Merge branch 'bug-1394' into testserver-stable
[cacert-devel.git] / www / index.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 require_once('../includes/lib/l10n.php');
20 require_once('../includes/notary.inc.php');
21
22 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
23 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
24 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
25
26 if($id == 2)
27 $id = 0;
28
29 $_SESSION['_config']['errmsg'] = "";
30
31 if($id == 17 || $id == 20)
32 {
33 include_once("../pages/index/$id.php");
34 exit;
35 }
36
37 loadem("index");
38
39 $_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
40
41 if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
42 {
43 $oldid = 0;
44 $id = 5;
45 }
46
47 if($oldid == 6 && $process != "")
48 {
49 $body = "";
50 $answers = 0;
51 $qs = array();
52 $id = $oldid;
53 $oldid = 0;
54 if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
55 {
56 $_SESSION['lostpw']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
57
58 if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
59 $answers++;
60 $body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
61 }
62 if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
63 {
64 $_SESSION['lostpw']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
65
66 if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
67 $answers++;
68 $body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
69 }
70 if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
71 {
72 $_SESSION['lostpw']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
73
74 if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
75 $answers++;
76 $body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
77 }
78 if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
79 {
80 $_SESSION['lostpw']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
81
82 if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
83 $answers++;
84 $body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
85 }
86 if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
87 {
88 $_SESSION['lostpw']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
89
90 if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
91 $answers++;
92 $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
93 }
94
95 $_SESSION['lostpw']['pw1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
96 $_SESSION['lostpw']['pw2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
97
98 if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
99 {
100 $body = "Someone has just attempted to update the pass phrase on the following account:\n".
101 "Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
102 "email: ".$_SESSION['lostpw']['user']['email']."\n".
103 "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
104 "---------------------------------------------------------------------\n".$body.
105 "---------------------------------------------------------------------\n";
106 sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
107 $_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
108 $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
109 } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
110 $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
111 } else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
112 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters.");
113 } else {
114 $score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
115 $_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
116 if($score < 3)
117 {
118 $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
119 } else {
120 $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
121 where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
122 mysql_query($query) || die(mysql_error());
123 showheader(_("Welcome to CAcert.org"));
124 echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
125 showfooter();
126 exit;
127 }
128 }
129 }
130
131 if($oldid == 5 && $process != "")
132 {
133 $email = $_SESSION['lostpw']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
134 $_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
135 $_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
136 $_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
137 $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
138 $query = "select * from `users` where `email`='$email' and `dob`='$dob'";
139 $res = mysql_query($query);
140 if(mysql_num_rows($res) <= 0)
141 {
142 $id = $oldid;
143 $oldid = 0;
144 $_SESSION['_config']['errmsg'] = _('Unable to match your details with any user accounts on file');
145 } else {
146 $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
147 //check wether account is locked or deleted
148 if ($_SESSION['lostpw']['user']['locked'] == 1 || $_SESSION['lostpw']['user']['deleted'] != 0) {
149 $id = $oldid;
150 $oldid = 0;
151 $_SESSION['_config']['errmsg'] = sprintf(_('The account is not available, please get in contact with support (%s).'),'support@cacert.org');
152 } else {
153 $id = 6;
154 }
155 }
156 }
157
158 //client login
159 if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
160 {
161 include_once("../includes/lib/general.php");
162 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
163 $_SERVER['SSL_CLIENT_I_DN_CN']);
164
165 if($user_id >= 0)
166 {
167 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
168 "select * from `users` where
169 `id`='$user_id' and `deleted`=0 and `locked`=0"));
170
171 if($_SESSION['profile']['id'] != 0)
172 {
173 $_SESSION['profile']['loggedin'] = 1;
174 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
175 exit;
176 } else {
177 $_SESSION['profile']['loggedin'] = 0;
178 }
179 }
180 }
181
182
183 if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
184 {
185 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
186 exit;
187 }
188
189 if($oldid == 4)
190 {
191 $oldid = 0;
192 $id = 4;
193
194 $_SESSION['_config']['errmsg'] = "";
195
196 $email = mysql_real_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
197 $pword = mysql_real_escape_string(stripslashes(trim($_REQUEST['pword'])));
198 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
199 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
200 $res = mysql_query($query);
201 $query = "SELECT 1 FROM `users` WHERE `email`='$email' and (UNIX_TIMESTAMP(`lastLoginAttempt`) < UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - 5 or `lastLoginAttempt` is NULL)" ;
202 $rateLimit = mysql_num_rows(mysql_query($query)) > 0;
203 if(mysql_num_rows($res) > 0 && $rateLimit)
204 {
205 $_SESSION['profile'] = "";
206 unset($_SESSION['profile']);
207 $_SESSION['profile'] = mysql_fetch_assoc($res);
208 $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
209 mysql_query($query);
210
211 if($_SESSION['profile']['language'] == "")
212 {
213 $query = "update `users` set `language`='".L10n::get_translation()."'
