Merge branch 'bug-1047' into bug-1042
[cacert-devel.git] / includes / general.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 require_once(dirname(__FILE__)."/lib/general.php");
20 require_once(dirname(__FILE__)."/notary.inc.php");
21
22 session_name("cacert");
23 session_start();
24
25 // session_register("_config");
26 // session_register("profile");
27 // session_register("signup");
28 // session_register("lostpw");
29 // if($_SESSION['profile']['id'] > 0)
30 // session_regenerate_id();
31
32 $pageLoadTime_Start = microtime(true);
33
34 $junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"),
35 _("CT Magazine - Germany"), _("Temporary Increase"), _("Unknown"));
36
37 $_SESSION['_config']['errmsg']="";
38
39 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
40 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
41
42 $_SESSION['_config']['filepath'] = "/www";
43
44 require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
45 require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php');
46 require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
47
48 if(array_key_exists('HTTP_HOST',$_SERVER) &&
49 $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
50 $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] &&
51 $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'])
52 {
53 if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
54 header("location: https://".$_SESSION['_config']['normalhostname']);
55 else
56 header("location: http://".$_SESSION['_config']['normalhostname']);
57 exit;
58 }
59
60 if(array_key_exists('HTTP_HOST',$_SERVER) &&
61 ($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
62 $_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
63 {
64 if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
65 {
66 }
67 else
68 {
69 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
70 header("location: https://". $_SESSION['_config']['securehostname']);
71 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify'])
72 header("location: https://".$_SESSION['_config']['tverify']);
73 exit;
74 }
75 }
76
77 L10n::detect_language();
78 L10n::init_gettext();
79
80 if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
81 {
82 $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
83 if($locked['locked'] == 0)
84 {
85 update_points_in_profile();
86 } else {
87 $_SESSION['profile'] = "";
88 unset($_SESSION['profile']);
89 }
90 }
91
92 function loadem($section = "index")
93 {
94 if($section != "index" && $section != "account" && $section != "tverify")
95 {
96 $section = "index";
97 }
98
99 if($section == "account")
100 include_once($_SESSION['_config']['filepath']."/includes/account_stuff.php");
101
102 if($section == "index")
103 include_once($_SESSION['_config']['filepath']."/includes/general_stuff.php");
104
105 if($section == "tverify")
106 include_once($_SESSION['_config']['filepath']."/includes/tverify_stuff.php");
107 }
108
109 function includeit($id = "0", $section = "index")
110 {
111 $id = intval($id);
112 if($section != "index" && $section != "account" && $section != "wot" && $section != "help" && $section != "gpg" && $section != "disputes" && $section != "tverify" && $section != "advertising")
113 {
114 $section = "index";
115 }
116
117 if($section == "tverify" && file_exists($_SESSION['_config']['filepath']."/tverify/index/$id.php"))
118 include_once($_SESSION['_config']['filepath']."/tverify/index/$id.php");
119 else if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php"))
120 include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php");
121 else {
122 $id = "0";
123
124 if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php"))
125 include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php");
126 else {
127
128 $section = "index";
129 $id = "0";
130
131 if(file_exists($_SESSION['_config']['filepath']."/pages/$section/$id.php"))
132 include_once($_SESSION['_config']['filepath']."/pages/$section/$id.php");
