr>
<td class="DataTD"><?=$user[fname]?> <?=$user[lname]?></a></td>
<td class="DataTD"><?=$row[masteracc]?></a></td>
<td class="DataTD"><?=$row[OU]?></a></td>
<td class="DataTD"><?=$row[comments]?></a></td>
<? if($row[masteracc] == 0 || $_SESSION['profile']['admin'] == 1) { ?>
<td class="DataTD"><a href="account.php?id=34&orgid=<?=$_SESSION[_config][orgid]?>&memid=<?=$row[memid]?>"><?=_("Delete")?></a></td>
<? } else { ?>
<td class="DataTD">N/A</td>
<? } ?>
</tr>
<? } ?>
</table>

51
pages/account/33.php
Unescape Escape View File

@ -0,0 +1,51 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" value="<?=$_SESSION[_config][email]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION[_config][OU]?>"></td>
</tr>
<? if($_SESSION['profile']['admin'] == 1) { ?>
<tr>
<td class="DataTD"><?=_("Master Account")?>:</td>
<td class="DataTD"><select name="masteracc">
<option value="0">No</option>
<option value="1"<? if($_SESSION[_config][masteracc] == 1) echo " selected"; ?>>Yes</option>
</select></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION[_config][comments]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

39
pages/account/34.php
Unescape Escape View File

@ -0,0 +1,39 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".$_SESSION[_config][orgid]."'";
$row = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$org = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `users` where `id`='".$_SESSION[_config][memid]."'";
$user = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Delete Admin for %s"), $org[O]); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), $user[fname]." ".$user[lname]); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
<input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

38
pages/account/35.php
Unescape Escape View File

@ -0,0 +1,38 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("Organisations")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Organisation")?></td>
<td class="DataTD"><?=_("Admins")?></td>
</tr>
<?
$query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".$_SESSION[profile][id]."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$r2 = mysql_query("select * from `org` where `orgid`='$row[id]'");
$admincount = mysql_num_rows($r2);
$r2 = mysql_query("select * from `orgdomains` where `orgid`='$row[id]'");
$domcount = mysql_num_rows($r2);
?>
<tr>
<td class="DataTD"><?=$row['O']?>, <?=$row['ST']?> <?=$row['C']?></td>
<td class="DataTD"><a href="account.php?id=32&orgid=<?=$row[id]?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
</tr>
<? } ?>
</table>

32
pages/account/36.php
Unescape Escape View File

@ -0,0 +1,32 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("My Alert Settings")?></td>
</tr>
<tr>
<td class="DataTD" valign="top"><b><?=_("Alert me if")?></b>: </td>
<td class="DataTD" align="left"><input type="checkbox" name="general" value="1"<? if($_POST['general']) echo " checked"; ?>>General Announcements<br>
<input type="checkbox" name="country" value="1"<? if($_POST['country']) echo " checked"; ?>>Country Announcements<br>
<input type="checkbox" name="regional" value="1"<? if($_POST['regional']) echo " checked"; ?>>Regional Announcements<br>
<input type="checkbox" name="radius" value="1"<? if($_POST['radius']) echo " checked"; ?>>Within 200km Announcements</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update My Settings")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

137
pages/account/4.php
Unescape Escape View File

@ -0,0 +1,137 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if(strstr($_SESSION[_config][agent], "MSIE")) { ?>
<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work.")?>
</object>
<form method="post" action="account.php" name="CertReqForm"><p>
<input type="hidden" name="session" value="UsedXenroll">
<?=_("Key Strength:")?> <select name="CspProvider"></select>
<input type="hidden" name="oldid" value="<?=$id?>">
<INPUT TYPE=HIDDEN NAME="CSR">
<input type="hidden" name="keytype" value="MS">
<input type="submit" name="GenReq" value="Create Certificate"><br>
</p></form>
<script type="text/vbscript" language="vbscript">
<!--
Function GetProviderList()
Dim CspList, cspIndex, ProviderName
On Error Resume Next
count = 0
base = 0
enhanced = 0
CspList = ""
ProviderName = ""
For ProvType = 0 to 13
cspIndex = 0
cec.ProviderType = ProvType
ProviderName = cec.enumProviders(cspIndex,0)
while ProviderName <> ""
Set oOption = document.createElement("OPTION")
oOption.text = ProviderName
oOption.value = ProvType
Document.CertReqForm.CspProvider.add(oOption)
if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
base = count
end if
if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
enhanced = count
end if
cspIndex = cspIndex +1
ProviderName = ""
ProviderName = cec.enumProviders(cspIndex,0)
count = count + 1
wend
Next
Document.CertReqForm.CspProvider.selectedIndex = base
if enhanced then
Document.CertReqForm.CspProvider.selectedIndex = enhanced
end if
End Function
Function CSR(keyflags)
CSR = ""
szName = ""
cec.HashAlgorithm = "MD5"
err.clear
On Error Resume Next
set options = document.all.CspProvider.options
index = options.selectedIndex
cec.providerName = options(index).text
tmpProviderType = options(index).value
cec.providerType = tmpProviderType
cec.KeySpec = 2
if tmpProviderType < 2 Then
cec.KeySpec = 1
end if
cec.GenKeyFlags = &h04000001 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = &h04000000 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
else
Exit Function
end if
end if
cec.GenKeyFlags = 1 OR keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = keyflags
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
if len(CSR)<>0 then Exit Function
cec.GenKeyFlags = 0
CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
End Function
Sub GenReq_OnClick
Dim TheForm
Set TheForm = Document.CertReqForm
err.clear
result = CSR(2)
if len(result)=0 Then
result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
Exit Sub
end if
TheForm.CSR.Value = result
TheForm.Submit
Exit Sub
End Sub
GetProviderList()
-->
</script>
<? } else { ?>
<p>
<form method="post" action="account.php">
<input type="hidden" name="keytype" value="NS">
<?
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
?>
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</p>
<? } ?>

86
pages/account/5.php
Unescape Escape View File

@ -0,0 +1,86 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Client Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
`emailcerts`.`expire` as `expires`, `emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`,
`email`.`email` as `email`
from `emailcerts`, `emaillink`, `email`
where `emailcerts`.`memid`='".$_SESSION[profile][id]."'
and `emailcerts`.`id`=`emaillink`.`emailcertsid`
and `emaillink`.`emailid` = `email`.`id`
GROUP BY `emailcerts`.`id`
ORDER BY `emailcerts`.`modified` desc";
// echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="5" class="DataTD">No client certificates are currently listed.</td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[timeleft] > 0)
$verified = _("Valid");
if($row[timeleft] < 0)
$verified = _("Expired");
if($row[expired] == 0)
$verified = _("Pending");
if($row[revoked] > 0)
$verified = _("Revoked");
?>
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&cert=<?=$row[id]?>"><?=$row['email']?></a></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=$row[CN]?></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&cert=<?=$row[id]?>"><?=$row[CN]?></a></td>
<? } ?>
<td class="DataTD"><?=$row[revoke]?></td>
<td class="DataTD"><?=$row[expires]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="5"><input type="submit" name="process" value="<?=_("Renew")?>">
<input type="submit" name="process" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

108
pages/account/6.php
Unescape Escape View File

@ -0,0 +1,108 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$certid = intval($cert);
$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".$_SESSION[profile][id]."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo _("No such certificate attached to your account.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
if($row[keytype] == "NS")
{
if($install == 1)
{
header("Content-Type: application/x-x509-user-cert");
header("Content-Length: ".strlen($cert));
header('Content-Disposition: inline; filename="'.$row[CN].'.crt"');
echo $cert;
exit;
} else {
showheader(_("My CAcert.org Account!"));
echo "<h3>"._("Installing your certificate")."</h3>\n";
echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n";
echo "<p><a href='account.php?id=6&amp;cert=$certid&amp;install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n";
showfooter();
exit;
}
} else {
showheader(_("My CAcert.org Account!"));
?>
<h3><?=_("Installing your certificate")?></h3>
<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?>
<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work.")?>
</OBJECT>
<FORM >
<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>">
</FORM>
</P>
<SCRIPT LANGUAGE=VBS>
Sub CertInst_OnClick
certchain = _
<?
$lines = explode("\n", $cert);
if(is_array($lines))
foreach($lines as $line)
{
$line = trim($line);
if($line != "-----END CERTIFICATE-----")
echo "\"$line\" & _\n";
else {
echo "\"$line\"\n";
break;
}
}
?>
On Error Resume Next
cec.DeleteRequestCert = FALSE
err.clear
cec.WriteCertToCSP = TRUE
cec.acceptPKCS7(certchain)
if err.number <> 0 Then
cec.WriteCertToCSP = FALSE
end if
err.clear
cec.acceptPKCS7(certchain)
if err.number <> 0 then
errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _
"(Error code " & err.number & ")"
msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>")
else
okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _
"See Tools->Internet Options->Content->Certificates"
msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>")
end if
End Sub
</SCRIPT>
<?
showfooter();
exit;
}
?>

32
pages/account/7.php
Unescape Escape View File

@ -0,0 +1,32 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Add Domain")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Domain")?>: </td>
<td class="DataTD" width="125"><input type="text" name="newdomain"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

