This file is part of CAcert. CAcert has been released under a CAcert license which can be found included with these source files or can be downloaded from the internet from the following address: http://www.cacert.org/src-lic.php CAcert is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License for more details. */ session_name("cacert"); session_start(); session_register("_config"); session_register("profile"); session_register("signup"); session_register("lostpw"); $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); if($_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname']) { if($_SERVER['HTTPS'] == "on") header("location: https://".$_SESSION['_config']['normalhostname']); else header("location: http://".$_SESSION['_config']['normalhostname']); exit; } $lang = mysql_escape_string(substr(trim($lang), 0, 5)); if($lang != "") $_SESSION['_config']['language'] = $lang; $_SESSION['_config']['translations'] = array("da_DK" => "Dansk", "de_DE" => "Deutsch", "en_AU" => "English", "es_ES" => "Español", "fr_FR" => "Français", "it_IT" => "Italiano", "hu_HU" => "Magyar", "nl_NL" => "Nederlands", "pt_PT" => "Português", "pt_BR" => "Português Brasileiro", "ru_RU" => "Русский", "sv_SE" => "Svenska", "tr_TR" => "Türkçe", "zh_CN" => "中文(简体)"); if($_SESSION['_config']['language'] == "") { $bits = explode(",", strtolower(str_replace(" ", "", $_SERVER[HTTP_ACCEPT_LANGUAGE]))); foreach($bits as $lang) { $b = explode(";", $lang); if(substr($b[1], 0, 2) == "q=") $c = floatval(substr($b[1], 2)); else $c = 1; $value["$c"] = trim($b[0]); } krsort($value); reset($value); foreach($value as $key => $val) { $short = substr($val, 0, 2); if($val == "en" || $short == "en") { $_SESSION['_config']['language'] = "en"; break; } if(file_exists($_SESSION['_config']['filepath']."/locale/$val/LC_MESSAGES/messages.mo")) { $_SESSION['_config']['language'] = $val; break; } if(file_exists($_SESSION['_config']['filepath']."/locale/$short/LC_MESSAGES/messages.mo")) { $_SESSION['_config']['language'] = $short; break; } } } if(strlen($_SESSION['_config']['language']) != 5) { $lang = $_SESSION['_config']['language']; $_SESSION['_config']['language'] = "en_AU"; foreach($_SESSION['_config']['translations'] as $key => $val) { if(substr($lang, 0, 2) == substr($key, 0, 2)) { $_SESSION['_config']['language'] = $val; break; } } } if($_SESSION['_config']['language'] == "zh_CN") { header("Content-Type: text/html; charset=gb2312"); $_SESSION['_config']['header'] = "\n"; // header("Content-Transfer-Encoding: 8bit"); } else if($_SESSION['_config']['language'] == "ru_RU") { header("Content-Type: text/html; charset=ISO-8859-5"); $_SESSION['_config']['header'] = "\n"; // header("Content-Transfer-Encoding: 8bit"); } else { unset($_SESSION['_config']['header']); } putenv("LANG=".$_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']); $domain = 'messages'; bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale"); textdomain("$domain"); if($_SESSION['profile']['id'] > 0) { $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; } function loadem($section = "index") { if($section != "index" && $section != "account") { $section = "index"; } if($section == "account") include_once($_SESSION['_config']['filepath']."/includes/account_stuff.php"); if($section == "index") include_once($_SESSION['_config']['filepath']."/includes/general_stuff.php"); } function includeit($id = "0", $section = "index") { $id = intval($id); if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg") { $section = "index"; } if(file_exists($_SESSION['_config']['filepath']."/www/$section/$id.php")) include_once($_SESSION['_config']['filepath']."/www/$section/$id.php"); else { $id = "0"; if(file_exists($_SESSION['_config']['filepath']."/www/$section/$id.php")) include_once($_SESSION['_config']['filepath']."/www/$section/$id.php"); else { $section = "index"; $id = "0"; if(file_exists($_SESSION['_config']['filepath']."/www/$section/$id.php")) include_once($_SESSION['_config']['filepath']."/www/$section/$id.php"); else include_once($_SESSION['_config']['filepath']."/www/error404.php"); } } } function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) { $points = 0; if(strlen($pwd) > 15) $points++; if(strlen($pwd) > 30) $points++; if(preg_match("/\d/", $pwd)) $points++; if(preg_match("/[a-z]/", $pwd)) $points++; if(preg_match("/[A-Z]/", $pwd)) $points++; if(preg_match("/\W/", $pwd)) $points++; if(preg_match("/\s/", $pwd)) $points++; if(@strstr(strtolower($pwd), strtolower($email))) $points--; if(@strstr(strtolower($email), strtolower($pwd))) $points--; if(@strstr(strtolower($pwd), strtolower($fname))) $points--; if(@strstr(strtolower($fname), strtolower($pwd))) $points--; if($mname) if(@strstr(strtolower($pwd), strtolower($mname))) $points--; if($mname) if(@strstr(strtolower($mname), strtolower($pwd))) $points--; if(@strstr(strtolower($pwd), strtolower($lname))) $points--; if(@strstr(strtolower($lname), strtolower($pwd))) $points--; if($suffix) if(@strstr(strtolower($pwd), strtolower($suffix))) $points--; if($suffix) if(@strstr(strtolower($suffix), strtolower($pwd))) $points--; $do = `grep '$pwd' /usr/share/dict/american-english`; if($do) $points--; return($points); } function extractit() { $bits = explode(": ", $_SESSION['_config'][subject], 2); $bits = str_replace(", ", "|", str_replace("/", "|", $bits['1'])); $bits = explode("|", $bits); $_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0; if(is_array($bits)) foreach($bits as $val) { if(!strstr($val, "=")) continue; $split = explode("=", $val); $k = $split[0]; $split['1'] = trim($split['1']); if($k == "CN" && $split['1']) { $k = $_SESSION['_config']['cnc'].".".$k; $_SESSION['_config']['cnc']++; $_SESSION['_config'][$k] = $split['1']; } if($k == "subjectAltName" && $split['1']) { $k = $_SESSION['_config']['subaltc'].".".$k; $_SESSION['_config']['subaltc']++; $_SESSION['_config'][$k] = $split['1']; } } } function getcn() { for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++) { $CN = $_SESSION['_config']["$cnc.CN"]; $bits = explode(".", $CN); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } } if($_SESSION['_config']['row'] != "") $rows[] = $CN; } if(count($rows) <= 0) { showheader(_("My CAcert.org Account!")); echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again."); showfooter(); exit; } $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } function getalt() { for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++) { $subalt = $_SESSION['_config']["$altc.subjectAltName"]; if(substr($subalt, 0, 4) != "DNS:") continue; $alt = substr($subalt, 4); $bits = explode(".", $alt); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } } if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; } $_SESSION['_config']['altrows'] = $altrows; $_SESSION['_config']['altid'] = $altid; } function getcn2() { for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++) { $CN = $_SESSION['_config']["$cnc.CN"]; $bits = explode(".", $CN); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); $rowid[] = $_SESSION['_config']['row']['id']; break; } } if($_SESSION['_config']['row'] != "") $rows[] = $CN; } if(count($rows) <= 0) { showheader(_("My CAcert.org Account!")); echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again."); showfooter(); exit; } $_SESSION['_config']['rows'] = $rows; $_SESSION['_config']['rowid'] = $rowid; } function getalt2() { for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++) { $subalt = $_SESSION['_config']["$altc.subjectAltName"]; if(substr($subalt, 0, 4) != "DNS:") continue; $alt = substr($subalt, 4); $bits = explode(".", $alt); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $query = "select * from `orginfo`,`orgdomains`,`org` where `org`.`memid`='".$_SESSION['profile']['id']."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res); $altid[] = $_SESSION['_config']['altrow']['id']; break; } } if($_SESSION['_config']['altrow'] != "") $altrows[] = $subalt; } $_SESSION['_config']['altrows'] = $altrows; $_SESSION['_config']['altid'] = $altid; } function checkownership($hostname) { $bits = explode(".", $hostname); $dom = ""; for($i = count($bits) - 1; $i >= 0; $i--) { if($dom) $dom = $bits[$i].".".$dom; else $dom = $bits[$i]; $query = "select * from `org`,`orgdomains`,`orginfo` where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomains`.`orgid`=`org`.`orgid` and `orginfo`.`id`=`org`.`orgid` and `orgdomains`.`domain`='$dom'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['_config']['row'] = mysql_fetch_assoc($res); return(true); } } return(false); } function maxpoints($id = 0) { if($id <= 0) $id = $_SESSION['profile']['id']; $query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; if($points >= 300) return(200); if($points >= 200) return(150); if($points >= 150) return(35); if($points >= 140) return(30); if($points >= 130) return(25); if($points >= 120) return(20); if($points >= 110) return(15); if($points >= 100) return(10); return(0); } function hex2bin($data) { while(strstr($data, "\\x")) { $pos = strlen($data) - strlen(strstr($data, "\\x")); $before = substr($data, 0, $pos); $char = chr(hexdec(substr($data, $pos + 2, 2))); $after = substr($data, $pos + 4); $data = $before.$char.$after; } return(utf8_decode($data)); } function screenshot($img) { if(file_exists("../screenshots/".$_SESSION['_config']['language']."/$img")) return("/screenshots/".$_SESSION['_config']['language']."/$img"); else return("/screenshots/en/$img"); } function signmail($to, $subject, $message, $from, $replyto = "") { if($replyto == "") $replyto = $from; $tmpfname = tempnam("/tmp", "CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $message); fclose($fp); $do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`; @unlink($tmpfname); } ?>