133 else
134 include_once($_SESSION['_config']['filepath']."/www/error404.php");
135 }
136 }
137 }
138
139 function checkpwlight($pwd) {
140 $points = 0;
141
142 if(strlen($pwd) > 15)
143 $points++;
144 if(strlen($pwd) > 20)
145 $points++;
146 if(strlen($pwd) > 25)
147 $points++;
148 if(strlen($pwd) > 30)
149 $points++;
150
151 //echo "Points due to length: $points<br/>";
152
153 if(preg_match("/\d/", $pwd))
154 $points++;
155
156 if(preg_match("/[a-z]/", $pwd))
157 $points++;
158
159 if(preg_match("/[A-Z]/", $pwd))
160 $points++;
161
162 if(preg_match("/\W/", $pwd))
163 $points++;
164
165 if(preg_match("/\s/", $pwd))
166 $points++;
167
168 //echo "Points due to length and charset: $points<br/>";
169
170 // check for historical password proposal
171 if ($pwd === "Fr3d Sm|7h") {
172 return 0;
173 }
174
175 return $points;
176 }
177
178 function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
179 {
180 $points = checkpwlight($pwd);
181
182 if(@strstr(strtolower($pwd), strtolower($email)))
183 $points--;
184
185 if(@strstr(strtolower($email), strtolower($pwd)))
186 $points--;
187
188 if(@strstr(strtolower($pwd), strtolower($fname)))
189 $points--;
190
191 if(@strstr(strtolower($fname), strtolower($pwd)))
192 $points--;
193
194 if($mname)
195 if(@strstr(strtolower($pwd), strtolower($mname)))
196 $points--;
197
198 if($mname)
199 if(@strstr(strtolower($mname), strtolower($pwd)))
200 $points--;
201
202 if(@strstr(strtolower($pwd), strtolower($lname)))
203 $points--;
204
205 if(@strstr(strtolower($lname), strtolower($pwd)))
206 $points--;
207
208 if($suffix)
209 if(@strstr(strtolower($pwd), strtolower($suffix)))
210 $points--;
211
212 if($suffix)
213 if(@strstr(strtolower($suffix), strtolower($pwd)))
214 $points--;
215
216 //echo "Points due to name matches: $points<br/>";
217
218 $shellpwd = escapeshellarg($pwd);
219 $do = shell_exec("grep -F -- $shellpwd /usr/share/dict/american-english");
220 if($do)
221 $points--;
222
223 //echo "Points due to wordlist: $points<br/>";
224
225 return($points);
226 }
227
228 function extractit()
229 {
230 $bits = explode(": ", $_SESSION['_config']['subject'], 2);
231 $bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:""));
232 $bits = explode("|", $bits);
233
234 $_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
235 $_SESSION['_config']['OU'] = "";
236
237 if(is_array($bits))
238 foreach($bits as $val)
239 {
240 if(!strstr($val, "="))
241 continue;
242
243 $split = explode("=", $val);
244
245 $k = $split[0];
246 $split['1'] = trim($split['1']);
247 if($k == "CN" && $split['1'])
248 {
249 $k = $_SESSION['_config']['cnc'].".".$k;
250 $_SESSION['_config']['cnc']++;
251 $_SESSION['_config'][$k] = $split['1'];
252 }
253 if($k == "OU" && $split['1'] && $_SESSION['_config']['OU'] == "")
254 {
255 $_SESSION['_config']['OU'] = $split['1'];
256 }
257 if($k == "subjectAltName" && $split['1'])
258 {
259 $k = $_SESSION['_config']['subaltc'].".".$k;
260 $_SESSION['_config']['subaltc']++;
261 $_SESSION['_config'][$k] = $split['1'];
262 }
263 }
264 }
265
266 function getcn()
267 {
268 unset($_SESSION['_config']['rows']);
269 unset($_SESSION['_config']['rowid']);
270 unset($_SESSION['_config']['rejected']);
271 $rows=array();
272 $rowid=array();
273 for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
274 {
275 $CN = $_SESSION['_config']["$cnc.CN"];
276 $bits = explode(".", $CN);
277 $dom = "";
278 $cnok = 0;
279 for($i = count($bits) - 1; $i >= 0; $i--)
280 {
281 if($dom)
282 $dom = $bits[$i].".".$dom;
283 else
284 $dom = $bits[$i];
285 $_SESSION['_config']['row'] = "";
286 $dom = mysql_real_escape_string($dom);
287 $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
288 $res = mysql_query($query);
289 if(mysql_num_rows($res) > 0)
290 {
291 $cnok = 1;
292 $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
293 $rowid[] = $_SESSION['_config']['row']['id'];
294 break;
295 }
296 }
297
298 if($cnok == 0)
299 $_SESSION['_config']['rejected'][] = $CN;
