new code + updates and bug fixes
parent
06ba89b6d2
commit
d89c90943e
@ -0,0 +1,21 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<H3><?=_("Disputes and Abuse Reporting")?></H3>
|
||||
<p><?=_("Please select the most appropriate section to report your problem.")?></p>
|
||||
<H4><?=_("Disputes")?></H4>
|
||||
<p><?=_("If you want to dispute who has control of your email address or domain, select 'Dispute Email' or 'Dispute Domain' on the right hand side.")?></p>
|
||||
<H4><?=_("Abuses")?></H4>
|
||||
<p><?=_("If you would like to report an abuse of our certificates that breaches our policies please select the Abuse menu on the right.")?></p>
|
||||
|
@ -0,0 +1,31 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<H3><?=_("Email Dispute")?></H3>
|
||||
<p><?=_("If your dispute is sucessful you will have the email address removed from the system, you will need add the email address as per usual afterwards. The email will be removed from the current account and any certificates will be revoked.")?></p>
|
||||
<form method="post" action="disputes.php">
|
||||
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
||||
<tr>
|
||||
<td colspan="2" class="title"><?=_("Which Email?")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
|
||||
<td class="DataTD" width="125"><input type="text" name="dispute" value=""></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("File Dispute")?>"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
</form>
|
@ -0,0 +1,32 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<H3><?=_("Domain Dispute")?></H3>
|
||||
<p><?=_("If your dispute is sucessful the domain will be removed from the current account and any certificates will be revoked.")?></p>
|
||||
<form method="post" action="disputes.php">
|
||||
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
||||
<tr>
|
||||
<td colspan="2" class="title"><?=_("Dispute Domain")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" width="125"><?=_("Domain")?>: </td>
|
||||
<td class="DataTD" width="125"><input type="text" name="dispute"></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("File Dispute")?>"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
</form>
|
@ -0,0 +1,36 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<H3><?=_("Email Dispute")?></H3>
|
||||
<p><? printf(_("Currently the email '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."), $_SESSION['_config']['email']); ?></p>
|
||||
<form method="post" action="disputes.php">
|
||||
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
||||
<tr>
|
||||
<td colspan="2" class="title"><?=_("Email Dispute")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="radio" name="action" value="reject" checked> <?=_("Reject Dispute")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="radio" name="action" value="accept"> <?=_("Accept Dispute")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="radio" name="action" value="abuse"> <?=_("Report Dispute as Abuse")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="type" value="reallyemail">
|
||||
</form>
|
@ -0,0 +1,34 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<form method="post" action="disputes.php">
|
||||
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
||||
|
||||
<tr>
|
||||
<td colspan="2" class="title"><?=_("Please choose an authority email address")?></td>
|
||||
</tr>
|
||||
<? if(is_array($_SESSION['_config']['addy']))
|
||||
foreach($_SESSION['_config']['addy'] as $add) { ?>
|
||||
<tr>
|
||||
<td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked"; $tagged = 1; } ?>></td>
|
||||
<td class="DataTD" width="175"><?=$add?></td>
|
||||
</tr>
|
||||
<? } ?>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||
</form>
|
||||
|
@ -0,0 +1,36 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<H3><?=_("Domain Dispute")?></H3>
|
||||
<p><? printf(_("Currently the domain '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."), $_SESSION['_config']['domain']); ?></p>
|
||||
<form method="post" action="disputes.php">
|
||||
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
||||
<tr>
|
||||
<td colspan="2" class="title"><?=_("Domain Dispute")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="radio" name="action" value="reject" checked> <?=_("Reject Dispute")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="radio" name="action" value="accept"> <?=_("Accept Dispute")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="radio" name="action" value="abuse"> <?=_("Report Dispute as Abuse")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="type" value="reallydomain">
|
||||
</form>
|
@ -0,0 +1,5 @@
|
||||
php_value auto_prepend_file /www/includes/general.php
|
||||
php_value output_buffering 1
|
||||
errordocument 404 /error404.php
|
||||
errordocument 403 /error403.php
|
||||
errordocument 401 /error401.php
|
Binary file not shown.
