261 lines
8.8 KiB
PHP
261 lines
8.8 KiB
PHP
<? /*
|
|
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
|
|
|
This file is part of CAcert.
|
|
|
|
CAcert has been released under the CAcert Source License
|
|
which can be found included with these source files or can
|
|
be downloaded from the internet from the following address:
|
|
http://www.cacert.org/src-lic.php
|
|
|
|
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
|
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
PARTICULAR PURPOSE. See the License for more details.
|
|
*/ ?>
|
|
<?
|
|
if($_SERVER['HTTP_HOST'] == "secure.cacert.org")
|
|
{
|
|
$query = "select * from `emailcerts` where `serial`='".mysql_escape_string($_SERVER['SSL_CLIENT_M_SERIAL'])."'
|
|
and `revoked`=0 and UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) > 0)
|
|
{
|
|
$row = mysql_fetch_assoc($res);
|
|
|
|
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
|
|
$_SESSION['profile']['loggedin'] = 1;
|
|
} else {
|
|
$_SESSION['profile']['loggedin'] = 0;
|
|
|
|
unset($_SESSION['_config']['oldlocation']);
|
|
|
|
foreach($_GET as $key => $val)
|
|
{
|
|
if($_SESSION['_config']['oldlocation'])
|
|
$_SESSION['_config']['oldlocation'] .= "&";
|
|
|
|
$_SESSION['_config']['oldlocation'] .= "$key=$val";
|
|
}
|
|
$_SESSION['_config']['oldlocation'] = "wot.php?".$_SESSION['_config']['oldlocation'];
|
|
|
|
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
|
|
exit;
|
|
}
|
|
} else if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && $_SESSION['profile']['id'] > 0) {
|
|
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
|
|
}
|
|
|
|
if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
|
|
{
|
|
header("location: https://www.cacert.org");
|
|
exit;
|
|
}
|
|
|
|
if($_SERVER['HTTP_HOST'] == "secure.cacert.org" && $_SESSION['profile']['id'] > 0)
|
|
{
|
|
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
|
|
$res = mysql_query($query);
|
|
$row = mysql_fetch_assoc($res);
|
|
$_SESSION['profile']['points'] = $row['total'];
|
|
|
|
if($_SESSION['profile']['language'] == "")
|
|
{
|
|
$query = "update `users` set `language`='".$_SESSION['_config']['language']."'
|
|
where `id`='".$_SESSION['profile']['id']."'";
|
|
mysql_query($query);
|
|
}
|
|
}
|
|
|
|
if($id == "logout")
|
|
{
|
|
$_SESSION['profile']['loggedin'] = 0;
|
|
header("location: https://".$_SERVER['HTTP_HOST']."/index.php");
|
|
exit;
|
|
}
|
|
|
|
if($_SESSION['profile']['loggedin'] < 1)
|
|
{
|
|
unset($_SESSION['_config']['oldlocation']);
|
|
|
|
foreach($_GET as $key => $val)
|
|
{
|
|
if($_SESSION['_config']['oldlocation'])
|
|
$_SESSION['_config']['oldlocation'] .= "&";
|
|
|
|
$_SESSION['_config']['oldlocation'] .= "$key=$val";
|
|
}
|
|
$_SESSION['_config']['oldlocation'] = "wot.php?".$_SESSION['_config']['oldlocation'];
|
|
|
|
header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
|
|
exit;
|
|
}
|
|
|
|
loadem("account");
|
|
|
|
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
|
|
{
|
|
showheader(_("My CAcert.org Account!"));
|
|
echo "<p>"._("You don't have access to view these pages.")."</p>";
|
|
showfooter();
|
|
exit;
|
|
}
|
|
|
|
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
|
|
{
|
|
unset($oldid);
|
|
$id = 5;
|
|
}
|
|
|
|
if($oldid == 5)
|
|
{
|
|
$query = "select * from `users` where `email`='".mysql_escape_string($_POST['email'])."'";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) != 1)
|
|
{
|
|
$id = $oldid;
|
|
unset($oldid);
|
|
$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
|
|
} else {
|
|
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
|
|
}
|
|
}
|
|
|
|
if($oldid == 5 || $oldid == 6)
|
|
{
|
|
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
|
|
{
|
|
$id = 5;
|
|
unset($oldid);
|
|
$_SESSION['_config']['error'] = _("You are never allowed to Notarise yourself!");
|
|
}
|
|
}
|
|
|
|
if($oldid == 5 || $oldid == 6)
|
|
{
|
|
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
|
|
`to`='".$_SESSION['_config']['notarise']['id']."'";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) > 0)
|
|
{
|
|
$id = 5;
|
|
unset($oldid);
|
|
$_SESSION['_config']['error'] = _("You are only allowed to Notarise someone once!");
|
|
} elseif($oldid == 5) {
|
|
$id = 6;
|
|
}
|
|
}
|
|
|
|
if($oldid == 6)
|
|
