summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php19
-rw-r--r--includes/general.php41
-rw-r--r--includes/mysql.php.sample1
-rw-r--r--includes/tverify_stuff.php78
-rw-r--r--pages/account/43.php6
-rw-r--r--pages/account/51.php34
-rw-r--r--pages/account/52.php105
-rw-r--r--tverify/.htaccess5
-rw-r--r--tverify/favicon.icobin3638 -> 0 bytes
-rw-r--r--tverify/index.php163
-rw-r--r--tverify/index/0.php149
-rw-r--r--tverify/index/1.php1
-rw-r--r--www/account.php13
13 files changed, 20 insertions, 595 deletions
diff --git a/includes/account.php b/includes/account.php
index 28bb6f9..07e470a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2923,25 +2923,6 @@ function buildSubjectFromSession() {
}
}
- /* presently not needed
- if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
- if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno)) {
- showheader(_("Something went wrong"));
- echo _("Writing to the admin log failed. Can't continue.");
- showfooter();
- exit;
- }
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['tverify'];
- mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
- }elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){
- $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
- }
- */
-
if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetassuret');
diff --git a/includes/general.php b/includes/general.php
index ad2b4b4..f575719 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -52,8 +52,7 @@
if(array_key_exists('HTTP_HOST',$_SERVER) &&
$_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
- $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] &&
- $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'])
+ $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'])
{
if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
header("location: https://".$_SESSION['_config']['normalhostname']);
@@ -63,19 +62,18 @@
}
if(array_key_exists('HTTP_HOST',$_SERVER) &&
- ($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
- $_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
+ ($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname']))
{
if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
{
}
else
{
- if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
- header("location: https://". $_SESSION['_config']['securehostname']);
- if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify'])
- header("location: https://".$_SESSION['_config']['tverify']);
+ if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname']){
+ header("location: https://". $_SESSION['_config']['securehostname']);
+ }
exit;
+
}
}
@@ -99,47 +97,46 @@
function loadem($section = "index")
{
- if($section != "index" && $section != "account" && $section != "tverify")
+ if($section != "index" && $section != "account")
{
$section = "index";
}
- if($section == "account")
+ if($section == "account"){
include_once($_SESSION['_config']['filepath']."/includes/account_stuff.php");
+ }
- if($section == "index")
+ if($section == "index"){
include_once($_SESSION['_config']['filepath']."/includes/general_stuff.php");
-
- if($section == "tverify")
- include_once($_SESSION['_config']['filepath']."/includes/tverify_stuff.php");
+ }
}
function includeit($id = "0", $section = "index")
{
$id = intval($id);
- if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg" && $section != "disputes" && $section != "tverify" && $section != "advertising")
+ if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg" && $section != "disputes" && $section != "advertising")
{
$section = "index";
}
- if($section == "tverify" && file_exists($_SESSION['_config']['filepath']."/tverify/index/$id.php"))
- include_once($_SESSION['_config']['filepath']."/tverify/index/$id.php");
- else if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php"))
+ if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php")){
include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php");
+ }
else {
$id = "0";
- if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php"))
+ if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php")){
include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php");
- else {
+ } else {
$section = "index";
$id = "0";
- if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php"))
+ if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php")){
include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php");
- else
+ } else {
include_once($_SESSION['_config']['filepath']."/www/error404.php");
+ }
}
}
}
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index 10185fc..d246f8f 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -24,7 +24,6 @@
}
$_SESSION['_config']['normalhostname'] = "www.cacert.org";
$_SESSION['_config']['securehostname'] = "secure.cacert.org";
- $_SESSION['_config']['tverify'] = "tverify.cacert.org";
function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $extra="")
{
diff --git a/includes/tverify_stuff.php b/includes/tverify_stuff.php
deleted file mode 100644
index 93f7c32..0000000
