Merge branch 'bug-28' into release
[cacert-devel.git] / www / index.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 require_once('../includes/lib/l10n.php');
20 require_once('../includes/notary.inc.php');
21
22 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
23 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
24 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
25
26 if($id == 2)
27 $id = 0;
28
29 $_SESSION['_config']['errmsg'] = "";
30
31 if($id == 17 || $id == 20)
32 {
33 include_once("../pages/index/$id.php");
34 exit;
35 }
36
37 loadem("index");
38
39 $_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
40
41 if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
42 {
43 $oldid = 0;
44 $id = 5;
45 }
46
47 if($oldid == 6 && $process != "")
48 {
49 $body = "";
50 $answers = 0;
51 $qs = array();
52 $id = $oldid;
53 $oldid = 0;
54 if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
55 {
56 $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
57
58 if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
59 $answers++;
60 $body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
61 }
62 if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
63 {
64 $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
65
66 if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
67 $answers++;
68 $body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
69 }
70 if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
71 {
72 $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
73
74 if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
75 $answers++;
76 $body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
77 }
78 if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
79 {
80 $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
81
82 if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
83 $answers++;
84 $body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
85 }
86 if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
87 {
88 $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
89
90 if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
91 $answers++;
92 $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
93 }
94
95 $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
96 $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
97
98 if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
99 {
100 $body = "Someone has just attempted to update the pass phrase on the following account:\n".
101 "Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
102 "email: ".$_SESSION['lostpw']['user']['email']."\n".
103 "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
104 "---------------------------------------------------------------------\n".$body.
105 "---------------------------------------------------------------------\n";
106 sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
107 $_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
108 $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
109 } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
110 $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
111 } else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
112 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters.");
113 } else {
114 $score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
115 $_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
116 if($score < 3)
117 {
118 $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
119 } else {
120 $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
121 where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
122 mysql_query($query) || die(mysql_error());
123 showheader(_("Welcome to CAcert.org"));
124 echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
125 showfooter();
126 exit;
127 }
128 }
129 }
130
131 if($oldid == 5 && $process != "")
132 {
133 $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
134 $_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
135 $_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
136 $_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
137 $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
138 $query = "select * from `users` where `email`='$email' and `dob`='$dob'";
139 $res = mysql_query($query);
140 if(mysql_num_rows($res) <= 0)
141 {
142 $id = $oldid;
143 $oldid = 0;
144 $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
145 } else {
146 $id = 6;
147 $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
148 }
149 }
150
151 //client login
152 if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
153 {
154 include_once("../includes/lib/general.php");
155 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
156 $_SERVER['SSL_CLIENT_I_DN_CN']);
157
158 if($user_id >= 0)
159 {
160 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
161 "select * from `users` where
162 `id`='$user_id' and `deleted`=0 and `locked`=0"));
163
164 if($_SESSION['profile']['id'] != 0)
165 {
166 $_SESSION['profile']['loggedin'] = 1;
167 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
168 exit;
169 } else {
170 $_SESSION['profile']['loggedin'] = 0;
171 }
172 }
173 }
174
175
176 if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
177 {
178 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
179 exit;
180 }
181
182 if($oldid == 4)
183 {
184 $oldid = 0;
185 $id = 4;
186
187 $_SESSION['_config']['errmsg'] = "";
188
189 $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
190 $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
191 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
192 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
193 $res = mysql_query($query);
194 if(mysql_num_rows($res) > 0)
195 {
196 $_SESSION['profile'] = "";
197 unset($_SESSION['profile']);
198 $_SESSION['profile'] = mysql_fetch_assoc($res);
199 $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
200 mysql_query($query);
201
202 if($_SESSION['profile']['language'] == "")
203 {
204 $query = "update `users` set `language`='".L10n::get_translation()."'
