diff options
author | Michael Tänzer <neo@nhng.de> | 2013-07-16 23:19:26 +0200 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2013-07-16 23:19:26 +0200 |
commit | aea694d929d09db48b008eda40fc2a77ea086e8d (patch) | |
tree | 97261963287386ebbfb51152d9002c58c17bd5b2 /includes | |
parent | 90dcf899dae9bff3dc9d7e7953e2841dadea178f (diff) | |
download | cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.tar.gz cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.tar.xz cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.zip |
Source code taken from cacert-20130716.tar.bz2
Diffstat (limited to 'includes')
-rw-r--r-- | includes/account.php | 27 | ||||
-rw-r--r-- | includes/account_stuff.php | 1 | ||||
-rw-r--r-- | includes/general.php | 22 | ||||
-rw-r--r-- | includes/loggedin.php | 47 | ||||
-rw-r--r-- | includes/mysql.php.sample | 3 | ||||
-rw-r--r-- | includes/notary.inc.php | 86 | ||||
-rw-r--r-- | includes/wot.inc.php | 9 |
7 files changed, 156 insertions, 39 deletions
diff --git a/includes/account.php b/includes/account.php index 496c7ca..cc2c581 100644 --- a/includes/account.php +++ b/includes/account.php @@ -622,10 +622,31 @@ { $row = mysql_fetch_assoc($res); echo $row['domain']."<br>\n"; - mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'"); - $dres = mysql_query("select * from `domlink` where `domid`='$id'"); + + $dres = mysql_query( + "select `domaincerts`.`id` + from `domaincerts` + where `domaincerts`.`domid` = '$id' + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$id'"); while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0 + and UNIX_TIMESTAMP(`expire`) - + UNIX_TIMESTAMP() > 0"); + } + + mysql_query( + "update `domains` + set `deleted`=NOW() + where `id` = '$id'"); } } } diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 148a0ac..b9544e0 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -262,6 +262,7 @@ function hideall() { <ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul> </div> <? } ?> + <? include("about_menu.php"); ?> </div> <div id="content"> <div class="story"> diff --git a/includes/general.php b/includes/general.php index d762586..d89c0e6 100644 --- a/includes/general.php +++ b/includes/general.php @@ -21,10 +21,10 @@ session_name("cacert"); session_start(); - session_register("_config"); - session_register("profile"); - session_register("signup"); - session_register("lostpw"); +// session_register("_config"); +// session_register("profile"); +// session_register("signup"); +// session_register("lostpw"); // if($_SESSION['profile']['id'] > 0) // session_regenerate_id(); @@ -536,17 +536,22 @@ $myemail = mysql_real_escape_string($email); if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email)) { - list($username,$domain)=split('@',$email); + list($username,$domain)=explode('@',$email,2); $dom = escapeshellarg($domain); $line = trim(`dig +short MX $dom 2>&1`); #echo $email."-$dom-$line-\n"; #echo `dig +short mx heise.de 2>&1`."-<br>\n"; $list = explode("\n", $line); - foreach($list as $row) - list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1)); + foreach($list as $row) { + if(!strstr($row, " ")) { + continue; + } + list($pri, $mxhosts[]) = explode(" ", trim($row), 2); + } $mxhosts[] = $domain; -#print_r($mxhosts); die; + array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } ); + foreach($mxhosts as $key => $domain) { $fp = @fsockopen($domain,25,$errno,$errstr,5); @@ -797,4 +802,5 @@ return $res; } + ?> diff --git a/includes/loggedin.php b/includes/loggedin.php index 5734fad..4f9b8e8 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -18,20 +18,29 @@ include_once("../includes/lib/general.php"); require_once("../includes/lib/l10n.php"); + include_once("../includes/mysql.php"); + + if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) { + $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 ); + } + if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) { + $_SESSION['profile']['id'] = 0; + $_SESSION['profile']['loggedin'] = 0; + } if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0) { $uid = $_SESSION['profile']['id']; $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { - if($key == '_config') + if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($$key); + //session_unregister($key); } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'")); @@ -50,14 +59,14 @@ { $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { - if($key == '_config') + if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($$key); + //session_unregister($key); } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( @@ -69,16 +78,16 @@ } else { $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { - if($key == '_config') + if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; - unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } - unset($_SESSION['_config']['oldlocation']); + $_SESSION['_config']['oldlocation'] = ''; foreach($_GET as $key => $val) { @@ -127,9 +136,9 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } header("location: https://".