cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
bug-1537
add-quality-check-script
bug-1562
bug-1561
bug-1560
bug-1559
main
fix/bug-1550
v2023.09.16
v2024.05.20
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e544cba90'
${ noResults }
cacert-webdb/www/verify.php

143 lines
5.2 KiB
PHP
Raw Blame History

<? /*
Copyright (C) 2004-2006 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
loadem("account");
if($_REQUEST['Notify'] != "")
{
echo "do something here";
exit;
}
$type = $_REQUEST['type'];
if($type == "email")
{
$id = 1;
$emailid = intval($_REQUEST['emailid']);
$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$row['attempts']++;
if($row['attempts'] >= 6)
{
mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
showheader(_("Error!"), _("Error!"));
echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
showfooter();
exit;
}
mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
}
$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, or something weird happened.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
if($_REQUEST['Yes'] != "")
{
$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
mysql_query($query);
$query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
} else if($_REQUEST['No'] != "") {
header("location: /index.php");
exit;
} else {
showheader(_("Updated"), _("Updated"));
printf(_("Are you sure you want to verify the email %s?"), $row['email']);
echo "<br>\n<form method='post' action='/verify.php'>";
echo "<input type='hidden' name='emailid' value='$emailid'>";
echo "<input type='hidden' name='hash' value='$hash'>";
echo "<input type='hidden' name='type' value='email'>";
echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
}
showfooter();
exit;
}
if($type == "domain")
{
$id = 7;
$domainid = intval($_REQUEST['domainid']);
$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$row[attempts]++;
if($row[attempts] >= 6)
{
$query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
showheader(_("Error!"), _("Error!"));
echo _("You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system");
showfooter();
exit;
}
$query = "update `domains` set `attempts`='$row[attempts]' where `id`='$domainid'";
mysql_query($query);
}
$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
showheader(_("Error!"), _("Error!"));
echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
showfooter();
exit;
}
$row = mysql_fetch_assoc($res);
if($_REQUEST['Yes'] != "")
{
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
mysql_query($query);
showheader(_("Updated"), _("Updated"));
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
} else if($_REQUEST['No'] != "") {
header("location: /index.php");
exit;
} else {
showheader(_("Updated"), _("Updated"));
printf(_("Are you sure you want to verify the domain %s?"), $row['name']);
echo "<br>\n<form method='post' action='/verify.php'>";
echo "<input type='hidden' name='domainid' value='$domainid'>";
echo "<input type='hidden' name='hash' value='$hash'>";
echo "<input type='hidden' name='type' value='domain'>";
echo "<input type='submit' name='Yes' value='"._("Yes verify this domain")."'><br>\n";
echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
echo "<input type='submit' name='No' value='"._("Do not verify this domain")."'></form>\n";
}
showfooter();
exit;
}
?>
View Git Blame Copy Permalink