--- a/includes/tverify_stuff.php
+++ /dev/null
@@ -1,78 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-if(!function_exists("showheader"))
-{
- function showheader($title = "CAcert.org", $title2 = "")
- {
-
-?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title><?=$title?></title>
-<? if($_SESSION['_config']['header'] != "") { ?><?=$_SESSION['_config']['header']?><? } ?>
-<link rel="stylesheet" href="/styles/default.css" type="text/css">
-<link href="http://my.rsscache.com/www.cacert.org/rss.php" rel="alternate" type="application/rss+xml" title="rss">
-</head>
-<body>
- <div id="pagecell1">
- <div id="pageName"><br>
- <h2><a href="http://<?=$_SESSION['_config']['normalhostname']?>"><img src="https://www.CAcert.org/images/cacert4.png" border="0" alt="CAcert.org logo"></a></h2>
-<div id="googlead"><h2><?=_("Free digital certificates!")?></h2></div>
- </div>
- <div id="pageNav">
- <div class="relatedLinks">
- <h3><?=_("Join CAcert.org")?></h3>
- <a href="http://<?=$_SESSION['_config']['normalhostname']?>/"><?=_("Main Website")?></a>
- <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
- </div>
- <div class="relatedLinks">
- <h3><?=_("My Account")?></h3>
- <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4"><?=_("Normal Login")?></a>
- <a href="https://<?=$_SESSION['_config']['securehostname']?>/index.php?id=4"><?=_("Cert Login")?></a>
- <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5"><?=_("Lost Password")?></a>
- </div>
- </div>
- <div id="content">
- <div class="story">
- <h3><?=$title2?></h3>
-<? if($_SESSION['_config']['errmsg'] != "") { ?>
-<p><font color="#ff0000" size="+2"><? echo $_SESSION['_config']['errmsg']; $_SESSION['_config']['errmsg'] = ""; ?> </font></p>
-<? } ?>
-<?
- }
-}
-
-if(!function_exists("showfooter"))
-{
- function showfooter()
- {
-?>
- </div>
- </div>
- <div id="siteInfo">
- <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
- <a href="/index.php?id=10"><?=_("Privacy Policy")?></a> |
- <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
- <a href="/index.php?id=19"><?=_("Further Information")?></a> | &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
-</div>
-</body>
-</html><?
- }
-}
-?>
diff --git a/pages/account/43.php b/pages/account/43.php
index 80b1f18..6e4ebf1 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -282,12 +282,6 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><?=_("Ad Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
- <!-- presently not needed
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td>
- </tr>
- -->
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
diff --git a/pages/account/51.php b/pages/account/51.php
deleted file mode 100644
index 7273840..0000000
--- a/pages/account/51.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
-<?
- $uid = intval($_GET['photoid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) { ?>
-<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
-<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo _("This UID has already been voted on.");
- } else {
- echo _("Unable to locate a valid request for that UID.");
- }
- } } ?>
diff --git a/pages/account/52.php b/pages/account/52.php
deleted file mode 100644
index 6c00c26..0000000
--- a/pages/account/52.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-if($_SESSION['profile']['tverify'] <= 0) {
- echo _("You don't have access to this area.");
-} else {
- $uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- $row = mysql_fetch_assoc($res);
- $memid = intval($row['memid']);
-
- $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
- if($rc2 > 0) {
- showheader(_("My CAcert.org Account!"));
- echo _("You have already voted on this request.");
- showfooter();
- exit;
- }
-
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
- $notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='".intval($memid)."'";
- $user = mysql_fetch_assoc(mysql_query($query));
- $tobe = 50 - $notary['points'];
- if($row['URL'] != '' && $row['photoid'] != '') {
- $tobe = 150 - $notary['points'];
- } else if($row['URL'] != '') {
- $tobe = 90 - $notary['points'];
- }
- if(intval($tobe) <= 0) {
- $tobe = 0;
- }
-?>
-<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
-<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
-<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
-<? if($row['URL'] != '') { ?>
-<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
-<? } ?>
-<? if($row['photoid'] != '') { ?>
-<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
-<? } ?>
-<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
-<?=_("Potential Points")?>: <?=intval($tobe)?><br>
-<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
-
-<br>
-<form method="post" action="account.php">
-<?=_("Comment")?>: <input type="text" name="comment"><br>
-<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
-<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
-<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=intval($uid)?>">
-</form>
-<?
