cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

bug fixes

Browse Source
pull/1/head
root 20 years ago
parent 704e840b5b
commit c56e0e0e94
12 changed files with 101 additions and 54 deletions
Show Stats Download Patch File Download Diff File

61
includes/account.php
Unescape Escape View File

@ -48,7 +48,7 @@
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support <support@cacert.org>"); sendmail($email, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email); printf(_("The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $email);
@ -125,6 +125,19 @@
$_SESSION['_config']['addid'] = $addid; $_SESSION['_config']['addid'] = $addid;
if($_SESSION['profile']['points'] >= 50) if($_SESSION['profile']['points'] >= 50)
$_SESSION['_config']['incname'] = intval($incname); $_SESSION['_config']['incname'] = intval($incname);
if($_POST['codesign'] != 0 && ($_SESSION['profile']['codesign'] == 0 || $_SESSION['profile']['points'] < 100))
{
$_POST['codesign'] = 0;
}
if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0 && $_POST['codesign'] == 1)
{
if($_SESSION['_config']['incname'] < 1 || $_SESSION['_config']['incname'] > 4)
$_SESSION['_config']['incname'] = 1;
}
if($_POST['codesign'] == 1)
$_SESSION['_config']['codesign'] = 1;
else
$_SESSION['_config']['codesign'] = 0;
$id = 4; $id = 4;
} }
@ -178,7 +191,8 @@
$emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC'])); $emails .= "SPKAC = ".str_replace("\n", "", str_replace("\r", "", $_POST['SPKAC']));
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS', $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS',
`memid`='".$_SESSION['profile']['id']."', `memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP())"; `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
if(is_array($addys)) if(is_array($addys))
@ -244,7 +258,8 @@
$query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS', $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='MS',
`memid`='".$_SESSION['profile']['id']."', `memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject'"; `subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
if(is_array($addys)) if(is_array($addys))
@ -256,7 +271,7 @@
fclose($fp); fclose($fp);
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} }
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
$query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''"; $query = "select * from `emailcerts` where `id`='$emailid' and `crt_name` != ''";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -274,10 +289,10 @@
if($oldid == 7) if($oldid == 7)
{ {
$newdomain = trim(mysql_escape_string(stripslashes($newdomain))); $newdomain = trim(escapeshellarg($newdomain));
$res1 = mysql_query("select * from `orgdomains` where `domain`='$newdomain'"); $res1 = mysql_query("select * from `orgdomains` where `domain`='".mysql_escape_string($newdomain)."'");
$query = "select * from `domains` where `domain`='".$newdomain."' and `deleted`=0"; $query = "select * from `domains` where `domain`='".mysql_escape_string($newdomain)."' and `deleted`=0";
$res2 = mysql_query($query); $res2 = mysql_query($query);
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2)) if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2))
{ {
@ -305,7 +320,7 @@
$bits = explode(":", $line, 2); $bits = explode(":", $line, 2);
$line = trim($bits[1]); $line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "") if(!in_array($line, $addy) && $line != "")
$addy[] = $line; $addy[] = trim(mysql_escape_string(stripslashes($line)));
} }
} else { } else {
if(is_array($adds)) if(is_array($adds))
@ -319,7 +334,7 @@
$line = $bit; $line = $bit;
} }
if(!in_array($line, $addy) && $line != "") if(!in_array($line, $addy) && $line != "")
$addy[] = $line; $addy[] = trim(mysql_escape_string(stripslashes($line)));
} }
} }
@ -328,7 +343,7 @@
if(!in_array($sub, $addy)) if(!in_array($sub, $addy))
$addy[] = $sub; $addy[] = $sub;
$_SESSION['_config']['addy'] = $addy; $_SESSION['_config']['addy'] = $addy;
$_SESSION['_config']['domain'] = $newdomain; $_SESSION['_config']['domain'] = mysql_escape_string($newdomain);
} }
if($process != "" && $oldid == 8) if($process != "" && $oldid == 8)
@ -369,7 +384,7 @@
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support <support@cacert.org>"); sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']); printf(_("The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."), $_SESSION['_config']['domain']);
@ -446,9 +461,13 @@
exit; exit;
} }
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']["0.CN"]."', $subject = "";
`domid`='".$_SESSION['_config']['row']['id']."', foreach($_SESSION['_config']['rows'] as $row)
`created`=NOW()"; $subject .= "/CN=$row";
$query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."',
`domid`='".$_SESSION['_config']['rowid']['0']."',
`created`=NOW(),`subject`='$subject'";
mysql_query($query); mysql_query($query);
$CSRid = mysql_insert_id(); $CSRid = mysql_insert_id();
@ -631,7 +650,7 @@
mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."', mysql_query("insert into `emaillink` set `emailid`='".$r2['emailid']."',
`emailcertsid`='$newid'"); `emailcertsid`='$newid'");
} }
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
$query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''"; $query = "select * from `emailcerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -673,7 +692,7 @@
continue; continue;
} }
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
} }
} }
@ -980,7 +999,7 @@
fclose($fp); fclose($fp);
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} }
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
$query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''"; $query = "select * from `orgemailcerts` where `id`='$emailid' and `crt_name` != ''";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -1028,7 +1047,7 @@
$newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr"; $newfile = $_SESSION['_config']['filepath']."/csr/orgclient-$newid.csr";
copy($row['csr_name'], $newfile); copy($row['csr_name'], $newfile);
mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'"); mysql_query("update `orgemailcerts` set `csr_name`='$newfile' where `id`='$newid'");
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
$query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''"; $query = "select * from `orgemailcerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -1071,7 +1090,7 @@
continue; continue;
} }
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
} }
} }
@ -1455,7 +1474,7 @@
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runserver`; $do = `../scripts/runserver`;
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
} }
if($oldid == 29 && $process != "") if($oldid == 29 && $process != "")
@ -1514,7 +1533,7 @@
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
$do = `../scripts/runclient`; // $do = `../scripts/runclient`;
mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'"); mysql_query("delete from `orgemailcerts` where `id`='".$row['id']."'");
mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'"); mysql_query("delete from `orgemaillink` where `domid`='".$row['id']."'");
} }