After Width: | Height: | Size: 3.6 KiB |
@ -0,0 +1,100 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<?
|
||||
// phpinfo(); exit;
|
||||
include_once("../includes/general.php");
|
||||
loadem("tverify");
|
||||
|
||||
$id = intval($_GET['id']);
|
||||
if(intval($_POST['id']) > 0)
|
||||
$id = intval($_POST['id']);
|
||||
|
||||
if($id == 1)
|
||||
{
|
||||
$nofile = 1;
|
||||
$photoid = $_FILES['photoid'];
|
||||
if($photoid['error'] == 0)
|
||||
{
|
||||
$type = strtolower($photoid['type']);
|
||||
switch($type)
|
||||
{
|
||||
case 'image/gif': $ext = "gif"; $nofile = 0; break;
|
||||
case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
|
||||
case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
|
||||
case 'image/png': $ext = "png"; $nofile = 0; break;
|
||||
default:
|
||||
$id = 0;
|
||||
$_SESSION['_config']['errmsg'] = _("On jpg, gif and png file types are acceptable");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($id == 1)
|
||||
{
|
||||
$memid = mysql_escape_string($_SESSION['_config']['uid']);
|
||||
$email = mysql_escape_string($_POST["email"]);
|
||||
$password = mysql_escape_string($_POST["pword"]);
|
||||
$URL = mysql_escape_string($_POST["notaryURL"]);
|
||||
$CN = mysql_escape_string($_SESSION['_config']['CN']);
|
||||
|
||||
$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
|
||||
if(mysql_num_rows(mysql_query($query)) <= 0)
|
||||
{
|
||||
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system.");
|
||||
$id = 0;
|
||||
} else {
|
||||
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
|
||||
mysql_query($query);
|
||||
$tverify = mysql_insert_id();
|
||||
if($nofile == 0)
|
||||
{
|
||||
$filename = $photoid['tmp_name'];
|
||||
$newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
|
||||
move_uploaded_file($filename, $newfile);
|
||||
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
|
||||
mysql_query($query);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($id == 1)
|
||||
{
|
||||
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
|
||||
$body .= "Primary email address: $email ($memid)\n";
|
||||
$body .= "Certificate Subject: $CN\n";
|
||||
if($URL != "")
|
||||
$body .= "Notary URL: $URL\n";
|
||||
if($URL != "" && $nofile == 0)
|
||||
$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
|
||||
|
||||
$query = "SELECT sum(`points`) as `points` FROM `notary` WHERE `to`='$memid'";
|
||||
$row = mysql_fetch_assoc(mysql_query($query));
|
||||
|
||||
$body .= "\nCurrent Points: ".$row['points']."\n\n";
|
||||
|
||||
$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
|
||||
|
||||
$body .= "Best regards"."\n";
|
||||
$body .= "CAcert Support Team";
|
||||
|
||||
|
||||
// sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
|
||||
sendmail("duane@cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
|
||||
}
|
||||
|
||||
showheader(_("Thawte Points Transfer"));
|
||||
includeit($id, "tverify");
|
||||
showfooter();
|
||||
?>
|
@ -0,0 +1,97 @@
|
||||
<?