300
301 if($_SESSION['_config']['row'] != "")
302 $rows[] = $CN;
303 }
304 // if(count($rows) <= 0)
305 // {
306 // echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
307 // exit;
308 // }
309
310 $_SESSION['_config']['rows'] = $rows;
311 $_SESSION['_config']['rowid'] = $rowid;
312 }
313
314 function getalt()
315 {
316 unset($_SESSION['_config']['altrows']);
317 unset($_SESSION['_config']['altid']);
318 $altrows=array();
319 $altid=array();
320 for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
321 {
322 $subalt = $_SESSION['_config']["$altc.subjectAltName"];
323 if(substr($subalt, 0, 4) == "DNS:")
324 $alt = substr($subalt, 4);
325 else
326 continue;
327
328 $bits = explode(".", $alt);
329 $dom = "";
330 $altok = 0;
331 for($i = count($bits) - 1; $i >= 0; $i--)
332 {
333 if($dom)
334 $dom = $bits[$i].".".$dom;
335 else
336 $dom = $bits[$i];
337 $_SESSION['_config']['altrow'] = "";
338 $dom = mysql_real_escape_string($dom);
339 $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
340 $res = mysql_query($query);
341 if(mysql_num_rows($res) > 0)
342 {
343 $altok = 1;
344 $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
345 $altid[] = $_SESSION['_config']['altrow']['id'];
346 break;
347 }
348 }
349
350 if($altok == 0)
351 $_SESSION['_config']['rejected'][] = $alt;
352
353 if($_SESSION['_config']['altrow'] != "")
354 $altrows[] = $subalt;
355 }
356 $_SESSION['_config']['altrows'] = $altrows;
357 $_SESSION['_config']['altid'] = $altid;
358 }
359
360 function getcn2()
361 {
362 $rows=array();
363 $rowid=array();
364 for($cnc = 0; $cnc < $_SESSION['_config']['cnc']; $cnc++)
365 {
366 $CN = $_SESSION['_config']["$cnc.CN"];
367 $bits = explode(".", $CN);
368 $dom = "";
369 for($i = count($bits) - 1; $i >= 0; $i--)
370 {
371 if($dom)
372 $dom = $bits[$i].".".$dom;
373 else
374 $dom = $bits[$i];
375 $_SESSION['_config']['row'] = "";
376 $dom = mysql_real_escape_string($dom);
377 $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where
378 `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
379 `org`.`orgid`=`orginfo`.`id` and
380 `orgdomains`.`orgid`=`orginfo`.`id` and
381 `orgdomains`.`domain`='$dom'";
382 $res = mysql_query($query);
383 if(mysql_num_rows($res) > 0)
384 {
385 $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
386 $rowid[] = $_SESSION['_config']['row']['id'];
387 break;
388 }
389 }
390
391 if($_SESSION['_config']['row'] != "")
392 $rows[] = $CN;
393 }
394 // if(count($rows) <= 0)
395 // {
396 // echo _("There were no valid CommonName fields on the CSR, or I was unable to match any of these against your account. Please review your CSR, or add and verify domains contained in it to your account before trying again.");
397 // exit;
398 // }
399 $_SESSION['_config']['rows'] = $rows;
400 $_SESSION['_config']['rowid'] = $rowid;
401 }
402
403 function getalt2()
404 {
405 $altrows=array();
406 $altid=array();
407 for($altc = 0; $altc < $_SESSION['_config']['subaltc']; $altc++)
408 {
409 $subalt = $_SESSION['_config']["$altc.subjectAltName"];
410 if(substr($subalt, 0, 4) == "DNS:")
411 $alt = substr($subalt, 4);
412 else
413 continue;
414
415 $bits = explode(".", $alt);
416 $dom = "";
417 for($i = count($bits) - 1; $i >= 0; $i--)
418 {
419 if($dom)
420 $dom = $bits[$i].".".$dom;
421 else
422 $dom = $bits[$i];
423 $_SESSION['_config']['altrow'] = "";
424 $dom = mysql_real_escape_string($dom);
425 $query = "select * from `orginfo`,`orgdomains`,`org` where
426 `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
427 `org`.`orgid`=`orginfo`.`id` and
428 `orgdomains`.`orgid`=`orginfo`.`id` and
429 `orgdomains`.`domain`='$dom'";
430 $res = mysql_query($query);
431 if(mysql_num_rows($res) > 0)
432 {
433 $_SESSION['_config']['altrow'] = mysql_fetch_assoc($res);
434 $altid[] = $_SESSION['_config']['altrow']['id'];
435 break;
436 }
437 }
438
439 if($_SESSION['_config']['altrow'] != "")
440 $altrows[] = $subalt;
441 }
442 $_SESSION['_config']['altrows'] = $altrows;
