new code + updates and bug fixes

This commit is contained in:
root 2005-03-12 19:40:24 +00:00
parent 06ba89b6d2
commit d89c90943e
31 changed files with 938 additions and 35 deletions

View file

@ -327,7 +327,7 @@
unset($oldid);
$id = 8;
$addy = array();
$adds = explode("\n", trim(`whois $newdom|grep \@`));
$adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
{
if(is_array($adds))
@ -428,14 +428,9 @@
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
$dres = mysql_query("select * from `domaincerts` where `domid`='$id' and `expire`=0");
$dres = mysql_query("select * from `domlink` where `domid`='$id'");
while($drow = mysql_fetch_assoc($dres))
{
@unlink($row['csr_name']);
@unlink($row['crt_name']);
mysql_query("delete from `domaincerts` where `id`='".$drow['id']."'");
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `domid`='$id' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
}
}
showfooter();
@ -1211,7 +1206,7 @@
if($org['C'])
$csrsubject .= "/countryName=".$org['C'];
if($org['contact'])
$csrsubject .= "/emailAddress=".$org['contact'];
$csrsubject .= "/emailAddress=".trim($org['contact']);
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
@ -1823,6 +1818,15 @@
}
}
if($id == 43 && $_GET['tverify'] > 0)
{
$memid = $_GET['userid'] = intval($_GET['tverify']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
}
if($id == 50)
{
if($_GET['userid'] != "")

View file

@ -32,6 +32,8 @@
$tmpid = $id + 500;
if($PHP_SELF == "/gpg.php")
$tmpid = $id + 1000;
if($PHP_SELF == "/disputes.php")
$tmpid = $id + 1500;
switch($tmpid)
{
@ -101,6 +103,17 @@
case 1008:
case 1009:
case 1010: $expand = " explode('gpg');"; break;
case 1500:
case 1501:
case 1502:
case 1503:
case 1504:
case 1505:
case 1506:
case 1507:
case 1508:
case 1509:
case 1510: $expand = " explode('disputes');"; break;
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@ -108,7 +121,7 @@
<head>
<title><?=$title?></title>
<? if($_SESSION['_config']['header'] != "") { ?><?=$_SESSION['_config']['header']?><? } ?>
<link rel="stylesheet" href="styles/default.css" type="text/css">
<link rel="stylesheet" href="/styles/default.css" type="text/css">
<script language="JavaScript" type="text/javascript">
function explode(e) {
if (document.getElementById(e).style.display == 'none') {
@ -193,6 +206,10 @@ function hideall() {
<ul class="menu" id="sysadmin"><li><a href="account.php?id=42"><?=_("Find User")?></a></li><li><a href="account.php?id=48"><?=_("Find Domain")?></a></li></ul>
</div>
<? } ?>
<div class="relatedLinks">
<h3 onclick="explode('disputes')">+ <?=_("Disputes/Abuses")?></h3>
<ul class="menu" id="disputes"><li><a href="disputes.php?id=0"><?=_("More Information")?></a></li><li><a href="disputes.php?id=1"><?=_("Email Dispute")?></a></li><li><a href="disputes.php?id=2"><?=_("Domain Dispute")?></a></li><li><a href="disputes.php?id=3"><?=_("Abuses")?></a></li></ul>
</div>
</div>
<div id="content">
<div class="story">

View file

@ -24,7 +24,9 @@
require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
if($_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'])
if($_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
$_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] &&
$_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'])
{
if($_SERVER['HTTPS'] == "on")
header("location: https://".$_SESSION['_config']['normalhostname']);
@ -33,6 +35,14 @@
exit;
}
if(($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']) &&
$_SERVER['HTTPS'] != "on")
{
header("location: https://".$_SERVER['HTTP_HOST']);
exit;
}
$lang = mysql_escape_string(substr(trim($lang), 0, 5));
if($lang != "")
$_SESSION['_config']['language'] = $lang;
@ -126,7 +136,7 @@
function loadem($section = "index")
{
if($section != "index" && $section != "account")
if($section != "index" && $section != "account" && $section != "tverify")
{
$section = "index";
}
@ -136,17 +146,22 @@
if($section == "index")
include_once($_SESSION['_config']['filepath']."/includes/general_stuff.php");
if($section == "tverify")
include_once($_SESSION['_config']['filepath']."/includes/tverify_stuff.php");
}
function includeit($id = "0", $section = "index")
{
$id = intval($id);
if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg")
if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg" && $section != "disputes" && $section != "tverify")
{
$section = "index";
}
if(file_exists($_SESSION['_config']['filepath']."/www/$section/$id.php"))
if($section == "tverify" && file_exists($_SESSION['_config']['filepath']."/tverify/index/$id.php"))
include_once($_SESSION['_config']['filepath']."/tverify/index/$id.php");
else if(file_exists($_SESSION['_config']['filepath']."/www/$section/$id.php"))
include_once($_SESSION['_config']['filepath']."/www/$section/$id.php");
else {
$id = "0";