33
pages/account/8.php
Unescape Escape View File

@ -0,0 +1,33 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Please choose an authority email address")?></td>
</tr>
<? if(is_array($_SESSION[_config][addy]))
foreach($_SESSION[_config][addy] as $add) { ?>
<tr>
<td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked"; $tagged = 1; } ?>></td>
<td class="DataTD" width="175"><?=$add?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Probe")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

57
pages/account/9.php
Unescape Escape View File

@ -0,0 +1,57 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="3" class="title"><?=_("Domains")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Address")?></td>
<?
$query = "select * from `domains` where `memid`='".$_SESSION[profile][id]."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
<td colspan="3" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
if($row[hash] == "")
$verified = _("Verified");
else
$verified = _("Unverified");
?>
<tr>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=$row[domain]?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p>
<?=_("Please Note: You can not set an unverified account as a default account, and you can not remove a default account. To remove the default account you must set another verified account as the default.")?>
</p>

6
pages/account/errs
Unescape Escape View File

@ -0,0 +1,6 @@
Using configuration from /etc/ssl/openssl-server.cnf
DEBUG[load_index]: unique_subject = "no"
Revoking Certificate 9AB9.
Data Base Updated
Using configuration from /etc/ssl/openssl-server.cnf
DEBUG[load_index]: unique_subject = "no"

12
pages/help/0.php
Unescape Escape View File

@ -0,0 +1,12 @@
<h3><?=_("Help!")?></h3>
<p><?=_("Following are several tips you may find useful.")?></p>
<ul>
<li><a href='help.php?id=1'><?=_("Certificate Retrieval Proposal")?></a></li>
<li><a href='help.php?id=2'><?=_("Digital Signing (a guide for normal people)")?></a></li>
<li><a href='help.php?id=3'><?=_("Generating a New Key Pair and CSR for IIS 5.0")?></a></li>
<li><a href='help.php?id=4'><?=_("How do I generate a private key and CSR using OpenSSL?")?></a></li>
<li><a href='help.php?id=5'><?=_("How do I get a secured by CAcert emblem on my site?")?></a></li>
<li><a href='help.php?id=6'><?=_("How do I get a Server certificate from CAcert?")?></a></li>
<li><a href='help.php?id=7'><?=_("How does CAcert Protect it's root private key?")?></a></li>
</ul>

41
pages/index/0.php
Unescape Escape View File

@ -0,0 +1,41 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("Introduction")?></h3>
<p><?=_("It's been a long time coming, but the wait was worthwhile, finally you are able to get security at the right price... Free!")?></p>
<p><?=_("For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth.")?></p>
<p><?=_("The primary goals are:")?>
<ul>
<li><?=_("Inclusion into mainstream browsers!")?></li>
<li><?=_("To provide a trust mechanism to go with the security aspects of encryption.")?></li>
</ul>
</p>
<br><br>
<h3><?=_("Latest News")?></h3>
<?
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 2";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
if($row['story'] != "")
echo "<p>[ <a href='news.php?id=".$row['id']."'>Full Story</a> ]</p>\n";
}
if(mysql_num_rows(mysql_query("select * from `news`")) > 2)
echo "<p>[ <a href='news.php'>More News Items</a> ]</p>";
?>

111
pages/index/1.php
Unescape Escape View File

@ -0,0 +1,111 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
<form method="post" action="index.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("My Details")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=$_SESSION[signup][fname]?>"></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
<td class="DataTD"><input type="text" name="mname" value="<?=$_SESSION[signup][mname]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><input type="text" name="lname" value="<?=$_SESSION[signup][lname]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$_SESSION[signup][suffix]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><nobr><select name="day">
<?
for($i = 1; $i <= 31; $i++)
{
echo "<option";
if($_SESSION[signup][day] == $i)
echo " selected";
echo ">$i</option>";
}
?>
</select>
<select name="month">
<?
for($i = 1; $i <= 12; $i++)
{
echo "<option value='$i'";
if($_SESSION[signup][month] == $i)
echo " selected";
echo ">".date("F", mktime(0, 0, 0, $i, 1, 0))."</option>";
}
?>
</select>
<input type="text" name="year" value="<?=$_SESSION[signup][year]?>" size="4"></nobr>
</td>
</tr>
<tr>
<td class="DataTD"><?=_("Email Address")?>: </td>
<td class="DataTD"><input type="text" name="email" value="<?=$_SESSION[signup][email]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword1"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword2"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions - Please enter five questions and your reponses to be used for security verifcation.")?></td>
</tr>
<tr>
<td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=$_SESSION[signup][Q1]?>"></td>
<td class="DataTD"><input type="text" name="A1" value="<?=$_SESSION[signup][A1]?>"></td>
</tr>
<tr>
<td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=$_SESSION[signup][Q2]?>"></td>
<td class="DataTD"><input type="text" name="A2" value="<?=$_SESSION[signup][A2]?>"></td>
</tr>
<tr>
<td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=$_SESSION[signup][Q3]?>"></td>
<td class="DataTD"><input type="text" name="A3" value="<?=$_SESSION[signup][A3]?>"></td>
</tr>
<tr>
<td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=$_SESSION[signup][Q4]?>"></td>
<td class="DataTD"><input type="text" name="A4" value="<?=$_SESSION[signup][A4]?>"></td>
</tr>
<tr>
<td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=$_SESSION[signup][Q5]?>"></td>
<td class="DataTD"><input type="text" name="A5" value="<?=$_SESSION[signup][A5]?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

61
pages/index/10.php
Unescape Escape View File

@ -0,0 +1,61 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("Privacy Policy")?></h3>
<p>
<?=_("This policy discloses what information we gather about you when you visit any of our Web site. It describes how we use that information and how you can control it.")?>
</p>
<p>
<?=_("We collect two kinds of information about users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?>
</p>
<h4><?=_("Personal information")?></h4>
<p>
<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address date of birth and some lost pass phrase question and answers.")?>
</p>
<p>
<?=_("We do not share your information with any other organisation.")?>
</p>
<h4><?=_("Aggregated tracking information")?></h4>
<p>
<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?>
</p>
<h4><?=_("Cookies")?></h4>
<p>
<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?>
</p>
<p>
<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?>
</p>
<h4><?=_("Notification of changes")?></h4>
<p>
<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?>
</p>
<h4><?=_("How to update, correct, or delete your information")?></h4>
<p>
<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?>
</p>
<p><?=_("If you need to contact us in writing, address your mail to:")?></p>
<p>
CAcert Inc.<br>
P.O. Box 75<br>
Banksia NSW 2216<br>
Australia
</p>

36
pages/index/11.php
Unescape Escape View File

@ -0,0 +1,36 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Contact Us")?></H3>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<input type="hidden" name="oldid" value="<?=$id?>">
<?=_("Your Name")?>: <input type="text" name="who"><br>
<?=_("Your Email")?>: <input type="text" name="email"><br>
<?=_("Subject")?>: <input type="text" name="subject"><br>
<textarea name="message" cols="40" rows="10"></textarea><br>
<input type="submit" name="process" value="<?=_("Send")?>">
</form></p>
<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
<p><?=_("Postal Address:")?><br>
CAcert Inc.<br>
P.O. Box 75<br>
Banksia NSW 2216<br>
Australia</p>
<p>IRC<br>
<a href="irc://irc.CAcert.org/#CAcert">irc://irc.CAcert.org/#CAcert</a></p>

17
pages/index/12.php
Unescape Escape View File

@ -0,0 +1,17 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("About CAcert.org")?></H3>
<p><?=_("CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.")?></p>

23
pages/index/13.php
Unescape Escape View File

@ -0,0 +1,23 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Donations")?></H3><br>
<h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4>
<p><?=_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via ")?><a href="https://www.paymate.com.au/PayMate/PaymateExpress?mid=cacert&amp;ref=Donation">paymate.com.au</a></p>
<p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p>
<p><?=_("Thank you very much for your support, your donations help CAcert to continue to operate.")?></p>

17
pages/index/2.php
Unescape Escape View File

@ -0,0 +1,17 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p>
<?=_("Your information has been submitted into our system. You will now be sent an email with a web link, you need to open that link in your web browser within 24 hours or your information will be removed from our system!")?>
</p>

46
pages/index/3.php
Unescape Escape View File

@ -0,0 +1,46 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<p>
<?=_("PKI Key")?><br>
<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br>
<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a>
</p>
<p>
<?=_("GPG Keys")?><br>
<a href="certs/cacert.asc"><?=_("High Trust GPG Key")?></a><br>
<a href="certs/cacert-low.asc"><?=_("Low Trust GPG Key")?></a>
</p>
<p>
<?=_("PKI finger/thumb print signed by the High Trust GPG Key")?><br>
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For most software, the fingerprint is reported as:
A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
Under MSIE the thumbprint is reported as:
135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
Mch2LMZhK4h/SBIft5ROzVU=
=R/pJ
-----END PGP SIGNATURE-----
</pre>
</p>

38
pages/index/4.php
Unescape Escape View File

@ -0,0 +1,38 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if($_SESSION[_config][hostname] == "secure.cacert.org") { ?>
<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p>
<? } else { ?>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
<form method="post" action="index.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Login")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="email" value="<?=$_SESSION[profile][email]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?>: </td>
<td class="DataTD"><input type="password" name="pword"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Login")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<? } ?>

