summaryrefslogtreecommitdiff
path: root/cacert/pages/account
diff options
context:
space:
mode:
Diffstat (limited to 'cacert/pages/account')
-rw-r--r--cacert/pages/account/0.php4
-rw-r--r--cacert/pages/account/13.php36
-rwxr-xr-xcacert/pages/account/40.php2
3 files changed, 26 insertions, 16 deletions
diff --git a/cacert/pages/account/0.php b/cacert/pages/account/0.php
index b595b84..84b581e 100644
--- a/cacert/pages/account/0.php
+++ b/cacert/pages/account/0.php
@@ -28,4 +28,6 @@
<h4><?=_("Org Client and Server Certificates")?></h4>
<p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p>
<h4><?=_("CAcert Web of Trust")?></h4>
-<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons. You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu")?></p>
+<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons.")?></p>
+<p><b><?=_("The former TTP (Trusted Third Party) System has been stopped, and is currently not available.")?></b></p>
+<? // "You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu</p> ?>
diff --git a/cacert/pages/account/13.php b/cacert/pages/account/13.php
index 829b543..e8dad73 100644
--- a/cacert/pages/account/13.php
+++ b/cacert/pages/account/13.php
@@ -24,11 +24,19 @@
$month = intval(substr($user['dob'], 5, 2));
$day = intval(substr($user['dob'], 8, 2));
- $body = sprintf(_("Hi %s,"),$user['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has viewed your lost password questions.")."\n";
+ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
+ $body .= _("You receive this automatic mail since you yourself or")."\n";
+ $body .= _("someone else looked up your secret questions and answers")."\n";
+ $body .= _("for a forgotten password.")."\n\n";
+ $body .= _("If it was you who looked up or changed that data, or clicked")."\n";
+ $body .= _("through the menu in your account, everything is in best order and")."\n";
+ $body .= _("you can ignore this mail.")."\n\n";
+ $body .= _("But if you received this mail without a recognisable reason,")."\n";
+ $body .= _("there is a danger that an unauthorised person accessed your")."\n";
+ $body .= _("account, and you should promptly change your password and your")."\n";
+ $body .= _("secret questions and answers.")."\n\n";
- $body .= _("Best regards")."\n"._("CAcert.org Support!");
+ $body .= _("With kind regards,")."\n\n"._("CAcert Support");
sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
?>
@@ -125,24 +133,24 @@
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
- <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=$user['Q1']?>"></td>
- <td class="DataTD"><input type="text" name="A1" value="<?=$user['A1']?>"></td>
+ <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=sanitizeHTML($user['Q1'])?>"></td>
+ <td class="DataTD"><input type="text" name="A1" value="<?=sanitizeHTML($user['A1'])?>"></td>
</tr>
<tr>
- <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=$user['Q2']?>"></td>
- <td class="DataTD"><input type="text" name="A2" value="<?=$user['A2']?>"></td>
+ <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=sanitizeHTML($user['Q2'])?>"></td>
+ <td class="DataTD"><input type="text" name="A2" value="<?=sanitizeHTML($user['A2'])?>"></td>
</tr>
<tr>
- <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=$user['Q3']?>"></td>
- <td class="DataTD"><input type="text" name="A3" value="<?=$user['A3']?>"></td>
+ <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=sanitizeHTML($user['Q3'])?>"></td>
+ <td class="DataTD"><input type="text" name="A3" value="<?=sanitizeHTML($user['A3'])?>"></td>
</tr>
<tr>
- <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=$user['Q4']?>"></td>
- <td class="DataTD"><input type="text" name="A4" value="<?=$user['A4']?>"></td>
+ <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=sanitizeHTML($user['Q4'])?>"></td>
+ <td class="DataTD"><input type="text" name="A4" value="<?=sanitizeHTML($user['A4'])?>"></td>
</tr>
<tr>
- <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=$user['Q5']?>"></td>
- <td class="DataTD"><input type="text" name="A5" value="<?=$user['A5']?>"></td>
+ <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=sanitizeHTML($user['Q5'])?>"></td>
+ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
diff --git a/cacert/pages/account/40.php b/cacert/pages/account/40.php
index 0142682..1b76f9c 100755
--- a/cacert/pages/account/40.php
+++ b/cacert/pages/account/40.php
@@ -15,7 +15,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
+if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
?>
<H3><?=_("Contact Us")?></H3>