bug-1192: changed text on index/52.php
[cacert-devel.git] / www / index.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 require_once('../includes/lib/l10n.php');
20 require_once('../includes/notary.inc.php');
21
22 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
23 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
24 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
25
26 if($id == 2)
27 $id = 0;
28
29 $_SESSION['_config']['errmsg'] = "";
30
31 if($id == 17 || $id == 20)
32 {
33 include_once("../pages/index/$id.php");
34 exit;
35 }
36
37 loadem("index");
38
39 $_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
40
41 if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
42 {
43 $oldid = 0;
44 $id = 5;
45 }
46
47 if($oldid == 6 && $process != "")
48 {
49 $body = "";
50 $answers = 0;
51 $qs = array();
52 $id = $oldid;
53 $oldid = 0;
54 if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
55 {
56 $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
57
58 if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
59 $answers++;
60 $body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
61 }
62 if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
63 {
64 $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
65
66 if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
67 $answers++;
68 $body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
69 }
70 if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
71 {
72 $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
73
74 if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
75 $answers++;
76 $body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
77 }
78 if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
79 {
80 $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
81
82 if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
83 $answers++;
84 $body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
85 }
86 if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
87 {
88 $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
89
90 if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
91 $answers++;
92 $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
93 }
94
95 $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
96 $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
97
98 if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
99 {
100 $body = "Someone has just attempted to update the pass phrase on the following account:\n".
101 "Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
102 "email: ".$_SESSION['lostpw']['user']['email']."\n".
103 "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
104 "---------------------------------------------------------------------\n".$body.
105 "---------------------------------------------------------------------\n";
106 sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
107 $_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
108 $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
109 } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
110 $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
111 } else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
112 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters.");
113 } else {
114 $score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
115 $_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
116 if($score < 3)
117 {
118 $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
119 } else {
120 $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
121 where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
122 mysql_query($query) || die(mysql_error());
123 showheader(_("Welcome to CAcert.org"));
124 echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
125 showfooter();
126 exit;
127 }
128 }
129 }
130
131 if($oldid == 5 && $process != "")
132 {
133 $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
134 $_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
135 $_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
136 $_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
137 $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
138 $query = "select * from `users` where `email`='$email' and `dob`='$dob'";
139 $res = mysql_query($query);
140 if(mysql_num_rows($res) <= 0)
141 {
142 $id = $oldid;
143 $oldid = 0;
144 $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
145 } else {
146 $id = 6;
147 $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
148 }
149 }
150
151 //client login
152 if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
153 {
154 include_once("../includes/lib/general.php");
155 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
156 $_SERVER['SSL_CLIENT_I_DN_CN']);
157
158 if($user_id >= 0)
