diff options
| -rwxr-xr-x | cgi-bin/siteseal.cgi | 92 | ||||
| -rw-r--r-- | includes/general.php | 3 | ||||
| -rw-r--r-- | includes/lib/account.php | 8 | ||||
| -rw-r--r-- | stamp/.htaccess | 5 | ||||
| -rw-r--r-- | stamp/certdet.php | 86 | ||||
| -rw-r--r-- | stamp/common.php | 151 | ||||
| -rw-r--r-- | stamp/displogo.php | 59 | ||||
| -rw-r--r-- | stamp/images/CAverify.png | bin | 3444 -> 0 bytes | |||
| -rw-r--r-- | stamp/index.php | 75 | ||||
| -rw-r--r-- | stamp/old_showlogo.php.broken | 25 | ||||
| -rw-r--r-- | stamp/report.php | 121 | ||||
| -rw-r--r-- | stamp/showlogo.php | 0 | ||||
| -rw-r--r-- | stamp/style.css | 620 | ||||
| -rw-r--r-- | www/api/ccsr.php | 109 | ||||
| -rw-r--r-- | www/api/cemails.php | 48 |
15 files changed, 5 insertions, 1397 deletions
diff --git a/cgi-bin/siteseal.cgi b/cgi-bin/siteseal.cgi deleted file mode 100755 index ac28697..0000000 --- a/cgi-bin/siteseal.cgi +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/php -q -<? -/** - * check site seal - * - * @package org.cacert.framework - * @author Duane Groth <duane@groth.net> - * @copyright Copyright (C) 2003-2008, {@link http://www.cacert.org/ CAcert Inc.} - * @license GPL Version 2 - * @version $Id: siteseal.cgi,v 1.4 2008-04-06 19:44:25 root Exp $ - */ - -if($_SERVER["HTTPS"] == "on") - $http = "https"; -else - $http = "http"; - -/* obfuscate var names */ -srand((double)microtime()*1000000); -$var1 = "ca1-".md5(rand(0,9999999)); -$var2 = "ca2-".md5(rand(0,9999999)); -$var3 = "ca3-".md5(rand(0,9999999)); -$var4 = "ca4-".md5(rand(0,9999999)); -$var5 = "ca5-".md5(rand(0,9999999)); -$var6 = "ca6-".md5(rand(0,9999999)); -$var7 = "ca7-".md5(rand(0,9999999)); -$var8 = "ca8-".md5(rand(0,9999999)); -$var9 = "ca9-".md5(rand(0,9999999)); -$var10 = "caa-".md5(rand(0,9999999)); -$var11 = "cab-".md5(rand(0,9999999)); - -header("Content-Type: text/javascript"); -header("Content-Disposition: inline; filename=\"siteseal.js\""); - -?> - -var <?=$var1?> = window.location.href; -<? // var <?=$var2?> = '<?=$http?>://www.cacert.org/certdetails.php?referer=' + <?=$var1?>; ?> -var <?=$var2?> = '<?=$http?>://www.cacert.org'; -var <?=$var3?> = (new Date()).getTimezoneOffset(); - -var <?=$var4?> = navigator.userAgent.toLowerCase(); -var <?=$var5?> = false; -if (<?=$var4?>.indexOf("msid") != 1) { - <?=$var5?> = (<?=$var4?>.indexOf("msie 5") == -1 && <?=$var4?>.indexOf("msie 6") == -1); -} - -function <?=$var6?>(e) { - if (document.addEventListener) { - if (e.target.name == '<?=$var7?>') { - <?=$var8?>(); - return false; - } - } else if (document.captureEvents) { - if (e.target.toString().indexOf('certdetails') != -1) { - <?=$var8?>(); - return false; - } - } - return true; -} - -function <?=$var9?>() { - if (event.button == 1) { - if (<?=$var5?>) { - return true; - } else { - <?=$var8?>(); - return false; - } - } else if (event.button == 2) { - <?=$var8?>(); - return false; - } -} - -function <?=$var8?>() { - cacertWindow = window.open(<?=$var2?>, '<?=$var10?>', config='height=420,width=523,toolbar=no,menubar=no,scrollbars=no,resizable=no,location=no,directories=no,status=yes'); - cacertWindow.focus(); -} - -if (document.addEventListener) { - document.addEventListener('mouseup', <?=$var6?>, true); -} else { - if (document.layers) { - document.captureEvents(Event.MOUSEDOWN); - document.onmousedown=<?=$var6?>; - } -} - -document.write("<a href='" + <?=$var2?> + "' target='<?=$var10?>' tabindex='-1' onmousedown='<?=$var9?>(); return false;'><img name='<?=$var7?>' border='0' src='<?=$http?>://www.cacert.org/sealgen.php?cert=<?=$cert?>&referer=" + <?=$var1?> + "' alt='Click to verify' oncontextmenu='return false;' /></a>"); ?> - diff --git a/includes/general.php b/includes/general.php index 17b449b..2b31fc6 100644 --- a/includes/general.php +++ b/includes/general.php @@ -47,8 +47,7 @@ if(array_key_exists('HTTP_HOST',$_SERVER) && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] && - $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'] && - $_SERVER['HTTP_HOST'] != "stamp.cacert.org") + $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify']) { if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on") header("location: https://".$_SESSION['_config']['normalhostname']); diff --git a/includes/lib/account.php b/includes/lib/account.php index dd8afd3..6e17dda 100644 --- a/includes/lib/account.php +++ b/includes/lib/account.php @@ -48,8 +48,8 @@ function fix_assurer_flag($userID = NULL) AND `cp`.`user_id` = `u`.`id` ) AND ( - SELECT SUM(`points`) FROM `notary` AS `n` - WHERE `n`.`to` = `u`.`id` + SELECT SUM(`awarded`) FROM `notary` AS `n` + WHERE `n`.