443 $_SESSION['_config']['altid'] = $altid;
444 }
445
446 function checkownership($hostname)
447 {
448 $bits = explode(".", $hostname);
449 $dom = "";
450 for($i = count($bits) - 1; $i >= 0; $i--)
451 {
452 if($dom)
453 $dom = $bits[$i].".".$dom;
454 else
455 $dom = $bits[$i];
456 $dom = mysql_real_escape_string($dom);
457 $query = "select * from `org`,`orgdomains`,`orginfo`
458 where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
459 and `orgdomains`.`orgid`=`org`.`orgid`
460 and `orginfo`.`id`=`org`.`orgid`
461 and `orgdomains`.`domain`='$dom'";
462 $res = mysql_query($query);
463 if(mysql_num_rows($res) > 0)
464 {
465 $_SESSION['_config']['row'] = mysql_fetch_assoc($res);
466 return(true);
467 }
468 }
469 return(false);
470 }
471
472 function maxpoints($id = 0)
473 {
474 if($id <= 0)
475 $id = $_SESSION['profile']['id'];
476
477 $points = get_received_total_points($id);
478
479 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
480 $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'";
481 if(mysql_num_rows(mysql_query($query)) < 1)
482 {
483 if($points >= 100)
484 return(10);
485 else
486 return(0);
487 }
488
489 if($points >= 150)
490 return(35);
491 if($points >= 140)
492 return(30);
493 if($points >= 130)
494 return(25);
495 if($points >= 120)
496 return(20);
497 if($points >= 110)
498 return(15);
499 if($points >= 100)
500 return(10);
501 return(0);
502 }
503
504 function gpg_hex2bin($data)
505 {
506 while(strstr($data, "\\x"))
507 {
508 $pos = strlen($data) - strlen(strstr($data, "\\x"));
509 $before = substr($data, 0, $pos);
510 $char = chr(hexdec(substr($data, $pos + 2, 2)));
511 $after = substr($data, $pos + 4);
512 $data = $before.$char.$after;
513 }
514 return(utf8_decode($data));
515 }
516
517 function signmail($to, $subject, $message, $from, $replyto = "")
518 {
519 if($replyto == "")
520 $replyto = $from;
521 $tmpfname = tempnam("/tmp", "CSR");
522 $fp = fopen($tmpfname, "w");
523 fputs($fp, $message);
524 fclose($fp);
525 $to_esc = escapeshellarg($to);
526 $do = shell_exec("/usr/bin/gpg --homedir /home/gpg --clearsign \"$tmpfname\"|/usr/sbin/sendmail ".$to_esc);
527 @unlink($tmpfname);
528 }
529
530 function checkEmail($email)
531 {
532 $myemail = mysql_real_escape_string($email);
533 if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
534 {
535 list($username,$domain)=explode('@',$email,2);
536 $mxhostrr = array();
537 $mxweight = array();
538 if( !getmxrr($domain, $mxhostrr, $mxweight) ) {
539 $mxhostrr = array($domain);
540 $mxweight = array(0);
541 } else if ( empty($mxhostrr) ) {
542 $mxhostrr = array($domain);
543 $mxweight = array(0);
544 }
545
546 $mxhostprio = array();
547 for($i = 0; $i < count($mxhostrr); $i++) {
548 $mx_host = trim($mxhostrr[$i], '.');
549 $mx_prio = $mxweight[$i];
550 if(empty($mxhostprio[$mx_prio])) {
551 $mxhostprio[$mx_prio] = array();
552 }
553 $mxhostprio[$mx_prio][] = $mx_host;
554 }
555
556 array_walk($mxhostprio, function(&$mx) { shuffle($mx); } );
557 ksort($mxhostprio);
558
559 $mxhosts = array();
560 foreach($mxhostprio as $mx_prio => $mxhostnames) {
561 foreach($mxhostnames as $mx_host) {
562 $mxhosts[] = $mx_host;
563 }
564 }
565
566 foreach($mxhosts as $key => $domain)
567 {
568 $fp_opt = array(
569 'ssl' => array(
570 'verify_peer' => false, // Opportunistic Encryption
571 )
572 );
573 $fp_ctx = stream_context_create($fp_opt);
574 $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
575 if($fp)
576 {
577 stream_set_blocking($fp, true);
578
579 $has_starttls = false;
580
581 do {
582 $line = fgets($fp, 4096);
583 } while(substr($line, 0, 4) == "220-");
584 if(substr($line, 0, 3) != "220") {
585 fclose($fp);
586 continue;
587 }
588
589 fputs($fp, "EHLO www.cacert.org\r\n");
590 do {
591 $line = fgets($fp, 4096);
592 $has_starttls |= substr(trim($line),4) == "STARTTLS";
593 } while(substr($line, 0, 4) == "250-");
594 if(substr($line, 0, 3) != "250") {
595 fclose($fp);
596 continue;
597 }