View file

@ -24,7 +24,7 @@ if(!function_exists("showheader"))
<head>
<title><?=$title?></title>
<? if($_SESSION['_config']['header'] != "") { ?><?=$_SESSION['_config']['header']?><? } ?>
<link rel="stylesheet" href="styles/default.css" type="text/css">
<link rel="stylesheet" href="/styles/default.css" type="text/css">
<link href="http://my.rsscache.com/www.cacert.org/rss.php" rel="alternate" type="application/rss+xml" title="rss">
</head>
<body>

View file

@ -82,6 +82,7 @@
if($id == "logout")
{
$_SESSION['profile']['loggedin'] = 0;
header("location: https://".$_SERVER['HTTP_HOST']."/index.php");
exit;
}

View file

@ -94,6 +94,10 @@
<td class="DataTD"><?=_("Date of Birth")?>:</td>
<td class="DataTD"><?=$row['dob']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Tverify Account")?>:</td>
<td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Change Password")?>:</td>
<td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>

View file

@ -18,8 +18,8 @@
<tr>
<td colspan="2" class="title"><?=_("Please choose an authority email address")?></td>
</tr>
<? if(is_array($_SESSION[_config][addy]))
foreach($_SESSION[_config][addy] as $add) { ?>
<? if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr>
<td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked"; $tagged = 1; } ?>></td>
<td class="DataTD" width="175"><?=$add?></td>

21
pages/disputes/0.php Normal file
View file

@ -0,0 +1,21 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Disputes and Abuse Reporting")?></H3>
<p><?=_("Please select the most appropriate section to report your problem.")?></p>
<H4><?=_("Disputes")?></H4>
<p><?=_("If you want to dispute who has control of your email address or domain, select 'Dispute Email' or 'Dispute Domain' on the right hand side.")?></p>
<H4><?=_("Abuses")?></H4>
<p><?=_("If you would like to report an abuse of our certificates that breaches our policies please select the Abuse menu on the right.")?></p>

31
pages/disputes/1.php Normal file
View file

@ -0,0 +1,31 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Email Dispute")?></H3>
<p><?=_("If your dispute is sucessful you will have the email address removed from the system, you will need add the email address as per usual afterwards. The email will be removed from the current account and any certificates will be revoked.")?></p>
<form method="post" action="disputes.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Which Email?")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="dispute" value=""></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("File Dispute")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

32
pages/disputes/2.php Normal file
View file

@ -0,0 +1,32 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Domain Dispute")?></H3>
<p><?=_("If your dispute is sucessful the domain will be removed from the current account and any certificates will be revoked.")?></p>
<form method="post" action="disputes.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Dispute Domain")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Domain")?>: </td>
<td class="DataTD" width="125"><input type="text" name="dispute"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("File Dispute")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

36
pages/disputes/4.php Normal file
View file

@ -0,0 +1,36 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Email Dispute")?></H3>
<p><? printf(_("Currently the email '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."), $_SESSION['_config']['email']); ?></p>
<form method="post" action="disputes.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Email Dispute")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="radio" name="action" value="reject" checked> <?=_("Reject Dispute")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="radio" name="action" value="accept"> <?=_("Accept Dispute")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="radio" name="action" value="abuse"> <?=_("Report Dispute as Abuse")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
</tr>
</table>
<input type="hidden" name="type" value="reallyemail">
</form>

34
pages/disputes/5.php Normal file
View file

@ -0,0 +1,34 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<form method="post" action="disputes.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Please choose an authority email address")?></td>
</tr>
<? if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr>
<td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked"; $tagged = 1; } ?>></td>
<td class="DataTD" width="175"><?=$add?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

36
pages/disputes/6.php Normal file
View file

@ -0,0 +1,36 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<H3><?=_("Domain Dispute")?></H3>
<p><? printf(_("Currently the domain '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."), $_SESSION['_config']['domain']); ?></p>
<form method="post" action="disputes.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Domain Dispute")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="radio" name="action" value="reject" checked> <?=_("Reject Dispute")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="radio" name="action" value="accept"> <?=_("Accept Dispute")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="radio" name="action" value="abuse"> <?=_("Report Dispute as Abuse")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
</tr>
</table>
<input type="hidden" name="type" value="reallydomain">
</form>