`to` = `u`.`id` AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to` AND (`n`.`expire` > now() OR `n`.`expire` IS NULL) AND `n`.`deleted` = 0 @@ -81,8 +81,8 @@ function fix_assurer_flag($userID = NULL) AND `cp`.`user_id` = `u`.`id` ) OR ( - SELECT SUM(`points`) FROM `notary` AS `n` - WHERE `n`.`to` = `u`.`id` + SELECT SUM(`awarded`) FROM `notary` AS `n` + WHERE `n`.`to` = `u`.`id` AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to` AND ( `n`.`expire` > now() OR `n`.`expire` IS NULL diff --git a/stamp/.htaccess b/stamp/.htaccess deleted file mode 100644 index 3ad2abb..0000000 --- a/stamp/.htaccess +++ /dev/null @@ -1,5 +0,0 @@ -php_value auto_prepend_file /www/stamp/common.php -php_value output_buffering 1 -errordocument 404 /error404.php -errordocument 403 /error403.php -errordocument 401 /error401.php diff --git a/stamp/certdet.php b/stamp/certdet.php deleted file mode 100644 index a43d2a0..0000000 --- a/stamp/certdet.php +++ /dev/null @@ -1,86 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - $org = $invalid = 0; - $tz = intval($_REQUEST['tz']); - $now = date("Y-m-d", gmmktime("U") + ($tz * 3600)); - - $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2); - $arr = explode("/", $arr['1'], 2); - $ref = $arr['0']; - - $arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2); - $arr = explode("/", $arr['1'], 2); - $siteref = $arr['0']; - - if($siteref != "") - $siterefer = $_SERVER['HTTP_REFERER']; - else - $siterefer = $_REQUEST['refer']; - - if($ref == "" || ($ref != $siteref && $siteref != "")) - { - $invalid = 2; - } else { - if($_SESSION['_stamp']['ref'] == "") - $_SESSION['_stamp']['ref'] = $siterefer; - list($invalid, $info) = checkhostname($ref); - } -?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<head> -<title>CAcert.org Certificate Details!</title> -<link rel="stylesheet" href="style.css" type="text/css"> -</head> -<body> - <div id="pagecell1"> - <div id="pageName"><br> - <h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org"> - <img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2> -<? if($_SERVER['HTTPS']!="on") { ?> -<div id="googlead"><br><script type="text/javascript"><!-- -google_ad_client = "pub-0959373285729680"; -google_alternate_color = "ffffff"; -google_ad_width = 234; -google_ad_height = 60; -google_ad_format = "234x60_as"; -google_ad_type = "text"; -google_ad_channel = ""; -//--></script> -<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div> -<? } ?> - </div> - <div id="content"> - <div class="story"> - <h3>SSL Certificate Details for <?=$ref?></h3> -<? if($invalid == 0) { ?> - <p> - Status: Valid<br /> - Valid From: <?=$info['issued']?> GMT<br /> - Valid To: <?=$info['expire']?> GMT<br /> - Subject: <a href="#" title="<?=$info['subject']?>" onClick="return false;"><?=substr($info['subject'],0,80)?></a><br /> - Organisation: <? if($info['org'] == 0) { ?>N/A<? } else { echo $info['O'].", ".$info['L']." ".$info['ST']." ".$info['C']; } ?><br /> - Verification: <? if($info['points'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; } - else if($info['org'] == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p> -<? } else { ?> - <p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p> -<? } ?> - <p><a href="report.php">Problem with this site? Please report it</a></p> - </div> - </div> -</body> -</html> diff --git a/stamp/common.php b/stamp/common.php deleted file mode 100644 index d99a23a..0000000 --- a/stamp/common.php +++ /dev/null @@ -1,151 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - - include_once("/www/includes/general.php"); - - function clean($key) - { - return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key])))); - } - - function checkhostname($ref) - { - $ref = trim($ref); - if($ref[count($ref)-1] == "." || $ref[count($ref)-1] == ":") - $ref = substr($ref, 0, -1); - - $stampid = 0; - $query = "select * from `stampcache` where `hostname`='$ref'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - $row = mysql_fetch_assoc($res); - if($row['cacheexpire'] >= date("U")) - return(array($row['valid'], $row)); - else { - if($row['certid'] > 0) - { - if($row['org'] == 0) - $query = "select * from `domaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0"; - else - $query = "select * from `orgdomaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0"; - if($_REQUEST['debug'] == 1) - echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - $query = "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$row[id]'"; - if($_REQUEST['debug'] == 1) - echo $query."