57
pages/index/5.php
Unescape Escape View File

@ -0,0 +1,57 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="index.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Lost Pass Phrase")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="email" value="<?=$_SESSION[lostpw][email]?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><nobr><select name="day">
<?
for($i = 1; $i <= 31; $i++)
{
echo "<option";
if($_SESSION[lostpw][day] == $i)
echo " selected";
echo ">$i</option>";
}
?>
</select>
<select name="month">
<?
for($i = 1; $i <= 12; $i++)
{
echo "<option value='$i'";
if($_SESSION[lostpw][month] == $i)
echo " selected";
echo ">".date("F", mktime(0, 0, 0, $i, 1, 0))."</option>";
}
?>
</select>
<input type="text" name="year" value="<?=$_SESSION[lostpw][year]?>" size="4"></nobr>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

58
pages/index/6.php
Unescape Escape View File

@ -0,0 +1,58 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="index.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="350">
<tr>
<td colspan="2" class="title"><?=_("Lost Pass Phrase - Step 2")?></td>
</tr>
<?
srand ((double) microtime() * 1000000);
$nums = array();
while(count($nums) < 3)
{
$val = 0;
while($val < 1 || $val > 5)
$val = rand(0, 6);
if(!in_array($val, $nums))
$nums[] = $val;
}
foreach($nums as $num)
{
$q = "Q$num"; $a = "A$num";
?>
<tr>
<td class="DataTD"><?=$_SESSION[lostpw][user][$q]?></td>
<td class="DataTD"><input type="text" name="<?=$a?>" value="<?=$_SESSION['lostpw'][$a]?>">
<input type="hidden" name="<?=$q?>" value="<?=$_SESSION['lostpw']['user'][$q]?>"></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="newpass1"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Repeat")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="newpass2"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

17
pages/index/7.php
Unescape Escape View File

@ -0,0 +1,17 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("Credits")?></h3>
<p>Many people to thank, if you've had a large input with the CAcert project with code, documentation, translations, or assurances and would like recognition let me know.</p>

18
pages/wot/0.php
Unescape Escape View File

@ -0,0 +1,18 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("CAcert Web of Trust")?></h3>
<p><?=_("CAcert.org was designed to be by the community for the community, and instead of placing all the labour on a central authority and in turn increasing the cost of certificates, the idea was to get community in conjunction with this website to have trust maintained in a dispersed and automated manner!")?></p>

134
pages/wot/1.php
Unescape Escape View File

@ -0,0 +1,134 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`locid`='".$_GET['locid']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
echo "<ul class='top'>\n<li>";
echo "<a href='wot.php?id=1'>"._("Home")." ("._("Listed").": $total1)</a>\n";
$display = "";
if(intval($_GET['locid']) > 0)
{
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&locid=".$_GET['locid']."'>$loc[long] ("._("Listed").": $total4)</a>\n".
$display;
$_GET['regid'] = $loc['regid'];
}
if(intval($_GET['regid']) > 0)
{
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`regid`='".$_GET['regid']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&regid=".$_GET['regid']."'>$reg[long] ("._("Listed").": $total3)</a>\n".
$display;
$_GET['ccid'] = $reg['ccid'];
}
if(intval($_GET['ccid']) > 0)
{
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$_GET['ccid']."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=1&ccid=".$_GET['ccid']."'>$cnt[long] ("._("Listed").": $total2)</a>\n".
$display;
}
if($display)
echo $display;
if(intval($_GET['ccid']) <= 0)
{
echo "<ul>\n";
$query = "select * from `countries` order by `long`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$listed = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$row['id']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
if($listed > 0)
echo "<li><a href='wot.php?id=1&ccid=$row[id]'>$row[long] ("._("Listed").": $listed)</a></li>\n";
}
echo "</ul>\n</li>\n</ul>\n<br>\n";
} elseif(intval($_GET['ccid']) > 0 && intval($_GET['regid']) <= 0 && intval($_GET['locid']) <= 0) {
echo "<ul>\n";
$query = "select * from `regions` where `ccid`='".$_GET['ccid']."' order by `long`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$listed = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`regid`='".$row['id']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
if($listed > 0)
echo "<li><a href='wot.php?id=1&regid=$row[id]'>$row[long] ("._("Listed").": $listed)</a></li>\n";
}
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
} elseif(intval($_GET['regid']) > 0 && intval($_GET['locid']) <= 0) {
echo "<ul>\n";
$query = "select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
`users`.`id`=`notary`.`to` group by `locid` HAVING SUM(`points`) >= 100";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='$row[locid]'"));
$listed = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`locid`='".$row['locid']."' and `locid`!=0 and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
if($listed > 0)
echo "<li><a href='wot.php?id=1&locid=$loc[id]'>$loc[long] ("._("Listed").": $listed)</a></li>\n";
}
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
} elseif(intval($_GET['locid']) > 0){
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
}
$query = "select * from `users`,`notary` where `listme`='1' and
`ccid`='".intval($_GET['ccid'])."' and `regid`='".intval($_GET['regid'])."' and
`locid`='".intval($_GET['locid'])."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query);
if(mysql_num_rows($list) > 0)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="550">
<tr>
<td class="title"><?=_("Name")?></td>
<td class="title"><?=_("Max Points")?></td>
<td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Notary")?></td>
</tr>
<? while($row = mysql_fetch_assoc($list)) { ?>
<tr>
<td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=$row['lname']?></nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
<td class="DataTD"><?=$row['contactinfo']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$row['id']?>">Email Me</a></td>
</tr>
<? } ?>
</table>
<br>
<? } ?>

28
pages/wot/2.php
Unescape Escape View File

@ -0,0 +1,28 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("To become a Notary")?></h3>
<p><?=_("There is several ways to become a CAcert Notary, the most common of which is face to face meetings with existing notaries, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
<p><?=_("You can also become a CAcert Notary by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person notarising you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
<p>CAcert Inc.<br>
P.O. Box 75<br>
Banksia NSW 2216<br>
Australia</p>
<p><?=_("Apon receiving your documents you will be notified, and points will be added to your account.")?></p>
<p><?=_("The only other way to receive notary points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampent. Please contact us if you would like more details about this.")?></p>

45
pages/wot/3.php
Unescape Escape View File

@ -0,0 +1,45 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("CAcert Web of Trust Rules")?></h3>
<p><?=_("It is essential that CAcert Notaries understand and follow the rules below to ensure that applicants for notarisation are suitably identified, which, in turn, maintains trust in the system.")?></p>
<p><?=_("Contact")?><br>
<br>
* <?=_("You must meet the applicant in person;")?><br>
* <?=_("You must sight at least one form of government issued photo identification. It's preferable if 2 forms of Government issued photo ID are presented, as less points may be issued if there is any doubt on the person by the person issuing points;")?><br>
* <?=_("Compare and verify that the copy of the identification sighted is a true and correct copy;")?><br>
* <?=_("Complete the notarisation form if the applicant has not already done so. Ensure that all information matches.")?><br>
</p>
<p><?=_("Processing")?><br>
<?=_("After the meeting, visit the CAcert Web site's make an Notarisation page and:")?><br>
<br>
* <?=_("Enter the applicant's email address;")?><br>
* <?=_("Compare the online information to the information recorded on the paper form;")?><br>
* <?=_("If, and only if, the two match completely - you may award trust points up to the maximum points you are able to allocate;")?><br>
</p>
<p><?=_("Privacy")?><br>
<?=_("It is imperative that you maintain the confidentiality and privacy of the applicant, and never disclose the information obtained without the applicant's consent.")?></p>
<p><?=_("Fees")?><br>
<?=_("You may charge a fee for your expenses if the applicant has been advised of the amount prior to the meeting.")?></p>
<p><?=_("Liability")?><br>
<?=_("A CAcert Notary who knowingly, or reasonably ought to have known, notarises an applicant contrary to this policy may be held liable.")?></p>
<p><?=_("Notarisation Points")?><br>
<?=_("CAcert may, from time to time, alter the amount of Notarisation Points that a class of notary may assign as is necessary to effect a policy or rule change. We may also alter the amount of Notarisation Points available to an individual, or new class of notary, should another policy of CAcert require this.")?></p>

24
pages/wot/4.php
Unescape Escape View File

@ -0,0 +1,24 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<h3><?=_("Trusted Third Parties")?></h3>
<p><?=_("A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers.")?></p>
<p><?=_("You can become a CAcert Notary by seeking out trusted 3rd parties. You will also need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person notarising you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
<p>CAcert Inc.<br>
P.O. Box 75<br>
Banksia NSW 2216<br>
Australia</p>

30
pages/wot/5.php
Unescape Escape View File

@ -0,0 +1,30 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Notarise Someone")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" value="<?=$_POST['email']?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