View file

@ -28,7 +28,7 @@
<h3><?=_("Latest News")?></h3>
<?
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 2";
$query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{

View file

@ -12,8 +12,8 @@
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if($_SESSION[_config][hostname] == $_SESSION['_config']['securehostname']) { ?>
<?=$_SERVER[SSL_CLIENT_M_SERIAL]?>
<?=$_SERVER['SSL_CLIENT_M_SERIAL']?>
<? if($_SESSION['_config']['hostname'] == $_SESSION['_config']['securehostname']) { ?>
<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p>
<? } else { ?>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
@ -24,7 +24,7 @@
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="email" value="<?=$_SESSION[profile][email]?>"></td>
<td class="DataTD" width="125"><input type="text" name="email" value="<?=$_SESSION['profile']['email']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?>: </td>

View file

@ -55,3 +55,13 @@
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
<p><?=_("Due to the increasing number of people that haven't been able to recover their passwords via the lost password form there is now 2 other options available to you. If you don't care about your account you can signup under a new account file dispute forms to recover your email accounts and domains. If you would like to recover your password via help from support staff this requires a small payment to cover time from a real person to verify your claims to ownership on an account, click the payment button below to continue.")?></p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image" src="http://www.cacert.org/images/payment.png" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHVwYJKoZIhvcNAQcEoIIHSDCCB0QCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCcj72vb6G4qSvGH9eYmqH4fhA57qxM1uusLfMk2UajMjBvSJQjhzoSpmkhcWXZTe+9/D/1jIETAetOz1b7+yQP/KqYG1F8N3rhaVOFXRNzFt7/k9jUdeHOyNHuLeAufGffJQV+Z9u3V8PBzser1p9b/pNaHqhcXN3IotJ9pHqefDELMAkGBSsOAwIaBQAwgdQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIzm59jrqaUZKAgbA+J7HoXUFrsr+MVo0MSDG1OcFhTBqJu9MUnBwn4Hrh9I/iavI8YIpsrk3iaWTABH5AlHs2NdC5vUIGN6bAmT5cHfYHD8/LLyeXpfkYpV2Efk7Akx+IF4HGkaR/w5eho2lSTwJWbCL2FMAwPUJT3UoR52thY1AVIXEgAo8mtDC92Ep411IlUYiUXfps/shdSTGB1S3SYgX+VoScEHEKwCgSX/rC39YPqKNT+aDTZirCSaCCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDIxOTEwNTkyOFowIwYJKoZIhvcNAQkEMRYEFGFPUKKwJ/SguqvVWbTPySsXCcydMA0GCSqGSIb3DQEBAQUABIGAE6WURQi4IHZHwiG30/Q/dy+jVz05kYJlhSEEBL0K9rx+C/sBSif1oPDw/7lF0QeJqWYEWDOdaVb32K34/4sqAmG/YBtMeN3060mNE+TNTCa2HmfqrQanXMXkY6D9/C2xnk5PzQZGEkUeFLu0268rlOHMsRsYbs8beRZDdTf58AA=-----END PKCS7-----">
</form><form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image" src="http://www.cacert.org/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHVwYJKoZIhvcNAQcEoIIHSDCCB0QCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAfInnrTkvyKudCzVWnHO7sTr6KT8/nyaTFsnpWcfn0utl1NfAiFg2VN9VjsI2WpdcfdOcweRPXVgjPN4h7OwSKIcckhtNIpA2LCT4f942wAq58F6j6O+hyrixNqXIM9w+B2ZbhhPWy4N+1iTAu3atEoMeNdnjssa+3NKhoE9vwfDELMAkGBSsOAwIaBQAwgdQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIW36wS5L25d+AgbD0OjgTJAsQghSpiIdvBO292FZ16SVcwrSNllQGrlC/V4s8iBeVuFH0uiINxDDYsGnfDJJYHehfTCDoyJkEeD6S8C8SAOWth0WF6Dm3e0cna7TkcsdxxvJiCQiWLdo+C5MVSEZE7ZTbju0BHbOpAnQbe/t8YG9kyYbG7kiNADH6wH586J5kNdRAVeirSaKciSoyfvKK5HulULIOpsXSjeh5myco/JiP9sa8wYqBCt0yF6CCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDIyMDA1MzcxMlowIwYJKoZIhvcNAQkEMRYEFK9eZq9Fa97Zlb8xn93M8maSF0nZMA0GCSqGSIb3DQEBAQUABIGAa0ZsL0/+p1ZvnNy1oQawEpItzBrIwr3Dd+kCIatH+aXKqTEcpfDB37N9AQEr2E6R+XKQC6Zv3TxPj6arr58XGLNSLJGzINcqS8dpdZ3ozMZYgDY/AN1DtsI4CS/tOTRe6h+9SNO6asbw9OnqtAJEqqR95AXSXG0YXF7J4KQaMT4=-----END PKCS7-----">
</form>

