Merge branch 'bug-1341' into release
[cacert-devel.git] / www / index.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 require_once('../includes/lib/l10n.php');
20 require_once('../includes/notary.inc.php');
21
22 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
23 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
24 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
25
26 if($id == 2)
27 $id = 0;
28
29 $_SESSION['_config']['errmsg'] = "";
30
31 if($id == 17 || $id == 20)
32 {
33 include_once("../pages/index/$id.php");
34 exit;
35 }
36
37 loadem("index");
38
39 $_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
40
41 if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
42 {
43 $oldid = 0;
44 $id = 5;
45 }
46
47 if($oldid == 6 && $process != "")
48 {
49 $body = "";
50 $answers = 0;
51 $qs = array();
52 $id = $oldid;
53 $oldid = 0;
54 if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
55 {
56 $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
57
58 if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
59 $answers++;
60 $body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
61 }
62 if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
63 {
64 $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
65
66 if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
67 $answers++;
68 $body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
69 }
70 if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
71 {
72 $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
73
74 if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
75 $answers++;
76 $body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
77 }
78 if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
79 {
80 $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
81
82 if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
83 $answers++;
84 $body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
85 }
86 if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
87 {
88 $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
89
90 if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
91 $answers++;
92 $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
93 }
94
95 $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
96 $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
97
98 if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
99 {
100 $body = "Someone has just attempted to update the pass phrase on the following account:\n".
101 "Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
102 "email: ".$_SESSION['lostpw']['user']['email']."\n".
103 "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
104 "---------------------------------------------------------------------\n".$body.
105 "---------------------------------------------------------------------\n";
106 sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
107 $_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
108 $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
109 } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
110 $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
111 } else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
112 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters.");
113 } else {
114 $score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
115 $_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
116 if($score < 3)
117 {
118 $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
119 } else {
120 $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
121 where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
122 mysql_query($query) || die(mysql_error());
123 showheader(_("Welcome to CAcert.org"));
124 echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
125 showfooter();
126 exit;
127 }
128 }
129 }
130
131 if($oldid == 5 && $process != "")
132 {
133 $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
134 $_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
135 $_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
136 $_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
137 $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
138 $query = "select * from `users` where `email`='$email' and `dob`='$dob'";
139 $res = mysql_query($query);
140 if(mysql_num_rows($res) <= 0)
141 {
142 $id = $oldid;
143 $oldid = 0;
144 $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
145 } else {
146 $id = 6;
147 $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
148 }
149 }
150
151 //client login
152 if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
153 {
154 include_once("../includes/lib/general.php");
155 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
156 $_SERVER['SSL_CLIENT_I_DN_CN']);
157
158 if($user_id >= 0)
159 {
160 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
161 "select * from `users` where
162 `id`='$user_id' and `deleted`=0 and `locked`=0"));
163
164 if($_SESSION['profile']['id'] != 0)
165 {
166 $_SESSION['profile']['loggedin'] = 1;
167 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
168 exit;
169 } else {
170 $_SESSION['profile']['loggedin'] = 0;
171 }
172 }
173 }
174
175
176 if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
177 {
178 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
179 exit;
180 }
181
182 if($oldid == 4)
183 {
184 $oldid = 0;
185 $id = 4;
186
187 $_SESSION['_config']['errmsg'] = "";
188
189 $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
190 $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
191 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
192 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
193 $res = mysql_query($query);
194 $query = "SELECT 1 FROM `users` WHERE `email`='$email' and (UNIX_TIMESTAMP(`lastLoginAttempt`) < UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - 5 or `lastLoginAttempt` is NULL)" ;
195 $rateLimit = mysql_num_rows(mysql_query($query)) > 0;
196 if(mysql_num_rows($res) > 0 && $rateLimit)
197 {
198 $_SESSION['profile'] = "";
199 unset($_SESSION['profile']);
200 $_SESSION['profile'] = mysql_fetch_assoc($res);
201 $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
202 mysql_query($query);
203
204 if($_SESSION['profile']['language'] == "")
205 {
206 $query = "update `users` set `language`='".L10n::get_translation()."'