3
includes/general.php
Unescape Escape View File

@ -20,7 +20,7 @@
session_register("signup"); session_register("signup");
session_register("lostpw"); session_register("lostpw");
$_SESSION['_config']['filepath'] = "/home/cacert"; $_SESSION['_config']['filepath'] = "/www";
require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
@ -298,6 +298,7 @@
showfooter(); showfooter();
exit; exit;
} }
$_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rows'] = $rows;
$_SESSION['_config']['rowid'] = $rowid; $_SESSION['_config']['rowid'] = $rowid;
} }

9
pages/account/3.php
Unescape Escape View File

@ -56,6 +56,15 @@ if($_SESSION['profile']['points'] >= 50)
<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
</td> </td>
</tr> </tr>
<? } ?>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr>
<td class="DataTD" align="left">
<input type="checkbox" name="codesign" value="1"> <?=_("Code Signing ")?></td>
<td class="DataTD" align="left">
<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
</td>
</tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>

2
pages/account/43.php
Unescape Escape View File

@ -17,7 +17,7 @@
{ {
$email = mysql_escape_string(stripslashes($_POST['email'])); $email = mysql_escape_string(stripslashes($_POST['email']));
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' and
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1 `users`.`verified`=1
group by `users`.`id` limit 100"; group by `users`.`id` limit 100";

7
scripts/Makefile
Unescape Escape View File

@ -2,8 +2,9 @@ all: runserver.c runclient.c
gcc -O2 -o runserver runserver.c gcc -O2 -o runserver runserver.c
gcc -O2 -o runclient runclient.c gcc -O2 -o runclient runclient.c
gcc -O2 -o rungpg rungpg.c gcc -O2 -o rungpg rungpg.c
chown root:www-data runserver runclient rungpg gcc -O2 -o test test.c
chmod 4710 runserver runclient rungpg chown root:chrapach runserver runclient rungpg test
chmod 4710 runserver runclient rungpg test
clean: clean:
rm -f runserver runclient rungpg rm -f runserver runclient rungpg test