View file

@ -25,15 +25,19 @@
</tr>
<? if($_SESSION['_config']['alreadydone'] == 1) { ?>
<tr>
<td class="DataTD" colspan="2" align="left"><b><?=_("PLEASE NOTE: You have already assured this person before! If this is unintentional please DO NOT CONTINUE with this assurance.")?></b></td>
<td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("PLEASE NOTE: You have already assured this person before! If this is unintentional please DO NOT CONTINUE with this assurance.")?></b></td>
</tr>
<? } if($_SESSION['_config']['pointsalready'] > 0) { ?>
<tr>
<td class="DataTD" colspan="2" align="left"><b><? printf(_("This person already has %s assurance points. Any points you give this person may be rounded down, or they may not even get any points. If you have less then 150 points you will still receive 2 points for assuring them."), $_SESSION['_config']['pointsalready']); ?></b></td>
<td class="DataTD" colspan="2" align="left" style="color: red;"><b><? printf(_("This person already has %s assurance points. Any points you give this person may be rounded down, or they may not even get any points. If you have less then 150 points you will still receive 2 points for assuring them."), $_SESSION['_config']['pointsalready']); ?></b></td>
</tr>
<? } else if($_SESSION['_config']['pointsalready'] > 0) { ?>
<tr>
<td class="DataTD" colspan="2" align="left"><b><? printf(_("This person already has %s assurance points."), $_SESSION['_config']['pointsalready']); ?></b></td>
<td class="DataTD" colspan="2" align="left" style="color: red;"><b><? printf(_("This person already has %s assurance points."), $_SESSION['_config']['pointsalready']); ?></b></td>
</tr>
<? } if($_SESSION['_config']['verified'] <= 0) { ?>
<tr>
<td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("You are about to assure a person that isn't currently verified. If you continue and they do not verify their account within 48 hours the account could automatically be removed by the system.")?></b></td>
</tr>
<? } ?>
<tr>

View file

@ -25,6 +25,14 @@
mysql_query("delete from `users` where `id`='".$row['id']."'");
}
$query = "delete from `domains` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
mysql_query($query);
$query = "delete from `email` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
mysql_query($query);
$query = "select * from `notary` where `expire`!=0 and `expire`<NOW()";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))

View file

@ -47,7 +47,10 @@
$days = 730;
}
$row['crt_name'] = "../crt/server-".$row['id'].".crt";
$row['csr_name'] = "../..".$row['csr_name'];
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'"));
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'"));
@ -118,6 +121,7 @@
{
$row['crt_name'] = "../crt/orgserver-".$row['id'].".crt";
$days = 730;
$row[csr_name] = "../../".$row[csr_name];
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-server-org.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{

5
tverify/.htaccess Normal file
View file

@ -0,0 +1,5 @@
php_value auto_prepend_file /www/includes/general.php
php_value output_buffering 1
errordocument 404 /error404.php
errordocument 403 /error403.php
errordocument 401 /error401.php

BIN
tverify/favicon.ico Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.6 KiB

100
tverify/index.php Normal file
View file

@ -0,0 +1,100 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
// phpinfo(); exit;
include_once("../includes/general.php");
loadem("tverify");
$id = intval($_GET['id']);
if(intval($_POST['id']) > 0)
$id = intval($_POST['id']);
if($id == 1)
{
$nofile = 1;
$photoid = $_FILES['photoid'];
if($photoid['error'] == 0)
{
$type = strtolower($photoid['type']);
switch($type)
{
case 'image/gif': $ext = "gif"; $nofile = 0; break;
case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
case 'image/png': $ext = "png"; $nofile = 0; break;
default:
$id = 0;
$_SESSION['_config']['errmsg'] = _("On jpg, gif and png file types are acceptable");
}
}
}
if($id == 1)
{
$memid = mysql_escape_string($_SESSION['_config']['uid']);
$email = mysql_escape_string($_POST["email"]);
$password = mysql_escape_string($_POST["pword"]);
$URL = mysql_escape_string($_POST["notaryURL"]);
$CN = mysql_escape_string($_SESSION['_config']['CN']);
$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
if(mysql_num_rows(mysql_query($query)) <= 0)
{
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system.");
$id = 0;
} else {
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
mysql_query($query);
$tverify = mysql_insert_id();
if($nofile == 0)
{
$filename = $photoid['tmp_name'];
$newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
move_uploaded_file($filename, $newfile);
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
mysql_query($query);
}
}
}
if($id == 1)
{
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
$body .= "Primary email address: $email ($memid)\n";
$body .= "Certificate Subject: $CN\n";
if($URL != "")
$body .= "Notary URL: $URL\n";
if($URL != "" && $nofile == 0)
$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
$query = "SELECT sum(`points`) as `points` FROM `notary` WHERE `to`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$body .= "\nCurrent Points: ".$row['points']."\n\n";
$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
$body .= "Best regards"."\n";
$body .= "CAcert Support Team";
// sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
sendmail("duane@cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
}
showheader(_("Thawte Points Transfer"));
includeit($id, "tverify");
showfooter();
?>