|
||||
$continue = 1;;
|
||||
if($_SERVER["SSL_CLIENT_S_DN_CN"] == "Thawte Freemail Member")
|
||||
{
|
||||
$continue = 0;
|
||||
echo _("I wasn't able to locate your name on your certificate, as such you can't continue with this process.");
|
||||
}
|
||||
|
||||
if($continue == 1)
|
||||
{
|
||||
$addy = array();
|
||||
$emails = explode("/", trim($_SERVER["SSL_CLIENT_S_DN"]));
|
||||
foreach($emails as $email)
|
||||
{
|
||||
$bits = explode("=", $email);
|
||||
if($bits["0"] == "emailAddress")
|
||||
{
|
||||
$query = "select * from `email` where `email`='".$bits["1"]."' and `deleted`=0 and hash=''";
|
||||
$account = mysql_query($query);
|
||||
if(mysql_num_rows($account))
|
||||
$addy[] = $bits["1"];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(count($addy) <= 0 && $continue == 1)
|
||||
{
|
||||
$continue = 0;
|
||||
echo _("I wasn't able to match any email accounts on your certificate to any accounts in our database, as such I can't continue with this process.");
|
||||
}
|
||||
|
||||
if($continue == 1)
|
||||
{
|
||||
$row = mysql_fetch_assoc($account);
|
||||
$memid = $row['memid'];
|
||||
|
||||
$name = trim($_SERVER["SSL_CLIENT_S_DN_CN"]);
|
||||
while(strstr($name, " "))
|
||||
$name = str_replace(" ", " ", $name);
|
||||
$bits = explode(" ", $name);
|
||||
|
||||
$firstname = $bits["0"];
|
||||
$lastname = $bits[count($bits) - 1];
|
||||
|
||||
$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";
|
||||
if(mysql_num_rows(mysql_query($query)) <= 0)
|
||||
{
|
||||
$continue = 0;
|
||||
echo _("The name and email address on your certificate could not be exactly matched to any stored in our database, as such I'm not able to contiue with this process.");
|
||||
}
|
||||
}
|
||||
|
||||
if($_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" && $continue == 1)
|
||||
{
|
||||
$_SESSION['_config']['uid'] = $row['memid'];
|
||||
$_SESSION['_config']['CN'] = trim($_SERVER["SSL_CLIENT_S_DN"]);
|
||||
?>
|
||||
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
|
||||
<?=_("By just submitting your Thawte certificate you can be issued 50 points automatically to any matching account in the system that you operate.")?><br>
|
||||
<?=_("To receive an additional 40 points you must also include a valid link to your notary listing on the Thawte website.")?><br>
|
||||
<?=_("If you meet the above criteria you are also elligible to receive an additional 60 points by submitting a legible government issued copy of your photo ID. If details on your photo ID aren't legible you may be excluded from receiving these points.")?></p>
|
||||
<? if($_SESSION['_config']['errmsg'] != "") { ?><p> </p><p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><?
|
||||
echo $_SESSION['_config']['errmsg']."</p>";
|
||||
unset($_SESSION['_config']['errmsg']);
|
||||
} ?>
|
||||
<form method="post" action="index.php" enctype="multipart/form-data">
|
||||
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
||||
<tr>
|
||||
<td colspan="2" class="title"><?=_("Points Transfer and Verification")?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
|
||||
<td class="DataTD" width="125"><input type="text" name="email" value="<?=$row['email']?>"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" width="125"><?=_("Notary URL")?>: </td>
|
||||
<td class="DataTD" width="125"><input type="text" name="notaryURL"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" width="125"><?=_("Photo ID")?>: </td>
|
||||
<td class="DataTD" width="125"><input type="file" name="photoid"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD"><?=_("Pass Phrase")?>: </td>
|
||||
<td class="DataTD"><input type="password" name="pword"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Submit Application for Points Transfer")?>"></td>
|
||||
</tr>
|
||||
|
||||
</table>
|
||||
<input type="hidden" name="id" value="1">
|
||||
</form>
|
||||
<? } else if($continue == 1) {
|
||||
echo _("1I'm sorry, I couldn't verify your certificate");
|
||||
}
|
||||
?>
|
@ -0,0 +1 @@
|
||||
<p><?=_("Your request is now queued for processing, you will be notified by an automated email when your request has been verified by the points transfer team.");?></p>
|
@ -0,0 +1,431 @@
|
||||
<? /*
|
||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
||||
|
||||
This file is part of CAcert.
|
||||
|
||||
CAcert has been released under the CAcert Source License
|
||||
which can be found included with these source files or can
|
||||
be downloaded from the internet from the following address:
|
||||
http://www.cacert.org/src-lic.php
|
||||
|
||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. See the License for more details.
|
||||
*/ ?>
|
||||
<?