38
scripts/clientcerts.php
Unescape Escape View File

@ -24,8 +24,13 @@
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$row['crt_name'] = "../crt/client-".$row['id'].".crt"; $row['crt_name'] = "../crt/client-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365; $days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; $do = `echo "/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch" > /tmp/test`;
$do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`; $do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if($user['language'] != "") if($user['language'] != "")
@ -65,9 +70,10 @@
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]); $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n"; $body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else { } else {
$query = "delete from `emailcerts` where `id`='".$row['id']."'"; $query = "delete from `emailcerts` where `id`='".$row['id']."'";
mysql_query($query);
} }
} }
@ -76,8 +82,12 @@
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$row['crt_name'] = "../crt/client-".$row['id'].".crt"; $row['crt_name'] = "../crt/client-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365; $days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; $do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if($user['language'] != "") if($user['language'] != "")
{ {
@ -116,7 +126,7 @@
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]); $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n"; $body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else { } else {
$query = "delete from `emailcerts` where `id`='".$row['id']."'"; $query = "delete from `emailcerts` where `id`='".$row['id']."'";
mysql_query($query); mysql_query($query);
@ -144,16 +154,20 @@
$body = _("Hi")." $user[fname],\n\n"; $body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]); $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} }
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'"; $query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$row[crt_name] = "../crt/orgclient-".$row['id'].".crt"; $row['crt_name'] = "../crt/orgclient-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365; $days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; $do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`; $do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0) if(filesize($row[crt_name]) > 0)
{ {
@ -189,9 +203,13 @@
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$row[crt_name] = "../crt/orgclient-".$row['id'].".crt"; $row['crt_name'] = "../crt/orgclient-".$row['id'].".crt";
if($row['codesign'] == 0)
$opensslcnf = "/etc/ssl/openssl-client.cnf";
else
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
$days = 365; $days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; $do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0) if(filesize($row[crt_name]) > 0)
{ {
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
@ -243,6 +261,6 @@
$body = _("Hi")." $user[fname],\n\n"; $body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]); $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} }
?> ?>

2
scripts/gpgcerts.php
Unescape Escape View File

@ -60,7 +60,7 @@
$body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) <gpg@cacert.org>\n"; $body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) <gpg@cacert.org>\n";
$body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n"; $body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
mail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else { } else {
$query = "delete from `gpg` where `id`='".$row['id']."'"; $query = "delete from `gpg` where `id`='".$row['id']."'";
mysql_query($query); mysql_query($query);

6
scripts/servercerts.php
Unescape Escape View File

@ -48,7 +48,7 @@
} }
$row['crt_name'] = "../crt/server-".$row['id'].".crt"; $row['crt_name'] = "../crt/server-".$row['id'].".crt";
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch > /dev/null 2>&1`; $do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'")); $dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'"));
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'")); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'"));
if(filesize($row[crt_name]) > 0 && intval($user['id']) > 0) if(filesize($row[crt_name]) > 0 && intval($user['id']) > 0)
@ -80,7 +80,7 @@
$body = _("Hi")." ".$user['fname'].",\n\n"; $body = _("Hi")." ".$user['fname'].",\n\n";
$body .= sprintf(_("Below you will find your certificate for %s.")."\n\n", $row['CN']); $body .= sprintf(_("Below you will find your certificate for %s.")."\n\n", $row['CN']);
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n".$cert; $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n".$cert;
mail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} else { } else {
$query = "delete from `domaincerts` where `id`='".$row['id']."'"; $query = "delete from `domaincerts` where `id`='".$row['id']."'";
mysql_query($query); mysql_query($query);
@ -109,7 +109,7 @@
$body = _("Hi")." ".$user['fname'].",\n\n"; $body = _("Hi")." ".$user['fname'].",\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row['CN']); $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row['CN']);
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "From: CAcert-Support <no-returns@cacert.org>"); sendmail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} }
$query = "select * from `orgdomaincerts` where `crt_name`=''"; $query = "select * from `orgdomaincerts` where `crt_name`=''";

