summaryrefslogtreecommitdiff
path: root/www/alert_hash_collision.php
blob: f5eaa9c68ca940fd0629d66e1b9b01f07336b6c7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<?php

include("../includes/hash_password.php");
define('REPORT_WEAK_SCRIPT', './report-weak');

if (@$_GET['shared_secret'] != SHARED_SECRET)
	die('not authenticated');
if (!preg_match('/^[0-9a-f]{40}$/i', $_POST['pkhash']))
	die('malformed or nonexistant pkhash');
if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
	die('malformed or nonexistant usernym');

// alert seems ok

if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
{
  mysql_query("update emailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
  mysql_query("update domaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}
else
{
  mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
  mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}

//exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash']));

?>