- } else {
- $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- echo _("This UID has already been voted on.")."<br/>";
- } else {
- if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
- }
-
- // Search for open requests:
- $query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res)) {
- $uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
- if($rc3 <= 0)
- {
- echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
- }
- }
- echo "</ul>\n<br>\n";
- } else {
- echo "<br/>"._("There are no pending requests where you haven't voted yet.");
- }
- }
-}
-
-?>
diff --git a/tverify/.htaccess b/tverify/.htaccess
deleted file mode 100644
index bb5fe0e..0000000
--- a/tverify/.htaccess
+++ /dev/null
@@ -1,5 +0,0 @@
-php_value auto_prepend_file /www/includes/general.php
-php_value output_buffering 1
-errordocument 404 /error404.php
-errordocument 403 /error403.php
-errordocument 401 /error401.php
diff --git a/tverify/favicon.ico b/tverify/favicon.ico
deleted file mode 100644
index 3c9c9c2..0000000
--- a/tverify/favicon.ico
+++ /dev/null
Binary files differ
diff --git a/tverify/index.php b/tverify/index.php
deleted file mode 100644
index d3a0fd5..0000000
--- a/tverify/index.php
+++ /dev/null
@@ -1,163 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
-// phpinfo(); exit;
- include_once("../includes/general.php");
- loadem("tverify");
-
- $id = intval($_GET['id']);
- if(intval($_REQUEST['id']) > 0)
- $id = intval($_REQUEST['id']);
-
- if($id == 1)
- {
- $nofile = 1;
- $filename = "";
- $photoid = $_FILES['photoid'];
- if($photoid['error'] == 0 && $_REQUEST["notaryURL"] != "")
- {
- $filename = $photoid['tmp_name'];
- $do = trim(`file -b -i $filename`);
- $type = strtolower($do);
- switch($type)
- {
- case 'image/gif': $ext = "gif"; $nofile = 0; break;
- case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
- case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
- case 'image/png': $ext = "png"; $nofile = 0; break;
- default:
- $id = 0;
- $_SESSION['_config']['errmsg'] = _("Only jpg, gif and png file types are acceptable, your browser sent a file of type: ").$type;
- }
- }
- }
-
- if($id == 1)
- {
- $email = mysql_real_escape_string(trim($_REQUEST["email"]));
- $password = mysql_real_escape_string(stripslashes(trim($_REQUEST["pword"])));
- $URL = mysql_real_escape_string(trim($_REQUEST["notaryURL"]));
- $CN = mysql_real_escape_string($_SESSION['_config']['CN']);
- $memid = intval($_SESSION['_config']['uid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
- $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
-
- if($URL != "" && $nofile == 0)
- $max = 150;
- else if($URL != "")
- $max = 90;
- else
- $max = 50;
-
- if($URL != "")
- if(!preg_match("/^https:\/\/www\.thawte\.com\/cgi\/personal\/wot\/directory\.exe\?(.*?&)?node=\d+(&.*)?$/",$URL))
- {
- showheader(_("Thawte Points Transfer"));
- echo _("You failed to enter a valid Thawte Notary URL.");
- showfooter();
- exit;
- }
-
- if($tmp['points'] >= $max)
- {
- showheader(_("Thawte Points Transfer"));
- echo _("Your request would not gain you any more points and will not be taken any further.").