214 where `id`='".intval($_SESSION['profile']['id'])."'";
215 mysql_query($query);
216 } else {
217 L10n::set_translation($_SESSION['profile']['language']);
218 L10n::init_gettext();
219 }
220 update_points_in_profile();
221
222 $_SESSION['profile']['loggedin'] = 1;
223 if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
224 $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
225 $_SESSION['profile']['Q5'] == "")
226 {
227 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
228 $_SESSION['_config']['oldlocation'] = "account.php?id=13";
229 }
230 if (!isset($_SESSION['_config']['oldlocation'])){
231 $_SESSION['_config']['oldlocation']='';
232 }
233 if (checkpwlight($pword) < 3)
234 $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
235 if($_SESSION['_config']['oldlocation'] != ""){
236 header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
237 }else{
238 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
239 }
240 exit;
241 } else if($rateLimit){
242 $query = "update `users` set `lastLoginAttempt`=CURRENT_TIMESTAMP WHERE `email`='$email'";
243 mysql_query($query);
244 }
245
246 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
247 `password`=password('$pword')) and `verified`=0 and `deleted`=0";
248 $res = mysql_query($query);
249 if(!$rateLimit || mysql_num_rows($res) <= 0) {
250 $_SESSION['_config']['errmsg'] = _("Login failed due to incorrect email address, wrong passphrase or because the rate limit of one login per 5 seconds was hit.");
251 } else {
252 $_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
253 }
254 }
255
256 // check for CCA acceptance prior to login
257 if ($oldid == 52 )
258 {
259 // Check if the user is already authenticated
260 if (!array_key_exists('profile',$_SESSION)
261 || !array_key_exists('loggedin',$_SESSION['profile'])
262 || $_SESSION['profile']['loggedin'] != 1)
263 {
264 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
265 exit;
266 }
267
268 if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
269 {
270 write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
271 $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
272
273 if (array_key_exists("oldlocation",$_SESSION['_config'])
274 && $_SESSION['_config']['oldlocation']!="")
275 {
276 header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
277 exit;
278 } else {
279 header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
280 exit;
281 }
282 }
283
284 // User didn't agree
285 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
286 exit;
287 }
288
289
290 if($process && $oldid == 1)
291 {
292 $id = 2;
293 $oldid = 0;
294
295 $_SESSION['_config']['errmsg'] = "";
296
297 $_SESSION['signup']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
298 $_SESSION['signup']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
299 $_SESSION['signup']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
300 $_SESSION['signup']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
301 $_SESSION['signup']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
302 $_SESSION['signup']['day'] = intval($_REQUEST['day']);
303 $_SESSION['signup']['month'] = intval($_REQUEST['month']);
304 $_SESSION['signup']['year'] = intval($_REQUEST['year']);
305 $_SESSION['signup']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1'])));
306 $_SESSION['signup']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2'])));
307 $_SESSION['signup']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
308 $_SESSION['signup']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
309 $_SESSION['signup']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
310 $_SESSION['signup']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
311 $_SESSION['signup']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
312 $_SESSION['signup']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
313 $_SESSION['signup']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
314 $_SESSION['signup']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
315 $_SESSION['signup']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
316 $_SESSION['signup']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
317 $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
318 $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
319 $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
320 $_SESSION['signup']['radius'] = intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0);
321 $_SESSION['signup']['cca_agree'] = intval(array_key_exists('cca_agree',$_REQUEST)?$_REQUEST['cca_agree']:0);
322
323
324 if($_SESSION['signup']['Q1'] == $_SESSION['signup']['Q2'] ||
325 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q3'] ||
326 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q4'] ||