207 where `id`='".intval($_SESSION['profile']['id'])."'";
208 mysql_query($query);
209 } else {
210 L10n::set_translation($_SESSION['profile']['language']);
211 L10n::init_gettext();
212 }
213 $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
214 $res = mysql_query($query);
215 $row = mysql_fetch_assoc($res);
216 $_SESSION['profile']['points'] = $row['total'];
217 $_SESSION['profile']['loggedin'] = 1;
218 if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
219 $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
220 $_SESSION['profile']['Q5'] == "")
221 {
222 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
223 $_SESSION['_config']['oldlocation'] = "account.php?id=13";
224 }
225 if (!isset($_SESSION['_config']['oldlocation'])){
226 $_SESSION['_config']['oldlocation']='';
227 }
228 if (checkpwlight($pword) < 3)
229 $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
230 if($_SESSION['_config']['oldlocation'] != ""){
231 header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
232 }else{
233 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
234 }
235 exit;
236 } else if($rateLimit){
237 $query = "update `users` set `lastLoginAttempt`=CURRENT_TIMESTAMP WHERE `email`='$email'";
238 mysql_query($query);
239 }
240
241 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
242 `password`=password('$pword')) and `verified`=0 and `deleted`=0";
243 $res = mysql_query($query);
244 if(!$rateLimit || mysql_num_rows($res) <= 0) {
245 $_SESSION['_config']['errmsg'] = _("Login failed due to incorrect email address, wrong passphrase or because the rate limit of one login per 5 seconds was hit.");
246 } else {
247 $_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
248 }
249 }
250
251 // check for CCA acceptance prior to login
252 if ($oldid == 52 )
253 {
254 // Check if the user is already authenticated
255 if (!array_key_exists('profile',$_SESSION)
256 || !array_key_exists('loggedin',$_SESSION['profile'])
257 || $_SESSION['profile']['loggedin'] != 1)
258 {
259 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
260 exit;
261 }
262
263 if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
264 {
265 write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
266 $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
267
268 if (array_key_exists("oldlocation",$_SESSION['_config'])
269 && $_SESSION['_config']['oldlocation']!="")
270 {
271 header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
272 exit;
273 } else {
274 header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
275 exit;
276 }
277 }
278
279 // User didn't agree
280 header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
281 exit;
282 }
283
284
285 if($process && $oldid == 1)
286 {
287 $id = 2;
288 $oldid = 0;
289
290 $_SESSION['_config']['errmsg'] = "";
291
292 $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
293 $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
294 $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
295 $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
296 $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
297 $_SESSION['signup']['day'] = intval($_REQUEST['day']);
298 $_SESSION['signup']['month'] = intval($_REQUEST['month']);
299 $_SESSION['signup']['year'] = intval($_REQUEST['year']);
300 $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
301 $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
302 $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
303 $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
304 $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
305 $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
306 $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
307 $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
308 $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
309 $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
310 $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
311 $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
312 $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
313 $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
314 $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
315 $_SESSION['signup']['radius'] = intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0);
316 $_SESSION['signup']['cca_agree'] = intval(array_key_exists('cca_agree',$_REQUEST)?$_REQUEST['cca_agree']:0);
317
318
319 if($_SESSION['signup']['Q1'] == $_SESSION['signup']['Q2'] ||
320 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q3'] ||
321 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q4'] ||
322 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q5'] ||
323 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q3'] ||
324 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q4'] ||
325 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q5'] ||
326 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q4'] ||
327 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q5'] ||
328 $_SESSION['signup']['Q4'] == $_SESSION['signup']['Q5'] ||
329 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q1'] ||
330 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q2'] ||
331 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q3'] ||
332 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q4'] ||
333 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q5'] ||
334 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q3'] ||
335 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q4'] ||
336 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q5'] ||
337 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q4'] ||
338 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q5'] ||
339 $_SESSION['signup']['A4'] == $_SESSION['signup']['Q5'] ||
340 $_SESSION['signup']['A1'] == $_SESSION['signup']['A2'] ||
341 $_SESSION['signup']['A1'] == $_SESSION['signup']['A3'] ||
342 $_SESSION['signup']['A1'] == $_SESSION['signup']['A4'] ||
343 $_SESSION['signup']['A1'] == $_SESSION['signup']['A5'] ||
344 $_SESSION['signup']['A2'] == $_SESSION['signup']['A3'] ||
345 $_SESSION['signup']['A2'] == $_SESSION['signup']['A4'] ||
346 $_SESSION['signup']['A2'] == $_SESSION['signup']['A5'] ||
347 $_SESSION['signup']['A3'] == $_SESSION['signup']['A4'] ||
