This file is part of CAcert. CAcert has been released under a CAcert license which can be found included with these source files or can be downloaded from the internet from the following address: http://www.cacert.org/src-lic.php CAcert is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License for more details. */ if($_SERVER[HTTP_HOST] != "www.cacert.org" && $_SERVER[HTTP_HOST] != "secure.cacert.org" && $_SERVER[HTTP_HOST] != "202.87.16.201") { if($_SERVER[HTTPS] == "on") header("location: https://www.cacert.org"); else header("location: http://www.cacert.org"); exit; } session_name("cacert"); session_start(); session_register("_config"); session_register("profile"); session_register("signup"); session_register("lostpw"); $lang = mysql_escape_string(substr(trim($lang), 0, 5)); if($lang != "") $_SESSION['_config']['language'] = $lang; $_SESSION['_config']['translations'] = array("da_DK" => "Dansk", "de_DE" => "Deutsch", "en_AU" => "English", "es_ES" => "Español", "fr_FR" => "Français", "it_IT" => "Italiano", "hu_HU" => "Magyar", "nl_NL" => "Nederlands", "pt_PT" => "Português", "zh_CN" => "Chinese"); if($_SESSION['_config']['language'] == "") { $bits = explode(",", strtolower(str_replace(" ", "", $_SERVER[HTTP_ACCEPT_LANGUAGE]))); foreach($bits as $lang) { $b = explode(";", $lang); if(substr($b[1], 0, 2) == "q=") $c = floatval(substr($b[1], 2)); else $c = 1; $value["$c"] = trim($b[0]); } krsort($value); reset($value); foreach($value as $key => $val) { $short = substr($val, 0, 2); if($val == "en" || $short == "en") { $_SESSION['_config']['language'] = "en"; break; } if(file_exists("/home/cacert/locale/$val/LC_MESSAGES/messages.mo")) { $_SESSION['_config']['language'] = $val; break; } if(file_exists("/home/cacert/locale/$short/LC_MESSAGES/messages.mo")) { $_SESSION['_config']['language'] = $short; break; } } } if(strlen($_SESSION['_config']['language']) != 5) { $lang = $_SESSION['_config']['language']; $_SESSION['_config']['language'] = "en_AU"; foreach($_SESSION['_config']['translations'] as $key => $val) { if(substr($lang, 0, 2) == substr($key, 0, 2)) { $_SESSION['_config']['language'] = $val; break; } } } if($_SESSION['_config']['language'] == "zh_CN") { header("Content-Type: text/html; charset=gb2312"); // header("Content-Transfer-Encoding: 8bit"); } putenv("LANG=".$_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']); $domain = 'messages'; bindtextdomain("$domain", "/home/cacert/locale"); textdomain("$domain"); $_SESSION['_config'][filepath] = "/home/cacert"; require_once("/home/cacert/includes/mysql.php"); if($_SESSION['profile']['id'] > 0) { $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; } $hostname = "www.cacert.org"; function loadem($section = "index") { if($section != "index" && $section != "account") { $section = "index"; } if($section == "account") include_once("/home/cacert/includes/account_stuff.php"); if($section == "index") include_once("/home/cacert/includes/general_stuff.php"); } function includeit($id = "0", $section = "index") { $id = intval($id); if($section != "index" && $section != "account" && $section != "wot" && $section != "help") { $section = "index"; } if(file_exists("/home/cacert/www/$section/$id.php")) include_once("/home/cacert/www/$section/$id.php"); else { $id = "0"; if(file_exists("/home/cacert/www/$section/$id.php")) include_once("/home/cacert/www/$section/$id.php"); else { $section = "index"; $id = "0"; if(file_exists("/home/cacert/www/$section/$id.php")) include_once("/home/cacert/www/$section/$id.php"); else include_once("/home/cacert/www/error404.php"); } } } function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) { $points = 0; if(preg_match("/\d/", $pwd)) $points++; if(preg_match("/[a-z]/", $pwd)) $points++; if(preg_match("/[A-Z]/", $pwd)) $points++; if(preg_match("/\W/", $pwd)) $points++; if(preg_match("/\s/", $pwd)) $points++; if(@strstr(strtolower($pwd), strtolower($email))) $points--; if(@strstr(strtolower($email), strtolower($pwd))) $points--; if(@strstr(strtolower($pwd), strtolower($fname))) $points--; if(@strstr(strtolower($fname), strtolower($pwd))) $points--; if($mname) if(@strstr(strtolower($pwd), strtolower($mname))) $points--; if($mname) if(@strstr(strtolower($mname), strtolower($pwd))) $points--; if(@strstr(strtolower($pwd), strtolower($lname))) $points--; if(@strstr(strtolower($lname), strtolower($pwd))) $points--; if($suffix) if(@strstr(strtolower($pwd), strtolower($suffix))) $points--; if($suffix) if(@strstr(strtolower($suffix), strtolower($pwd))) $points--; $do = `grep '$pwd' /usr/share/dict/american-english`; if($do) $points--; return($points); } function extractit() { $bits = explode(": ", $_SESSION['_config'][subject], 2); $bits = str_replace(", ", "|", str_replace("/", "|", $bits['1'])); $bits = explode("|", $bits); $_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0; if(is_array($bits)) foreach($bits as $val) { if(!strstr($val, "=")) continue; $split = explode("=", $val); $k = $split[0]; $split['1'] = trim($split['1']); if($k == "CN" && $split['1']) { $k = $_SESSION['_config']['cnc'].".".$k; $_SESSION['_config']['cnc']++; $_SESSION['_config'][$k] = $split['1']; } if($k == "subjectAltName" && $split['1']) { $k = $_SESSION['_config']['subaltc'].".".$k; $_SESSION['_config']['subaltc']++; $_SESSION['_config'][$k] = $split['1']; } } } function getcn() { for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++) { $CN = $_SESSION['_config']["$cnc.CN"]; $bits = explode(".", $CN); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } } if($_SESSION['_config']['row'] == "") { showheader(_("My CAcert.org Account!")); printf(_("Unable to match '%s' against any domain validated against your account."), $CN); showfooter(); exit; } else $rows[] = $CN; } $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } function getalt() { for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++) { $subalt = $_SESSION['_config']["$altc.subjectAltName"]; if(substr($subalt, 0, 4) != "DNS:") { showheader(_("My CAcert.org Account!")); printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt); showfooter(); exit; } $alt = substr($subalt, 4); $bits = explode(".", $alt); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } } if($_SESSION['_config']['altrow'] == "") { showheader(_("My CAcert.org Account!")); printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt); showfooter(); exit; } else $altrows[] = $subalt; } $_SESSION['_config']['altrows'] = $altrows; $_SESSION['_config']['altid'] = $altid; } function getcn2() { for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++) { $CN = $_SESSION['_config']["$cnc.CN"]; $bits = explode(".", $CN); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } } if($_SESSION['_config']['row'] == "") { showheader(_("My CAcert.org Account!")); printf(_("Unable to match '%s' against any domain validated against your account."), $CN); showfooter(); exit; } else $rows[] = $CN; } $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } function getalt2() { for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++) { $subalt = $_SESSION['_config']["$altc.subjectAltName"]; if(substr($subalt, 0, 4) != "DNS:") { showheader(_("My CAcert.org Account!")); printf(_("Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"), $subalt); showfooter(); exit; } $alt = substr($subalt, 4); $bits = explode(".", $alt); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $query = "select * from `orginfo`,`orgdomains`,`org` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } } if($_SESSION['_config']['altrow'] == "") { showheader(_("My CAcert.org Account!")); printf(_("Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."), $alt); showfooter(); exit; } else $altrows[] = $subalt; } $_SESSION['_config']['altrows'] = $altrows; $_SESSION['_config']['altid'] = $altid; } function checkownership($hostname) { $bits = explode(".", $hostname); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $query = "select * from `org`,`orgdomains`,`orginfo` where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomains`.`orgid`=`org`.`orgid` and `orginfo`.`id`=`org`.`orgid` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); return(true); } } return(false); } function maxpoints($id = 0) { if($id <= 0) $id = $_SESSION['profile']['id']; $query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; if($points >= 300) return(200); if($points >= 200) return(150); if($points >= 150) return(35); if($points >= 140) return(30); if($points >= 130) return(25); if($points >= 120) return(20); if($points >= 110) return(15); if($points >= 100) return(10); return(0); } ?>