76
pages/wot/6.php
Unescape Escape View File

@ -0,0 +1,76 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$row = $_SESSION['_config']['notarise'];
?>
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("Notarisation Confirmation")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left"><?=_(sprintf("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. Gross negligence may cause you to be liable.", $row['fname']))?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Name")?>:</td>
<td class="DataTD"><?=$row['fname']?> <?=$row['mname']?> <?=$row['lname']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?>:</td>
<td class="DataTD"><?=$row['dob']?> (<?=_("YYYY-MM-DD")?>)</td>
</tr>
<? if($_SESSION['profile']['admin'] == 1) { ?>
<tr>
<td class="DataTD"><?=_("Method")?>:</td>
<td class="DataTD"><select name="method">
<option value="Face to Face Meeting">Face to Face Meeting</option>
<option value="Trusted 3rd Parties">Trusted 3rd Parties</option>
<option value="Thawte Points Transfer">Thawte Points Transfer</option>
</select>
</td>
</tr>
<? } else { ?>
<tr>
<td class="DataTD"><input type="checkbox" name="certify" value="1"<? if($_POST['certify'] == 1) echo " checked"; ?>></td>
<td class="DataTD"><?=_(sprintf("I certify that %s %s %s has appeared in person", $row['fname'], $row['mname'], $row['lname']))?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Location")?>:</td>
<td class="DataTD"><input type="text" name="location" value="<?=$_POST['location']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date")?>:</td>
<td class="DataTD"><input type="text" name="date" value="<?=$_POST['date']?>"></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><input type="checkbox" name="assertion" value="1"<? if($_POST['assertion'] == 1) echo " checked"; ?>></td>
<td class="DataTD"><?=_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that CAcert may challenge this notarisation and call upon me to prove the basis for it, and that I may be held responsible if I cannot provide such proof.")?></td>
</tr>
<tr>
<td class="DataTD"><input type="checkbox" name="rules" value="1"<? if($_POST['rules'] == 1) echo " checked"; ?>></td>
<td class="DataTD"><?=_("I have read and understood the Rules For Notaries and am making this notarisation subject to and in compliance with these rules.")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Points")?>:<br><nobr>(Max <?=maxpoints()?>)</nobr></td>
<td class="DataTD"><input type="text" name="points" value="<?=intval($_POST['points'])?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I am sure of myself")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

175
pages/wot/7.php
Unescape Escape View File

@ -0,0 +1,175 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
if($_GET['action'] != "update")
{
$total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$town = mysql_escape_string($_GET['town']);
$start = intval($_GET['start']);
$limit = 25;
echo "<div id='listshow'><ul class='top'>\n<li>";
echo "<a href='wot.php?id=7'>"._("Home")." ("._("Listed").": $total1)</a>\n";
$display = "";
if(intval($_GET['locid']) > 0)
{
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&locid=".$_GET['locid']."'>$loc[long] ("._("Listed").": $total4)</a>\n".
$display;
$_GET['regid'] = $loc['regid'];
}
if(intval($_GET['regid']) > 0)
{
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&regid=".$_GET['regid']."'>$reg[long] ("._("Listed").": $total3)</a>\n".
$display;
$_GET['ccid'] = $reg['ccid'];
}
if(intval($_GET['ccid']) > 0)
{
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$_GET['ccid']."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&ccid=".$_GET['ccid']."'>$cnt[long] ("._("Listed").": $total2)</a>\n".
$display;
}
if($display)
echo $display;
if(intval($_GET['ccid']) <= 0)
{
echo "<ul>\n";
$query = "select * from `countries` order by `long`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&ccid=$row[id]'>$row[long]</a></li>\n";
echo "</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif(intval($_GET['regid']) <= 0) {
echo "<ul>\n";
$query = "select * from `regions` where `ccid`='".$_GET['ccid']."' order by `long`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&regid=$row[id]'>$row[long]</a></li>\n";
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif(intval($_GET['locid']) <= 0) {
echo "<ul>\n";
if($town != "")
{
$query = "select * from `locations` where `regid`='".$_GET['regid']."' and `long` < '$town'";
$start = mysql_num_rows(mysql_query($query));
}
$query = "select * from `locations` where `regid`='".$_GET['regid']."' order by `long` limit $start, $limit";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&locid=$row[id]'>$row[long]</a></li>\n";
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
$rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$_GET['regid']."'"));
if($start > 0)
{
$prev = $start - $limit;
if($prev < 0)
$prev = 0;
$st = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."'><< Start</a> ] ";
$prev = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$prev'>< Previous $limit</a> ] ";
}
if($start < $rc - $limit)
{
$next = $start + $limit;
$last = $rc - $limit;
$next = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$next'>Next $limit ></a> ] ";
$end = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$last'>End >></a> ]";
}
echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";
?>
<div align="left">
<form method="get" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="200">
<tr>
<td colspan="2" class="title"><?=_("Search this region")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Location Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="town" value="<?=$_GET['town']?>" size="10"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Search")?>"></td>
</tr>
</table>
<input type="hidden" name="regid" value="<?=$_GET['regid']?>">
<input type="hidden" name="id" value="7">
</form>
</div>
<?
} else {
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
echo "<p><a href='wot.php?id=7&action=update&locid=".$_GET['locid']."'>";
echo _("Make my location here");
echo "</a></p>\n";
echo "<p>"._("If you are happy with this location, click 'Make my location here' to update your location details.")."</p><br>\n";
}
} else {
$total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
if(intval($_GET['locid']) > 0)
{
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
$_GET['regid'] = $loc['regid'];
}
if(intval($_GET['regid']) > 0)
{
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
$_GET['ccid'] = $reg['ccid'];
}
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$_SESSION['profile']['ccid'] = $_GET['ccid'];
$_SESSION['profile']['regid'] = $_GET['regid'];
$_SESSION['profile']['locid'] = $_GET['locid'];
mysql_query("update `users` set `ccid`='".$_GET['ccid']."',`regid`='".$_GET['regid']."',`locid`='".$_GET['locid']."'
where `id`='".$_SESSION['profile']['id']."'");
echo _("Your details have been updated.");
}
?>

40
pages/wot/8.php
Unescape Escape View File

@ -0,0 +1,40 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("My Listing")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Directory Listing")?>:</td>
<td class="DataTD" align="left">
<select name="listme">
<option value="0"><?=_("I don't want to be listed")?></option>
<option value="1"<? if($_SESSION['profile']['listme'] == 1) echo " selected"; ?>><?=_("I want to be listed")?></option>
</select>
</td>
</tr>
<tr>
<td class="DataTD"><?=_("Contact information")?>:</td>
<td class="DataTD"><textarea name="contactinfo" cols="40" rows="5" wrap="virtual"><?=$_SESSION['profile']['contactinfo']?></textarea></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("Please note: All html will be stripped from the contact information box, a link to an email form will automatically be inserted to ensure your privacy.")?></p>

59
pages/wot/9.php
Unescape Escape View File

@ -0,0 +1,59 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$res = mysql_query("select * from `users` where `id`='".intval($_GET['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0)
{
echo _("Sorry, I was unable to locate that user.");
unset($_SESSION['config']['user']);
} else {
$user = mysql_fetch_array($res);
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) >= 100"));
if($points <= 0)
{
echo _("Sorry, I was unable to locate that user.");
unset($_SESSION['config']['user']);
} else {
$_SESSION['_config']['user'] = $user;
?>
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Contact Notary")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("To")?>:</td>
<td class="DataTD" align="left"><?=$user['fname']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Subject")?>:</td>
<td class="DataTD" align="left"><input type="text" name="subject" value="<?=$_POST['subject']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Message")?>:</td>
<td class="DataTD"><textarea name="message" cols="40" rows="5" wrap="virtual"><?=$_POST['message']?></textarea></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p>[ <a href='javascript:history.go(-1)'>Go Back</a> ]</p>
<? } } ?>

8
scripts/Makefile
Unescape Escape View File

@ -0,0 +1,8 @@
all: runserver.c runclient.c
gcc -O2 -o runserver runserver.c
gcc -O2 -o runclient runclient.c
chown root:www-data runserver runclient
chmod 4710 runserver runclient
clean:
rm -f runserver runclient

201
scripts/clientcerts.php
Unescape Escape View File

@ -0,0 +1,201 @@
#!/usr/bin/php -q
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
$monarr = array("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" => 6,
"Jul" => 7, "Aug" => 8, "Sep" => 9, "Oct" => 10, "Nov" => 11, "Dec" => 12);
include_once("../includes/mysql.php");
$query = "select * from `emailcerts` where `crt_name`='' and `keytype`='NS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/email-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Client Certificate", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
}
$query = "select * from `emailcerts` where `crt_name`='' and `keytype`='MS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/email-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Client Certificate", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
}
$query = "select * from `emailcerts` where `revoked`='1970-01-01 10:00:01'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
mysql_query("update `emailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Certificate for $row[CN] has been revoked", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/orgemail-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
}
}
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='MS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/orgemail-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
}
}
$query = "select * from `orgemailcerts` where `revoked`='1970-01-01 10:00:01'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
mysql_query("update `orgemailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Certificate for $row[CN] has been revoked", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
?>

13
scripts/runclient.c
Unescape Escape View File

@ -0,0 +1,13 @@
#include<stdio.h>
int main(int argc, char *argv[])
{
char *args[1];
args[0] = NULL;
setuid(0);
setgid(0);
execv("../scripts/clientcerts.php", args);
}

13
scripts/runserver.c
Unescape Escape View File

@ -0,0 +1,13 @@
#include<stdio.h>
int main(int argc, char *argv[])
{
char *args[1];
args[0] = NULL;
setuid(0);
setgid(0);
execv("../scripts/servercerts.php", args);
}