327 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q5'] ||
328 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q3'] ||
329 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q4'] ||
330 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q5'] ||
331 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q4'] ||
332 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q5'] ||
333 $_SESSION['signup']['Q4'] == $_SESSION['signup']['Q5'] ||
334 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q1'] ||
335 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q2'] ||
336 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q3'] ||
337 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q4'] ||
338 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q5'] ||
339 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q3'] ||
340 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q4'] ||
341 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q5'] ||
342 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q4'] ||
343 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q5'] ||
344 $_SESSION['signup']['A4'] == $_SESSION['signup']['Q5'] ||
345 $_SESSION['signup']['A1'] == $_SESSION['signup']['A2'] ||
346 $_SESSION['signup']['A1'] == $_SESSION['signup']['A3'] ||
347 $_SESSION['signup']['A1'] == $_SESSION['signup']['A4'] ||
348 $_SESSION['signup']['A1'] == $_SESSION['signup']['A5'] ||
349 $_SESSION['signup']['A2'] == $_SESSION['signup']['A3'] ||
350 $_SESSION['signup']['A2'] == $_SESSION['signup']['A4'] ||
351 $_SESSION['signup']['A2'] == $_SESSION['signup']['A5'] ||
352 $_SESSION['signup']['A3'] == $_SESSION['signup']['A4'] ||
353 $_SESSION['signup']['A3'] == $_SESSION['signup']['A5'] ||
354 $_SESSION['signup']['A4'] == $_SESSION['signup']['A5'])
355 {
356 $id = 1;
357 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
358 }
359
360 if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" ||
361 $_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" ||
362 $_SESSION['signup']['Q5'] == "")
363 {
364 $id = 1;
365 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>\n";
366 }
367 if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
368 {
369 $id = 1;
370 $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
371 }
372 if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
373 $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31 ||
374 !checkdate($_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) ||
375 mktime(0,0,0,$_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) > time() )
376 {
377 $id = 1;
378 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
379 }
380 if($_SESSION['signup']['cca_agree'] == "0")
381 {
382 $id = 1;
383 $_SESSION['_config']['errmsg'] .= _("You have to agree to the CAcert Community agreement.")."<br>\n";
384 }
385 if($_SESSION['signup']['email'] == "")
386 {
387 $id = 1;
388 $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
389 }
390 if($_SESSION['signup']['pword1'] == "")
391 {
392 $id = 1;
393 $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
394 }
395 if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
396 {
397 $id = 1;
398 $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
399 }
400
401 $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
402 if($score < 3)
403 {
404 $id = 1;
405 $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
406 }
407
408 if($id == 2)
409 {
410 $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
411 $res1 = mysql_query($query);
412
413 $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
414 $res2 = mysql_query($query);
415 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
416 {
417 $id = 1;
418 $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
419 }
420
421 $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
422 $res = mysql_query($query);
423 if(mysql_num_rows($res) > 0)
424 {
425 $domain = mysql_fetch_assoc($res);
426 $domain = $domain['domain'];
427 $id = 1;
428 $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
429 }
430 }
431
432 if($id == 2)
433 {
434 $checkemail = checkEmail($_SESSION['signup']['email']);
435 if($checkemail != "OK")
436 {
437 $id = 1;
438 if (substr($checkemail, 0, 1) == "4")
439 {
440 $_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
441 } else {
442 $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
443 }
444 $_SESSION['_config']['errmsg'] .= "<br>\n$checkemail<br>\n";
445 }
446 }
447
448 if($id == 2)
449 {
450 $hash = make_hash();
451
452 $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
453 `password`=sha1('".$_SESSION['signup']['pword1']."'),
454 `fname`='".$_SESSION['signup']['fname']."',
455 `mname`='".$_SESSION['signup']['mname']."',
456 `lname`='".$_SESSION['signup']['lname']."',