598
599 if($has_starttls) {
600 fputs($fp, "STARTTLS\r\n");
601 do {
602 $line = fgets($fp, 4096);
603 } while(substr($line, 0, 4) == "220-");
604 if(substr($line, 0, 3) != "220") {
605 fclose($fp);
606 continue;
607 }
608
609 stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
610
611 fputs($fp, "EHLO www.cacert.org\r\n");
612 do {
613 $line = fgets($fp, 4096);
614 } while(substr($line, 0, 4) == "250-");
615 if(substr($line, 0, 3) != "250") {
616 fclose($fp);
617 continue;
618 }
619 }
620
621 fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
622 do {
623 $line = fgets($fp, 4096);
624 } while(substr($line, 0, 4) == "250-");
625 if(substr($line, 0, 3) != "250") {
626 fclose($fp);
627 continue;
628 }
629
630 fputs($fp, "RCPT TO:<$email>\r\n");
631 do {
632 $line = fgets($fp, 4096);
633 } while(substr($line, 0, 4) == "250-");
634 if(substr($line, 0, 3) != "250") {
635 fclose($fp);
636 continue;
637 }
638
639 fputs($fp, "QUIT\r\n");
640 fclose($fp);
641
642 $line = mysql_real_escape_string(trim(strip_tags($line)));
643 $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
644 if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
645 mysql_query($query);
646
647 if(substr($line, 0, 3) != "250")
648 return $line;
649 else
650 return "OK";
651 }
652 }
653 }
654 $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."',
655 `email`='$myemail', `result`='Failed to make a connection to the mail server'";
656 mysql_query($query);
657 return _("Failed to make a connection to the mail server");
658 }
659
660 function waitForResult($table, $certid, $id = 0, $show = 1)
661 {
662 $found = $trycount = 0;
663 if($certid<=0)
664 {
665 if($show) showheader(_("My CAcert.org Account!"));
666 echo _("ERROR: The new Certificate ID is wrong. Please contact support.\n");
667 if($show) showfooter();
668 if($show) exit;
669 return;
670 }
671 while($trycount++ <= 40)
672 {
673 if($table == "gpg")
674 $query = "select * from `$table` where `id`='".intval($certid)."' and `crt` != ''";
675 else
676 $query = "select * from `$table` where `id`='".intval($certid)."' and `crt_name` != ''";
677 $res = mysql_query($query);
678 if(mysql_num_rows($res) > 0)
679 {
680 $found = 1;
681 break;
682 }
683 sleep(3);
684 }
685
686 if(!$found)
687 {
688 if($show) showheader(_("My CAcert.org Account!"));
689 $query = "select * from `$table` where `id`='".intval($certid)."' ";
690 $res = mysql_query($query);
691 $body="";
692 $subject="";
693 if(mysql_num_rows($res) > 0)
694 {
695 printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
696 $subject="[CAcert.org] Certificate TIMEOUT";
697 $body = "A certificate has timed out!\n\n";
698 }
699 else
700 {
701 printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." certid:$table:".intval($certid), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
702 $subject="[CAcert.org] Certificate FAILURE";
703 $body = "A certificate has failed: $table $certid $id $show\n\n";
704 }
705
706 $body .= _("Best regards")."\n"._("CAcert.org Support!");
707
708 sendmail("philipp@cacert.org", $subject, $body, "returns@cacert.org", "", "", "CAcert Support");
709
710 if($show) showfooter();
711 if($show) exit;
712 }
713 }
714
715
716
717 function generateTicket()
718 {
719 $query = "insert into tickets (timestamp) values (now()) ";
720 mysql_query($query);
721 $ticket = mysql_insert_id();
722 return $ticket;
723 }
724
725 function sanitizeHTML($input)
726 {
727 return htmlentities(strip_tags($input), ENT_QUOTES, 'ISO-8859-1');
728 //In case of problems, please use the following line again:
729 //return htmlentities(strip_tags(utf8_decode($input)), ENT_QUOTES);
730 //return htmlspecialchars(strip_tags($input));
731 }
732
733 function make_hash()
734 {
735 if(function_exists("dio_open"))
736 {
737 $rnd = dio_open("/dev/urandom",O_RDONLY);
738 $hash = md5(dio_read($rnd,64));
739 dio_close($rnd);
740 } else {
741 $rnd = fopen("/dev/urandom", "r");
742 $hash = md5(fgets($rnd, 64));