|
||||
require_once("../includes/loggedin.php");
|
||||
|
||||
loadem("account");
|
||||
|
||||
if($type == "reallyemail")
|
||||
{
|
||||
$emailid = intval($_SESSION['_config']['emailid']);
|
||||
$hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
|
||||
|
||||
$res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("This dispute no longer seems to be in the database, can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
$row = mysql_fetch_assoc($res);
|
||||
$oldmemid = $row['oldmemid'];
|
||||
|
||||
if($action == "reject")
|
||||
{
|
||||
mysql_query("update `disputeemail` set hash='',action='reject' where `id`='$emailid'");
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("You have opted to reject this dispute and the request will be removed from the database");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
if($action == "accept")
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
echo "<p>"._("You have opted to accept this dispute and the request will now remove this email address from the existing account, and revoke any current certificates.")."</p>";
|
||||
echo "<p>"._("The following accounts have been removed:")."<br>\n";
|
||||
$query = "select * from `email` where `id`='$emailid' and deleted=0";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) > 0)
|
||||
{
|
||||
$row = mysql_fetch_assoc($res);
|
||||
echo $row['email']."<br>\n";
|
||||
$query = "select `emailcerts`.`id`
|
||||
from `emaillink`,`emailcerts` where
|
||||
`emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
|
||||
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
|
||||
group by `emailcerts`.`id`";
|
||||
$dres = mysql_query($query);
|
||||
while($drow = mysql_fetch_assoc($dres))
|
||||
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
|
||||
|
||||
$do = `../scripts/runclient`;
|
||||
$query = "update `email` set `deleted`=NOW() where `id`='$emailid'";
|
||||
mysql_query($query);
|
||||
}
|
||||
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
|
||||
$rc = mysql_num_rows("select * from `domains` where `memid`='$oldmemid' and `deleted`=0");
|
||||
$rc = mysql_num_rows("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'");
|
||||
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
|
||||
$user = mysql_fetch_assoc($res);
|
||||
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
|
||||
{
|
||||
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
|
||||
echo _("This was the primary email on the account, and no emails or domains were left linked so the account has also been removed from the system.");
|
||||
}
|
||||
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if($type == "email")
|
||||
{
|
||||
$emailid = intval($emailid);
|
||||
$hash = trim(mysql_escape_string(stripslashes($hash)));
|
||||
if($emailid <= 0 || $hash == "")
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("Invalid request. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
$res = mysql_query("select * from `disputeemail` where `id`='$emailid' and hash!=''");
|
||||
if(mysql_num_rows($res) > 0)
|
||||
{
|
||||
$row = mysql_fetch_assoc($res);
|
||||
mysql_query("update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
|
||||
showheader(_("Email Dispute"));
|
||||
if($row['attempts'] >= 3)
|
||||
{
|
||||
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID. Your attempt has been logged and the request will be removed from the system as a result.");
|
||||
mysql_query("update `disputeemail` set hash='',action='failed' where `id`='$emailid'");
|
||||
} else
|
||||
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID.");
|
||||
showfooter();
|
||||
exit;
|
||||
} else {
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("Invalid request. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
}
|
||||
$_SESSION['_config']['emailid'] = $emailid;
|
||||
$_SESSION['_config']['hash'] = $hash;
|
||||
$row = mysql_fetch_assoc(mysql_query("select * from `disputeemail` where `id`='$emailid'"));
|
||||
$_SESSION['_config']['email'] = $row['email'];
|
||||
showheader(_("Email Dispute"));
|
||||
includeit("4", "disputes");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
if($type == "reallydomain")
|
||||
{
|
||||
$domainid = intval($_SESSION['_config']['domainid']);
|
||||
$hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
|
||||
|
||||
$res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
echo _("This dispute no longer seems to be in the database, can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
if($action == "reject")
|
||||
{
|
||||
mysql_query("update `disputedomain` set hash='',action='reject' where `id`='$domainid'");