2
www/.htaccess
Unescape Escape View File

@ -1,4 +1,4 @@
php_value auto_prepend_file /home/cacert/includes/general.php php_value auto_prepend_file /www/includes/general.php
php_value output_buffering 1 php_value output_buffering 1
errordocument 404 /error404.php errordocument 404 /error404.php
errordocument 403 /error403.php errordocument 403 /error403.php

5
www/account.php
Unescape Escape View File

@ -23,7 +23,7 @@
} else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") { } else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("support@cacert.org", "[CAcert.org] ".$subject, $message, "From: $email"); sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "returns@cacert.org");
showheader(_("Welcome to CAcert.org")); showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent."); echo _("Your message has been sent.");
showfooter(); showfooter();
@ -31,7 +31,8 @@
} else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") { } else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "Reply-To: $email\nFrom: website-form@cacert.org"); sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", $email);
showheader(_("Welcome to CAcert.org")); showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent to the general support list."); echo _("Your message has been sent to the general support list.");
showfooter(); showfooter();

11
www/index.php
Unescape Escape View File

@ -85,9 +85,8 @@
"IP/Hostname: ".$_SERVER['REMOTE_ADDR']."/".$_SERVER['REMOTE_HOST']."\n". "IP/Hostname: ".$_SERVER['REMOTE_ADDR']."/".$_SERVER['REMOTE_HOST']."\n".
"---------------------------------------------------------------------\n".$body. "---------------------------------------------------------------------\n".$body.
"---------------------------------------------------------------------\n"; "---------------------------------------------------------------------\n";
mail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body, sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
"From: '".$_SESSION['lostpw']['user']['fname']."' <".$_SESSION['lostpw']['user']['email'].">\n". $_SESSION['lostpw']['user']['email'], "returns@cacert.org", "", $_SESSION['lostpw']['user']['fname']);
"From: CAcert-Support <support@cacert.org>");
$_SESSION['_config']['errmsg'] = _("You failed to get all answers correct, system admins have been notified."); $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct, system admins have been notified.");
} else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") { } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
$_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank."); $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
@ -306,7 +305,7 @@
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support <support@cacert.org>"); sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
} }
} }
@ -329,7 +328,7 @@
{ {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
signmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email); sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "returns@cacert.org", "", "CAcert Support");
showheader(_("Welcome to CAcert.org")); showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent."); echo _("Your message has been sent.");
showfooter(); showfooter();
@ -340,7 +339,7 @@
{ {
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
mail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "From: website-form@cacert.org\nReply-To: $email"); sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", "$email", "", "CAcert-Website");
showheader(_("Welcome to CAcert.org")); showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent to the general support list."); echo _("Your message has been sent to the general support list.");
showfooter(); showfooter();

9
www/wot.php
Unescape Escape View File

@ -173,7 +173,7 @@
$body .= _("Best Regards")."\n"; $body .= _("Best Regards")."\n";
$body .= _("CAcert Support Team"); $body .= _("CAcert Support Team");
mail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "From: CAcert-Support <support@cacert.org>"); sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Website");
putenv("LANG=".$_SESSION['_config']['language']); putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']);
@ -183,7 +183,7 @@
$body .= _("Best Regards")."\n"; $body .= _("Best Regards")."\n";
$body .= _("CAcert Support Team"); $body .= _("CAcert Support Team");
mail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "From: CAcert-Support <support@cacert.org>"); sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>"; echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
@ -214,9 +214,8 @@
{ {
$body = $_POST['message']; $body = $_POST['message'];
$subject = $_POST['subject']; $subject = $_POST['subject'];
mail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'], sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'],
"From: '".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."' <". $_SESSION['profile']['email'], "returns@cacert.org", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
$_SESSION['profile']['email'].">");
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>"; echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n"; echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";

Write Preview
Loading…
Cancel
Save