- sprintf(_("You have %s points already and you would have been issued up to %s points."), $tmp['points'], $max);
- showfooter();
- exit;
- }
-
- }
-
- if($id == 1)
- {
- $query = "select * from `users`,`email` where `email`.`memid`='$memid' and `email`.`email`='$email' and `users`.`id`=`email`.`memid` and
- (`password`=old_password('$password') or `password`=sha1('$password') or `password`=password('$password'))";
- if(mysql_num_rows(mysql_query($query)) <= 0)
- {
- $_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details (password) to your certificate to an account on this system.");
- $id = 0;
- } else {
- $query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
- mysql_query($query);
- $tverify = mysql_insert_id();
- if($nofile == 0)
- {
- $filename = $photoid['tmp_name'];
- $newfile = mysql_real_escape_string('/www/photoid/'.$tverify.".".$ext);
- move_uploaded_file($filename, $newfile);
- $query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
- mysql_query($query);
- }
- }
- }
-
- if($id == 1)
- {
- $points = 0;
- if($URL != "" && $newfile != "")
- $points = 150 - intval($tmp['points']);
- else if($URL != "")
- $points = 90 - intval($tmp['points']);
- else
- $points = 50 - intval($tmp['points']);
-
- if($points < 0)
- $points = 0;
- }
-
- if($id == 1 && $max == 50)
- {
- if($points > 0)
- {
- mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
- `method`='Thawte Points Transfer', `when`=NOW()");
- fix_assurer_flag($memid);
- }
- $totalpoints = intval($tmp['points']) + $points;
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
-
- $body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
-
- $body .= _("Best regards")."\n";
- $body .= _("CAcert Support Team");
- sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
- } else if($id == 1) {
- $body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
- $body .= "To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
- $body .= "Or use the certificate login: https://secure.cacert.org/account.php?id=52&uid=$tverify\n\n";
-
- $body .= "We know that by signing into https://tverify.cacert.org that\n";
- $body .= "1. they have possession of a cert issued from Thawte\n";
- $body .= "2. the person named in the cert has been verified by Thawte's Web of Trust\n";
- $body .= "3. at least 1 of the emails listed as valid in that cert belongs to a\n";
- $body .= "CAcert.org user\n\n";
- $body .= "It's up to us as voting members to verify the details that can't be\n";
- $body .= "programatically handled, that means checking the ID, and signing into\n";
- $body .= "the Thawte site and validating their name is listed as a notary.\n\n";
-
- $body .= "Best regards"."\n";
- $body .= "CAcert Support Team";
-
- sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
- }
-
- showheader(_("Thawte Points Transfer"));
- includeit($id, "tverify");
- showfooter();
-?>
diff --git a/tverify/index/0.php b/tverify/index/0.php
deleted file mode 100644
index 2264bab..0000000
--- a/tverify/index/0.php
+++ /dev/null
@@ -1,149 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- $continue = 1;
- //Checking for Thawte Freemail members, who aren´t notaries
- if($_SERVER['SSL_CLIENT_S_DN_CN'] == 'Thawte Freemail Member')
- {
- $continue = 0;
- echo _("I wasn't able to locate your name on your certificate, as such you can't continue with this process.");
- }
-
- //Extracting the Email address from the certificate that is presented, looking up the email in the database to find the user that has registered it.
- if($continue == 1)
- {
- $addy = array();
- $emails = explode("/", trim($_SERVER['SSL_CLIENT_S_DN']));
- foreach($emails as $email)
- {
- $bits = explode("=", $email);
- if($bits['0'] == "emailAddress")
- {
- $query = "select * from `email` where `email`='".$bits['1']."' and `deleted`=0 and hash=''";
- $account = mysql_query($query);
- if(mysql_num_rows($account))
- $addy[] = $bits['1'];
- }
- }
- }
-
- //Verifying that we found a record with that email address
- if(count($addy) <= 0 && $continue == 1)
- {
- $continue = 0;
- echo _("I wasn't able to match any email accounts on your certificate to any accounts in our database, as such I can't continue with this process.");
- }
-
- //If we found one, we extract the member-id from the sql result of the query we did above, and fetch the name of that user
- if($continue == 1)
- {
- $row = mysql_fetch_assoc($account);
- $memid = $row['memid'];
-
-
- //Fetching the name of the user we have in the database:
- $query = "select `fname`, `mname`, `lname`, `suffix` from `users` where `id`='$memid' and `deleted`=0";
- $res = mysql_query($query);
- $row = mysql_fetch_assoc($res);
-
- //Building the user´s name, and ignoring punctuation
- $cacert_name=$row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
- $cacert_name=strtr($cacert_name,",.","");
- $cacert_name=trim(str_replace(" ", " ", $cacert_name));
-
- //Generate a short name form without the middle name