457 `suffix`='".$_SESSION['signup']['suffix']."',
458 `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
459 `Q1`='".$_SESSION['signup']['Q1']."',
460 `Q2`='".$_SESSION['signup']['Q2']."',
461 `Q3`='".$_SESSION['signup']['Q3']."',
462 `Q4`='".$_SESSION['signup']['Q4']."',
463 `Q5`='".$_SESSION['signup']['Q5']."',
464 `A1`='".$_SESSION['signup']['A1']."',
465 `A2`='".$_SESSION['signup']['A2']."',
466 `A3`='".$_SESSION['signup']['A3']."',
467 `A4`='".$_SESSION['signup']['A4']."',
468 `A5`='".$_SESSION['signup']['A5']."',
469 `created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
470 mysql_query($query);
471 $memid = mysql_insert_id();
472 $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
473 `hash`='$hash',
474 `created`=NOW(),
475 `memid`='$memid'";
476 mysql_query($query);
477 $emailid = mysql_insert_id();
478 $query = "insert into `alerts` set `memid`='$memid',
479 `general`='".$_SESSION['signup']['general']."',
480 `country`='".$_SESSION['signup']['country']."',
481 `regional`='".$_SESSION['signup']['regional']."',
482 `radius`='".$_SESSION['signup']['radius']."'";
483 mysql_query($query);
484 write_user_agreement($memid, "CCA", "account creation", "", 1);
485
486 $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
487 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
488 $body .= _("Best regards")."\n"._("CAcert.org Support!");
489
490 sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
491 foreach($_SESSION['signup'] as $key => $val)
492 $_SESSION['signup'][$key] = "";
493 unset($_SESSION['signup']);
494 }
495 }
496
497 if($oldid == 11 && $process != "")
498 {
499 $who = stripslashes($_REQUEST['who']);
500 $email = stripslashes($_REQUEST['email']);
501 $subject = stripslashes($_REQUEST['subject']);
502 $message = stripslashes($_REQUEST['message']);
503 $secrethash = $_REQUEST['secrethash2'];
504
505 //check for spam via honeypot
506 if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
507 echo _("Form could not be sent.");
508 showfooter();
509 exit;
510 }
511
512 if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
513 {
514 $id = $oldid;
515 $process = "";
516 $_SESSION['_config']['errmsg'] = _("This seems like you have cookies or Javascript disabled, cannot continue.");
517 $oldid = 0;
518
519 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
520 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
521 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
522 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
523 echo _("This seems like you have cookies or Javascript disabled, cannot continue.");
524 die;
525 }
526 if(strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
527 {
528 $id = $oldid;
529 $process = "";
530 $_SESSION['_config']['errmsg'] = _("This seems like potential spam, cannot continue.");
531 $oldid = 0;
532
533 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
534 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
535 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
536 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
537 echo _("This seems like potential spam, cannot continue.");
538 die;
539 }
540
541
542 if(trim($who) == "" || trim($email) == "" || trim($subject) == "" || trim($message) == "")
543 {
544 $id = $oldid;
545 $process = "";
546 $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
547 $oldid = 0;
548 }
549 }
550
551 if($oldid == 11 && $process != "")
552 {
553 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
554 if (isset($process[0])){
555 sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
556 showheader(_("Welcome to CAcert.org"));
557 echo _("Your message has been sent to the general support list.");
558 showfooter();
559 exit;
560 }
561 if (isset($process[1])){
562 sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
563 showheader(_("Welcome to CAcert.org"));
564 echo _("Your message has been sent.");
565 showfooter();
566 exit;
567 }
568 }
569
570 if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
571 $_SESSION['signup']['year'] = "19XX";
572
573 if ($id == 12)
574 {
575 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
576 $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
577 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
578 }
579
580 if ($id == 19)
581 {
582 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
583 $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
584 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
585 }
586
587 if ($id == 8)
588 {
589 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
590 $newUrl = $protocol . '://wiki.cacert.org/Board';
591 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
592 }
593
594 showheader(_("Welcome to CAcert.org"));
595 includeit($id);
596 showfooter();
597 ?>