summaryrefslogtreecommitdiff
path: root/www/alert_hash_collision.php
diff options
context:
space:
mode:
authorMarkus Warg <mw@it-sls.de>2010-03-29 09:54:06 +0200
committerMarkus Warg <mw@it-sls.de>2010-03-29 09:54:06 +0200
commit9dceece06fbdc98add6f76f0b1aec05891a394c4 (patch)
treef7227c28ca5f79f30c2ec81ba1a09a4fe3972436 /www/alert_hash_collision.php
parent5b68967def224a00f54eb54946ff17301bbd3cdb (diff)
downloadcacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.gz
cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.xz
cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.zip
remove cacert/ prefix
Diffstat (limited to 'www/alert_hash_collision.php')
-rw-r--r--www/alert_hash_collision.php28
1 files changed, 28 insertions, 0 deletions
diff --git a/www/alert_hash_collision.php b/www/alert_hash_collision.php
new file mode 100644
index 0000000..bad60e8
--- /dev/null
+++ b/www/alert_hash_collision.php
@@ -0,0 +1,28 @@
+<?php
+
+include("../includes/hash_password.php");
+define('REPORT_WEAK_SCRIPT', './report-weak');
+
+if (@$_GET['shared_secret'] != SHARED_SECRET)
+ die('not authenticated');
+if (!preg_match('/^[0-9a-f]{40}$/i', $_POST['pkhash']))
+ die('malformed or nonexistant pkhash');
+if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
+ die('malformed or nonexistant usernym');
+
+// alert seems ok
+
+if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
+{
+ mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+}
+else
+{
+ mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+ mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
+}
+
+//exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash']));
+
+?>