159 {
160 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
161 "select * from `users` where
162 `id`='$user_id' and `deleted`=0 and `locked`=0"));
163
164 if($_SESSION['profile']['id'] != 0)
165 {
166 $_SESSION['profile']['loggedin'] = 1;
167 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
168 exit;
169 } else {
170 $_SESSION['profile']['loggedin'] = 0;
171 }
172 }
173 }
174
175
176 if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
177 {
178 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
179 exit;
180 }
181
182 function getOTP64($otp)
183 {
184 $lookupChar = "123456789abcdefhkmnprstuvwxyzABCDEFGHKMNPQRSTUVWXYZ=+[]&@#*!-?%:";
185
186 for($i = 0; $i < 6; $i++)
187 $val[$i] = hexdec(substr($otp, $i * 2, 2));
188
189 $tmp1 = $val[0] >> 2;
190 $OTP = $lookupChar[$tmp1 & 63];
191 $tmp2 = $val[0] - ($tmp1 << 2);
192 $tmp1 = $val[1] >> 4;
193 $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
194 $tmp2 = $val[1] - ($tmp1 << 4);
195 $tmp1 = $val[2] >> 6;
196 $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
197 $tmp2 = $val[2] - ($tmp1 << 6);
198 $OTP .= $lookupChar[$tmp2 & 63];
199 $tmp1 = $val[3] >> 2;
200 $OTP .= $lookupChar[$tmp1 & 63];
201 $tmp2 = $val[3] - ($tmp1 << 2);
202 $tmp1 = $val[4] >> 4;
203 $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
204 $tmp2 = $val[4] - ($tmp1 << 4);
205 $tmp1 = $val[5] >> 6;
206 $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
207 $tmp2 = $val[5] - ($tmp1 << 6);
208 $OTP .= $lookupChar[$tmp2 & 63];
209
210 return $OTP;
211 }
212
213 function getOTP32($otp)
214 {
215 $lookupChar = "0123456789abcdefghkmnoprstuvwxyz";
216
217 for($i = 0; $i < 7; $i++)
218 $val[$i] = hexdec(substr($otp, $i * 2, 2));
219
220 $tmp1 = $val[0] >> 3;
221 $OTP = $lookupChar[$tmp1 & 31];
222 $tmp2 = $val[0] - ($tmp1 << 3);
223 $tmp1 = $val[1] >> 6;
224 $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
225 $tmp2 = ($val[1] - ($tmp1 << 6)) >> 1;
226 $OTP .= $lookupChar[$tmp2 & 31];
227 $tmp2 = $val[1] - (($val[1] >> 1) << 1);
228 $tmp1 = $val[2] >> 4;
229 $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
230 $tmp2 = $val[2] - ($tmp1 << 4);
231 $tmp1 = $val[3] >> 7;
232 $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
233 $tmp2 = ($val[3] - ($tmp1 << 7)) >> 2;
234 $OTP .= $lookupChar[$tmp2 & 31];
235 $tmp2 = $val[3] - (($val[3] - ($tmp1 << 7)) >> 2) << 2;
236 $tmp1 = $val[4] >> 5;
237 $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
238 $tmp2 = $val[4] - ($tmp1 << 5);
239 $OTP .= $lookupChar[$tmp2 & 31];
240 $tmp1 = $val[5] >> 3;
241 $OTP .= $lookupChar[$tmp1 & 31];
242 $tmp2 = $val[5] - ($tmp1 << 3);
243 $tmp1 = $val[6] >> 6;
244 $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
245
246 return $OTP;
247 }
248
249 if($oldid == 4)
250 {
251 $oldid = 0;
252 $id = 4;
253
254 $_SESSION['_config']['errmsg'] = "";
255
256 $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
257 $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
258 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
259 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
260 $res = mysql_query($query);
261 if(mysql_num_rows($res) <= 0)
262 {
263 $otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `verified`=1 and `deleted`=0 and `locked`=0";
264 $otpres = mysql_query($otpquery);
265 if(mysql_num_rows($otpres) > 0)
266 {
267 $otp = mysql_fetch_assoc($otpres);
268 $otphash = $otp['otphash'];
269 $otppin = $otp['otppin'];
270 if(strlen($pword) == 6)
271 {
272 $matchperiod = 18;
273 $time = round(gmdate("U") / 10);
274 } else {
275 $matchperiod = 3;
276 $time = round(gmdate("U") / 60);
277 }
278
279 $query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 600";
280 mysql_query($query);
281
282 $query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'";
283 if(mysql_num_rows(mysql_query($query)) <= 0)
284 {
285 $query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'";
286 mysql_query($query);
287 for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++)
288 {
289 if($otppin > 0)
290 $tmpmd5 = md5("$i$otphash$otppin");
291 else
292 $tmpmd5 = md5("$i$otphash");
293
294 if(strlen($pword) == 6)
295 $md5 = substr(md5("$i$otphash"), 0, 6);
296 else if(strlen($pword) == 8)
297 $md5 = getOTP64(md5("$i$otphash"));
298 else
299 $md5 = getOTP32(md5("$i$otphash"));
300
301 if($pword == $md5)
302 $res = mysql_query($otpquery);
303 }
304 }
305 }
306 }
307 if(mysql_num_rows($res) > 0)
308 {
309 $_SESSION['profile'] = "";
310 unset($_SESSION['profile']);
311 $_SESSION['profile'] = mysql_fetch_assoc($res);
312 $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'";
313 mysql_query($query);
314
315 if($_SESSION['profile']['language'] == "")
316 {
317 $query = "update `users` set `language`='".L10n::get_translation()."'