$normalhost."/index.php"); @@ -138,11 +147,11 @@ if($_SESSION['profile']['loggedin'] < 1) { - unset($_SESSION['_config']['oldlocation']); + $_SESSION['_config']['oldlocation'] = ''; foreach($_REQUEST as $key => $val) { - if($_SESSION['_config']['oldlocation']) + if('' != $_SESSION['_config']['oldlocation']) $_SESSION['_config']['oldlocation'] .= "&"; $key = str_replace(array("\n", "\r"), '', $key); diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample index eb86401..10185fc 100644 --- a/includes/mysql.php.sample +++ b/includes/mysql.php.sample @@ -64,7 +64,8 @@ fputs($smtp, "DATA\r\n"); $InputBuffer = fgets($smtp, 1024); fputs($smtp, "X-Mailer: CAcert.org Website\r\n"); - fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); + if (array_key_exists("REMOTE_ADDR", $_SERVER)) + fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); fputs($smtp, "Sender: $errorsto\r\n"); fputs($smtp, "Errors-To: $errorsto\r\n"); if($replyto != "") diff --git a/includes/notary.inc.php b/includes/notary.inc.php index cc0e0eb..d6f86a8 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -14,7 +14,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ +*/ function query_init ($query) { @@ -52,8 +52,8 @@ function get_top_assurer_position ($no_of_assurances) { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); return intval(query_get_number_of_rows($res)+1); } @@ -83,7 +83,7 @@ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); return $res; } - + function get_received_assurances_summary ($userid) { $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); @@ -129,7 +129,7 @@ $awarded = 100; } else - $experience = 0; + $experience = 0; switch ($row['method']) { @@ -303,7 +303,7 @@ ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td> -<? } +<? } ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> @@ -319,7 +319,7 @@ <td class="DataTD" <?=$tdstyle?>> </td> <? } else { ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> <? } } @@ -374,7 +374,7 @@ $res = get_given_assurances(intval($userid)); while($row = mysql_fetch_assoc($res)) { - $fromuser = get_user (intval($row['to'])); + $fromuser = get_user (intval($row['to'])); $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked); $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); $email = show_email_link ($fromuser['email'],intval($row['to'])); @@ -602,4 +602,74 @@ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } + + //functions to do with recording user agreements + function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){ + // write a new record to the table user_agreement + $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid. + ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ; + $res = mysql_query($query); + } + + function get_user_agreement_status($memid, $type="CCA"){ + //returns 0 - no user agreement, 1- at least one entry + $query="SELECT u.`document` FROM `user_agreements` u + WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + $res = mysql_query($query); + if(mysql_num_rows($res) <=0){ + return 0; + }else{ + return 1; + } + } + + function get_first_user_agreement($memid, $active=1, $type="CCA"){ + //returns an array (`document`,`date`,`method`, `comment`,`active`) + if($active==1){ + $filter="u.`memid`=".$memid; + }else{ + $filter="u.`secmemid`=".$memid; + } + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u + WHERE u.`document` = '".$type."' AND ".$filter." + ORDER BY u.`date` Limit 1;"; + $res = mysql_query($query); + if(mysql_num_rows($res) >0){ + $row = mysql_fetch_assoc($res); + $rec['document']= $row['document']; + $rec['date']= $row['date']; + $rec['method']= $row['method']; + $rec['comment']= $row['comment']; + $rec['active']= $row['active']; + }else{ + $rec=array(); + } + return $rec; + } + + function get_last_user_agreement($memid, $type="CCA"){ + //returns an array (`document`,`date`,`method`, `comment`,`active`) + $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) + union + (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + $res = mysql_query($query); + if(mysql_num_rows($res) >0){ + $row = mysql_fetch_assoc($res); + $rec['document']= $row['document']; + $rec['date']= $row['date']; + $rec['method']= $row['method']; + $rec['comment']= $row['comment']; + $rec['active']= $row['active']; + }else{ + $rec=array(); + } + return $rec; +} + + function delete_user_agreement($memid, $type="CCA"){ + //deletes all entries to an user for the given type of user agreements + mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); + mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); + } + ?> diff --git a/includes/wot.inc.php b/includes/wot.inc.php index 6b3bcc8..9471bee 100644 --- a/includes/wot.inc.php +++ b/includes/wot.inc.php @@ -40,6 +40,15 @@ return intval($row['list']); } + + function get_number_of_ttpassurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } function get_number_of_assurees ($userid) { |