137
scripts/servercerts.php
Unescape Escape View File

@ -0,0 +1,137 @@
#!/usr/bin/php -q
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
$monarr = array("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" => 6,
"Jul" => 7, "Aug" => 8, "Sep" => 9, "Oct" => 10, "Nov" => 11, "Dec" => 12);
include_once("../includes/mysql.php");
$query = "select * from `domaincerts` where `crt_name`=''";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$query = "select * from `domains`,`users` where `domains`.`id`='".$row['domid']."' and
`users`.`id`=`domains`.`memid`";
$user = mysql_fetch_assoc(mysql_query($query));
$days = 180;
if(intval($user['memid']) > 0)
{
$drow = mysql_fetch_assoc(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['memid']."' group by `to`"));
if($drow['total'] >= 50)
$days = 730;
}
$row['crt_name'] = "../crt/".$row['id'].crt;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch > /dev/null 2>&1`;
$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'"));
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'"));
if(filesize($row[crt_name]) > 0 && intval($user['id']) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits['0'];
$month = $monarr[$month];
$day = $bits['1'];
$time = $bits['2'];
$year = $bits['3'];
$bits = explode(":", $time);
$hour = $bits['0'];
$min = $bits['1'];
$sec = $bits['2'];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$cert = trim(`/usr/bin/openssl x509 -in $row[crt_name]`);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits['1'];
$query = "update `domaincerts` set `crt_name`='".$row['crt_name']."',
`modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'";
mysql_query($query);
$body = _("Hi")." ".$user['fname'].",\n\n";
$body .= sprintf(_("Below you will find your certificate for %s.")."\n\n", $row['CN']);
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n".$cert;
mail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
}
$query = "select * from `domaincerts` where `revoked`='1970-01-01 10:00:01'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='".$row['domid']."'"));
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$dom['memid']."'"));
mysql_query("update `domaincerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='".$row['id']."'");
$body = _("Hi")." ".$user['fname'].",\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row['CN']);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
$query = "select * from `orgdomaincerts` where `crt_name`=''";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row['crt_name'] = "../crt/org".$row['id'].".crt";
$days = 730;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server-org.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$cert = trim(`/usr/bin/openssl x509 -in $row[crt_name]`);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `orgdomaincerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
}
}
$query = "select * from `orgdomaincerts` where `revoked`='1970-01-01 10:00:01'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server-org.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server-org.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
mysql_query("update `orgdomaincerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
}
?>

5
www/.htaccess
Unescape Escape View File

@ -0,0 +1,5 @@
php_value auto_prepend_file /home/cacert/includes/general.php
php_value output_buffering 1
errordocument 404 /error404.php
errordocument 403 /error403.php
errordocument 401 /error401.php

BIN
www/.rnd
View File

Binary file not shown.

36
www/account.php
Unescape Escape View File

@ -0,0 +1,36 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
include("../includes/account.php");
if($id == 6)
{
include_once("../www/account/6.php");
} else if($id == 19) {
include_once("../www/account/19.php");
} else if($oldid == 40 && $process == _("Send")) {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("duane@cacert.org", $subject, $message, "From: $email\nErrors-To: returns@cacert.org");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent.");
showfooter();
exit;
} else {
showheader(_("My CAcert.org Account!"));
includeit($id, "account");
showfooter();
}
?>

23
www/error404.php
Unescape Escape View File

@ -0,0 +1,23 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
loadem("index");
showheader(_("My CAcert.org Account!"));
?>
<h3><?=_("File not found!")?></h3>
<p><?=_("Due to recent site changes bookmarks may no longer be valid, please update your bookmarks.")?></p>
<? showfooter(); ?>

23
www/help.php
Unescape Escape View File

@ -0,0 +1,23 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
loadem("help");
$id = intval($id);
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
?>

328
www/index.php
Unescape Escape View File

@ -0,0 +1,328 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
loadem("index");
$id = intval($id);
$oldid = intval($oldid);
$_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
{
unset($oldid);
$id = 5;
}
if($oldid == 6 && $process == _("Next"))
{
$answers = 0;
$qs = array();
$id = $oldid;
unset($oldid);
if($Q1)
{
$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
if(strtolower($_SESSION['lostpw']['A1']) == strtolower($_SESSION['lostpw']['user']['A1']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A1']."\nEntered: ".$_SESSION['lostpw']['user']['A1']."\n";
}
if($Q2)
{
$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
if(strtolower($_SESSION['lostpw']['A2']) == strtolower($_SESSION['lostpw']['user']['A2']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A2']."\nEntered: ".$_SESSION['lostpw']['user']['A2']."\n";
}
if($Q3)
{
$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
if(strtolower($_SESSION['lostpw']['A3']) == strtolower($_SESSION['lostpw']['user']['A3']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A3']."\nEntered: ".$_SESSION['lostpw']['user']['A3']."\n";
}
if($Q4)
{
$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
if(strtolower($_SESSION['lostpw']['A4']) == strtolower($_SESSION['lostpw']['user']['A4']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A4']."\nEntered: ".$_SESSION['lostpw']['user']['A4']."\n";
}
if($Q5)
{
$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
if(strtolower($_SESSION['lostpw']['A5']) == strtolower($_SESSION['lostpw']['user']['A5']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A5']."\nEntered: ".$_SESSION['lostpw']['user']['A5']."\n";
}
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($newpass1)));
$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($newpass2)));
if($answers < 3)
{
$body = "Someone has just attempted to update the pass phrase on the following account:\n".
"Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
"email: ".$_SESSION['lostpw']['user']['email']."\n".
"Requested Pass Phrase: ".$_SESSION['lostpw']['pw1']."\n".
"IP/Hostname: ".$_SERVER['REMOTE_ADDR']."/".$_SERVER['REMOTE_HOST']."\n".
"---------------------------------------------------------------------\n".$body.
"---------------------------------------------------------------------\n";
mail("duane@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
"From: '".$_SESSION['lostpw']['user']['fname']."' <".$_SESSION['lostpw']['user']['email'].">\n".
"Errors-To: returns@cacert.org\nFrom: Support <duane@cacert.org>");
$_SESSION['_config']['errmsg'] = _("You failed to get all answers correct, system admins have been notified.");
} else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
$_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
} else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
$_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short.");
} else {
$score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
$_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
if($score < 3)
{
$_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
} else {
mysql_query("update `users` set `password`=password(".$_SESSION['lostpw']['pw1'].")
where `id`='".$_SESSION['lostpw']['user']['id']."'");
showheader(_("Welcome to CAcert.org"));
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
showfooter();
exit;
}
}
}
if($oldid == 5 && $process == _("Next"))
{
$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($email)));
$_SESSION['lostpw']['day'] = intval($day);
$_SESSION['lostpw']['month'] = intval($month);
$_SESSION['lostpw']['year'] = intval($year);
$dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
$query = "select * from `users` where `email`='$email' and `dob`='$dob'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
} else {
$id = 6;
$_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
}
}
if($id == 4 && $_SERVER['HTTP_HOST'] == "secure.cacert.org")
{
$query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
$_SESSION['profile']['loggedin'] = 1;
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
exit;
}
}
if($id == 4 && $_SESSION['profile']['loggedin'] == 1)
{
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
exit;
}
if($oldid == 4)
{
unset($oldid);
$id = 4;
$_SESSION['_config']['errmsg'] = "";
$email = mysql_escape_string($email);
$pword = mysql_escape_string($pword);
$query = "select * from `users` where `email`='$email' and `password`=password('$pword')";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$_SESSION['profile'] = mysql_fetch_assoc($res);
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
$_SESSION['profile']['loggedin'] = 1;
if($_SESSION['_config']['oldlocation'] != "")
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
else
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
exit;
}
$_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase.");
}
if($process && $oldid == 1)
{
$id = 2;
unset($oldid);
$_SESSION['_config']['errmsg'] = "";
$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($email)));
$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
$_SESSION['signup']['day'] = intval($day);
$_SESSION['signup']['month'] = intval($month);
$_SESSION['signup']['year'] = intval($year);
$_SESSION['signup']['pword1'] = mysql_escape_string($pword1);
$_SESSION['signup']['pword2'] = mysql_escape_string($pword2);
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
}
if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
$_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31)
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
}
if($_SESSION['signup']['email'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
}
if($_SESSION['signup']['pword1'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
}
if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
}
$score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
if($score < 3)
{
$id = 1;
$_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
}
$query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
$res1 = mysql_query($query);
$query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
$res2 = mysql_query($query);
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
}
if($id == 2)
{
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
`password`=password('".$_SESSION['signup']['pword1']."'),
`fname`='".$_SESSION['signup']['fname']."',
`mname`='".$_SESSION['signup']['mname']."',
`lname`='".$_SESSION['signup']['lname']."',
`suffix`='".$_SESSION['signup']['suffix']."',
`dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
`Q1`='".$_SESSION['signup']['Q1']."',
`Q2`='".$_SESSION['signup']['Q2']."',
`Q3`='".$_SESSION['signup']['Q3']."',
`Q4`='".$_SESSION['signup']['Q4']."',
`Q5`='".$_SESSION['signup']['Q5']."',
`A1`='".$_SESSION['signup']['A1']."',
`A2`='".$_SESSION['signup']['A2']."',
`A3`='".$_SESSION['signup']['A3']."',
`A4`='".$_SESSION['signup']['A4']."',
`A5`='".$_SESSION['signup']['A5']."'";
mysql_query($query);
$memid = mysql_insert_id();
$query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
`hash`='$hash',
`created`=NOW(),
`memid`='$memid'";
mysql_query($query);
$emailid = mysql_insert_id();
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
}
if($oldid == "11" && $process == _("Send"))
{
$who = mysql_escape_string($who);
$email = mysql_escape_string($email);
$subject = mysql_escape_string($subject);
$message = addslashes(stripslashes($message));
if($who == "" || $email == "" || $subject == "" || $message == "")
{
$id = $oldid;
$_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
unset($oldid);
}
}
if($oldid == "11" && $process == _("Send"))
{
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("duane@cacert.org", $subject, $message, "From: $email\nErrors-To: returns@cacert.org");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent.");
showfooter();
exit;
}
if($_SESSION['signup']['year'] < 1900)
$_SESSION['signup']['year'] = "19XX";
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
?>