318 where `id`='".$_SESSION['profile']['id']."'";
319 mysql_query($query);
320 } else {
321 L10n::set_translation($_SESSION['profile']['language']);
322 L10n::init_gettext();
323 }
324 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
325 $res = mysql_query($query);
326 $row = mysql_fetch_assoc($res);
327 $_SESSION['profile']['points'] = $row['total'];
328 $_SESSION['profile']['loggedin'] = 1;
329 if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
330 $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
331 $_SESSION['profile']['Q5'] == "")
332 {
333 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
334 $_SESSION['_config']['oldlocation'] = "account.php?id=13";
335 }
336 if (!isset($_SESSION['_config']['oldlocation'])){
337 $_SESSION['_config']['oldlocation']='';
338 }
339 if (checkpwlight($pword) < 3)
340 $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
341 if($_SESSION['_config']['oldlocation'] != ""){
342 header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
343 }else{
344 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
345 }
346 exit;
347 }
348
349 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
350 `password`=password('$pword')) and `verified`=0 and `deleted`=0";
351 $res = mysql_query($query);
352 if(mysql_num_rows($res) <= 0)
353 {
354 $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase.");
355 } else {
356 $_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
357 }
358 }
359
360 // check for CCA acceptance prior to login
361 if ($oldid == 52 )
362 {
363 // Check if the user is already authenticated
364 if (!array_key_exists('profile',$_SESSION)
365 || !array_key_exists('loggedin',$_SESSION['profile'])
366 || $_SESSION['profile']['loggedin'] != 1)
367 {
368 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
369 exit;
370 }
371
372 if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
373 {
374 write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
375 $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
376
377 if (array_key_exists("oldlocation",$_SESSION['_config'])
378 && $_SESSION['_config']['oldlocation']!="")
379 {
380 header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
381 exit;
382 } else {
383 header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
384 exit;
385 }
386 }
387
388 // User didn't agree
389 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
390 exit;
391 }
392
393
394 if($process && $oldid == 1)
395 {
396 $id = 2;
397 $oldid = 0;
398
399 $_SESSION['_config']['errmsg'] = "";
400
401 $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
402 $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
403 $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
404 $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
405 $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
406 $_SESSION['signup']['day'] = intval($_REQUEST['day']);
407 $_SESSION['signup']['month'] = intval($_REQUEST['month']);
408 $_SESSION['signup']['year'] = intval($_REQUEST['year']);
409 $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
410 $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
411 $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
412 $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
413 $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
414 $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
415 $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
416 $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
417 $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
418 $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
419 $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
420 $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
421 $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
422 $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
423 $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
424 $_SESSION['signup']['radius'] = intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0);
425 $_SESSION['signup']['cca_agree'] = intval(array_key_exists('cca_agree',$_REQUEST)?$_REQUEST['cca_agree']:0);
426
427
428 if($_SESSION['signup']['Q1'] == $_SESSION['signup']['Q2'] ||
429 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q3'] ||
430 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q4'] ||
431 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q5'] ||
432 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q3'] ||
433 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q4'] ||
434 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q5'] ||
435 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q4'] ||
436 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q5'] ||
437 $_SESSION['signup']['Q4'] == $_SESSION['signup']['Q5'] ||
438 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q1'] ||
439 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q2'] ||
440 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q3'] ||
441 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q4'] ||
442 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q5'] ||
443 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q3'] ||
444 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q4'] ||
445 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q5'] ||
446 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q4'] ||
447 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q5'] ||
448 $_SESSION['signup']['A4'] == $_SESSION['signup']['Q5'] ||
449 $_SESSION['signup']['A1'] == $_SESSION['signup']['A2'] ||
450 $_SESSION['signup']['A1'] == $_SESSION['signup']['A3'] ||
451 $_SESSION['signup']['A1'] == $_SESSION['signup']['A4'] ||
452 $_SESSION['signup']['A1'] == $_SESSION['signup']['A5'] ||
453 $_SESSION['signup']['A2'] == $_SESSION['signup']['A3'] ||
454 $_SESSION['signup']['A2'] == $_SESSION['signup']['A4'] ||
455 $_SESSION['signup']['A2'] == $_SESSION['signup']['A5'] ||
456 $_SESSION['signup']['A3'] == $_SESSION['signup']['A4'] ||
457 $_SESSION['signup']['A3'] == $_SESSION['signup']['A5'] ||
458 $_SESSION['signup']['A4'] == $_SESSION['signup']['A5'])
459 {
460 $id = 1;
461 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
462 }
463
464 if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" ||
465 $_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" ||
466 $_SESSION['signup']['Q5'] == "")
467 {
468 $id = 1;
469 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>\n";
470 }
471 if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
472 {
473 $id = 1;
474 $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
475 }
476 if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
477 $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31 ||
478 !checkdate($_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) ||
479 mktime(0,0,0,$_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) > time() )
480 {
481 $id = 1;