<br>\n"; - mysql_query($query); - return(array($row['valid'], $row)); - } - } - $stampid = $row['id']; - } - } - - $query = "select *,`domaincerts`.`id` as `certid`,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts` - where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and - `domaincerts`.`revoked`=0 and `domaincerts`.`expire` > NOW() and - (`domaincerts`.`subject` like '%=DNS:$ref/%' OR `domaincerts`.`subject` like '%=$ref/%' OR - `domaincerts`.`subject` like '%=DNS:$ref' OR `domaincerts`.`subject` like '%=$ref') - group by `domaincerts`.`id` order by `domaincerts`.`id`"; - if($_REQUEST['debug'] == 1) - echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - $bits = explode(".", $ref); - for($i = 1; $i < count($bits); $i++) - { - if($ref2 != "") - $ref2 .= "."; - $ref2 .= $bits[$i]; - } - $query = "select *,`domaincerts`.`id` as `certid`,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts` - where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and - `domaincerts`.`revoked`=0 and `domaincerts`.`expire` > NOW() and - (`domaincerts`.`subject` like '%=DNS:$ref/%' or `domaincerts`.`subject` like '%=DNS:*.$ref2/%' OR - `domaincerts`.`subject` like '%=DNS:$ref' or `domaincerts`.`subject` like '%=DNS:*.$ref2' OR - `domaincerts`.`subject` like '%=$ref/%' or `domaincerts`.`subject` like '%=*.$ref2/%' OR - `domaincerts`.`subject` like '%=$ref' or `domaincerts`.`subject` like '%=*.$ref2') - group by `domaincerts`.`id` order by `domaincerts`.`id`"; - if($_REQUEST['debug'] == 1) - echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - $query = "select *,`orgdomaincerts`.`id` as `certid`,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where - (`orgdomaincerts`.`subject` like '%=DNS:$ref/%' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2/%' OR - `orgdomaincerts`.`subject` like '%=DNS:$ref' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2' OR - `orgdomaincerts`.`subject` like '%=$ref/%' or `orgdomaincerts`.`subject` like '%=*.$ref2/%' OR - `orgdomaincerts`.`subject` like '%=$ref' or `orgdomaincerts`.`subject` like '%=*.$ref2') AND - `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and - `orgdomaincerts`.`revoked`=0 and `orgdomaincerts`.`expire` > NOW() - group by `orgdomaincerts`.`id` order by `orgdomaincerts`.`id`"; - if($_REQUEST['debug'] == 1) - echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - $invalid = 1; - } else { - $org = 1; - } - } - } - - if($invalid == 0) - { - $cert = mysql_fetch_assoc($res); - if($org == 0) - { - $query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND - `notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' and `notary`.`deleted`=0 GROUP BY `notary`.`to`"; - $user = mysql_fetch_assoc(mysql_query($query)); - } else { - $query = "select * from `orginfo` where `id`='$cert[orgid]'"; - $orgi = mysql_fetch_assoc(mysql_query($query)); - } - - if($stampid <= 0) - { - $query = "insert into `stampcache` set `certid`='$cert[certid]',`cacheexpire`='".(date("U")+600)."',`issued`='$cert[issued]', - `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]', - `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid'"; - } else { - $query = "update `stampcache` set `certid`='$cert[certid]',`cacheexpire`='".(date("U")+600)."',`issued`='$cert[issued]', - `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]', - `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid' where `id`='$stampid'"; - } - mysql_query($query); - } else if($stampid > 0) { - mysql_query("update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'"); - } else { - $query = "insert into `stampcache` set `cacheexpire`='".(date("U")+600)."',`hostname`='$ref',`valid`='$invalid'"; - mysql_query($query); - } - - $arr = array("issued" => $cert['issued'], "expire" => $cert['expire'], "subject" => $cert['subject'], "hostname" => $ref, - "org" => $org, "points" => $user['total'], "O" => $orgi['O'], "L" => $orgi['L'], "ST" => $orgi['ST'], - "C" => $orgi['C']); - - return(array($invalid, $arr)); - } -?