summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php10
-rw-r--r--www/gpg.php11
2 files changed, 21 insertions, 0 deletions
diff --git a/includes/account.php b/includes/account.php
index 0899ba6..aecbd36 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -672,6 +672,14 @@
if($process != "" && $oldid == 10)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
@@ -782,6 +790,8 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `domaincerts` set
diff --git a/www/gpg.php b/www/gpg.php
index 345b559..267fabd 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -17,6 +17,7 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
+ require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
@@ -82,6 +83,14 @@ function verifyEmail($email)
$state=0;
if($oldid == "0" && $CSR != "")
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
$debugkey = $gpgkey = clean_gpgcsr($CSR);
$tnam = tempnam('/tmp/', '__gpg');
@@ -275,6 +284,8 @@ function verifyEmail($email)
if($oldid == "0" && $CSR != "")
{
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
`email`='".mysql_real_escape_string($lastvalidemail)."',
`level`='1',