45
www/news.php
Unescape Escape View File

@ -0,0 +1,45 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
loadem("index");
$id = intval($id);
showheader(_("Welcome to CAcert.org"));
if($id > 0)
{
$query = "select * from `news` where `id`='$id'";
$row = mysql_fetch_assoc(mysql_query($query));
echo "<h3>".$row['short']."</h3>\n";
echo "<p>Posted by ".$row['who']." at ".$row['when']."</p>\n";
echo "<p>".str_replace("\n", "<br>\n", $row['story'])."</p>\n";
} else {
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
if($row['story'] != "")
echo "<p>[ <a href='news.php?id=".$row['id']."'>Full Story</a> ]</p>\n";
}
}
echo "<p>[ <a href='javascript:history.go(-1)'>Go Back</a> ]</p>\n";
showfooter();
?>

36
www/onestat.js
Unescape Escape View File

@ -0,0 +1,36 @@
function OneStat_Tag()
{
var CONTENTSECTION= "";
var CUSTOMDATA= "";
var osp_URL= document.URL;
var osp_Title= document.title;
function A(B, C)
{
W+="&"+B+"="+escape(C);
}
var t = new Date();
var W="http"+(document.URL.indexOf('https:')==0?'s':'')+"://stat.onestat.com/asp/stat.asp?tagver=1&sid=164863";
A( "tz", t.getTimezoneOffset());
A( "ch", t.getHours());
A( "ti", typeof(osp_Title)== "string" ? osp_Title : document.title);
A( "url", typeof(osp_URL)== "string" ? osp_URL : document.URL);
A( "rf", parent==self ? window.document.referrer : top.document.referrer);
A( "js", "Yes");
A( "ul", navigator.appName=="Netscape" ? navigator.language : navigator.userLanguage);
if(typeof(screen)=="object")
{
A( "sr", screen.width+"x"+screen.height);
A( "cd", screen.colorDepth);
A( "jo", navigator.javaEnabled()?"Yes":"No");
}
A( "section", typeof(CONTENTSECTION)== "string" ? CONTENTSECTION : "");
A( "custom", typeof(CUSTOMDATA)== "string" ? CUSTOMDATA : "");
if( W.length>2048 && navigator.userAgent.indexOf('MSIE')>=0)
W= W.substring( 0, 2043)+"&tu=1";
document.write('<a href="http://www.onestat.com/asp/login.asp?sid=164863" target="_blank"><img id="ONESTAT_TAG" border="0" src="'+W+'" alt="This Site Tracked by OneStat.com"></a>');
}

BIN
www/revoke.crl
View File

Binary file not shown.

82
www/src-lic.php
Unescape Escape View File

@ -0,0 +1,82 @@
<?
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
{
$output_file = $fname = "libressl-20040925.tar.bz2";
header('Pragma: public');
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header('Content-Transfer-Encoding: none');
header('Content-Type: application/octetstream; name="' . $output_file . '"'); //This should work for IE & Opera
header('Content-Type: application/octet-stream; name="' . $output_file . '"'); //This should work for the rest
header('Content-Disposition: inline; filename="' . $output_file . '"');
header("Content-length: ".intval(filesize("/home/duane/libressl/$fname")));
readfile("/home/duane/libressl/$fname");
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<p align="center">CAcert Inc.<br>
Source Code License Terms</p>
<p>ATTENTION: The files you are about to download contain the source code for certain CAcert software. CAcert is making these source code files available to you for specific limited purposes and you may use these source code files only for these purposes. You should read these license terms carefully and decide whether you are willing to agree to these license terms. </p>
<ul>
<li><strong>If you are not willing to agree to these license terms, CAcert is not willing to provide these source code files to you and you must not proceed with the download. </strong></li>
<li><strong>The CAcert source code is protected by copyrights in Australia and other countries. If you download these source code files and use the source code in ways not permitted by these license terms, you will not only be in breach of these license terms, you will also be infringing CAcert's copyrights. </strong></li>
</ul>
<p>LICENSE TERMS </p>
<ol>
<li>What You Can Do. Under this license, you have the right to:
<ol>
<li>download the CAcert source code files and make a reasonable number of copies on a single computer as necessary to exercise the rights granted below; </li>
<li>review the source code in these source code files in order to verify that there are no unknown vulnerabilities or the like and in order to make your own assessment of the security features of CAcert software; </li>
<li>compile the any C source code that may be contained in the CAcert software into an executable code version of the program; </li>
<li>run the executable code version on one computer solely in order to assist in your testing and analysis of the security features of the CAcert software; and </li>
<li>modify the source code in the course of exercising the rights granted above. </li>
</ol>
</li>
<li>
<p>What You Cannot Do. Under this license you do not have the right to, and you may not: </p>
<ol>
<li>modify the source code beyond what is allowed above; </li>
<li>make copies of the source code files beyond what is allowed above; </li>
<li>remove or alter any notices in the source code files relating to copyrights, or other proprietary rights; </li>
<li>give (meaning sell, loan, distribute, or transfer) the source code files to anyone else (unless you are downloading the source code files in the course of performing duties for your employer, in which case you can share the source code files with fellow employees as long as you don't make additional copies and otherwise comply with these license terms ' if this seems overly restrictive, remember that other people who want to have access to these source code files can also come to the CAcert web site to download them, but for important legal reasons we need to require that each copy of the source code be obtained directly from CAcert); </li>
<li>use versions of CAcert software created for any purpose or reason other than verifying that there are no unknown vulnerabilities or the like or otherwise making your own assessment of the integrity of the source code and the security features of the CAcert software; or </li>
</ol>
<p>If you have any questions about what is or is not permitted under these license terms or if you would like to obtain the right to use CAcert source code in ways that are not allowed under these license terms, you should contact CAcert at <a href="mailto:source@pgp.com">bugs@cacert.org </a>. </p>
</li>
<li>
<p>Reporting Bugs and the Like. If you discover any 'bug' or problem in the source code in these files, or anything you think is a 'bug' or problem in the source code or a deficiency or weakness in the security features of the CAcert software, you should report the bug, problem, deficiency, or weakness (including any suggested code fixes you have prepared or any other information you have that could help CAcert reproduce, verify, and correct it) to CAcert at <a href="mailto:source@pgp.com">bugs@cacert.org </a>. </p>
<p>CAcert will endeavor to send an email acknowledgment (signed by CAcert) within five business days for those reports that describe a serious security bug, problem, deficiency, or weakness in the CAcert software. If you do not receive such an email acknowledgment to a report you submitted (and you think you should have), please re-submit the report to CAcert as soon as possible. </p>
<p>You agree that you will not post any information about any bug, problem, deficiency, or weakness in the CAcert software on any web site or electronic bulletin board, or otherwise disclose or provide any such information to anyone else, unless you have first reported it to CAcert and until at least 30 days after CAcert sends its email acknowledgment to you. </p>
<p>CAcert takes reported bugs and security weaknesses in its software very seriously and strives to offer its customers the most secure and reliable software products available (given the functionality, features, and price of the software). However, CAcert cannot promise that it will respond to, analyze, attempt to correct, or correct each and every bug or security weakness that is reported to CAcert, and hence CAcert will have no obligation to you under these license terms to respond to, analyze, attempt to correct, or correct any bug, problem, deficiency, or weakness you report to CAcert. If CAcert does correct a bug, problem, deficiency, or weakness in a CAcert software program you report to CAcert under these license terms, the correction will be made available to CAcert's customers in a subsequent patch, update, or general release of the affected CAcert software. </p>
</li>
<li>
<p>Ownership of CAcert Software and Source Code. All rights not expressly granted to you in these license terms are reserved by CAcert. CAcert retains ownership of all copyrights and other intellectual property rights throughout the world in the CAcert source code and software. You agree that CAcert will be given a perpetual non-exclusive rights to any and all code, and you hereby assign rights in any modifications you make to the source code and in any bug reports you submit to CAcert. </p>
</li>
<li>Limitation of Liability. <br>
CAcert is willing to provide these source code files to you at no charge as long as you understand and agree that, to the maximum extent allowed under applicable law: </li>
<ol>
<li>THESE SOURCE CODE FILES ARE PROVIDED TO YOU "AS IS" AND CACERT MAKES NO REPRESENTATIONS, WARRANTIES, GUARANTEES, OR CONDITIONS OF ANY KIND REGARDING THESE SOURCE CODE FILES OR THE SOURCE CODE CONTAINED IN THESE FILES. WITHOUT LIMITING THE PREVIOUS SENTENCE, CACERT DISCLAIMS ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, CONDITIONS, OR DUTIES REGARDING (I) MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, OR ACCURACY, (II) THE CACERT SOFTWARE OR SOURCE CODE BEING FREE OF BUGS OR ERRORS, OR (III) USE OF THE CACERT SOFTWARE IN NUCLEAR POWER PLANTS, AIRCRAFT NAVIGATION OR COMMUNICATIONS, AIR TRAFFIC CONTROL, WEAPONS SYSTEMS, OR OTHER HIGH-RISK ACTIVITIES. </li>
<li>CACERT'S TOTAL, CUMULATIVE LIABILITY ARISING FROM OR RELATING TO THESE SOURCE CODE FILES AND THE SOURCE CODE CONTAINED IN THESE FILES, UNDER ANY AND ALL THEORIES OF LIABILITY AND CAUSES OF ACTION (WHETHER IN TORT, IN CONTRACT, OR OTHERWISE), WILL BE LIMITED TO DIRECT DAMAGES UP TO AN AGGREGATE AMOUNT OF ONE CUP OF CHEAP DECAFFEINATED COFFEE. WITHOUT LIMITING THE PREVIOUS SENTENCE, IN NO EVENT WILL CACERT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR OTHER CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THESE SOURCE CODE FILES AND THE SOURCE CODE CONTAINED IN THESE FILES. </li>
</ol>
<li>
<p>General Your rights under these license terms are nonexclusive and personal and cannot be assigned, sublicensed, or transferred in any other manner to anyone else, and any attempted assignment, sublicense, or transfer will be null and void. CAcert may terminate your rights under these license terms, by giving you notice of termination, if you breach or violate these license terms; upon termination, you must destroy all copies of the source code files, and all copies of executable code versions of the CAcert software created by compiling any source code files, in your possession or control. These license terms will be governed by Australian copyright laws and the laws of the State of New South Wales (regardless of conflicts of laws principles); the U.N. Convention on Contracts for the International Sale of Goods will not apply to these license terms. Any action or proceeding arising from or relating to this Agreement must be brought in the district court in Sydney Australia, and each party irrevocably submits to the jurisdiction and venue of any such court in any such action or proceeding. If these license terms are translated into any language other than English, the English version of these license terms will prevail in the event of any inconsistency. These license terms can be amended, and any waiver by CAcert of any right or remedy under these license terms will be effective, only by means of a written document signed by an authorized officer of CAcert that expressly states CAcert's agreement to amend these license terms or waive its rights or remedies.</p>
</li>
</ol>
<form method="post" action="<?=$PHP_SELF?>">
<input type="checkbox" name="iagree" value="yes"> Tick this box to acknowledge you agree to these terms and conditions<br>
<input type="submit" name="process" value="Confirm, I agree to these terms and conditions">
</form>
</body>
</html>