97
tverify/index/0.php Normal file
View file

@ -0,0 +1,97 @@
<?
$continue = 1;;
if($_SERVER["SSL_CLIENT_S_DN_CN"] == "Thawte Freemail Member")
{
$continue = 0;
echo _("I wasn't able to locate your name on your certificate, as such you can't continue with this process.");
}
if($continue == 1)
{
$addy = array();
$emails = explode("/", trim($_SERVER["SSL_CLIENT_S_DN"]));
foreach($emails as $email)
{
$bits = explode("=", $email);
if($bits["0"] == "emailAddress")
{
$query = "select * from `email` where `email`='".$bits["1"]."' and `deleted`=0 and hash=''";
$account = mysql_query($query);
if(mysql_num_rows($account))
$addy[] = $bits["1"];
}
}
}
if(count($addy) <= 0 && $continue == 1)
{
$continue = 0;
echo _("I wasn't able to match any email accounts on your certificate to any accounts in our database, as such I can't continue with this process.");
}
if($continue == 1)
{
$row = mysql_fetch_assoc($account);
$memid = $row['memid'];
$name = trim($_SERVER["SSL_CLIENT_S_DN_CN"]);
while(strstr($name, " "))
$name = str_replace(" ", " ", $name);
$bits = explode(" ", $name);
$firstname = $bits["0"];
$lastname = $bits[count($bits) - 1];
$query = "select * from `users` where `fname`='$firstname' and `lname`='$lastname' and `id`='$memid'";
if(mysql_num_rows(mysql_query($query)) <= 0)
{
$continue = 0;
echo _("The name and email address on your certificate could not be exactly matched to any stored in our database, as such I'm not able to contiue with this process.");
}
}
if($_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" && $continue == 1)
{
$_SESSION['_config']['uid'] = $row['memid'];
$_SESSION['_config']['CN'] = trim($_SERVER["SSL_CLIENT_S_DN"]);
?>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<?=_("By just submitting your Thawte certificate you can be issued 50 points automatically to any matching account in the system that you operate.")?><br>
<?=_("To receive an additional 40 points you must also include a valid link to your notary listing on the Thawte website.")?><br>
<?=_("If you meet the above criteria you are also elligible to receive an additional 60 points by submitting a legible government issued copy of your photo ID. If details on your photo ID aren't legible you may be excluded from receiving these points.")?></p>
<? if($_SESSION['_config']['errmsg'] != "") { ?><p>&nbsp;</p><p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><?
echo $_SESSION['_config']['errmsg']."</p>";
unset($_SESSION['_config']['errmsg']);
} ?>
<form method="post" action="index.php" enctype="multipart/form-data">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Points Transfer and Verification")?></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Email Address")?>: </td>
<td class="DataTD" width="125"><input type="text" name="email" value="<?=$row['email']?>"></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Notary URL")?>: </td>
<td class="DataTD" width="125"><input type="text" name="notaryURL"></td>
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Photo ID")?>: </td>
<td class="DataTD" width="125"><input type="file" name="photoid"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?>: </td>
<td class="DataTD"><input type="password" name="pword"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Submit Application for Points Transfer")?>"></td>
</tr>
</table>
<input type="hidden" name="id" value="1">
</form>
<? } else if($continue == 1) {
echo _("1I'm sorry, I couldn't verify your certificate");
}
?>

1
tverify/index/1.php Normal file
View file

@ -0,0 +1 @@
<p><?=_("Your request is now queued for processing, you will be notified by an automated email when your request has been verified by the points transfer team.");?></p>