|
||||
showheader(_("Domain Dispute"));
|
||||
echo _("You have opted to reject this dispute and the request will be removed from the database");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
if($action == "accept")
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
|
||||
echo "<p>"._("The following accounts have been removed:")."<br>\n";
|
||||
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) > 0)
|
||||
{
|
||||
echo $_SESSION['_config']['domain']."<br>\n";
|
||||
mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
|
||||
$query = "select * from `domlink` where `domid`='$domainid'";
|
||||
$res = mysql_query($query);
|
||||
while($row = mysql_fetch_assoc($res))
|
||||
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
|
||||
$do = `../scripts/runserver`;
|
||||
}
|
||||
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if($type == "domain")
|
||||
{
|
||||
$domainid = intval($domainid);
|
||||
$hash = trim(mysql_escape_string(stripslashes($hash)));
|
||||
if($domainid <= 0 || $hash == "")
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
echo _("Invalid request. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
$res = mysql_query("select * from `disputedomain` where `id`='$domainid' and hash!=''");
|
||||
if(mysql_num_rows($res) > 0)
|
||||
{
|
||||
$row = mysql_fetch_assoc($res);
|
||||
mysql_query("update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
|
||||
showheader(_("Domain Dispute"));
|
||||
if($row['attempts'] >= 3)
|
||||
{
|
||||
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID. Your attempt has been logged and the request will be removed from the system as a result.");
|
||||
mysql_query("update `disputedomain` set hash='',action='failed' where `id`='$domainid'");
|
||||
} else
|
||||
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID.");
|
||||
showfooter();
|
||||
exit;
|
||||
} else {
|
||||
showheader(_("Domain Dispute"));
|
||||
echo _("Invalid request. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
}
|
||||
$_SESSION['_config']['domainid'] = $domainid;
|
||||
$_SESSION['_config']['hash'] = $hash;
|
||||
$row = mysql_fetch_assoc(mysql_query("select * from `disputedomain` where `id`='$domainid'"));
|
||||
$_SESSION['_config']['domain'] = $row['domain'];
|
||||
showheader(_("Domain Dispute"));
|
||||
includeit("6", "disputes");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
if($oldid == "1")
|
||||
{
|
||||
$email = trim(mysql_escape_string(stripslashes($dispute)));
|
||||
if($email == "")
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("Not a valid email address. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
|
||||
if(mysql_num_rows($res) > 0)
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
printf(_("The email address '%s' already exists in the dispute system. Can't continue."), $email);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
unset($oldid);
|
||||
$query = "select * from `email` where `email`='$email' and `deleted`=0";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
printf(_("The email address '%s' doesn't already in the system. Can't continue."), $email);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
$row = mysql_fetch_assoc($res);
|
||||
$oldmemid = $row['memid'];
|
||||
$emailid = $row['id'];
|
||||
if($_SESSION['profile']['id'] == $oldmemid)
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
|
||||
$user = mysql_fetch_assoc($res);
|
||||
$rc = mysql_num_rows("select * from `domains` where `memid`='$oldmemid' and `deleted`=0");
|
||||
$rc = mysql_num_rows("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'");
|
||||
if($user['email'] == $email && ($rc > 0 || $rc2 > 0))
|
||||
{
|
||||
showheader(_("Email Dispute"));
|
||||
echo _("You only dispute the primary email address of an account if there is no longer any email addresses or domains linked to it.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$rnd = fopen("/dev/urandom", "r");
|
||||
$hash = md5(fgets($rnd, 64));
|
||||
fclose($rnd);
|
||||
$query = "insert into `disputeemail` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',
|
||||
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$emailid',
|
||||
`IP`='".$_SERVER['REMOTE_ADDR']."'";
|
||||
mysql_query($query);
|
||||
|
||||
$body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $email)."\n\n";
|
||||
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n";
|
||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
||||
|
||||
sendmail($email, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
|
||||
|
||||
showheader(_("Email Dispute"));
|
||||
