This file is part of CAcert. CAcert has been released under a CAcert license which can be found included with these source files or can be downloaded from the internet from the following address: http://www.cacert.org/src-lic.php CAcert is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License for more details. */ session_name("cacert"); session_start(); session_register("_config"); session_register("profile"); session_register("signup"); session_register("lostpw"); // if($_SESSION['profile']['id'] > 0) // session_regenerate_id(); $junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"), _("CT Magazine - Germany"), _("Temporary Increase"), _("Unknown")); $id = intval($_REQUEST['id']); $oldid = intval($_REQUEST['oldid']); $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); if($_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'] && $_SERVER['HTTP_HOST'] != "stamp.cacert.org") { if($_SERVER['HTTPS'] == "on") header("location: https://".$_SESSION['_config']['normalhostname']); else header("location: http://".$_SESSION['_config']['normalhostname']); exit; } if(($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] || $_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']) && $_SERVER['HTTP_HOST'] != "stamp.cacert.org" && $_SERVER['HTTPS'] != "on") { header("location: https://".$_SERVER['HTTP_HOST']); exit; } $lang = mysql_escape_string(substr(trim($_REQUEST['lang']), 0, 5)); if($lang != "") $_SESSION['_config']['language'] = $lang; if($_SESSION['profile']['id'] == 1 && 1 == 2) echo $_SESSION['_config']['language']; $_SESSION['_config']['translations'] = array( "ar_JO" => "العربية", "bg_BG" => "Български", "cs_CZ" => "Čeština", "da_DK" => "Dansk", "de_DE" => "Deutsch", "el_GR" => "Ελληνικά", "en_AU" => "English", "es_ES" => "Español", "fi_FI" => "Suomi", "fr_FR" => "Français", "he_IL" => "עברית", "hr_HR" => "Hrvatski", "hu_HU" => "Magyar", "is_IS" => "Íslenska", "it_IT" => "Italiano", "ja_JP" => "日本語", "ka_GE" => "Georgian", "nl_NL" => "Nederlands", "pl_PL" => "Polski", "pt_PT" => "Português", "pt_BR" => "Português Brasileiro", "ru_RU" => "Русский", "ro_RO" => "Română", "sv_SE" => "Svenska", "tr_TR" => "Türkçe", "zh_CN" => "中文(简体)"); if($_SESSION['_config']['language'] == "") { $bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string($_SERVER['HTTP_ACCEPT_LANGUAGE'])))); foreach($bits as $lang) { $b = explode(";", $lang); if(substr($b[1], 0, 2) == "q=") $c = floatval(substr($b[1], 2)); else $c = 1; $value["$c"] = trim($b[0]); } krsort($value); reset($value); foreach($value as $key => $val) { $val = substr(escapeshellarg($val), 1, -1); $short = substr($val, 0, 2); if($val == "en" || $short == "en") { $_SESSION['_config']['language'] = "en"; break; } if(file_exists($_SESSION['_config']['filepath']."/locale/$val/LC_MESSAGES/messages.mo")) { $_SESSION['_config']['language'] = $val; break; } if(file_exists($_SESSION['_config']['filepath']."/locale/$short/LC_MESSAGES/messages.mo")) { $_SESSION['_config']['language'] = $short; break; } } } if(strlen($_SESSION['_config']['language']) != 5) { $lang = $_SESSION['_config']['language']; $_SESSION['_config']['language'] = "en_AU"; foreach($_SESSION['_config']['translations'] as $key => $val) { if(substr($lang, 0, 2) == substr($key, 0, 2)) { $_SESSION['_config']['language'] = $val; break; } } } $_SESSION['_config']['recode'] = "html..latin-1"; if($_SESSION['_config']['language'] == "zh_CN") { $_SESSION['_config']['recode'] = "html..gb2312"; } else if($_SESSION['_config']['language'] == "pl_PL" || $_SESSION['_config']['language'] == "hu_HU") { $_SESSION['_config']['recode'] = "html..ISO-8859-2"; } else if($_SESSION['_config']['language'] == "ja_JP") { $_SESSION['_config']['recode'] = "html..SHIFT-JIS"; } else if($_SESSION['_config']['language'] == "ru_RU") { $_SESSION['_config']['recode'] = "html..ISO-8859-5"; } else if($_SESSION['_config']['language'] == "lt_LT") { $_SESSION['_config']['recode'] = "html..ISO-8859-13"; } putenv("LANG=".$_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']); $domain = 'messages'; bindtextdomain($domain, $_SESSION['_config']['filepath']."/locale"); textdomain($domain); if($_SESSION['profile']['id'] == -1) echo $_SESSION['_config']['language']." - ".$_SESSION['_config']['filepath']."/locale"; if($_SESSION['profile']['id'] > 0) { $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'")); if($locked['locked'] == 0) { $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; } else { $_SESSION['profile'] = ""; unset($_SESSION['profile']); } } function loadem($section = "index") { if($section != "index" && $section != "account" && $section != "tverify") { $section = "index"; } if($section == "account") include_once($_SESSION['_config']['filepath']."/includes/account_stuff.php"); if($section == "index") include_once($_SESSION['_config']['filepath']."/includes/general_stuff.php"); if($section == "tverify") include_once($_SESSION['_config']['filepath']."