summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-07-16 23:19:26 +0200
committerMichael Tänzer <neo@nhng.de>2013-07-16 23:19:26 +0200
commitaea694d929d09db48b008eda40fc2a77ea086e8d (patch)
tree97261963287386ebbfb51152d9002c58c17bd5b2 /includes
parent90dcf899dae9bff3dc9d7e7953e2841dadea178f (diff)
downloadcacert-aea694d929d09db48b008eda40fc2a77ea086e8d.tar.gz
cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.tar.xz
cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.zip
Source code taken from cacert-20130716.tar.bz2
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php27
-rw-r--r--includes/account_stuff.php1
-rw-r--r--includes/general.php22
-rw-r--r--includes/loggedin.php47
-rw-r--r--includes/mysql.php.sample3
-rw-r--r--includes/notary.inc.php86
-rw-r--r--includes/wot.inc.php9
7 files changed, 156 insertions, 39 deletions
diff --git a/includes/account.php b/includes/account.php
index 496c7ca..cc2c581 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -622,10 +622,31 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
- $dres = mysql_query("select * from `domlink` where `domid`='$id'");
+
+ $dres = mysql_query(
+ "select `domaincerts`.`id`
+ from `domaincerts`
+ where `domaincerts`.`domid` = '$id'
+ union distinct
+ select `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$id'");
while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0
+ and UNIX_TIMESTAMP(`expire`) -
+ UNIX_TIMESTAMP() > 0");
+ }
+
+ mysql_query(
+ "update `domains`
+ set `deleted`=NOW()
+ where `id` = '$id'");
}
}
}
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 148a0ac..b9544e0 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -262,6 +262,7 @@ function hideall() {
<ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul>
</div>
<? } ?>
+ <? include("about_menu.php"); ?>
</div>
<div id="content">
<div class="story">
diff --git a/includes/general.php b/includes/general.php
index d762586..d89c0e6 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -21,10 +21,10 @@
session_name("cacert");
session_start();
- session_register("_config");
- session_register("profile");
- session_register("signup");
- session_register("lostpw");
+// session_register("_config");
+// session_register("profile");
+// session_register("signup");
+// session_register("lostpw");
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();
@@ -536,17 +536,22 @@
$myemail = mysql_real_escape_string($email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
- list($username,$domain)=split('@',$email);
+ list($username,$domain)=explode('@',$email,2);
$dom = escapeshellarg($domain);
$line = trim(`dig +short MX $dom 2>&1`);
#echo $email."-$dom-$line-\n";
#echo `dig +short mx heise.de 2>&1`."-<br>\n";
$list = explode("\n", $line);
- foreach($list as $row)
- list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1));
+ foreach($list as $row) {
+ if(!strstr($row, " ")) {
+ continue;
+ }
+ list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
+ }
$mxhosts[] = $domain;
-#print_r($mxhosts); die;
+ array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
+
foreach($mxhosts as $key => $domain)
{
$fp = @fsockopen($domain,25,$errno,$errstr,5);
@@ -797,4 +802,5 @@
return $res;
}
+
?>
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 5734fad..4f9b8e8 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -18,20 +18,29 @@
include_once("../includes/lib/general.php");
require_once("../includes/lib/l10n.php");
+ include_once("../includes/mysql.php");
+
+ if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
+ $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+ }
+ if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
+ $_SESSION['profile']['id'] = 0;
+ $_SESSION['profile']['loggedin'] = 0;
+ }
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
$uid = $_SESSION['profile']['id'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
@@ -50,14 +59,14 @@
{
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
@@ -69,16 +78,16 @@
} else {
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_GET as $key => $val)
{
@@ -127,9 +136,9 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
header("location: https://".$normalhost."/index.php");
@@ -138,11 +147,11 @@
if($_SESSION['profile']['loggedin'] < 1)
{
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_REQUEST as $key => $val)
{
- if($_SESSION['_config']['oldlocation'])
+ if('' != $_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$key = str_replace(array("\n", "\r"), '', $key);
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index eb86401..10185fc 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -64,7 +64,8 @@
fputs($smtp, "DATA\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "X-Mailer: CAcert.org Website\r\n");
- fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
+ if (array_key_exists("REMOTE_ADDR", $_SERVER))
+ fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
fputs($smtp, "Sender: $errorsto\r\n");
fputs($smtp, "Errors-To: $errorsto\r\n");
if($replyto != "")
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index cc0e0eb..d6f86a8 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
function query_init ($query)
{
@@ -52,8 +52,8 @@
function get_top_assurer_position ($no_of_assurances)
{
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
@@ -83,7 +83,7 @@
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
-
+
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
@@ -129,7 +129,7 @@
$awarded = 100;
}
else
- $experience = 0;
+ $experience = 0;
switch ($row['method'])
{
@@ -303,7 +303,7 @@
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
-<? }
+<? }
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
@@ -319,7 +319,7 @@
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<? } else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
@@ -374,7 +374,7 @@
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
- $fromuser = get_user (intval($row['to']));
+ $fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));
@@ -602,4 +602,74 @@
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
+
+ //functions to do with recording user agreements
+ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
+ // write a new record to the table user_agreement
+ $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
+ ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
+ $res = mysql_query($query);
+ }
+
+ function get_user_agreement_status($memid, $type="CCA"){
+ //returns 0 - no user agreement, 1- at least one entry
+ $query="SELECT u.`document` FROM `user_agreements` u
+ WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <=0){
+ return 0;
+ }else{
+ return 1;
+ }
+ }
+
+ function get_first_user_agreement($memid, $active=1, $type="CCA"){
+ //returns an array (`document`,`date`,`method`, `comment`,`active`)
+ if($active==1){
+ $filter="u.`memid`=".$memid;
+ }else{
+ $filter="u.`secmemid`=".$memid;
+ }
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
+ WHERE u.`document` = '".$type."' AND ".$filter."
+ ORDER BY u.`date` Limit 1;";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $row = mysql_fetch_assoc($res);
+ $rec['document']= $row['document'];
+ $rec['date']= $row['date'];
+ $rec['method']= $row['method'];
+ $rec['comment']= $row['comment'];
+ $rec['active']= $row['active'];
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+ function get_last_user_agreement($memid, $type="CCA"){
+ //returns an array (`document`,`date`,`method`, `comment`,`active`)
+ $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $row = mysql_fetch_assoc($res);
+ $rec['document']= $row['document'];
+ $rec['date']= $row['date'];
+ $rec['method']= $row['method'];
+ $rec['comment']= $row['comment'];
+ $rec['active']= $row['active'];
+ }else{
+ $rec=array();
+ }
+ return $rec;
+}
+
+ function delete_user_agreement($memid, $type="CCA"){
+ //deletes all entries to an user for the given type of user agreements
+ mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
+ mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+ }
+
?>
diff --git a/includes/wot.inc.php b/includes/wot.inc.php
index 6b3bcc8..9471bee 100644
--- a/includes/wot.inc.php
+++ b/includes/wot.inc.php
@@ -40,6 +40,15 @@
return intval($row['list']);
}
+
+ function get_number_of_ttpassurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
function get_number_of_assurees ($userid)
{