printf(_("The email address '%s' has been entered into the dispute system, the email address will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."), $email);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
if($oldid == "2")
|
||||
{
|
||||
$domain = trim(mysql_escape_string(stripslashes($dispute)));
|
||||
if($domain == "")
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
echo _("Not a valid Domain. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) > 0)
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
printf(_("The domain '%s' already exists in the dispute system. Can't continue."), $domain);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
unset($oldid);
|
||||
$query = "select * from `domains` where `domain`='$domain' and `deleted`=0";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
printf(_("The domain '%s' doesn't already in the system. Can't continue."), $email);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
$row = mysql_fetch_assoc($res);
|
||||
$oldmemid = $row['memid'];
|
||||
if($_SESSION['profile']['id'] == $oldmemid)
|
||||
{
|
||||
showheader(_("Domain Dispute"));
|
||||
echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$domainid = $row['id'];
|
||||
$_SESSION['_config']['domainid'] = $domainid;
|
||||
$_SESSION['_config']['memid'] = $memid;
|
||||
$_SESSION['_config']['domain'] = $domain;
|
||||
$_SESSION['_config']['oldmemid'] = $oldmemid;
|
||||
|
||||
$addy = array();
|
||||
$domtmp = escapeshellarg($domain);
|
||||
$adds = explode("\n", trim(`whois $domtmp|grep \@`));
|
||||
if(substr($domain, -4) == ".org" || substr($domain, -5) == ".info")
|
||||
{
|
||||
if(is_array($adds))
|
||||
foreach($adds as $line)
|
||||
{
|
||||
$bits = explode(":", $line, 2);
|
||||
$line = trim($bits[1]);
|
||||
if(!in_array($line, $addy) && $line != "")
|
||||
$addy[] = trim(mysql_escape_string(stripslashes($line)));
|
||||
}
|
||||
} else {
|
||||
if(is_array($adds))
|
||||
foreach($adds as $line)
|
||||
{
|
||||
$line = trim(str_replace("\t", " ", $line));
|
||||
$line = trim(str_replace("(", "", $line));
|
||||
$line = trim(str_replace(")", " ", $line));
|
||||
|
||||
$bits = explode(" ", $line);
|
||||
foreach($bits as $bit)
|
||||
{
|
||||
if(strstr($bit, "@"))
|
||||
$line = $bit;
|
||||
}
|
||||
if(!in_array($line, $addy) && $line != "")
|
||||
$addy[] = trim(mysql_escape_string(stripslashes($line)));
|
||||
}
|
||||
}
|
||||
|
||||
$rfc = array("root@$domain", "hostmaster@$domain", "postmaster@$domain", "admin@$domain", "webmaster@$domain");
|
||||
foreach($rfc as $sub)
|
||||
if(!in_array($sub, $addy))
|
||||
$addy[] = $sub;
|
||||
$_SESSION['_config']['addy'] = $addy;
|
||||
showheader(_("Domain Dispute"));
|
||||
includeit("5", "disputes");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
if($oldid == "5")
|
||||
{
|
||||
$authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy'])));
|
||||
|
||||
if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "")
|
||||
{
|
||||
showheader(_("My CAcert.org Account!"));
|
||||
echo _("The address you submitted isn't a valid authority address for the domain.");
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
showheader(_("Domain Dispute!"));
|
||||
printf(_("The domain '%s' isn't in the system. Can't continue."), $_SESSION['_config']['domain']);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
$domainid = intval($_SESSION['_config']['domainid']);
|
||||
$memid = intval($_SESSION['_config']['memid']);
|
||||
$oldmemid = intval($_SESSION['_config']['oldmemid']);
|
||||
$domain = mysql_escape_string($_SESSION['_config']['domain']);
|
||||
$rnd = fopen("/dev/urandom", "r");
|
||||
$hash = md5(fgets($rnd, 64));
|
||||
fclose($rnd);
|
||||
$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
|
||||
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
|
||||
mysql_query($query);
|
||||
|
||||
$body = sprintf(_("You have been sent this email as the domain '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $domain)."\n\n";
|
||||
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=domain&domainid=$domainid&hash=$hash\n\n";
|
||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
||||
|
||||
sendmail($authaddy, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
|
||||
|
||||
showheader(_("Domain Dispute"));
|
||||
printf(_("The domain '%s' has been entered into the dispute system, the email address you choose will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."), $domain);
|
||||
showfooter();
|
||||
exit;
|
||||
}
|
||||
|
||||
showheader(_("Domain and Email Disputes"));
|
||||
includeit($id, "disputes");
|
||||
showfooter();
|
||||
?>
|
Loading…
Reference in New Issue