View file

@ -37,6 +37,10 @@
echo _("Your message has been sent to the general support list.");
showfooter();
exit;
} else if($id == 51 && $_GET['img'] == "show") {
$query = "select * from `tverify` where `id`='".$_GET['photoid']."'";
$row = mysql_fetch_assoc(mysql_query($query));
readfile($row['photoid']);
} else {
showheader(_("My CAcert.org Account!"));
includeit($id, "account");

431
www/disputes.php Normal file
View file

@ -0,0 +1,431 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
require_once("../includes/loggedin.php");
loadem("account");
if($type == "reallyemail")
{
$emailid = intval($_SESSION['_config']['emailid']);
$hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
$res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
if(mysql_num_rows($res) <= 0)
{
showheader(_("Email Dispute"));
echo _("This dispute no longer seems to be in the database, can't continue.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$oldmemid = $row['oldmemid'];
if($action == "reject")
{
mysql_query("update `disputeemail` set hash='',action='reject' where `id`='$emailid'");
showheader(_("Email Dispute"));
echo _("You have opted to reject this dispute and the request will be removed from the database");
showfooter();
exit;
}
if($action == "accept")
{
showheader(_("Email Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this email address from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
$query = "select * from `email` where `id`='$emailid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
$do = `../scripts/runclient`;
$query = "update `email` set `deleted`=NOW() where `id`='$emailid'";
mysql_query($query);
}
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
$rc = mysql_num_rows("select * from `domains` where `memid`='$oldmemid' and `deleted`=0");
$rc = mysql_num_rows("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'");
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
echo _("This was the primary email on the account, and no emails or domains were left linked so the account has also been removed from the system.");
}
showfooter();
exit;
}
}
if($type == "email")
{
$emailid = intval($emailid);
$hash = trim(mysql_escape_string(stripslashes($hash)));
if($emailid <= 0 || $hash == "")
{
showheader(_("Email Dispute"));
echo _("Invalid request. Can't continue.");
showfooter();
exit;
}
$res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'");
if(mysql_num_rows($res) <= 0)
{
$res = mysql_query("select * from `disputeemail` where `id`='$emailid' and hash!=''");
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
mysql_query("update `disputeemail` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
showheader(_("Email Dispute"));
if($row['attempts'] >= 3)
{
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID. Your attempt has been logged and the request will be removed from the system as a result.");
mysql_query("update `disputeemail` set hash='',action='failed' where `id`='$emailid'");
} else
echo _("Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID.");
showfooter();
exit;
} else {
showheader(_("Email Dispute"));
echo _("Invalid request. Can't continue.");
showfooter();
exit;
}
}
$_SESSION['_config']['emailid'] = $emailid;
$_SESSION['_config']['hash'] = $hash;
$row = mysql_fetch_assoc(mysql_query("select * from `disputeemail` where `id`='$emailid'"));
$_SESSION['_config']['email'] = $row['email'];
showheader(_("Email Dispute"));
includeit("4", "disputes");
showfooter();
exit;
}
if($type == "reallydomain")
{
$domainid = intval($_SESSION['_config']['domainid']);
$hash = mysql_escape_string(trim($_SESSION['_config']['hash']));
$res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
if(mysql_num_rows($res) <= 0)
{
showheader(_("Domain Dispute"));
echo _("This dispute no longer seems to be in the database, can't continue.");
showfooter();
exit;
}
if($action == "reject")
{
mysql_query("update `disputedomain` set hash='',action='reject' where `id`='$domainid'");
showheader(_("Domain Dispute"));
echo _("You have opted to reject this dispute and the request will be removed from the database");
showfooter();
exit;
}
if($action == "accept")
{
showheader(_("Domain Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
echo $_SESSION['_config']['domain']."<br>\n";
mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
$query = "select * from `domlink` where `domid`='$domainid'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
$do = `../scripts/runserver`;
}
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();
exit;
}
}
if($type == "domain")
{
$domainid = intval($domainid);
$hash = trim(mysql_escape_string(stripslashes($hash)));
if($domainid <= 0 || $hash == "")
{
showheader(_("Domain Dispute"));
echo _("Invalid request. Can't continue.");
showfooter();
exit;
}
$res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'");
if(mysql_num_rows($res) <= 0)
{
$res = mysql_query("select * from `disputedomain` where `id`='$domainid' and hash!=''");
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
mysql_query("update `disputedomain` set `attempts`='".intval($row['attempts'] + 1)."' where `id`='".$row['id']."'");
showheader(_("Domain Dispute"));
if($row['attempts'] >= 3)
{
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID. Your attempt has been logged and the request will be removed from the system as a result.");
mysql_query("update `disputedomain` set hash='',action='failed' where `id`='$domainid'");
} else
echo _("Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID.");
showfooter();
exit;
} else {
showheader(_("Domain Dispute"));
echo _("Invalid request. Can't continue.");
showfooter();
exit;
}
}
$_SESSION['_config']['domainid'] = $domainid;
$_SESSION['_config']['hash'] = $hash;
$row = mysql_fetch_assoc(mysql_query("select * from `disputedomain` where `id`='$domainid'"));
