This file is part of CAcert. CAcert has been released under the CAcert Source License which can be found included with these source files or can be downloaded from the internet from the following address: http://www.cacert.org/src-lic.php CAcert is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License for more details. */ ?> 0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0")); if($_SESSION['profile']['id'] != 0) { $_SESSION['profile']['loggedin'] = 1; header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); exit; } else { $_SESSION['profile']['loggedin'] = 0; } } } if($id == 4 && $_SESSION['profile']['loggedin'] == 1) { header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); exit; } if($_REQUEST['oldid'] == 4) { unset($_REQUEST['oldid']); $id = 4; $_SESSION['_config']['errmsg'] = ""; $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email'])))); $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword']))); $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['profile'] = ""; unset($_SESSION['profile']); $_SESSION['profile'] = mysql_fetch_assoc($res); $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".$_SESSION['_config']['language']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } else { $_SESSION['_config']['language'] = $_SESSION['profile']['language']; putenv("LANG=".$_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']); $domain = 'messages'; bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale"); textdomain("$domain"); } $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; $_SESSION['profile']['loggedin'] = 1; if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" || $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" || $_SESSION['profile']['Q5'] == "") { $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."
"; $_SESSION['_config']['oldlocation'] = "account.php?id=13"; } if($_SESSION['_config']['oldlocation'] != "") header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']); else header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); exit; } $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=0 and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase."); } else { $_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages."); } } if($_REQUEST['process'] && $_REQUEST['oldid'] == 1) { $id = 2; unset($_REQUEST['oldid']); $_SESSION['_config']['errmsg'] = ""; $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); $_SESSION['signup']['day'] = intval($_REQUEST['day']); $_SESSION['signup']['month'] = intval($_REQUEST['month']); $_SESSION['signup']['year'] = intval($_REQUEST['year']); $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1']))); $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2']))); $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4'])))); $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5'])))); $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); $_SESSION['signup']['general'] = intval($_REQUEST['general']); $_SESSION['signup']['country'] = intval($_REQUEST['country']); $_SESSION['signup']['regional'] = intval($_REQUEST['regional']); $_SESSION['signup']['radius'] = intval($_REQUEST['radius']); if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" || $_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" || $_SESSION['signup']['Q5'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."
\n"; } if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."
\n"; } if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 || $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31) { $id = 1; $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."
\n"; } if($_SESSION['signup']['email'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."
\n"; } if($_SESSION['signup']['pword1'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."
\n"; } if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2']) { $id = 1; $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."
\n"; } $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']); if($score < 3) { $id = 1; $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6."); } if($id == 2) { $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0"; $res1 = mysql_query($query); $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0"; $res2 = mysql_query($query); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { $id = 1; $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."
\n"; } $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $domain = mysql_fetch_assoc($res); $domain = $domain['domain']; $id = 1; $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."
\n"; } } if($id == 2) { $checkemail = checkEmail($_SESSION['signup']['email']); if($checkemail != "OK") { $id = 1; $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."
\n$checkemail
\n"; } } if($id == 2) { $hash = make_hash(); $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."', `password`=sha1('".$_SESSION['signup']['pword1']."'), `fname`='".$_SESSION['signup']['fname']."', `mname`='".$_SESSION['signup']['mname']."', `lname`='".$_SESSION['signup']['lname']."', `suffix`='".$_SESSION['signup']['suffix']."', `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."', `Q1`='".$_SESSION['signup']['Q1']."', `Q2`='".$_SESSION['signup']['Q2']."', `Q3`='".$_SESSION['signup']['Q3']."', `Q4`='".$_SESSION['signup']['Q4']."', `Q5`='".$_SESSION['signup']['Q5']."', `A1`='".$_SESSION['signup']['A1']."', `A2`='".$_SESSION['signup']['A2']."', `A3`='".$_SESSION['signup']['A3']."', `A4`='".$_SESSION['signup']['A4']."', `A5`='".$_SESSION['signup']['A5']."', `created`=NOW()"; mysql_query($query); $memid = mysql_insert_id(); $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."', `hash`='$hash', `created`=NOW(), `memid`='$memid'"; mysql_query($query); $emailid = mysql_insert_id(); $query = "insert into `alerts` set `memid`='$memid', `general`='".$_SESSION['signup']['general']."', `country`='".$_SESSION['signup']['country']."', `regional`='".$_SESSION['signup']['regional']."', `radius`='".$_SESSION['signup']['radius']."'"; mysql_query($query); $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support"); foreach($_SESSION['signup'] as $key => $val) $_SESSION['signup'][$key] = ""; unset($_SESSION['signup']); } } if($_REQUEST['oldid'] == 11 && $_REQUEST['process'] != "") { $who = stripslashes($who); $email = stripslashes($_REQUEST['email']); $subject = stripslashes($subject); $message = stripslashes($message); if($who == "" || $email == "" || $subject == "" || $message == "") { $id = $_REQUEST['oldid']; $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."
\n"; unset($_REQUEST['oldid']); } } if($_REQUEST['oldid'] == 11 && $_REQUEST['process'] != "" && $_REQUEST['support'] != "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent."); showfooter(); exit; } if($_REQUEST['oldid'] == 11 && $_REQUEST['process'] != "" && $_REQUEST['support'] == "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent to the general support list."); showfooter(); exit; } if($_SESSION['signup']['year'] < 1900) $_SESSION['signup']['year'] = "19XX"; showheader(_("Welcome to CAcert.org")); includeit($id); showfooter(); ?>