205 where `id`='".intval($_SESSION['profile']['id'])."'";
206 mysql_query($query);
207 } else {
208 L10n::set_translation($_SESSION['profile']['language']);
209 L10n::init_gettext();
210 }
211 $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
212 $res = mysql_query($query);
213 $row = mysql_fetch_assoc($res);
214 $_SESSION['profile']['points'] = $row['total'];
215 $_SESSION['profile']['loggedin'] = 1;
216 if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
217 $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
218 $_SESSION['profile']['Q5'] == "")
219 {
220 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
221 $_SESSION['_config']['oldlocation'] = "account.php?id=13";
222 }
223 if (!isset($_SESSION['_config']['oldlocation'])){
224 $_SESSION['_config']['oldlocation']='';
225 }
226 if (checkpwlight($pword) < 3)
227 $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
228 if($_SESSION['_config']['oldlocation'] != ""){
229 header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
230 }else{
231 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
232 }
233 exit;
234 }
235
236 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
237 `password`=password('$pword')) and `verified`=0 and `deleted`=0";
238 $res = mysql_query($query);
239 if(mysql_num_rows($res) <= 0)
240 {
241 $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase.");
242 } else {
243 $_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
244 }
245 }
246
247 // check for CCA acceptance prior to login
248 if ($oldid == 52 )
249 {
250 // Check if the user is already authenticated
251 if (!array_key_exists('profile',$_SESSION)
252 || !array_key_exists('loggedin',$_SESSION['profile'])
253 || $_SESSION['profile']['loggedin'] != 1)
254 {
255 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
256 exit;
257 }
258
259 if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
260 {
261 write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
262 $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
263
264 if (array_key_exists("oldlocation",$_SESSION['_config'])
265 && $_SESSION['_config']['oldlocation']!="")
266 {
267 header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
268 exit;
269 } else {
270 header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
271 exit;
272 }
273 }
274
275 // User didn't agree
276 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
277 exit;
278 }
279
280
281 if($process && $oldid == 1)
282 {
283 $id = 2;
284 $oldid = 0;
285
286 $_SESSION['_config']['errmsg'] = "";
287
288 $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
289 $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
290 $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
291 $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
292 $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
293 $_SESSION['signup']['day'] = intval($_REQUEST['day']);
294 $_SESSION['signup']['month'] = intval($_REQUEST['month']);
295 $_SESSION['signup']['year'] = intval($_REQUEST['year']);
296 $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
297 $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
298 $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
299 $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
300 $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
301 $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
302 $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
303 $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
304 $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
305 $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
306 $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
307 $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
308 $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
309 $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
310 $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
311 $_SESSION['signup']['radius'] = intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0);
312 $_SESSION['signup']['cca_agree'] = intval(array_key_exists('cca_agree',$_REQUEST)?$_REQUEST['cca_agree']:0);
313
314
315 if($_SESSION['signup']['Q1'] == $_SESSION['signup']['Q2'] ||
316 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q3'] ||
317 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q4'] ||
318 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q5'] ||
319 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q3'] ||
320 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q4'] ||
321 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q5'] ||
322 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q4'] ||
323 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q5'] ||
324 $_SESSION['signup']['Q4'] == $_SESSION['signup']['Q5'] ||
325 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q1'] ||
326 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q2'] ||
327 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q3'] ||
328 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q4'] ||
329 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q5'] ||
330 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q3'] ||
331 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q4'] ||
332 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q5'] ||
333 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q4'] ||
334 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q5'] ||
335 $_SESSION['signup']['A4'] == $_SESSION['signup']['Q5'] ||
336 $_SESSION['signup']['A1'] == $_SESSION['signup']['A2'] ||
337 $_SESSION['signup']['A1'] == $_SESSION['signup']['A3'] ||
338 $_SESSION['signup']['A1'] == $_SESSION['signup']['A4'] ||
339 $_SESSION['signup']['A1'] == $_SESSION['signup']['A5'] ||
340 $_SESSION['signup']['A2'] == $_SESSION['signup']['A3'] ||
341 $_SESSION['signup']['A2'] == $_SESSION['signup']['A4'] ||
342 $_SESSION['signup']['A2'] == $_SESSION['signup']['A5'] ||
343 $_SESSION['signup']['A3'] == $_SESSION['signup']['A4'] ||
344 $_SESSION['signup']['A3'] == $_SESSION['signup']['A5'] ||
345 $_SESSION['signup']['A4'] == $_SESSION['signup']['A5'])
346 {
347 $id = 1;
348 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
349 }
350
351 if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" ||
352 $_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" ||
353 $_SESSION['signup']['Q5'] == "")
354 {
355 $id = 1;
356 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>\n";
357 }
358 if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
359 {
360 $id = 1;
361 $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
362 }
363 if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
364 $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31 ||
365 !checkdate($_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) ||
366 mktime(0,0,0,$_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) > time() )
367 {
368 $id = 1;