511
www/styles/default.css
Unescape Escape View File

@ -0,0 +1,511 @@
/***********************************************/
/* emx_nav_right.css */
/* Use with template Halo_rightNav.html */
/***********************************************/
/***********************************************/
/* HTML tag styles */
/***********************************************/
body{
font-family: Arial,sans-serif;
color: #333333;
line-height: 1.166;
margin: 0px;
padding: 0px;
background: #cccccc; // url("/siteimages/bg_grad.jpg") fixed;
}
/******* hyperlink and anchor tag styles *******/
a:link, a:visited{
color: #005FA9;
text-decoration: none;
}
a:hover{
text-decoration: underline;
}
/************** header tag styles **************/
h1{
font: bold 120% Arial,sans-serif;
color: #334d55;
margin: 0px;
padding: 0px;
}
h2{
font: bold 114% Arial,sans-serif;
color: #006699;
margin: 0px;
padding: 0px;
}
h3{
font: bold 100% Arial,sans-serif;
color: #334d55;
margin: 0px;
padding: 0px;
cursor: pointer;
cursor: hand;
}
h4{
font: bold 100% Arial,sans-serif;
color: #333333;
margin: 0px;
padding: 0px;
}
h5{
font: 100% Arial,sans-serif;
color: #334d55;
margin: 0px;
padding: 0px;
}
/*************** list tag styles ***************/
ul.menu {
list-style: none;
margin :0px 0px 0px 15px;
padding-left: 5px;
border-left: 1px dotted #000;
}
ul.top {
list-style: none;
margin: 0px 0px 0px 15px;
padding-left: 5px;
border-left: 0px;
}
ul {
list-style: none;
margin: 0px 0px 0px 15px;
padding-left: 5px;
border-left: 1px dotted #000;
}
/***********************************************/
/* Layout Divs */
/***********************************************/
#pagecell1{
position:absolute;
top: 2%;
left: 2%;
right: 2%;
width: 96%;
background-color: #ffffff;
}
#tl {
position:absolute;
top: -1px;
left: -1px;
margin: 0px;
padding: 0px;
z-index: 100;
}
#tr {
position:absolute;
top: -1px;
right: -1px;
margin: 0px;
padding: 0px;
z-index: 100;
}
#masthead{
position: absolute;
top: 0px;
left: 2%;
right: 2%;
width:95.6%;
}
#pageNav{
float: right;
width:178px;
padding: 0px;
background-color: #F5f7f7;
border-left: 1px solid #cccccc;
font: small Verdana,sans-serif;
}
#content{
padding: 0px 10px 0px 0px;
margin:0px 178px 0px 0px;
}
/***********************************************/
/* Component Divs */
/***********************************************/
#siteName{
margin: 0px;
padding: 16px 0px 8px 0px;
color: #ffffff;
font-weight: normal;
}
/************** utility styles *****************/
#utility{
font: 75% Verdana,sans-serif;
position: absolute;
top: 16px;
right: 0px;
color: #919999;
}
#utility a{
color: #ffffff;
}
#utility a:hover{
text-decoration: underline;
}
/************** pageName styles ****************/
#pageName{
padding: 0px 0px 14px 10px;
margin: 0px;
border-bottom:1px solid #ccd2d2;
}
#pageName h2{
font: bold 175% Arial,sans-serif;
color: #000000;
margin:0px;
padding: 0px;
}
/************* globalNav styles ****************/
#globalNav{
position: relative;
width: 100%;
min-width: 640px;
height: 32px;
color: #cccccc;
padding: 0px;
margin: 0px;
background-image: url("siteimages/glbnav_background.gif");
}
#globalNav img{
margin-bottom: -4px;
}
#gnl {
position: absolute;
top: 0px;
left:0px;
}
#gnr {
position: absolute;
top: 0px;
right:0px;
}
#globalLink{
position: absolute;
top: 6px;
height: 22px;
min-width: 640px;
padding: 0px;
margin: 0px;
left: 10px;
z-index: 100;
}
a.glink, a.glink:visited{
font-size: small;
color: #000000;
font-weight: bold;
margin: 0px;
padding: 2px 5px 4px 5px;
border-right: 1px solid #8FB8BC;
}
a.glink:hover{
background-image: url("siteimages/glblnav_selected.gif");
text-decoration: none;
}
.skipLinks {display: none;}
/************ subglobalNav styles **************/
.subglobalNav{
position: absolute;
top: 84px;
left: 0px;
/*width: 100%;*/
min-width: 640px;
height: 20px;
padding: 0px 0px 0px 10px;
visibility: hidden;
color: #ffffff;
}
.subglobalNav a:link, .subglobalNav a:visited {
font-size: 80%;
color: #ffffff;
}
.subglobalNav a:hover{
color: #cccccc;
}
/*************** search styles *****************/
#listshow {
z-order: 101;
}
#search{
position: absolute;
top: 125px;
right: 0px;
}
#search form {
position: absolute;
top: 125px;
right: 300px;
}
#search input {
font-size: 11px;
}
#search1{
position: absolute;
top: 85px;
right: 300px;
}
#search2{
position: absolute;
top: 100px;
right: 300px;
}
#search3{
position: absolute;
top: 85px;
right: 240px;
}
#search4{
position: absolute;
top: 100px;
right: 226px;
}
#googlead{
position: absolute;
top: 5px;
right: 5px;
z-index: 101;
}
#search input{
font-size: 70%;
margin: 0px 0px 0px 10px;
}
#search a:link, #search a:visited {
font-size: 80%;
font-weight: bold;
}
#search a:hover{
margin: 0px;
}
/************* breadCrumb styles ***************/
#breadCrumb{
padding: 5px 0px 5px 10px;
font: small Verdana,sans-serif;
color: #AAAAAA;
}
#breadCrumb a{
color: #AAAAAA;
}
#breadCrumb a:hover{
color: #005FA9;
text-decoration: underline;
}
/************** feature styles *****************/
.feature{
padding: 0px 0px 10px 10px;
font-size: 80%;
min-height: 200px;
height: 200px;
}
html>body .feature {height: auto;}
.feature h3{
font: bold 175% Arial,sans-serif;
color: #000000;
padding: 30px 0px 5px 0px;
}
.feature img{
float: left;
padding: 0px 10px 0px 0px;
}
/*************** story styles ******************/
.story {
padding: 10px 0px 0px 10px;
font-size: 80%;
min-height: 450px;
}
.story h3{
font: bold 125% Arial,sans-serif;
color: #000000;
}
.story p {
padding: 0px 0px 10px 0px;
}
.story a.capsule{
font: bold 1em Arial,sans-serif;
color: #005FA9;
display:block;
padding-bottom: 5px;
}
.story a.capsule:hover{
text-decoration: underline;
}
td.storyLeft{
padding-right: 12px;
}
/************** siteInfo styles ****************/
#siteInfo{
clear: both;
border-top: 1px solid #cccccc;
font-size: small;
color: #cccccc;
padding: 10px 10px 10px 10px;
}
/************ sectionLinks styles **************/
#sectionLinks{
margin: 0px;
padding: 0px;
}
#sectionLinks h3{
padding: 10px 0px 2px 10px;
border-bottom: 1px solid #cccccc;
}
#sectionLinks a:link, #sectionLinks a:visited {
display: block;
border-top: 1px solid #ffffff;
border-bottom: 1px solid #cccccc;
background-image: url("siteimages/bg_nav.jpg");
font-weight: bold;
padding: 3px 0px 3px 10px;
color: #21536A;
}
#sectionLinks a:hover{
border-top: 1px solid #cccccc;
background-color: #DDEEFF;
background-image: none;
font-weight: bold;
text-decoration: none;
}
/************* relatedLinks styles **************/
.relatedLinks{
margin: 0px;
padding: 0px 0px 10px 10px;
border-bottom: 1px solid #cccccc;
}
.relatedLinks h3{
padding: 10px 0px 2px 0px;
}
.relatedLinks a{
display: block;
}
/**************** advert styles *****************/
#advert{
padding: 10px;
}
#advert img{
display: block;
}
/********************* end **********************/
.DataTD {background-color: #E2E2E2; border-style: inset; border-width: 1; FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica;}
.DataTD {background: #ffffff; padding: 1px 5px 1px 5px; border: 1px #CFCFCF solid; border-left: 1px #CFCFCF dotted; border-right: 1px #CFCFCF dotted; }
.DataTDGrey {background-color: #EFEDED; border-style: inset; border-width: 1; FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica;}
.DataTDGrey {padding: 1px 5px 1px 5px; border: 1px #CFCFCF solid; border-left: 1px #CFCFCF dotted; border-right: 1px #CFCFCF dotted; }
.DataTDNotDotted {background-color: #E2E2E2; border-style: inset; border-width: 1; FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica;}
.DataTDNotDotted {background: #ffffff; padding: 1px 5px 1px 5px; border: 1px #CFCFCF solid; border-left: 1px #CFCFCF solid; border-right: 1px #CFCFCF solid; }
.wrapper {
border-collapse: collapse;
font-family: verdana;
font-size: 11px;
text-align: center;
}
td.greytxt {
color: #CCCCCC;
font-size: smaller;
text-align: right;
vertical-align: bottom;
}
.title {
background: #E2E2E2;
font-weight:BOLD;
padding: 1px 5px 1px 5px;
border: 1px solid #CFCFCF;
border-bottom: 3px double #CFCFCF;
border-top: 1px solid #656565;
text-align: center;
}