$_SESSION['_config']['domain'] = $row['domain'];
showheader(_("Domain Dispute"));
includeit("6", "disputes");
showfooter();
exit;
}
if($oldid == "1")
{
$email = trim(mysql_escape_string(stripslashes($dispute)));
if($email == "")
{
showheader(_("Email Dispute"));
echo _("Not a valid email address. Can't continue.");
showfooter();
exit;
}
$res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
if(mysql_num_rows($res) > 0)
{
showheader(_("Email Dispute"));
printf(_("The email address '%s' already exists in the dispute system. Can't continue."), $email);
showfooter();
exit;
}
unset($oldid);
$query = "select * from `email` where `email`='$email' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Email Dispute"));
printf(_("The email address '%s' doesn't already in the system. Can't continue."), $email);
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$oldmemid = $row['memid'];
$emailid = $row['id'];
if($_SESSION['profile']['id'] == $oldmemid)
{
showheader(_("Email Dispute"));
echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
showfooter();
exit;
}
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
$rc = mysql_num_rows("select * from `domains` where `memid`='$oldmemid' and `deleted`=0");
$rc = mysql_num_rows("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'");
if($user['email'] == $email && ($rc > 0 || $rc2 > 0))
{
showheader(_("Email Dispute"));
echo _("You only dispute the primary email address of an account if there is no longer any email addresses or domains linked to it.");
showfooter();
exit;
}
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
$query = "insert into `disputeemail` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$emailid',
`IP`='".$_SERVER['REMOTE_ADDR']."'";
mysql_query($query);
$body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $email)."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($email, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("Email Dispute"));
printf(_("The email address '%s' has been entered into the dispute system, the email address will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."), $email);
showfooter();
exit;
}
if($oldid == "2")
{
$domain = trim(mysql_escape_string(stripslashes($dispute)));
if($domain == "")
{
showheader(_("Domain Dispute"));
echo _("Not a valid Domain. Can't continue.");
showfooter();
exit;
}
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("The domain '%s' already exists in the dispute system. Can't continue."), $domain);
showfooter();
exit;
}
unset($oldid);
$query = "select * from `domains` where `domain`='$domain' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Domain Dispute"));
printf(_("The domain '%s' doesn't already in the system. Can't continue."), $email);
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
$oldmemid = $row['memid'];
if($_SESSION['profile']['id'] == $oldmemid)
{
showheader(_("Domain Dispute"));
echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
showfooter();
exit;
}
$domainid = $row['id'];
$_SESSION['_config']['domainid'] = $domainid;
$_SESSION['_config']['memid'] = $memid;
$_SESSION['_config']['domain'] = $domain;
$_SESSION['_config']['oldmemid'] = $oldmemid;
$addy = array();
$domtmp = escapeshellarg($domain);
$adds = explode("\n", trim(`whois $domtmp|grep \@`));
if(substr($domain, -4) == ".org" || substr($domain, -5) == ".info")
{
if(is_array($adds))
foreach($adds as $line)
{
$bits = explode(":", $line, 2);
$line = trim($bits[1]);
if(!in_array($line, $addy) && $line != "")
$addy[] = trim(mysql_escape_string(stripslashes($line)));
}
} else {
if(is_array($adds))
foreach($adds as $line)
{
$line = trim(str_replace("\t", " ", $line));
$line = trim(str_replace("(", "", $line));
$line = trim(str_replace(")", " ", $line));
$bits = explode(" ", $line);
foreach($bits as $bit)
{
if(strstr($bit, "@"))
$line = $bit;
}
if(!in_array($line, $addy) && $line != "")
$addy[] = trim(mysql_escape_string(stripslashes($line)));
}
}
$rfc = array("root@$domain", "hostmaster@$domain", "postmaster@$domain", "admin@$domain", "webmaster@$domain");
foreach($rfc as $sub)
if(!in_array($sub, $addy))
$addy[] = $sub;
$_SESSION['_config']['addy'] = $addy;
showheader(_("Domain Dispute"));
includeit("5", "disputes");
showfooter();
exit;
}
if($oldid == "5")
{
$authaddy = trim(mysql_escape_string(stripslashes($_POST['authaddy'])));
if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "")
{
showheader(_("My CAcert.org Account!"));
echo _("The address you submitted isn't a valid authority address for the domain.");
showfooter();
exit;
}
$query = "select * from `domains` where `domain`='".$_SESSION['_config']['domain']."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Domain Dispute!"));
printf(_("The domain '%s' isn't in the system. Can't continue."), $_SESSION['_config']['domain']);
showfooter();
exit;
}
$domainid = intval($_SESSION['_config']['domainid']);
$memid = intval($_SESSION['_config']['memid']);
$oldmemid = intval($_SESSION['_config']['oldmemid']);
$domain = mysql_escape_string($_SESSION['_config']['domain']);
$rnd = fopen("/dev/urandom", "r");
$hash = md5(fgets($rnd, 64));
fclose($rnd);
$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
mysql_query($query);
$body = sprintf(_("You have been sent this email as the domain '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $domain)."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($authaddy, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
showheader(_("Domain Dispute"));
printf(_("The domain '%s' has been entered into the dispute system, the email address you choose will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."), $domain);
showfooter();
exit;
}
showheader(_("Domain and Email Disputes"));
includeit($id, "disputes");
showfooter();
?>