> diff --git a/stamp/displogo.php b/stamp/displogo.php deleted file mode 100644 index 9c1f534..0000000 --- a/stamp/displogo.php +++ /dev/null @@ -1,59 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - $img = "/www/stamp/images/CAverify.png"; - $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2); - $arr = explode("/", $arr['1'], 2); - $ref = $arr['0']; - - $arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2); - $arr = explode("/", $arr['1'], 2); - $siteref = $arr['0']; - - if($_REQUEST['debug'] != 1) - header('Content-type: image/png'); - $im = imagecreatefrompng($img); - - if($ref == "" || ($ref != $siteref && $siteref != "")) - { - $tc = imagecolorallocate ($im, 255, 0, 0); - imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc); - imagestring ($im, 2, 1, 45, "Click to Report", $tc); - imagepng($im); - exit; - } - - list($invalid, $info) = checkhostname($ref); - - if($invalid > 0) - { - $tc = imagecolorallocate ($im, 255, 0, 0); - imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc); - imagestring ($im, 2, 1, 45, "Click to Report", $tc); - imagepng($im); - exit; - } - - $tz = intval($_REQUEST['tz']); - $now = date("Y-m-d", gmmktime("U") + ($tz * 3600)); - - $tc = imagecolorallocate ($im, 0, 0, 0); - imagestring ($im, 4, 1, 27, "Valid Cert!", $tc); - imagestring ($im, 1, 7, 42, "Click to Verify", $tc); - imagestring ($im, 1, 20, 52, $now, $tc); - imagepng($im); -?> diff --git a/stamp/images/CAverify.png b/stamp/images/CAverify.png Binary files differdeleted file mode 100644 index ab5c1ea..0000000 --- a/stamp/images/CAverify.png +++ /dev/null diff --git a/stamp/index.php b/stamp/index.php deleted file mode 100644 index 81a88db..0000000 --- a/stamp/index.php +++ /dev/null @@ -1,75 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> - - -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<head> -<title>CAcert.org Site Stamp DISCONTINUED!</title> -<link rel="stylesheet" href="style.css" type="text/css"> -</head> -<body> - <div id="pagecell1"> - <div id="pageName"><br> - <h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org"> - <img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2> -<? if($_SERVER['HTTPS']!="on") { ?> -<div id="googlead"><br><script type="text/javascript"><!-- -google_ad_client = "pub-0959373285729680"; -google_alternate_color = "ffffff"; -google_ad_width = 234; -google_ad_height = 60; -google_ad_format = "234x60_as"; -google_ad_type = "text"; -google_ad_channel = ""; -//--></script> -<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div> -<? } ?> - </div> - <div id="content"> - <div class="story"> - <h3>CAcert.org Site Stamp DISCONTINUED!</h3> - - The CAcert Site Stamp service is currently being discontinued. Please remove the stamps from your website. - <!-- - <p>The CAcert Site Stamp Programme is a very useful tool for site owners everywhere, it allows you yet another option to prevent people - from stealing your content or making a fake site to pretend to be your site to carry out a phishing attack against your customers.</p> - <p>To add the CAcert logo to your site you need to register for a <a href="https://www.cacert.org">CAcert</a> server certificate, then add the - following line somewhere on your website:</p> - <p><script type="text/javascript"><br /> - <!- -<br /> - document.write('<');<br /> - document.write('script type="text/javascript" src="'+location.protocol+'//stamp.cacert.org/showlogo.php"><');<br /> - document.write('/script>');<br /> - // - -><br /> - </script></p> - < s c ript type="text/javascript"> - < ! -<? ?> - - document.write('<'); - document.write('script type="text/javascript" src="'+location.protocol+'//stamp.cacert.org/showlogo.php"><'); - document.write('/script>'); - //- -> - </script> - <br /><br /><br /><br /> - --> - </div> - - </div> - </div> -</body> -</html> diff --git a/stamp/old_showlogo.php.broken b/stamp/old_showlogo.php.broken deleted file mode 100644 index 7f9045c..0000000 --- a/stamp/old_showlogo.php.broken +++ /dev/null @@ -1,25 +0,0 @@ -try -{ - var URI = location.protocol+'//stamp.cacert.org'; - var URL = encodeURIComponent(URI); - var curDateTime = new Date(); - var tz = -(curDateTime.getTimezoneOffset()/60); - var rf = encodeURIComponent(parent==self ? window.document.referrer : top.document.referrer); - var ul = encodeURIComponent(navigator.appName=="Netscape" ? navigator.language : navigator.userLanguage); - if(typeof(screen)=="object") - { - var sr = encodeURIComponent(screen.width+","+screen.height); - var cd = encodeURIComponent(screen.colorDepth); - var jo = encodeURIComponent(navigator.javaEnabled()?"Yes":"No"); - } - - document.write("<script type='text/javascript'>function popup() { "); - document.write("window.open('"+URI+"/certdet.php?refer="+location.href+"&tz="+tz+"', 'CertInfo',"); - document.write("'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=600,height=400,left=200,top=100'); } </script>"); - document.write("<a href='#' onClick='popup(); return false;'>"); - document.write("<img src='"+URI+"/displogo.php?refer="+location.href+"&tz="+tz+"&rf="+rf+"&ul="+ul+"&sr="+sr+"&cd="+cd+"&jo="+jo+"&URL="+URL+"' border='0' /></a>"); -} -catch(e) -{ - document.write("<img