102
www/verify.php
Unescape Escape View File

@ -0,0 +1,102 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
loadem("account");
if($type == "email")
{
$id = 1;
$emailid = intval($emailid);
$hash = mysql_escape_string($hash);
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$row[attempts]++;
if($row[attempts] == 4)
{
mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
showheader(_("Error!"), _("Error!"));
echo "You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system";
showfooter();
exit;
}
mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
}
$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0 and `attempts` <= 2";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, or something weird happened.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
mysql_query($query);
$query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
showfooter();
exit;
}
if($type == "domain")
{
$id = 7;
$domainid = intval($domainid);
$hash = mysql_escape_string($hash);
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$row[attempts]++;
if($row[attempts] == 4)
{
$query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
showheader(_("Error!"), _("Error!"));
echo _("You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system");
showfooter();
exit;
}
$query = "update `domains` set `attempts`='$row[attempts]' where `id`='$domainid'";
mysql_query($query);
}
$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
showfooter();
exit;
}
?>

246
www/wot.php
Unescape Escape View File

@ -0,0 +1,246 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
if($_SERVER['HTTP_HOST'] == "secure.cacert.org")
{
$query = "select * from `emailcerts` where `serial`='".mysql_escape_string($_SERVER['SSL_CLIENT_M_SERIAL'])."'
and `revoked`=0 and UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
$_SESSION['profile']['loggedin'] = 1;
} else {
$_SESSION['profile']['loggedin'] = 0;
unset($_SESSION['_config']['oldlocation']);
foreach($_GET as $key => $val)
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
$_SESSION['_config']['oldlocation'] = "wot.php?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
exit;
}
} else if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && $_SESSION['profile']['id'] > 0) {
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
}
if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
{
header("location: https://www.cacert.org");
exit;
}
if($id == "logout")
{
$_SESSION['profile']['loggedin'] = 0;
header("location: https://".$_SERVER['HTTP_HOST']."/index.php");
exit;
}
if($_SESSION['profile']['loggedin'] < 1)
{
unset($_SESSION['_config']['oldlocation']);
foreach($_GET as $key => $val)
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
$_SESSION['_config']['oldlocation'] = "wot.php?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
exit;
}
loadem("account");
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You don't have access to view these pages.")."</p>";
showfooter();
exit;
}
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
{
unset($oldid);
$id = 5;
}
if($oldid == 5)
{
$query = "select * from `users` where `email`='".mysql_escape_string($_POST['email'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
} else {
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
}
}
if($oldid == 5 || $oldid == 6)
{
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
{
$id = 5;
unset($oldid);
$_SESSION['_config']['error'] = _("You are never allowed to Notarise yourself!");
}
}
if($oldid == 5 || $oldid == 6)
{
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
`to`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$id = 5;
unset($oldid);
$_SESSION['_config']['error'] = _("You are only allowed to Notarise someone once!");
} elseif($oldid == 5) {
$id = 6;
}
}
if($oldid == 6)
{
if($_POST['certify'] != 1 || $_POST['assertion'] != 1 || $_POST['rules'] != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
}
}
if($oldid == 6)
{
if($_POST['location'] == "" || $_POST['date'] == "")
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to enter a location and date of your meeting.");
}
}
if($oldid == 6)
{
$max = maxpoints();
if($_POST['points'] > $max)
$_POST['points'] = $max;
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
if(($drow['total'] + $_POST['points']) > 100 && $max < 100)
$_POST['points'] = 100 - $drow['total'];
if(($drow['total'] + $_POST['points']) > $max && $max >= 100)
$_POST['points'] = $max - $drow['total'];
if($_POST['points'] < 0)
$_POST['points'] = 0;
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['_config']['notarise']['id']."',
`points`='".intval($_POST['points'])."',
`location`='".mysql_escape_string($_POST['location'])."',
`date`='".mysql_escape_string($_POST['date'])."'";
mysql_query($query);
$body = _("You are receiving this email because you have been notarised by another member of the CAcert community.")."\n\n";
$body .= _(sprintf("You were issued %s points and you now have %s points in total.", $_POST['points'], ($_POST['points'] + $drow['total'])))."\n\n";
if(($drow['total'] + $_POST['points']) < 100 && ($drow['total'] + $_POST['points']) >= 50)
{
$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
}
if(($drow['total'] + $_POST['points']) >= 100 && $_POST['points'] > 0)
{
$body .= _("You now have over 100 points and can start notarising others.")."\n\n";
}
$body .= _("Best Regards")."\n";
$body .= _("CAcert Support Team");
mail($_SESSION['_config']['notarise']['email'], "[CAcert.org] You've been Notarised.", $body, "Errors-To: returns@cacert.org\nfrom: \"CAcert Support\" <duane@cacert.org>");
$body = _("You are receiving this email because you have notarised another member of the CAcert community.")."\n\n";
$body .= _(sprintf("You issued them %s points and they now have %s points in total.", $_POST['points'], ($_POST['points'] + $drow['total'])))."\n\n";
$body .= _("Best Regards")."\n";
$body .= _("CAcert Support Team");
mail($_SESSION['profile']['email'], "[CAcert.org] You've Notarised Another Member.", $body, "Errors-To: returns@cacert.org\nfrom: \"CAcert Support\" <duane@cacert.org>");
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Shortly you and the person you were notarising will receive and email confirmation, there is no action on your behalf required to complete this.")."</p>";
showfooter();
exit;
}
if($oldid == 8)
{
$info = mysql_escape_string(strip_tags($_POST['contactinfo']));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
$_SESSION['profile']['listme'] = $listme;
$_SESSION['profile']['contactinfo'] = $info;
$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your account information has been updated.")."</p>";
showfooter();
exit;
}
if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0)
{
$body = $_POST['message'];
$subject = $_POST['subject'];
mail($_SESSION['_config']['user']['email'], $_POST['subject'], $_POST['message'],
"Errors-To: returns@cacert.org\n".
"From: '".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."' <".
$_SESSION['profile']['email'].">");
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
showfooter();
exit;
} elseif($oldid == 9) {
unset($oldid);
$error = _("There was an error and I couldn't proceed");
$id = 9;
}
showheader(_("My CAcert.org Account!"));
includeit($id, "wot");
showfooter();
?>

BIN
www/xenroll.cab
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save