- $cacert_short_name=$row['fname']." ".$row['lname']." ".$row['suffix'];
- $cacert_short_name=strtr($cacert_short_name,",.","");
- $cacert_short_name=trim(str_replace(" ", " ", $cacert_short_name));
-
-
- $tverifybits = explode(" ", trim($_SERVER['SSL_CLIENT_S_DN_G']), 2);
- $firstname = trim($tverifybits['0']);
- $givenname = trim($_SERVER['SSL_CLIENT_S_DN_G']);
- $lastname = trim($_SERVER['SSL_CLIENT_S_DN_S']);
- $tverify_name=strtr("$givenname $lastname",",.","");
- $tverify_short_name=strtr("$firstname $lastname",",.","");
-
- if(($cacert_name != $tverify_name) and ($cacert_short_name == $tverify_name))
- {
- $continue = 0;
- printf(_("Your CAcert account contains a middle name (%s), but we cannot verify this middle name with the certificate."),$row['mname']);
-
- }
-
- if($continue and ($cacert_name != $tverify_name) and ($cacert_name == $tverify_short_name))
- {
- printf(_("Your certificate containes a middle name (%s) which isn´t listed in your CAcert account. In case you might want to get certificates with your middle name included in the future, you should add the middle name to your CAcert account before continueing."));
- }
-
- if($continue and ($cacert_name != $tverify_name) and ($cacert_name != $tverify_short_name) and ($cacert_short_name == $tverify_short_name))
- {
- printf(_("There is a problem with your middle name. You could remove the middle name in your CAcert account, which should help to continue with the TVerify process, but then you can´t use it in your certificates."));
- }
-
- if($continue and ($cacert_name != $tverify_name) and ($cacert_name != $tverify_short_name))
- {
- $continue = 0;
- printf(_("The name and email address on your certificate (%s) could not be exactly matched to any stored in our database (%s), as such I'm not able to continue with this process."),$tverify_name,$cacert_name);
- }
- }
-
- if($_SERVER['SSL_CLIENT_VERIFY'] == "SUCCESS" && $continue == 1)
- {
- $_SESSION['_config']['uid'] = $memid;
- $_SESSION['_config']['CN'] = trim($_SERVER['SSL_CLIENT_S_DN']);
-?>
-<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
-<?=_("By just submitting your Thawte certificate you can be issued 50 points automatically to any matching account in the system that you operate.")?><br>
-<?=_("To receive an additional 40 points you must also include a valid link to your notary listing on the Thawte website.")?><br>
-<?=_("If you meet the above criteria you are also elligible to receive an additional 60 points by submitting a legible government issued copy of your photo ID. If details on your photo ID aren't legible you may be excluded from receiving these points.")?></p>
-<? if($_SESSION['_config']['errmsg'] != "") { ?><p>&nbsp;</p><p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><?
- echo $_SESSION['_config']['errmsg']."</p>";
- unset($_SESSION['_config']['errmsg']);
-} ?>
-<form method="post" action="index.php" enctype="multipart/form-data">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Points Transfer and Verification")?></td>
- </tr>
- <tr>
- <td class="DataTD" width="125"><?=_("Email Address")?>: </td>
- <td class="DataTD" width="125"><input type="text" name="email" value="<?=$row['email']?>"></td>
- </tr>
- <tr>
- <td class="DataTD" width="125"><?=_("Notary URL")?>: </td>
- <td class="DataTD" width="125"><input type="text" name="notaryURL" value="<?=htmlentities($_POST['notaryURL'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD" width="125"><?=_("Photo ID")?>: </td>
- <td class="DataTD" width="125"><input type="file" name="photoid"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Pass Phrase")?>: </td>
- <td class="DataTD"><input type="password" name="pword"></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Submit Application for Points Transfer")?>"></td>
- </tr>
-
-</table>
-<input type="hidden" name="id" value="1">
-</form>
-<? } else if($continue == 1) {
- echo _("1I'm sorry, I couldn't verify your certificate");
- }
-?>
diff --git a/tverify/index/1.php b/tverify/index/1.php
deleted file mode 100644
index ad9875a..0000000
--- a/tverify/index/1.php
+++ /dev/null
@@ -1 +0,0 @@
-<p><?=_("Your request is now queued for processing, you will be notified by an automated email when your request has been verified by the points transfer team.");?></p>
diff --git a/www/account.php b/www/account.php
index c7f34a3..8dbf7a5 100644
--- a/www/account.php
+++ b/www/account.php
@@ -1,6 +1,6 @@
<? /*
LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
+ Copyright (C) 2004-2015 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -54,17 +54,6 @@
exit;
}
- } else if($id == 51 && $_GET['img'] == "show") {
- $query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res))
- {
- $row = mysql_fetch_assoc($res);
- readfile($row['photoid']);
- } else {
- die("No such file.");
- }
- exit;
} else if ($id == 37) {
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';