diff --git a/includes/account.php b/includes/account.php index 53cb3ad..eeb7c74 100644 --- a/includes/account.php +++ b/includes/account.php @@ -48,7 +48,7 @@ $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support "); + sendmail($email, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email); @@ -125,6 +125,19 @@ $_SESSION['_config']['addid'] = $addid; if($_SESSION['profile']['points'] >= 50) $_SESSION['_config']['incname'] = intval($incname); + if($_POST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100)) + { + $_POST['codesign'] = 0; + } + if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && $_POST['codesign'] == 1) + { + if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4) + $_SESSION['_config']['incname'] = 1; + } + if($_POST['codesign'] == 1) + $_SESSION['_config']['codesign'] = 1; + else + $_SESSION['_config']['codesign'] = 0; $id = 4; } @@ -178,7 +191,8 @@ $emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC'])); $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS', `memid`='".$_SESSION['profile']['id']."', - `created`=FROM_UNIXTIME(UNIX_TIMESTAMP())"; + `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), + `codesign`='".$_SESSION['_config']['codesign']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) @@ -244,7 +258,8 @@ $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `subject`='$csrsubject'"; + `subject`='$csrsubject', + `codesign`='".$_SESSION['_config']['codesign']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) @@ -256,7 +271,7 @@ fclose($fp); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -274,10 +289,10 @@ if($oldid == 7) { - $newdomain = trim(mysql_escape_string(stripslashes($newdomain))); + $newdomain = trim(escapeshellarg($newdomain)); - $res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'"); - $query = "select * from `domains` where `domain`='".$newdomain."' and `deleted`=0"; + $res1 = mysql_query("select * from `orgdomains` where `domain`='".mysql_escape_string($newdomain)."'"); + $query = "select * from `domains` where `domain`='".mysql_escape_string($newdomain)."' and `deleted`=0"; $res2 = mysql_query($query); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2)) { @@ -305,7 +320,7 @@ $bits = explode(":", $line, 2); $line = trim($bits[1]); if(!in_array($line, $addy) && $line != "") - $addy[] = $line; + $addy[] = trim(mysql_escape_string(stripslashes($line))); } } else { if(is_array($adds)) @@ -319,7 +334,7 @@ $line = $bit; } if(!in_array($line, $addy) && $line != "") - $addy[] = $line; + $addy[] = trim(mysql_escape_string(stripslashes($line))); } } @@ -328,7 +343,7 @@ if(!in_array($sub, $addy)) $addy[] = $sub; $_SESSION['_config']['addy'] = $addy; - $_SESSION['_config']['domain'] = $newdomain; + $_SESSION['_config']['domain'] = mysql_escape_string($newdomain); } if($process != "" && $oldid == 8) @@ -369,7 +384,7 @@ $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support "); + sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); showheader(_("My CAcert.org Account!")); printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']); @@ -446,9 +461,13 @@ exit; } - $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']["0.CN"]."', - `domid`='".$_SESSION['_config']['row']['id']."', - `created`=NOW()"; + $subject = ""; + foreach($_SESSION['_config']['rows'] as $row) + $subject .= "/CN=$row"; + + $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."', + `domid`='".$_SESSION['_config']['rowid']['0']."', + `created`=NOW(),`subject`='$subject'"; mysql_query($query); $CSRid = mysql_insert_id(); @@ -631,7 +650,7 @@ mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."', `emailcertsid`='$newid'"); } - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -673,7 +692,7 @@ continue; } mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; printf(_("Certificate for '%s' has been revoked.")."
\n", $row['CN']); } } @@ -980,7 +999,7 @@ fclose($fp); mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1028,7 +1047,7 @@ $newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr"; copy($row['csr_name'], $newfile); mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1071,7 +1090,7 @@ continue; } mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; printf(_("Certificate for '%s' has been revoked.")."
\n", $row['CN']); } } @@ -1455,7 +1474,7 @@ mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); $do = `../scripts/runserver`; - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; } if($oldid == 29 && $process != "") @@ -1514,7 +1533,7 @@ while($row = mysql_fetch_assoc($res)) { mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); - $do = `../scripts/runclient`; +// $do = `../scripts/runclient`; mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'"); mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'"); } diff --git a/includes/general.php b/includes/general.php index 2512707..74aee09 100644 --- a/includes/general.php +++ b/includes/general.php @@ -20,7 +20,7 @@ session_register("signup"); session_register("lostpw"); - $_SESSION['_config']['filepath'] = "/home/cacert"; + $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); @@ -298,6 +298,7 @@ showfooter(); exit; } + $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } diff --git a/pages/account/3.php b/pages/account/3.php index e017766..b7e0890 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -57,6 +57,15 @@ if($_SESSION['profile']['points'] >= 50) += 100 && $_SESSION['profile']['codesign'] > 0) { ?