743 fclose($rnd);
744 }
745 return($hash);
746 }
747
748 function csrf_check($nam, $show=1)
749 {
750 if(!array_key_exists('csrf',$_REQUEST) || !array_key_exists('csrf_'.$nam,$_SESSION))
751 {
752 showheader(_("My CAcert.org Account!"));
753 echo _("CSRF Hash is missing. Please try again.")."\n";
754 showfooter();
755 exit();
756 }
757 if(strlen($_REQUEST['csrf'])!=32)
758 {
759 showheader(_("My CAcert.org Account!"));
760 echo _("CSRF Hash is wrong. Please try again.")."\n";
761 showfooter();
762 exit();
763 }
764 if(!array_key_exists($_REQUEST['csrf'],$_SESSION['csrf_'.$nam]))
765 {
766 showheader(_("My CAcert.org Account!"));
767 echo _("CSRF Hash is wrong. Please try again.")."\n";
768 showfooter();
769 exit();
770 }
771 }
772 function make_csrf($nam)
773 {
774 $hash=make_hash();
775 $_SESSION['csrf_'.$nam][$hash]=1;
776 return($hash);
777 }
778
779 function clean_csr($CSR)
780 {
781 $newcsr = str_replace("\r\n","\n",trim($CSR));
782 $newcsr = str_replace("\n\n","\n",$newcsr);
783 return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",$newcsr));
784 }
785 function clean_gpgcsr($CSR)
786 {
787 return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",trim($CSR)));
788 }
789
790 function sanitizeFilename($text)
791 {
792 $text=preg_replace("/[^\w-.@]/","",$text);
793 return($text);
794 }
795
796
797 // returns text message to be shown to the user given the result of is_no_assurer
798 function no_assurer_text($Status)
799 {
800 if ($Status == 0) {
801 $Result = _("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.");
802 } elseif ($Status == 3) {
803 $Result = _("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!");
804 } elseif ($Status == 5) {
805 $Result = _("You have at least 100 Assurance Points, if you want to become an assurer try the").' <a href="https://cats.cacert.org/">'._("Assurer Challenge").'</a>!';
806 } elseif ($Status == 7) {
807 $Result = _("To become an Assurer you have to collect 100 Assurance Points and pass the").' <a href="https://cats.cacert.org/">'._("Assurer Challenge").'</a>!';
808 } elseif ($Status & 8 > 0) {
809 $Result = _("Sorry, you are not allowed to be an Assurer. Please contact").' <a href="mailto:cacert-support@lists.cacert.org">cacert-support@lists.cacert.org</a>'._(" if you feel that this is not corect.");
810 } else {
811 $Result = _("You are not an Assurer, but the reason is not stored in the database. Please contact").' <a href="mailto:cacert-support@lists.cacert.org">cacert-support@lists.cacert.org</a>.';
812 }
813 return $Result;
814 }
815
816 function is_assurer($userID)
817 {
818 if (get_assurer_status($userID))
819 return 0;
820 else
821 return 1;
822 }
823
824 function get_assurer_reason($userID)
825 {
826 return no_assurer_text(get_assurer_status($userID));
827 }
828
829 function generatecertpath($type,$kind,$id)
830 {
831 $name="../$type/$kind-".intval($id).".$type";
832 $newlayout=1;
833 if($newlayout)
834 {
835 $name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type";
836 if (!is_dir("../csr")) { mkdir("../csr",0777); }
837 if (!is_dir("../crt")) { mkdir("../crt",0777); }
838
839 if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); }
840 if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); }
841 if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); }
842 if (!is_dir("../crt/$kind/".intval($id/1000))) { mkdir("../crt/$kind/".intval($id/1000)); }
843 }
844 return $name;
845 }
846
847 /**
848 * Run the sql query given in $sql.
849 * The resource returned by mysql_query is
850 * returned by this function.
851 *
852 * It should be safe to replace every mysql_query
853 * call by a mysql_extended_query call.
854 */
855 function mysql_timed_query($sql)
856 {
857 global $sql_data_log;
858 $query_start = microtime(true);
859 $res = mysql_query($sql);
860 $query_end = microtime(true);
861 $sql_data_log[] = array("sql" => $sql, "duration" => $query_end - $query_start);
862 return $res;
863 }
864
865
866 ?>