/includes/tverify_stuff.php"); } function includeit($id = "0", $section = "index") { $id = intval($id); if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg" && $section != "disputes" && $section != "tverify" && $section != "advertising") { $section = "index"; } if($section == "tverify" && file_exists($_SESSION['_config']['filepath']."/tverify/index/$id.php")) include_once($_SESSION['_config']['filepath']."/tverify/index/$id.php"); else if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php")) include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php"); else { $id = "0"; if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php")) include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php"); else { $section = "index"; $id = "0"; if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php")) include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php"); else include_once($_SESSION['_config']['filepath']."/www/error404.php"); } } } function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) { $points = 0; if(strlen($pwd) > 15) $points++; if(strlen($pwd) > 20) $points++; if(strlen($pwd) > 25) $points++; if(strlen($pwd) > 30) $points++; //echo "Points due to length: $points
"; if(preg_match("/\d/", $pwd)) $points++; if(preg_match("/[a-z]/", $pwd)) $points++; if(preg_match("/[A-Z]/", $pwd)) $points++; if(preg_match("/\W/", $pwd)) $points++; if(preg_match("/\s/", $pwd)) $points++; //echo "Points due to length and charset: $points
"; if(@strstr(strtolower($pwd), strtolower($email))) $points--; if(@strstr(strtolower($email), strtolower($pwd))) $points--; if(@strstr(strtolower($pwd), strtolower($fname))) $points--; if(@strstr(strtolower($fname), strtolower($pwd))) $points--; if($mname) if(@strstr(strtolower($pwd), strtolower($mname))) $points--; if($mname) if(@strstr(strtolower($mname), strtolower($pwd))) $points--; if(@strstr(strtolower($pwd), strtolower($lname))) $points--; if(@strstr(strtolower($lname), strtolower($pwd))) $points--; if($suffix) if(@strstr(strtolower($pwd), strtolower($suffix))) $points--; if($suffix) if(@strstr(strtolower($suffix), strtolower($pwd))) $points--; //echo "Points due to name matches: $points
"; $do = `grep '$pwd' /usr/share/dict/american-english`; if($do) $points--; //echo "Points due to wordlist: $points
"; return($points); } function extractit() { $bits = explode(": ", $_SESSION['_config']['subject'], 2); $bits = str_replace(", ", "|", str_replace("/", "|", $bits['1'])); $bits = explode("|", $bits); $_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0; $_SESSION['_config']['OU'] = ""; if(is_array($bits)) foreach($bits as $val) { if(!strstr($val, "=")) continue; $split = explode("=", $val); $k = $split[0]; $split['1'] = trim($split['1']); if($k == "CN" && $split['1']) { $k = $_SESSION['_config']['cnc'].".".$k; $_SESSION['_config']['cnc']++; $_SESSION['_config'][$k] = $split['1']; } if($k == "OU" && $split['1'] && $_SESSION['_config']['OU'] == "") { $_SESSION['_config']['OU'] = $split['1']; } if($k == "subjectAltName" && $split['1']) { $k = $_SESSION['_config']['subaltc'].".".$k; $_SESSION['_config']['subaltc']++; $_SESSION['_config'][$k] = $split['1']; } } } function getcn() { unset($_SESSION['_config']['rows']); unset($_SESSION['_config']['rowid']); unset($_SESSION['_config']['rejected']); for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++) { $CN = $_SESSION['_config']["$cnc.CN"]; $bits = explode(".", $CN); $dom = ""; $cnok = 0; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $cnok = 1; $_SESSION['_config']['row'] = mysql_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } } if($cnok == 0) $_SESSION['_config']['rejected'][] = $CN; if($_SESSION['_config']['row'] != "") $rows[] = $CN; } // if(count($rows) <= 0) // { // showheader(_("My CAcert.org Account!")); // echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again."); // showfooter(); // exit; // } $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } function getalt() { unset($_SESSION['_config']['altrows']); unset($_SESSION['_config']['altid']); for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++) { $subalt = $_SESSION['_config']["$altc.subjectAltName"]; if(substr($subalt, 0, 4) == "DNS:") $alt = substr($subalt, 4); else continue; $bits = explode(".", $alt); $dom = ""; $altok = 0; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $altok = 1; $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } } if($altok == 0) $_SESSION['_config']['rejected'][] = $alt; if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; } $_SESSION['_config']['altrows'] = $altrows; $_SESSION['_config']['altid'] = $altid; } function getcn2() { for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++) { $CN = $_SESSION['_config']["$cnc.CN"]; $bits = explode(".", $CN); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } } if($_SESSION['_config']['row'] != "") $rows[] = $CN; } // if(count($rows) <= 0) // { // showheader(_("My CAcert.org