482 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
483 }
484 if($_SESSION['signup']['cca_agree'] == "0")
485 {
486 $id = 1;
487 $_SESSION['_config']['errmsg'] .= _("You have to agree to the CAcert Community agreement.")."<br>\n";
488 }
489 if($_SESSION['signup']['email'] == "")
490 {
491 $id = 1;
492 $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
493 }
494 if($_SESSION['signup']['pword1'] == "")
495 {
496 $id = 1;
497 $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
498 }
499 if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
500 {
501 $id = 1;
502 $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
503 }
504
505 $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
506 if($score < 3)
507 {
508 $id = 1;
509 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
510 }
511
512 if($id == 2)
513 {
514 $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
515 $res1 = mysql_query($query);
516
517 $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
518 $res2 = mysql_query($query);
519 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
520 {
521 $id = 1;
522 $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
523 }
524
525 $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
526 $res = mysql_query($query);
527 if(mysql_num_rows($res) > 0)
528 {
529 $domain = mysql_fetch_assoc($res);
530 $domain = $domain['domain'];
531 $id = 1;
532 $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
533 }
534 }
535
536 if($id == 2)
537 {
538 $checkemail = checkEmail($_SESSION['signup']['email']);
539 if($checkemail != "OK")
540 {
541 $id = 1;
542 if (substr($checkemail, 0, 1) == "4")
543 {
544 $_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
545 } else {
546 $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
547 }
548 $_SESSION['_config']['errmsg'] .= "<br>\n$checkemail<br>\n";
549 }
550 }
551
552 if($id == 2)
553 {
554 $hash = make_hash();
555
556 $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
557 `password`=sha1('".$_SESSION['signup']['pword1']."'),
558 `fname`='".$_SESSION['signup']['fname']."',
559 `mname`='".$_SESSION['signup']['mname']."',
560 `lname`='".$_SESSION['signup']['lname']."',
561 `suffix`='".$_SESSION['signup']['suffix']."',
562 `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
563 `Q1`='".$_SESSION['signup']['Q1']."',
564 `Q2`='".$_SESSION['signup']['Q2']."',
565 `Q3`='".$_SESSION['signup']['Q3']."',
566 `Q4`='".$_SESSION['signup']['Q4']."',
567 `Q5`='".$_SESSION['signup']['Q5']."',
568 `A1`='".$_SESSION['signup']['A1']."',
569 `A2`='".$_SESSION['signup']['A2']."',
570 `A3`='".$_SESSION['signup']['A3']."',
571 `A4`='".$_SESSION['signup']['A4']."',
572 `A5`='".$_SESSION['signup']['A5']."',
573 `created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
574 mysql_query($query);
575 $memid = mysql_insert_id();
576 $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
577 `hash`='$hash',
578 `created`=NOW(),
579 `memid`='$memid'";
580 mysql_query($query);
581 $emailid = mysql_insert_id();
582 $query = "insert into `alerts` set `memid`='$memid',
583 `general`='".$_SESSION['signup']['general']."',
584 `country`='".$_SESSION['signup']['country']."',
585 `regional`='".$_SESSION['signup']['regional']."',
586 `radius`='".$_SESSION['signup']['radius']."'";
587 mysql_query($query);
588 write_user_agreement($memid, "CCA", "account creation", "", 1);
589
590 $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
591 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
592 $body .= _("Best regards")."\n"._("CAcert.org Support!");
593
594 sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
595 foreach($_SESSION['signup'] as $key => $val)
596 $_SESSION['signup'][$key] = "";
597 unset($_SESSION['signup']);
598 }
599 }
600
601 if($oldid == 11 && $process != "")
602 {
603 $who = stripslashes($_REQUEST['who']);
604 $email = stripslashes($_REQUEST['email']);
605 $subject = stripslashes($_REQUEST['subject']);
606 $message = stripslashes($_REQUEST['message']);
607 $secrethash = $_REQUEST['secrethash2'];
608
609 //check for spam via honeypot
610 if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
611 echo _("Form could not be sent.");
612 showfooter();
613 exit;
614 }
615
616 if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
617 {
618 $id = $oldid;
619 $process = "";
620 $_SESSION['_config']['errmsg'] = _("This seems like you have cookies or Javascript disabled, cannot continue.");
621 $oldid = 0;
622
623 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
624 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
625 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
626 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
627 echo _("This seems like you have cookies or Javascript disabled, cannot continue.");
628 die;
629 }
630 if(strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
631 {
632 $id = $oldid;
633 $process = "";
634 $_SESSION['_config']['errmsg'] = _("This seems like potential spam, cannot continue.");
635 $oldid = 0;
636
637 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
638 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
639 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
640 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
641 echo _("This seems like potential spam, cannot continue.");
642 die;
643 }
644
645
646 if(trim($who) == "" || trim($email) == "" || trim($subject) == "" || trim($message) == "")
647 {
648 $id = $oldid;
649 $process = "";
650 $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
651 $oldid = 0;
652 }
653 }
654
655 if($oldid == 11 && $process != "")
656 {
657 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
658 if (isset($process[0])){
659 sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
660 showheader(_("Welcome to CAcert.org"));
661 echo _("Your message has been sent to the general support list.");
662 showfooter();
663 exit;
664 }
665 if (isset($process[1])){
666 sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
667 showheader(_("Welcome to CAcert.org"));
668 echo _("Your message has been sent.");
669 showfooter();
670 exit;
671 }
672 }
673
674 if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
675 $_SESSION['signup']['year'] = "19XX";
676
677 if ($id == 12)
678 {
679 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
680 $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
681 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
682 }
683
684 if ($id == 19)
685 {
686 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
687 $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
688 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
689 }
690
691 if ($id == 8)
692 {
693 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
694 $newUrl = $protocol . '://wiki.cacert.org/Board';
695 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
696 }
697
698
699 showheader(_("Welcome to CAcert.org"));
700 includeit($id);
701 showfooter();
702 ?>