369 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
370 }
371 if($_SESSION['signup']['cca_agree'] == "0")
372 {
373 $id = 1;
374 $_SESSION['_config']['errmsg'] .= _("You have to agree to the CAcert Community agreement.")."<br>\n";
375 }
376 if($_SESSION['signup']['email'] == "")
377 {
378 $id = 1;
379 $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
380 }
381 if($_SESSION['signup']['pword1'] == "")
382 {
383 $id = 1;
384 $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
385 }
386 if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
387 {
388 $id = 1;
389 $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
390 }
391
392 $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
393 if($score < 3)
394 {
395 $id = 1;
396 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
397 }
398
399 if($id == 2)
400 {
401 $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
402 $res1 = mysql_query($query);
403
404 $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
405 $res2 = mysql_query($query);
406 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
407 {
408 $id = 1;
409 $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
410 }
411
412 $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
413 $res = mysql_query($query);
414 if(mysql_num_rows($res) > 0)
415 {
416 $domain = mysql_fetch_assoc($res);
417 $domain = $domain['domain'];
418 $id = 1;
419 $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
420 }
421 }
422
423 if($id == 2)
424 {
425 $checkemail = checkEmail($_SESSION['signup']['email']);
426 if($checkemail != "OK")
427 {
428 $id = 1;
429 if (substr($checkemail, 0, 1) == "4")
430 {
431 $_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
432 } else {
433 $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
434 }
435 $_SESSION['_config']['errmsg'] .= "<br>\n$checkemail<br>\n";
436 }
437 }
438
439 if($id == 2)
440 {
441 $hash = make_hash();
442
443 $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
444 `password`=sha1('".$_SESSION['signup']['pword1']."'),
445 `fname`='".$_SESSION['signup']['fname']."',
446 `mname`='".$_SESSION['signup']['mname']."',
447 `lname`='".$_SESSION['signup']['lname']."',
448 `suffix`='".$_SESSION['signup']['suffix']."',
449 `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
450 `Q1`='".$_SESSION['signup']['Q1']."',
451 `Q2`='".$_SESSION['signup']['Q2']."',
452 `Q3`='".$_SESSION['signup']['Q3']."',
453 `Q4`='".$_SESSION['signup']['Q4']."',
454 `Q5`='".$_SESSION['signup']['Q5']."',
455 `A1`='".$_SESSION['signup']['A1']."',
456 `A2`='".$_SESSION['signup']['A2']."',
457 `A3`='".$_SESSION['signup']['A3']."',
458 `A4`='".$_SESSION['signup']['A4']."',
459 `A5`='".$_SESSION['signup']['A5']."',
460 `created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
461 mysql_query($query);
462 $memid = mysql_insert_id();
463 $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
464 `hash`='$hash',
465 `created`=NOW(),
466 `memid`='$memid'";
467 mysql_query($query);
468 $emailid = mysql_insert_id();
469 $query = "insert into `alerts` set `memid`='$memid',
470 `general`='".$_SESSION['signup']['general']."',
471 `country`='".$_SESSION['signup']['country']."',
472 `regional`='".$_SESSION['signup']['regional']."',
473 `radius`='".$_SESSION['signup']['radius']."'";
474 mysql_query($query);
475 write_user_agreement($memid, "CCA", "account creation", "", 1);
476
477 $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
478 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
479 $body .= _("Best regards")."\n"._("CAcert.org Support!");
480
481 sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
482 foreach($_SESSION['signup'] as $key => $val)
483 $_SESSION['signup'][$key] = "";
484 unset($_SESSION['signup']);
485 }
486 }
487
488 if($oldid == 11 && $process != "")
489 {
490 $who = stripslashes($_REQUEST['who']);
491 $email = stripslashes($_REQUEST['email']);
492 $subject = stripslashes($_REQUEST['subject']);
493 $message = stripslashes($_REQUEST['message']);
494 $secrethash = $_REQUEST['secrethash2'];
495
496 //check for spam via honeypot
497 if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
498 echo _("Form could not be sent.");
499 showfooter();
500 exit;
501 }
502
503 if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
504 {
505 $id = $oldid;
506 $process = "";
507 $_SESSION['_config']['errmsg'] = _("This seems like you have cookies or Javascript disabled, cannot continue.");
508 $oldid = 0;
509
510 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
511 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
512 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
513 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
514 echo _("This seems like you have cookies or Javascript disabled, cannot continue.");
515 die;
516 }
517 if(strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
518 {
519 $id = $oldid;
520 $process = "";
521 $_SESSION['_config']['errmsg'] = _("This seems like potential spam, cannot continue.");
522 $oldid = 0;
523
524 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
525 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
526 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
527 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
528 echo _("This seems like potential spam, cannot continue.");
529 die;
530 }
531
532
533 if(trim($who) == "" || trim($email) == "" || trim($subject) == "" || trim($message) == "")
534 {
535 $id = $oldid;
536 $process = "";
537 $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
538 $oldid = 0;
539 }
540 }
541
542 if($oldid == 11 && $process != "")
543 {
544 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
545 if (isset($process[0])){
546 sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
547 showheader(_("Welcome to CAcert.org"));
548 echo _("Your message has been sent to the general support list.");
549 showfooter();
550 exit;
551 }
552 if (isset($process[1])){
553 sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
554 showheader(_("Welcome to CAcert.org"));
555 echo _("Your message has been sent.");
556 showfooter();
557 exit;
558 }
559 }
560
561 if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
562 $_SESSION['signup']['year'] = "19XX";
563
564 if ($id == 12)
565 {
566 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
567 $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
568 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
569 }
570
571 if ($id == 19)
572 {
573 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
574 $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
575 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
576 }
577
578 if ($id == 8)
579 {
580 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
581 $newUrl = $protocol . '://wiki.cacert.org/Board';
582 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
583 }
584
585 showheader(_("Welcome to CAcert.org"));
586 includeit($id);
587 showfooter();
588 ?>