> + + + + + + + + "> diff --git a/pages/account/43.php b/pages/account/43.php index 866e62f..700c55b 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -17,7 +17,7 @@ { $email = mysql_escape_string(stripslashes($_POST['email'])); $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' + where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' and `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and `users`.`verified`=1 group by `users`.`id` limit 100"; diff --git a/scripts/Makefile b/scripts/Makefile index 1ed3238..9441a6b 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -2,8 +2,9 @@ all: runserver.c runclient.c gcc -O2 -o runserver runserver.c gcc -O2 -o runclient runclient.c gcc -O2 -o rungpg rungpg.c - chown root:www-data runserver runclient rungpg - chmod 4710 runserver runclient rungpg + gcc -O2 -o test test.c + chown root:chrapach runserver runclient rungpg test + chmod 4710 runserver runclient rungpg test clean: - rm -f runserver runclient rungpg + rm -f runserver runclient rungpg test diff --git a/scripts/clientcerts.php b/scripts/clientcerts.php index 9289d8b..3129192 100755 --- a/scripts/clientcerts.php +++ b/scripts/clientcerts.php @@ -24,8 +24,13 @@ while($row = mysql_fetch_assoc($res)) { $row['crt_name'] = "../crt/client-".$row['id'].".crt"; + if($row['codesign'] == 0) + $opensslcnf = "/etc/ssl/openssl-client.cnf"; + else + $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; $days = 365; - $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; + $do = `echo "/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch" > /tmp/test`; + $do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; $do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); if($user['language'] != "") @@ -65,9 +70,10 @@ $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]); $body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "From: CAcert-Support "); + sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } else { $query = "delete from `emailcerts` where `id`='".$row['id']."'"; + mysql_query($query); } } @@ -76,8 +82,12 @@ while($row = mysql_fetch_assoc($res)) { $row['crt_name'] = "../crt/client-".$row['id'].".crt"; + if($row['codesign'] == 0) + $opensslcnf = "/etc/ssl/openssl-client.cnf"; + else + $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; $days = 365; - $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; + $do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); if($user['language'] != "") { @@ -116,7 +126,7 @@ $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]); $body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "From: CAcert-Support "); + sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } else { $query = "delete from `emailcerts` where `id`='".$row['id']."'"; mysql_query($query); @@ -144,16 +154,20 @@ $body = _("Hi")." $user[fname],\n\n"; $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]); $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support "); + sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } $query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $row[crt_name] = "../crt/orgclient-".$row['id'].".crt"; + $row['crt_name'] = "../crt/orgclient-".$row['id'].".crt"; + if($row['codesign'] == 0) + $opensslcnf = "/etc/ssl/openssl-client.cnf"; + else + $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; $days = 365; - $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; + $do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; $do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`; if(filesize($row[crt_name]) > 0) { @@ -189,9 +203,13 @@ $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $row[crt_name] = "../crt/orgclient-".$row['id'].".crt"; + $row['crt_name'] = "../crt/orgclient-".$row['id'].".crt"; + if($row['codesign'] == 0) + $opensslcnf = "/etc/ssl/openssl-client.cnf"; + else + $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; $days = 365; - $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; + $do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; if(filesize($row[crt_name]) > 0) { $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); @@ -243,6 +261,6 @@ $body = _("Hi")." $user[fname],\n\n"; $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]); $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support "); + sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } ?> diff --git a/scripts/gpgcerts.php b/scripts/gpgcerts.php index 00f00af..5da8ef9 100755 --- a/scripts/gpgcerts.php +++ b/scripts/gpgcerts.php @@ -60,7 +60,7 @@ $body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) \n"; $body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; - mail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "From: CAcert-Support "); + sendmail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } else { $query = "delete from `gpg` where `id`='".$row['id']."'"; mysql_query($query); diff --git a/scripts/servercerts.php b/scripts/servercerts.php index 0b42593..10a788e 100755 --- a/scripts/servercerts.php +++ b/scripts/servercerts.php @@ -48,7 +48,7 @@ } $row['crt_name'] = "../crt/server-".