View file

@ -45,7 +45,7 @@
if(strtolower($_SESSION['lostpw']['A1']) == strtolower($_SESSION['lostpw']['user']['A1']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A1']."\nEntered: ".$_SESSION['lostpw']['user']['A1']."\n";
$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".$_SESSION['lostpw']['A1']."\n";
}
if($Q2)
{
@ -53,7 +53,7 @@
if(strtolower($_SESSION['lostpw']['A2']) == strtolower($_SESSION['lostpw']['user']['A2']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A2']."\nEntered: ".$_SESSION['lostpw']['user']['A2']."\n";
$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".$_SESSION['lostpw']['A2']."\n";
}
if($Q3)
{
@ -61,7 +61,7 @@
if(strtolower($_SESSION['lostpw']['A3']) == strtolower($_SESSION['lostpw']['user']['A3']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A3']."\nEntered: ".$_SESSION['lostpw']['user']['A3']."\n";
$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".$_SESSION['lostpw']['A3']."\n";
}
if($Q4)
{
@ -69,7 +69,7 @@
if(strtolower($_SESSION['lostpw']['A4']) == strtolower($_SESSION['lostpw']['user']['A4']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A4']."\nEntered: ".$_SESSION['lostpw']['user']['A4']."\n";
$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".$_SESSION['lostpw']['A4']."\n";
}
if($Q5)
{
@ -77,7 +77,7 @@
if(strtolower($_SESSION['lostpw']['A5']) == strtolower($_SESSION['lostpw']['user']['A5']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['A5']."\nEntered: ".$_SESSION['lostpw']['user']['A5']."\n";
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".$_SESSION['lostpw']['A5']."\n";
}
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($newpass1)));

View file

@ -6,7 +6,7 @@
<p>Feel free to copy, use, change, ... the following logos. I created them
using the <a href="http://www.cacert.org">CAcert.org</a> site logo and some gimp
magic. Send comments or suggestions to <a href="/kontakt/">Chris</a>. Licence: Whatever. I don't care.</p>
magic. Send comments or suggestions to <a href="http://www.christoph-probst.com/kontakt/">Chris</a>. Licence: Whatever. I don't care.</p>
<img src="logos/cacert1.png" alt="www.cacert.org" border="0">&nbsp;&nbsp;
<img src="logos/cacert-free-certificates2.png" alt="www.cacert.org" border="0">&nbsp;&nbsp;

View file

@ -1,7 +1,7 @@
<?
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
{
$output_file = $fname = "cacert-20050104.tar.bz2";
$output_file = $fname = "cacert-20050217.tar.bz2";
header('Pragma: public');

View file

@ -26,12 +26,12 @@
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$row[attempts]++;
if($row[attempts] == 4)
$row['attempts']++;
if($row['attempts'] == 4)
{
mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
showheader(_("Error!"), _("Error!"));
echo "You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system";
echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
showfooter();
exit;
}

View file

@ -74,13 +74,21 @@
$_SESSION['_config']['alreadydone'] = 1;
}
unset($_SESSION['_config']['pointsalready']);
if($id == 6 && $_SESSION['profile']['points'] > 150)
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['pointsalready'] = $drow['total'];
}
unset($_SESSION['_config']['verified']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select `verified` from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['verified'] = $drow['verified'];
}
}
if($oldid == 6)