cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

bug fixes

Browse Source
pull/1/head
root 20 years ago
parent 704e840b5b
commit c56e0e0e94
12 changed files with 101 additions and 54 deletions
Show Stats Download Patch File Download Diff File

61
includes/account.php
Unescape Escape View File

@ -48,7 +48,7 @@
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support <support@cacert.org>");
sendmail($email, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email);
@ -125,6 +125,19 @@
$_SESSION['_config']['addid'] = $addid;
if($_SESSION['profile']['points'] >= 50)
$_SESSION['_config']['incname'] = intval($incname);
if($_POST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
{
$_POST['codesign'] = 0;
}
if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && $_POST['codesign'] == 1)
{
if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
$_SESSION['_config']['incname'] = 1;
}
if($_POST['codesign'] == 1)
$_SESSION['_config']['codesign'] = 1;
else
$_SESSION['_config']['codesign'] = 0;
$id = 4;
}
@ -178,7 +191,8 @@
$emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC']));
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP())";
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@ -244,7 +258,8 @@
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject'";
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@ -256,7 +271,7 @@
fclose($fp);
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
$query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@ -274,10 +289,10 @@
if($oldid == 7)
{
$newdomain = trim(mysql_escape_string(stripslashes($newdomain)));
$newdomain = trim(escapeshellarg($newdomain));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'");
$query = "select * from `domains` where `domain`='".$newdomain."' and `deleted`=0";
$res1 = mysql_query("select * from `orgdomains` where `domain`='".mysql_escape_string($newdomain)."'");
$query = "select * from `domains` where `domain`='".mysql_escape_string($newdomain)."' and `deleted`=0";
$res2 = mysql_query($query);
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
{
@ -305,7 +320,7 @@
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
$addy[] = $line;
$addy[] = trim(mysql_escape_string(stripslashes($line)));
}
} else {
if(is_array($adds))
@ -319,7 +334,7 @@
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
$addy[] = $line;
$addy[] = trim(mysql_escape_string(stripslashes($line)));
}
}
@ -328,7 +343,7 @@
if(!in_array($sub, $addy))
$addy[] = $sub;
$_SESSION['_config']['addy'] = $addy;
$_SESSION['_config']['domain'] = $newdomain;
$_SESSION['_config']['domain'] = mysql_escape_string($newdomain);
}
if($process != "" && $oldid == 8)
@ -369,7 +384,7 @@
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support <support@cacert.org>");
sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
@ -446,9 +461,13 @@
exit;
}
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']["0.CN"]."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
$subject = "";
foreach($_SESSION['_config']['rows'] as $row)
$subject .= "/CN=$row";
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
`domid`='".$_SESSION['_config']['rowid']['0']."',
`created`=NOW(),`subject`='$subject'";
mysql_query($query);
$CSRid = mysql_insert_id();
@ -631,7 +650,7 @@
mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
`emailcertsid`='$newid'");
}
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
$query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@ -673,7 +692,7 @@
continue;
}
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
@ -980,7 +999,7 @@
fclose($fp);
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
}
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
$query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@ -1028,7 +1047,7 @@
$newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr";
copy($row['csr_name'], $newfile);
mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
$query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@ -1071,7 +1090,7 @@
continue;
}
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
}
}
@ -1455,7 +1474,7 @@
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runserver`;
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
}
if($oldid == 29 && $process != "")
@ -1514,7 +1533,7 @@
while($row = mysql_fetch_assoc($res))
{
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runclient`;
// $do = `../scripts/runclient`;
mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'");
mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'");
}

3
includes/general.php
Unescape Escape View File

@ -20,7 +20,7 @@
session_register("signup");
session_register("lostpw");
$_SESSION['_config']['filepath'] = "/home/cacert";
$_SESSION['_config']['filepath'] = "/www";
require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
@ -298,6 +298,7 @@
showfooter();
exit;
}
$_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid;
}

9
pages/account/3.php
Unescape Escape View File

@ -57,6 +57,15 @@ if($_SESSION['profile']['points'] >= 50)
</td>
</tr>
<? } ?>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr>
<td class="DataTD" align="left">
<input type="checkbox" name="codesign" value="1"> <?=_("Code Signing ")?></td>
<td class="DataTD" align="left">
<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>

2
pages/account/43.php
Unescape Escape View File

@ -17,7 +17,7 @@
{
$email = mysql_escape_string(stripslashes($_POST['email']));
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%'
where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' and
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";

7
scripts/Makefile
Unescape Escape View File

@ -2,8 +2,9 @@ all: runserver.c runclient.c
gcc -O2 -o runserver runserver.c
gcc -O2 -o runclient runclient.c
gcc -O2 -o rungpg rungpg.c
chown root:www-data runserver runclient rungpg
chmod 4710 runserver runclient rungpg
gcc -O2 -o test test.c
chown root:chrapach runserver runclient rungpg test
chmod 4710 runserver runclient rungpg test
clean:
rm -f runserver runclient rungpg
rm -f runserver runclient rungpg test