src='http://stamp.cacert.org/javascript_is_broken.php'/>"); -} diff --git a/stamp/report.php b/stamp/report.php deleted file mode 100644 index 519aa3a..0000000 --- a/stamp/report.php +++ /dev/null @@ -1,121 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - $arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2); - $arr = explode("/", $arr['1'], 2); - $ref = $arr['0']; - - $refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref']))); - $name = clean('name'); - $email = clean('email'); - $comment = clean('comment'); - $reason = clean('reason'); - $process = clean('process'); - - if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == "")) - { - $errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help."; - $process = ""; - } - - if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == "")) - { - $errmsg = "You must supply your name, a valid email address and comment."; - $process = ""; - } - - if($process != "") - { - $checkemail = checkEmail($email); - if($checkemail != "OK") - { - $errmsg = $checkemail; - $process = ""; - } - } else { - $_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref); - } - - if($process != "") - { - $IP = mysql_real_escape_string(trim($_SERVER['REMOTE_ADDR'])); - $iplong = ip2long($IP); - mysql_query("insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email', - `comment`='$comment', `reason`='$reason'"); - $id = mysql_insert_id(); - - $body = "New Abuse Report has been lodged via the the Stamp Interface:\n\n"; - $body .= "Reported ID: $id\n"; - $body .= "Reported IP: $IP\n"; - $body .= "From: $name <$email>\n"; - $body .= "URL: $refer\n"; - $body .= "Reason: $reason\n"; - $body .= "Comment: $comment\n"; - - sendmail("cacert-abuse@lists.cacert.org", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website"); - } - -?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<head> -<title>CAcert.org Abuse Report!</title> -<link rel="stylesheet" href="style.css" type="text/css"> -</head> -<body> - <div id="pagecell1"> - <div id="pageName"><br> - <h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org"> - <img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2> -<? if($_SERVER['HTTPS']!="on") { ?> -<div id="googlead"><br><script type="text/javascript"><!-- -google_ad_client = "pub-0959373285729680"; -google_alternate_color = "ffffff"; -google_ad_width = 234; -google_ad_height = 60; -google_ad_format = "234x60_as"; -google_ad_type = "text"; -google_ad_channel = ""; -//--></script> -<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div> -<? } ?> - </div> - <div id="content"> - <div class="story"> - <h3>Report abuse for <?=$ref?></h3> -<? if($process == "") { ?> -<? if($errmsg != "") { ?><p style="color:red"><?=$errmsg?></p><? } else { ?><br /><? } ?> - <form method="post" action="report.php"> - <label for="refer">URL: </label><input type="text" name="refer" value="<?=$refer?>" readonly="1" /><br /> - <label for="name">Name: </label><input type="text" name="name" value="<?=$name?>" /><br /> - <label for="email">Email: </label><input type="text" name="email" value="<?=$email?>" /><br /> - <label for="reason">Reason: </label><select name="reason"> - <option value='invalid'<? if($reason == "invalid") { echo " selected"; } ?>>Invalid Domain</option> - <option value='phishing'<? if($reason == "phishing") { echo " selected"; } ?>>Phishing Site</option> - <option value='spam'<? if($reason == "spam") { echo " selected"; } ?>>Spam</option> - <option value='other'<? if($reason == "other") { echo " selected"; } ?>>Other</option> - </select><br /> - <label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br /> - <label for="sub"> </label><input type="submit" name="process" value="Report Site"><br /> - <input type="hidden" name="pagehash" value="<?=$pagehash?>"> - </form> -<? } else { ?> - <p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p> -<? } ?> - </div> - </div> -</body> -</html> diff --git a/stamp/showlogo.php b/stamp/showlogo.php deleted file mode 100644 index e69de29..0000000 --- a/stamp/showlogo.php +++ /dev/null diff --git a/stamp/style.css b/stamp/style.css deleted file mode 100644 index c00a4c7..0000000 --- a/stamp/style.css +++ /dev/null @@ -1,620 +0,0 @@ -/***********************************************/ -/* emx_nav_right.css */ -/* Use with template Halo_rightNav.html */ -/***********************************************/ - -/***********************************************/ -/* HTML tag styles */ -/***********************************************/ -body { - font-family: Arial,sans-serif; - color: #333333; - line-height: 1.166; - margin: 