{
|
|
if($_POST['certify'] != 1 || $_POST['assertion'] != 1 || $_POST['rules'] != 1)
|
|
{
|
|
$id = $oldid;
|
|
unset($oldid);
|
|
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
|
|
}
|
|
}
|
|
|
|
if($oldid == 6)
|
|
{
|
|
if($_POST['location'] == "" || $_POST['date'] == "")
|
|
{
|
|
$id = $oldid;
|
|
unset($oldid);
|
|
$_SESSION['_config']['error'] = _("You failed to enter a location and date of your meeting.");
|
|
}
|
|
}
|
|
|
|
if($oldid == 6)
|
|
{
|
|
$max = maxpoints();
|
|
if($_POST['points'] > $max)
|
|
$_POST['points'] = $max;
|
|
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
|
|
$res = mysql_query($query);
|
|
$drow = mysql_fetch_assoc($res);
|
|
if(($drow['total'] + $_POST['points']) > 100 && $max < 100)
|
|
$_POST['points'] = 100 - $drow['total'];
|
|
if(($drow['total'] + $_POST['points']) > $max && $max >= 100)
|
|
$_POST['points'] = $max - $drow['total'];
|
|
if($_POST['points'] < 0)
|
|
$_POST['points'] = 0;
|
|
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
|
|
`to`='".$_SESSION['_config']['notarise']['id']."',
|
|
`points`='".intval($_POST['points'])."',
|
|
`location`='".mysql_escape_string($_POST['location'])."',
|
|
`date`='".mysql_escape_string($_POST['date'])."'";
|
|
mysql_query($query);
|
|
|
|
$body = _("You are receiving this email because you have been notarised by another member of the CAcert community.")."\n\n";
|
|
$body .= _(sprintf("You were issued %s points and you now have %s points in total.", $_POST['points'], ($_POST['points'] + $drow['total'])))."\n\n";
|
|
|
|
if(($drow['total'] + $_POST['points']) < 100 && ($drow['total'] + $_POST['points']) >= 50)
|
|
{
|
|
$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
|
|
}
|
|
|
|
if(($drow['total'] + $_POST['points']) >= 100 && $_POST['points'] > 0)
|
|
{
|
|
$body .= _("You now have over 100 points and can start notarising others.")."\n\n";
|
|
}
|
|
|
|
$body .= _("Best Regards")."\n";
|
|
$body .= _("CAcert Support Team");
|
|
|
|
mail($_SESSION['_config']['notarise']['email'], "[CAcert.org] You've been Notarised.", $body, "Errors-To: returns@cacert.org\nfrom: \"CAcert Support\" <duane@cacert.org>");
|
|
|
|
$body = _("You are receiving this email because you have notarised another member of the CAcert community.")."\n\n";
|
|
$body .= _(sprintf("You issued them %s points and they now have %s points in total.", $_POST['points'], ($_POST['points'] + $drow['total'])))."\n\n";
|
|
$body .= _("Best Regards")."\n";
|
|
$body .= _("CAcert Support Team");
|
|
|
|
mail($_SESSION['profile']['email'], "[CAcert.org] You've Notarised Another Member.", $body, "Errors-To: returns@cacert.org\nfrom: \"CAcert Support\" <duane@cacert.org>");
|
|
|
|
showheader(_("My CAcert.org Account!"));
|
|
echo "<p>"._("Shortly you and the person you were notarising will receive and email confirmation, there is no action on your behalf required to complete this.")."</p>";
|
|
showfooter();
|
|
exit;
|
|
}
|
|
|
|
if($oldid == 8)
|
|
{
|
|
$info = mysql_escape_string(strip_tags($_POST['contactinfo']));
|
|
$listme = intval($_POST['listme']);
|
|
if($listme < 0 || $listme > 1)
|
|
$listme = 0;
|
|
|
|
$_SESSION['profile']['listme'] = $listme;
|
|
$_SESSION['profile']['contactinfo'] = $info;
|
|
|
|
$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
|
|
mysql_query($query);
|
|
|
|
showheader(_("My CAcert.org Account!"));
|
|
echo "<p>"._("Your account information has been updated.")."</p>";
|
|
showfooter();
|
|
exit;
|
|
}
|
|
|
|
if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0)
|
|
{
|
|
$body = $_POST['message'];
|
|
$subject = $_POST['subject'];
|
|
mail($_SESSION['_config']['user']['email'], $_POST['subject'], $_POST['message'],
|
|
"Errors-To: returns@cacert.org\n".
|
|
"From: '".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."' <".
|
|
$_SESSION['profile']['email'].">");
|
|
showheader(_("My CAcert.org Account!"));
|
|
echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";
|
|
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
|
|
showfooter();
|
|
exit;
|
|
} elseif($oldid == 9) {
|
|
unset($oldid);
|
|
$error = _("There was an error and I couldn't proceed");
|
|
$id = 9;
|
|
}
|
|
|
|
showheader(_("My CAcert.org Account!"));
|
|
includeit($id, "wot");
|
|
showfooter();
|
|
?>
|