Account!")); // echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again."); // showfooter(); // exit; // } $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } function getalt2() { for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++) { $subalt = $_SESSION['_config']["$altc.subjectAltName"]; if(substr($subalt, 0, 4) == "DNS:") $alt = substr($subalt, 4); else continue; $bits = explode(".", $alt); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from `orginfo`,`orgdomains`,`org` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } } if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; } $_SESSION['_config']['altrows'] = $altrows; $_SESSION['_config']['altid'] = $altid; } function checkownership($hostname) { $bits = explode(".", $hostname); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $dom = mysql_real_escape_string($dom); $query = "select * from `org`,`orgdomains`,`orginfo` where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomains`.`orgid`=`org`.`orgid` and `orginfo`.`id`=`org`.`orgid` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); return(true); } } return(false); } function maxpoints($id = 0) { if($id <= 0) $id = $_SESSION['profile']['id']; $query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18)); $query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'"; if(mysql_num_rows(mysql_query($query)) < 1) { if($points >= 100) return(10); else return(0); } if($points >= 300) return(200); if($points >= 200) return(150); if($points >= 150) return(35); if($points >= 140) return(30); if($points >= 130) return(25); if($points >= 120) return(20); if($points >= 110) return(15); if($points >= 100) return(10); return(0); } function hex2bin($data) { while(strstr($data, "\\x")) { $pos = strlen($data) - strlen(strstr($data, "\\x")); $before = substr($data, 0, $pos); $char = chr(hexdec(substr($data, $pos + 2, 2))); $after = substr($data, $pos + 4); $data = $before.$char.$after; } return(utf8_decode($data)); } function screenshot($img) { if(file_exists("../screenshots/".$_SESSION['_config']['language']."/$img")) return("/screenshots/".$_SESSION['_config']['language']."/$img"); else return("/screenshots/en/$img"); } function signmail($to, $subject, $message, $from, $replyto = "") { if($replyto == "") $replyto = $from; $tmpfname = tempnam("/tmp", "CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $message); fclose($fp); $do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`; @unlink($tmpfname); } function checkEmail($email) { $myemail = mysql_real_escape_string($email); if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email)) { list($username,$domain)=split('@',$email); $dom = escapeshellarg($domain); $line = trim(`dig +short MX $dom 2>&1`); #echo $email."-$dom-$line-\n"; #echo `dig +short mx heise.de 2>&1`."-
\n"; $list = explode("\n", $line); foreach($list as $row) list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1)); $mxhosts[] = $domain; #print_r($mxhosts); die; foreach($mxhosts as $key => $domain) { $fp = @fsockopen($domain,25,$errno,$errstr,5); if($fp) { $line = fgets($fp, 4096); if(substr($line, 0, 3) != "220") continue; fputs($fp, "HELO hlin.cacert.org\r\n"); $line = fgets($fp, 4096); while(substr($line, 0, 3) == "220") $line = fgets($fp, 4096); if(substr($line, 0, 3) != "250") continue; fputs($fp, "MAIL FROM: \r\n"); $line = fgets($fp, 4096); if(substr($line, 0, 3) != "250") continue; fputs($fp, "RCPT TO: <$email>\r\n"); $line = trim(fgets($fp, 4096)); fputs($fp, "QUIT\r\n"); fclose($fp); $line = mysql_real_escape_string(trim(strip_tags($line))); $query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."', `email`='$myemail', `result`='$line'"; mysql_query($query); if(substr($line, 0, 3) != "250") return $line; else return "OK"; } } } $query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."', `email`='$myemail', `result`='Failed to make a connection to the mail server'"; mysql_query($query); return _("Failed to make a connection to the mail server"); } function waitForResult($table, $certid, $id = 0) { $found = $trycount = 0; while($trycount++ <= 30) { if($table == "gpg") $query = "select * from `$table` where `id`='$certid' and `crt` != ''"; else $query = "select * from `$table` where `id`='$certid' and `crt_name` != ''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $found = 1; break; } sleep(2); } if(!$found) { showheader(_("My CAcert.org Account!")); $query = "select * from `$table` where `id`='$certid' "; $res = mysql_query($query); if(mysql_num_rows($res) > 0) printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status.")); else printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." certid:$table:$certid", "", ""); showfooter(); exit; } } function generateTicket() { $query = "insert into tickets (timestamp) values (now()) "; mysql_query($query); $ticket = mysql_insert_id(); return $ticket; } function sanitizeHTML($input) { return htmlentities(strip_tags(utf8_decode($input)), ENT_QUOTES); //return htmlspecialchars(strip_tags($input)); } ?>