0px; - padding: 0px; - background: #cccccc; -/* url("/siteimages/bg_grad.jpg") fixed; */ -} - - -/******* hyperlink and anchor tag styles *******/ - -a:link, a:visited { - color: #005FA9; - text-decoration: none; -} - -a:hover { - text-decoration: underline; -} - -/************** header tag styles **************/ - -h1 { - font: bold 120% Arial,sans-serif; - color: #334d55; - margin: 0px; - padding: 0px; -} - -h2 { - font: bold 114% Arial,sans-serif; - color: #006699; - margin: 0px; - padding: 0px; -} - -h3 { - font: bold 100% Arial,sans-serif; - color: #334d55; - margin: 0px; - padding: 0px; - cursor: pointer; - /* cursor: hand; */ -} - -h4 { - font: bold 100% Arial,sans-serif; - color: #333333; - margin: 0px; - padding: 0px; -} - -h5 { - font: 100% Arial,sans-serif; - color: #334d55; - margin: 0px; - padding: 0px; -} - - -/*************** list tag styles ***************/ - -ul.menu { - list-style: none; - margin :0px 0px 0px 15px; - padding-left: 5px; - border-left: 1px dotted #000; -} - -ul.top { - list-style: none; - margin: 0px 0px 0px 15px; - padding-left: 5px; - border-left: 0px; -} - -ul { - list-style: none; - margin: 0px 0px 0px 15px; - padding-left: 5px; - border-left: 1px dotted #000; -} - -/***********************************************/ -/* Layout Divs */ -/***********************************************/ -#pagecell1 { - position:absolute; - top: 2%; - left: 2%; - right: 2%; - width: 96%; - background-color: #ffffff; -} - -#tl { - position:absolute; - top: -1px; - left: -1px; - margin: 0px; - padding: 0px; - z-index: 100; -} - -#tr { - position:absolute; - top: -1px; - right: -1px; - margin: 0px; - padding: 0px; - z-index: 100; -} - -#masthead{ - position: absolute; - top: 0px; - left: 2%; - right: 2%; - width:95.6%; - -} - -#pageNav{ - float: right; - width:178px; - padding: 0px; - background-color: #F5f7f7; - border-left: 1px solid #cccccc; - font: small Verdana,sans-serif; -} - -#content{ - padding: 0px 10px 0px 0px; - margin:0px 0px 0px 0px; -} - - -/***********************************************/ -/* Component Divs */ -/***********************************************/ -#siteName{ - margin: 0px; - padding: 16px 0px 8px 0px; - color: #ffffff; - font-weight: normal; -} - -/************** utility styles *****************/ - -#utility{ - font: 75% Verdana,sans-serif; - position: absolute; - top: 16px; - right: 0px; - color: #919999; -} - -#utility a{ - color: #ffffff; -} - -#utility a:hover{ - text-decoration: underline; -} - -/************** pageName styles ****************/ - -#pageName{ - padding: 0px 0px 14px 10px; - margin: 0px; - border-bottom:1px solid #ccd2d2; -} - -#pageName h2{ - font: bold 175% Arial,sans-serif; - color: #000000; - margin:0px; - padding: 0px; -} - -/************* globalNav styles ****************/ - -#globalNav{ -position: relative; -width: 100%; -min-width: 640px; -height: 32px; -color: #cccccc; -padding: 0px; -margin: 0px; -background-image: url("siteimages/glbnav_background.gif"); -} - -#globalNav img{ - margin-bottom: -4px; - -} - -#gnl { - position: absolute; - top: 0px; - left:0px; -} - -#gnr { - position: absolute; - top: 0px; - right:0px; -} - -#globalLink{ - position: absolute; - top: 6px; - height: 22px; - min-width: 640px; - padding: 0px; - margin: 0px; - left: 10px; - z-index: 100; -} - - -a.glink, a.glink:visited{ - font-size: small; - color: #000000; - font-weight: bold; - margin: 0px; - padding: 2px 5px 4px 5px; - border-right: 1px solid #8FB8BC; -} - -a.glink:hover{ - background-image: url("siteimages/glblnav_selected.gif"); - text-decoration: none; -} - -.skipLinks {display: none;} - -/************ subglobalNav styles **************/ - -.subglobalNav{ - position: absolute; - top: 84px; - left: 0px; - /*width: 100%;*/ - min-width: 640px; - height: 20px; - padding: 0px 0px 0px 10px; - visibility: hidden; - color: #ffffff; -} - -.subglobalNav a:link, .subglobalNav a:visited { - font-size: 80%; - color: #ffffff; -} - -.subglobalNav a:hover{ - color: #cccccc; -} - -/*************** search styles *****************/ -/* -#listshow { - z-order: 101; -} -*/ -#search{ - position: absolute; - top: 125px; - right: 0px; -} - -#search form { - position: absolute; - top: 125px; - right: 300px; -} -#search input { - font-size: 11px; -} - -#search1{ - position: absolute; - top: 85px; - right: 300px; -} - -#search2{ - position: absolute; - top: 100px; - right: 300px; -} - -#search3{ - position: absolute; - top: 85px; - right: 240px; -} - -#search4{ - position: absolute; - top: 100px; - right: 226px; -} - -#googlead{ - position: absolute; - top: 5px; - right: 