summaryrefslogtreecommitdiff
path: root/www/api
diff options
context:
space:
mode:
authorMarkus Warg <mw@it-sls.de>2010-03-29 09:54:06 +0200
committerMarkus Warg <mw@it-sls.de>2010-03-29 09:54:06 +0200
commit9dceece06fbdc98add6f76f0b1aec05891a394c4 (patch)
treef7227c28ca5f79f30c2ec81ba1a09a4fe3972436 /www/api
parent5b68967def224a00f54eb54946ff17301bbd3cdb (diff)
downloadcacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.gz
cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.xz
cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.zip
remove cacert/ prefix
Diffstat (limited to 'www/api')
-rw-r--r--www/api/CVS/Entries5
-rw-r--r--www/api/CVS/Repository1
-rw-r--r--www/api/CVS/Root1
-rw-r--r--www/api/ccsr.php98
-rw-r--r--www/api/cemails.php47
-rw-r--r--www/api/edu.php43
-rw-r--r--www/api/index.php4
7 files changed, 199 insertions, 0 deletions
diff --git a/www/api/CVS/Entries b/www/api/CVS/Entries
new file mode 100644
index 0000000..64e2916
--- /dev/null
+++ b/www/api/CVS/Entries
@@ -0,0 +1,5 @@
+/index.php/1.1/Tue Nov 8 10:06:04 2005//
+/cemails.php/1.5/Mon Nov 24 12:43:46 2008//
+/edu.php/1.3/Mon Jan 5 10:34:38 2009//
+/ccsr.php/1.8/Fri Apr 10 23:09:08 2009//
+D
diff --git a/www/api/CVS/Repository b/www/api/CVS/Repository
new file mode 100644
index 0000000..c80c92c
--- /dev/null
+++ b/www/api/CVS/Repository
@@ -0,0 +1 @@
+cacert/www/api
diff --git a/www/api/CVS/Root b/www/api/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/www/api/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
new file mode 100644
index 0000000..e81c738
--- /dev/null
+++ b/www/api/ccsr.php
@@ -0,0 +1,98 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ $username = mysql_real_escape_string($_REQUEST['username']);
+ $password = mysql_real_escape_string($_REQUEST['password']);
+
+ $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) != 1)
+ die("403,That username couldn't be found\n");
+ $user = mysql_fetch_assoc($res);
+ $memid = $user['id'];
+ $emails = array();
+ foreach($_REQUEST['email'] as $email)
+ {
+ $email = mysql_real_escape_string(trim($email));
+ $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ $id = $row['id'];
+ $emails[$id] = $email;
+ }
+ }
+ if(count($emails) <= 0)
+ die("404,Wasn't able to match any emails sent against your account");
+ $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $points = $row['points'];
+
+ $name = "CAcert WoT User\n";
+ $newname = mysql_real_escape_string(trim($_REQUEST['name']));
+ if($points >= 50)
+ {
+ if($newname == $user['fname']." ".$user['lname'] ||
+ $newname == $user['fname']." ".$user['mname']." ".$user['lname'] ||
+ $newname == $user['fname']." ".$user['lname']." ".$user['suffix'] ||
+ $newname == $user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])
+ $name = $newname;
+ }
+
+ $codesign = 0;
+ if($user['codesign'] == "1" && $_REQUEST['codesign'] == "1" && $points >= 100)
+ $codesign = 1;
+
+ $CSR = trim($_REQUEST['optionalCSR']);
+ $incsr = tempnam("/tmp", "ccsrIn");
+ $checkedcsr = tempnam("/tmp", "ccsrOut");
+ $fp = fopen($incsr, "w");
+ fputs($fp, $CSR);
+ fclose($fp);
+ $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`;
+ @unlink($incsr);
+ if(filesize($checkedcsr) <= 0)
+ die("404,Invalid or missing CSR");
+
+ $csrsubject = "/CN=$name";
+ foreach($emails as $id => $email)
+ $csrsubject .= "/emailAddress=".$email;
+
+ $query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS',
+ `memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
+ `subject`='$csrsubject', `codesign`='$codesign'";
+ mysql_query($query);
+ $certid = mysql_insert_id();
+ $CSRname = generatecertpath("csr","client",$certid);
+ rename($checkedcsr, $CSRname);
+
+ mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
+
+ foreach($emails as $emailid => $email)
+ mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");
+
+ $do = `../../scripts/runclient`;
+ sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
+ $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ die("404,Your certificate request has failed. ID: $certid");
+ $cert = mysql_fetch_assoc($res);
+ echo "200,Authentication Ok\n";
+ readfile("../".$cert['crt_name']);
+?>
diff --git a/www/api/cemails.php b/www/api/cemails.php
new file mode 100644
index 0000000..0d067ea
--- /dev/null
+++ b/www/api/cemails.php
@@ -0,0 +1,47 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ $username = mysql_escape_string($_REQUEST['username']);
+ $password = mysql_escape_string($_REQUEST['password']);
+
+ $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) != 1)
+ die("403,That username couldn't be found\n");
+ echo "200,Authentication Ok\n";
+ $user = mysql_fetch_assoc($res);
+ $memid = $user['id'];
+ $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $points = $row['points'];
+ echo "CS=".intval($user['codesign'])."\n";
+ echo "NAME=CAcert WoT User\n";
+ if($points >= 50)
+ {
+ echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])."\n";
+ if($user['mname'] != "")
+ echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])."\n";
+ if($user['suffix'] != "")
+ echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
+ if($user['mname'] != "" && $user['suffix'] != "")
+ echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
+ }
+ $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ echo "EMAIL=".$row['email']."\n";
+?>
diff --git a/www/api/edu.php b/www/api/edu.php
new file mode 100644
index 0000000..27b7b1b
--- /dev/null
+++ b/www/api/edu.php
@@ -0,0 +1,43 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+ $ipadress =$_SERVER['REMOTE_ADDR'];
+
+ if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on")
+ {
+ $serial=mysql_escape_string($_REQUEST["serial"]);
+ $root=intval($_REQUEST["root"]);
+
+ $sql="select memid from emailcerts where serial='$serial' and rootcert='$root'";
+ $query= mysql_query($sql);
+ if(mysql_num_rows($query) != 1)
+ {
+ echo "NOT FOUND: ".sanitizeHTML($sql);
+ }
+ else
+ {
+ $memid = mysql_fetch_assoc($query);
+ echo sanitizeHTML($memid['memid']);
+ }
+ }
+ else
+ {
+ echo "UNAUTHORIZED ACCESS ".$ipadress." ".$_SERVER['HTTPS'];
+ }
+?>
+
diff --git a/www/api/index.php b/www/api/index.php
new file mode 100644
index 0000000..24e7f8a
--- /dev/null
+++ b/www/api/index.php
@@ -0,0 +1,4 @@
+<?
+ header("location: ..");
+ exit;
+?>