$row['id'].".crt"; - $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch > /dev/null 2>&1`; + $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; $dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'")); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'")); if(filesize($row[crt_name]) > 0 && intval($user['id']) > 0) @@ -80,7 +80,7 @@ $body = _("Hi")." ".$user['fname'].",\n\n"; $body .= sprintf(_("Below you will find your certificate for %s.")."\n\n", $row['CN']); $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n".$cert; - mail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "From: CAcert-Support "); + sendmail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } else { $query = "delete from `domaincerts` where `id`='".$row['id']."'"; mysql_query($query); @@ -109,7 +109,7 @@ $body = _("Hi")." ".$user['fname'].",\n\n"; $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row['CN']); $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support "); + sendmail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } $query = "select * from `orgdomaincerts` where `crt_name`=''"; diff --git a/www/.htaccess b/www/.htaccess index 447b821..bb5fe0e 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -1,4 +1,4 @@ -php_value auto_prepend_file /home/cacert/includes/general.php +php_value auto_prepend_file /www/includes/general.php php_value output_buffering 1 errordocument 404 /error404.php errordocument 403 /error403.php diff --git a/www/account.php b/www/account.php index cb3b6de..d9801b3 100644 --- a/www/account.php +++ b/www/account.php @@ -23,7 +23,7 @@ } else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; - mail("support@cacert.org", "[CAcert.org] ".$subject, $message, "From: $email"); + sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "returns@cacert.org"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent."); showfooter(); @@ -31,7 +31,8 @@ } else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; - mail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "Reply-To: $email\nFrom: website-form@cacert.org"); + sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", $email); + showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent to the general support list."); showfooter(); diff --git a/www/index.php b/www/index.php index 4b1be12..f161225 100644 --- a/www/index.php +++ b/www/index.php @@ -85,9 +85,8 @@ "IP/Hostname: ".$_SERVER['REMOTE_ADDR']."/".$_SERVER['REMOTE_HOST']."\n". "---------------------------------------------------------------------\n".$body. "---------------------------------------------------------------------\n"; - mail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body, - "From: '".$_SESSION['lostpw']['user']['fname']."' <".$_SESSION['lostpw']['user']['email'].">\n". - "From: CAcert-Support "); + sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body, + $_SESSION['lostpw']['user']['email'], "returns@cacert.org", "", $_SESSION['lostpw']['user']['fname']); $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct, system admins have been notified."); } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") { $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank."); @@ -306,7 +305,7 @@ $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); - mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support "); + sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); } } @@ -329,7 +328,7 @@ { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; - signmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email); + sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "returns@cacert.org", "", "CAcert Support"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent."); showfooter(); @@ -340,7 +339,7 @@ { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; - mail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "From: website-form@cacert.org\nReply-To: $email"); + sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", "$email", "", "CAcert-Website"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent to the general support list."); showfooter(); diff --git a/www/wot.php b/www/wot.php index 2c2f1e4..fd9b833 100644 --- a/www/wot.php +++ b/www/wot.php @@ -173,7 +173,7 @@ $body .= _("Best Regards")."\n"; $body .= _("CAcert Support Team"); - mail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "From: CAcert-Support "); + sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Website"); putenv("LANG=".$_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']); @@ -183,7 +183,7 @@ $body .= _("Best Regards")."\n"; $body .= _("CAcert Support Team"); - mail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "From: CAcert-Support "); + sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support"); showheader(_("My CAcert.org Account!")); echo "

"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."

"; @@ -214,9 +214,8 @@ { $body = $_POST['message']; $subject = $_POST['subject']; - mail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'], - "From: '".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."' <". - $_SESSION['profile']['email'].">"); + sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'], + $_SESSION['profile']['email'], "returns@cacert.org", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); showheader(_("My CAcert.org Account!")); echo "

"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".

"; echo "

[ Go Back ]

\n";