5px; - z-index: 101; -} - -#search input{ - font-size: 70%; - margin: 0px 0px 0px 10px; - } - -#search a:link, #search a:visited { - font-size: 80%; - font-weight: bold; - -} - -#search a:hover{ - margin: 0px; -} - - -/************* breadCrumb styles ***************/ - -#breadCrumb{ - padding: 5px 0px 5px 10px; - font: small Verdana,sans-serif; - color: #AAAAAA; -} - -#breadCrumb a{ - color: #AAAAAA; -} - -#breadCrumb a:hover{ - color: #005FA9; - text-decoration: underline; -} - - -/************** feature styles *****************/ - -.feature{ - padding: 0px 0px 10px 10px; - font-size: 80%; - min-height: 200px; - height: 200px; -} -html>body .feature {height: auto;} - -.feature h3{ - font: bold 175% Arial,sans-serif; - color: #000000; - padding: 30px 0px 5px 0px; -} - -.feature img{ - float: left; - padding: 0px 10px 0px 0px; -} - - -/*************** story styles ******************/ - -.story { - padding: 10px 0px 0px 10px; - font-size: 80%; - min-height: 272px; -} - -.story h3{ - font: bold 125% Arial,sans-serif; - color: #000000; -} - -.story p { - padding: 0px 0px 10px 0px; -} - -.story a.capsule{ - font: bold 1em Arial,sans-serif; - color: #005FA9; - display:block; - padding-bottom: 5px; -} - -.story a.capsule:hover{ - text-decoration: underline; -} - -td.storyLeft{ - padding-right: 12px; -} - - -/************** siteInfo styles ****************/ - -#siteInfo{ - clear: both; - border-top: 1px solid #cccccc; - font-size: small; - color: #cccccc; - padding: 10px 10px 10px 10px; -} - -/************ sectionLinks styles **************/ - -#sectionLinks{ - margin: 0px; - padding: 0px; - -} - -#sectionLinks h3{ - padding: 10px 0px 2px 10px; - border-bottom: 1px solid #cccccc; -} - -#sectionLinks a:link, #sectionLinks a:visited { - display: block; - border-top: 1px solid #ffffff; - border-bottom: 1px solid #cccccc; - background-image: url("siteimages/bg_nav.jpg"); - font-weight: bold; - padding: 3px 0px 3px 10px; - color: #21536A; -} - -#sectionLinks a:hover{ - border-top: 1px solid #cccccc; - background-color: #DDEEFF; - background-image: none; - font-weight: bold; - text-decoration: none; -} - - -/************* relatedLinks styles **************/ - -.relatedLinks{ - margin: 0px; - padding: 0px 0px 10px 10px; - border-bottom: 1px solid #cccccc; -} - -.relatedLinks h3{ - padding: 10px 0px 2px 0px; -} - -.relatedLinks a{ - display: block; -} - - -/**************** advert styles *****************/ - -#advert{ - padding: 10px; -} - -#advert img{ - display: block; -} - -/********************* end **********************/ - -.DataTD input, .DataTD textarea { - FONT-SIZE: 92%; -} - -.DataTD select, .DataTD option { - FONT-SIZE: 92%; -} - -.DataTD { - background-color: #E2E2E2; - border-style: inset; - border-width: 1px; - FONT-SIZE: 8pt; - COLOR: #000000; - FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif; - - background: #ffffff; - padding: 1px 5px 1px 5px; - border: 1px #CFCFCF solid; - border-left: 1px #CFCFCF dotted; - border-right: 1px #CFCFCF dotted; -} - -.DataTDGrey { - background-color: #EFEDED; - border-style: inset; - border-width: 1px; - FONT-SIZE: 8pt; - COLOR: #000000; - FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif; - - padding: 1px 5px 1px 5px; - border: 1px #CFCFCF solid; - border-left: 1px #CFCFCF dotted; - border-right: 1px #CFCFCF dotted; -} - -.DataTDNotDotted { - background-color: #E2E2E2; - border-style: inset; - border-width: 1px; - FONT-SIZE: 8pt; - COLOR: #000000; - FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif; - - background: #ffffff; - padding: 1px 5px 1px 5px; - border: 1px #CFCFCF solid; - border-left: 1px #CFCFCF solid; - border-right: 1px #CFCFCF solid; -} - -.wrapper { - border-collapse: collapse; - font-family: verdana, sans-serif; - font-size: 11px; - text-align: center; -} - -td.greytxt { - color: #CCCCCC; - font-size: smaller; - text-align: right; - vertical-align: bottom; -} - -.title { - background: #E2E2E2; - font-weight:BOLD; - padding: 1px 5px 1px 5px; - border: 1px solid #CFCFCF; - border-bottom: 3px double #CFCFCF; - border-top: 1px solid #656565; - text-align: center; -} - -.errmsg { - font-weight: BOLD; - color: #FF0000; -} - -.ac_menu -{ - border:1px solid black -} -.ac_normal -{ - background-color:#ffffff; - cursor:pointer; -} -.ac_highlight -{ - background-color:#3366cc; - color:white; - cursor:pointer; -} -.ac_normal .a -{ - font-size:13px; - color:black; -} -.ac_highlight .a -{ - font-size:13px; -} -.ac_normal .d -{ - float:right; - font-size:10px; - color:green; -} -.ac_highlight .d -{ - float:right; - font-size:10px; -} - -br { - clear: left; -} - -label { - font-size: 90%; -} - -label,input,select { - display: block; - width: 250px; - float: left; - margin-bottom: 10px; -} - -label { - text-align: right; - width: 75px; - padding-right: 20px; -} diff --git a/www/api/ccsr.php b/www/api/ccsr.php deleted file mode 100644 index 3bfe55a..0000000 --- a/www/api/ccsr.php +++ /dev/null @@ -1,109 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -require_once '../../includes/lib/check_weak_key.php'; - - $username = mysql_real_escape_string($_REQUEST['username']); - $password = mysql_real_escape_string($_REQUEST['password']); - - $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; - $res = mysql_query($query); - if(mysql_num_rows($res) != 1) - die("403,That username couldn't be found\n"); - $user = mysql_fetch_assoc($res); - $memid = $user['id']; - $emails = array(); - foreach($_REQUEST['email'] as $email) - { - $email = mysql_real_escape_string(trim($email)); - $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - $row = mysql_fetch_assoc($res); - $id = $row['id']; - $emails[$id] = $email; - } - } - if(count($emails) <= 0) - die("404,Wasn't able to match any emails sent against your account"); - $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`"; - $row = mysql_fetch_assoc(mysql_query($query)); - $points = $row['points']; - - $name = "CAcert WoT User\n"; - $newname = mysql_real_escape_string(trim($_REQUEST['name'])); - if($points >= 50) - { - if($newname == $user['fname']." ".$user['lname'] || - $newname == $user['fname']." ".$user['mname']." ".$user['lname'] || - $newname == $user['fname']." ".$user['lname']." ".$user['suffix'] || - $newname == $user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']) - $name = $newname; - } - - $codesign = 0; - if($user['codesign'] == "1" && $_REQUEST['codesign'] == "1" && $points >= 100) - $codesign = 1; - - $CSR = trim($_REQUEST['optionalCSR']); - - if (($weakKey = checkWeakKeyCSR($CSR)) !== "") - { - die("403, $weakKey"); - } - - $incsr = tempnam("/tmp", "ccsrIn"); - $checkedcsr = tempnam("/tmp", "ccsrOut"); - $fp = fopen($incsr, "w"); - fputs($fp, $CSR); - fclose($fp); - $incsr_esc = escapeshellarg($incsr); - $checkedcsr_esc = escapeshellarg($checkedcsr); - $do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc"); - @unlink($incsr); - if(filesize($checkedcsr) <= 0) - die("404,Invalid or missing CSR"); - - $csrsubject = "/CN=$name"; - foreach($emails as $id => $email) - $csrsubject .= "/emailAddress=".$email; - - $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS', - `memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'"; - mysql_query($query); - $certid = mysql_insert_id(); - $CSRname = generatecertpath("csr","client",$certid); - rename($checkedcsr, $CSRname); - - mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'"); - - foreach($emails as $emailid => $email) - mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'"); - - $do = shell_exec("../../scripts/runclient"); - sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED - $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - die("404,Your certificate request has failed. ID: ".intval($certid)); - $cert = mysql_fetch_assoc($res); - echo "200,Authentication Ok\n"; - readfile("../".$cert['crt_name']); -?> diff --git a/www/api/cemails.php b/www/api/cemails.php deleted file mode 100644 index f937069..0000000 --- a/www/api/cemails.php +++ /dev/null @@ -1,48 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - $username = mysql_escape_string($_REQUEST['username']); - $password = mysql_escape_string($_REQUEST['password']); - - $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; - $res = mysql_query($query); - if(mysql_num_rows($res) != 1) - die("403,That username couldn't be found\n"); - echo "200,Authentication Ok\n"; - $user = mysql_fetch_assoc($res); - $memid = $user['id']; - $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`"; - $row = mysql_fetch_assoc(mysql_query($query)); - $points = $row['points']; - echo "CS=".intval($user['codesign'])."\n"; - echo "NAME=CAcert WoT User\n"; - if($points >= 50) - { - echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])."\n"; - if($user['mname'] != "") - echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])."\n"; - if($user['suffix'] != "") - echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n"; - if($user['mname'] != "" && $user['suffix'] != "") - echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n"; - } - $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) { - echo "EMAIL=".sanitizeHTML($row['email'])."\n"; - } -?> |
