Bug 1114: Deleted CAcert postal address
[cacert-devel.git] / www / alert_hash_collision.php
1 <?php
2
3 include("../includes/hash_password.php");
4 define('REPORT_WEAK_SCRIPT', './report-weak');
5
6 if (@$_GET['shared_secret'] != SHARED_SECRET)
7 die('not authenticated');
8 if (!preg_match('/^[0-9a-f]{40}$/i', $_POST['pkhash']))
9 die('malformed or nonexistant pkhash');
10 if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
11 die('malformed or nonexistant usernym');
12
13 // alert seems ok
14
15 if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
16 {
17 mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
18 mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
19 }
20 else
21 {
22 mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
23 mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
24 }
25
26 //exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash']));
27
28 ?>