142 lines
5.3 KiB
PHP
142 lines
5.3 KiB
PHP
<? /*
|
|
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
|
|
|
This file is part of CAcert.
|
|
|
|
CAcert has been released under the CAcert Source License
|
|
which can be found included with these source files or can
|
|
be downloaded from the internet from the following address:
|
|
http://www.cacert.org/src-lic.php
|
|
|
|
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
|
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
PARTICULAR PURPOSE. See the License for more details.
|
|
*/ ?>
|
|
<?
|
|
loadem("account");
|
|
|
|
if($_REQUEST['Notify'] != "")
|
|
{
|
|
echo "do something here";
|
|
exit;
|
|
}
|
|
|
|
$type = $_REQUEST['type'];
|
|
|
|
if($type == "email")
|
|
{
|
|
$id = 1;
|
|
$emailid = intval($_REQUEST['emailid']);
|
|
$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
|
|
|
|
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) > 0)
|
|
{
|
|
$row = mysql_fetch_assoc($res);
|
|
$row['attempts']++;
|
|
if($row['attempts'] >= 6)
|
|
{
|
|
mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
|
|
showheader(_("Error!"), _("Error!"));
|
|
echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
|
|
showfooter();
|
|
exit;
|
|
}
|
|
mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
|
|
}
|
|
|
|
$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0 and `attempts` <= 6";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) <= 0)
|
|
{
|
|
showheader(_("Error!"), _("Error!"));
|
|
echo _("The ID or Hash has already been verified, or something weird happened.");
|
|
showfooter();
|
|
exit;
|
|
}
|
|
$row = mysql_fetch_assoc($res);
|
|
if($_REQUEST['Yes'] != "")
|
|
{
|
|
$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
|
|
mysql_query($query);
|
|
$query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
|
|
mysql_query($query);
|
|
showheader(_("Updated"), _("Updated"));
|
|
echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
|
|
} else if($_REQUEST['No'] != "") {
|
|
header("location: /index.php");
|
|
exit;
|
|
} else {
|
|
showheader(_("Updated"), _("Updated"));
|
|
printf(_("Are you sure you want to verify the email %s?"), $row['email']);
|
|
echo "<br>\n<form method='post' action='/verify.php'>";
|
|
echo "<input type='hidden' name='emailid' value='$emailid'>";
|
|
echo "<input type='hidden' name='hash' value='$hash'>";
|
|
echo "<input type='hidden' name='type' value='email'>";
|
|
echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
|
|
echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
|
|
echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
|
|
}
|
|
showfooter();
|
|
exit;
|
|
}
|
|
|
|
if($type == "domain")
|
|
{
|
|
$id = 7;
|
|
$domainid = intval($_REQUEST['domainid']);
|
|
$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
|
|
|
|
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) > 0)
|
|
{
|
|
$row = mysql_fetch_assoc($res);
|
|
$row[attempts]++;
|
|
if($row[attempts] == 4)
|
|
{
|
|
$query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
|
|
showheader(_("Error!"), _("Error!"));
|
|
echo _("You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system");
|
|
showfooter();
|
|
exit;
|
|
}
|
|
$query = "update `domains` set `attempts`='$row[attempts]' where `id`='$domainid'";
|
|
mysql_query($query);
|
|
}
|
|
|
|
$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
|
|
$res = mysql_query($query);
|
|
if(mysql_num_rows($res) <= 0)
|
|
{
|
|
showheader(_("Error!"), _("Error!"));
|
|
echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
|
|
showfooter();
|
|
exit;
|
|
}
|
|
$row = mysql_fetch_assoc($res);
|
|
if($_REQUEST['Yes'] != "")
|
|
{
|
|
$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
|
|
mysql_query($query);
|
|
showheader(_("Updated"), _("Updated"));
|
|
echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
|
|
} else if($_REQUEST['No'] != "") {
|
|
header("location: /index.php");
|
|
exit;
|
|
} else {
|
|
showheader(_("Updated"), _("Updated"));
|
|
printf(_("Are you sure you want to verify the domain %s?"), $row['name']);
|
|
echo "<br>\n<form method='post' action='/verify.php'>";
|
|
echo "<input type='hidden' name='domainid' value='$domainid'>";
|
|
echo "<input type='hidden' name='hash' value='$hash'>";
|
|
echo "<input type='hidden' name='type' value='domain'>";
|
|
echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
|
|
echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
|
|
echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
|
|
}
|
|
showfooter();
|
|
exit;
|
|
}
|
|
?>
|