38
scripts/clientcerts.php
Unescape Escape View File

@ -24,8 +24,13 @@
while($row = mysql_fetch_assoc($res))
{
$row['crt_name'] = "../crt/client-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `echo "/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch" > /tmp/test`;
$do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if($user['language'] != "")
@ -65,9 +70,10 @@
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else {
$query = "delete from `emailcerts` where `id`='".$row['id']."'";
mysql_query($query);
}
}
@ -76,8 +82,12 @@
while($row = mysql_fetch_assoc($res))
{
$row['crt_name'] = "../crt/client-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if($user['language'] != "")
{
@ -116,7 +126,7 @@
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else {
$query = "delete from `emailcerts` where `id`='".$row['id']."'";
mysql_query($query);
@ -144,16 +154,20 @@
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
}
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/orgclient-".$row['id'].".crt";
$row['crt_name'] = "../crt/orgclient-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
@ -189,9 +203,13 @@
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/orgclient-".$row['id'].".crt";
$row['crt_name'] = "../crt/orgclient-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
@ -243,6 +261,6 @@
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
}
?>

2
scripts/gpgcerts.php
Unescape Escape View File

@ -60,7 +60,7 @@
$body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) <gpg@cacert.org>\n";
$body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
mail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else {
$query = "delete from `gpg` where `id`='".$row['id']."'";
mysql_query($query);

6
scripts/servercerts.php
Unescape Escape View File

@ -48,7 +48,7 @@
}
$row['crt_name'] = "../crt/server-".$row['id'].".crt";
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'"));
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'"));
if(filesize($row[crt_name]) > 0 && intval($user['id']) > 0)
@ -80,7 +80,7 @@
$body = _("Hi")." ".$user['fname'].",\n\n";
$body .= sprintf(_("Below you will find your certificate for %s.")."\n\n", $row['CN']);
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n".$cert;
mail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else {
$query = "delete from `domaincerts` where `id`='".$row['id']."'";
mysql_query($query);
@ -109,7 +109,7 @@
$body = _("Hi")." ".$user['fname'].",\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row['CN']);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support <no-returns@cacert.org>");
sendmail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
}
$query = "select * from `orgdomaincerts` where `crt_name`=''";

2
www/.htaccess
Unescape Escape View File

@ -1,4 +1,4 @@
php_value auto_prepend_file /home/cacert/includes/general.php
php_value auto_prepend_file /www/includes/general.php
php_value output_buffering 1
errordocument 404 /error404.php
errordocument 403 /error403.php

5
www/account.php
Unescape Escape View File

@ -23,7 +23,7 @@
} else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("support@cacert.org", "[CAcert.org] ".$subject, $message, "From: $email");
sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "returns@cacert.org");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent.");
showfooter();
@ -31,7 +31,8 @@
} else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "Reply-To: $email\nFrom: website-form@cacert.org");
sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", $email);
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent to the general support list.");
showfooter();

11
www/index.php
Unescape Escape View File

@ -85,9 +85,8 @@
"IP/Hostname: ".$_SERVER['REMOTE_ADDR']."/".$_SERVER['REMOTE_HOST']."\n".
"---------------------------------------------------------------------\n".$body.
"---------------------------------------------------------------------\n";
mail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
"From: '".$_SESSION['lostpw']['user']['fname']."' <".$_SESSION['lostpw']['user']['email'].">\n".
"From: CAcert-Support <support@cacert.org>");
sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
$_SESSION['lostpw']['user']['email'], "returns@cacert.org", "", $_SESSION['lostpw']['user']['fname']);
$_SESSION['_config']['errmsg'] = _("You failed to get all answers correct, system admins have been notified.");
} else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
$_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
@ -306,7 +305,7 @@
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support <support@cacert.org>");
sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
}
}
@ -329,7 +328,7 @@
{
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
signmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email);
sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "returns@cacert.org", "", "CAcert Support");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent.");
showfooter();
@ -340,7 +339,7 @@
{
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "From: website-form@cacert.org\nReply-To: $email");
sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", "$email", "", "CAcert-Website");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent to the general support list.");
showfooter();

9
www/wot.php
Unescape Escape View File

@ -173,7 +173,7 @@
$body .= _("Best Regards")."\n";
$body .= _("CAcert Support Team");
mail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "From: CAcert-Support <support@cacert.org>");
sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Website");
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
@ -183,7 +183,7 @@
$body .= _("Best Regards")."\n";
$body .= _("CAcert Support Team");
mail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "From: CAcert-Support <support@cacert.org>");
sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
@ -214,9 +214,8 @@
{
$body = $_POST['message'];
$subject = $_POST['subject'];
mail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'],
"From: '".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."' <".
$_SESSION['profile']['email'].">");
sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'],
$_SESSION['profile']['email'], "returns@cacert.org", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";

Write Preview
Loading…
Cancel
Save