348 $_SESSION['signup']['A3'] == $_SESSION['signup']['A5'] ||
349 $_SESSION['signup']['A4'] == $_SESSION['signup']['A5'])
350 {
351 $id = 1;
352 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
353 }
354
355 if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" ||
356 $_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" ||
357 $_SESSION['signup']['Q5'] == "")
358 {
359 $id = 1;
360 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>\n";
361 }
362 if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
363 {
364 $id = 1;
365 $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
366 }
367 if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
368 $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31 ||
369 !checkdate($_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) ||
370 mktime(0,0,0,$_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) > time() )
371 {
372 $id = 1;
373 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
374 }
375 if($_SESSION['signup']['cca_agree'] == "0")
376 {
377 $id = 1;
378 $_SESSION['_config']['errmsg'] .= _("You have to agree to the CAcert Community agreement.")."<br>\n";
379 }
380 if($_SESSION['signup']['email'] == "")
381 {
382 $id = 1;
383 $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
384 }
385 if($_SESSION['signup']['pword1'] == "")
386 {
387 $id = 1;
388 $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
389 }
390 if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
391 {
392 $id = 1;
393 $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
394 }
395
396 $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
397 if($score < 3)
398 {
399 $id = 1;
400 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
401 }
402
403 if($id == 2)
404 {
405 $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
406 $res1 = mysql_query($query);
407
408 $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
409 $res2 = mysql_query($query);
410 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
411 {
412 $id = 1;
413 $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
414 }
415
416 $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
417 $res = mysql_query($query);
418 if(mysql_num_rows($res) > 0)
419 {
420 $domain = mysql_fetch_assoc($res);
421 $domain = $domain['domain'];
422 $id = 1;
423 $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
424 }
425 }
426
427 if($id == 2)
428 {
429 $checkemail = checkEmail($_SESSION['signup']['email']);
430 if($checkemail != "OK")
431 {
432 $id = 1;
433 if (substr($checkemail, 0, 1) == "4")
434 {
435 $_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
436 } else {
437 $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
438 }
439 $_SESSION['_config']['errmsg'] .= "<br>\n$checkemail<br>\n";
440 }
441 }
442
443 if($id == 2)
444 {
445 $hash = make_hash();
446
447 $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
448 `password`=sha1('".$_SESSION['signup']['pword1']."'),
449 `fname`='".$_SESSION['signup']['fname']."',
450 `mname`='".$_SESSION['signup']['mname']."',
451 `lname`='".$_SESSION['signup']['lname']."',
452 `suffix`='".$_SESSION['signup']['suffix']."',
453 `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
454 `Q1`='".$_SESSION['signup']['Q1']."',
455 `Q2`='".$_SESSION['signup']['Q2']."',
456 `Q3`='".$_SESSION['signup']['Q3']."',
457 `Q4`='".$_SESSION['signup']['Q4']."',
458 `Q5`='".$_SESSION['signup']['Q5']."',
459 `A1`='".$_SESSION['signup']['A1']."',
460 `A2`='".$_SESSION['signup']['A2']."',
461 `A3`='".$_SESSION['signup']['A3']."',
462 `A4`='".$_SESSION['signup']['A4']."',
463 `A5`='".$_SESSION['signup']['A5']."',
464 `created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
465 mysql_query($query);
466 $memid = mysql_insert_id();
467 $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
468 `hash`='$hash',
469 `created`=NOW(),
470 `memid`='$memid'";
471 mysql_query($query);
472 $emailid = mysql_insert_id();
473 $query = "insert into `alerts` set `memid`='$memid',
474 `general`='".$_SESSION['signup']['general']."',
475 `country`='".$_SESSION['signup']['country']."',
476 `regional`='".$_SESSION['signup']['regional']."',
477 `radius`='".$_SESSION['signup']['radius']."'";
478 mysql_query($query);
479 write_user_agreement($memid, "CCA", "account creation", "", 1);
480
481 $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
482 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
483 $body .= _("Best regards")."\n"._("CAcert.org Support!");
484
485 sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
486 foreach($_SESSION['signup'] as $key => $val)
487 $_SESSION['signup'][$key] = "";
488 unset($_SESSION['signup']);
489 }
490 }
491
492 if($oldid == 11 && $process != "")
493 {
494 $who = stripslashes($_REQUEST['who']);
495 $email = stripslashes($_REQUEST['email']);
496 $subject = stripslashes($_REQUEST['subject']);
497 $message = stripslashes($_REQUEST['message']);
498 $secrethash = $_REQUEST['secrethash2'];
499
500 //check for spam via honeypot
501 if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
502 echo _("Form could not be sent.");
503 showfooter();
504 exit;
505 }
506
507 if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
508 {
509 $id = $oldid;
510 $process = "";
511 $_SESSION['_config']['errmsg'] = _("This seems like you have cookies or Javascript disabled, cannot continue.");
512 $oldid = 0;
513
514 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
515 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
516 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
517 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
518 echo _("This seems like you have cookies or Javascript disabled, cannot continue.");
519 die;
520 }
521 if(strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
522 {
523 $id = $oldid;
524 $process = "";
525 $_SESSION['_config']['errmsg'] = _("This seems like potential spam, cannot continue.");
526 $oldid = 0;
527
528 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
529 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
530 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
531 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
532 echo _("This seems like potential spam, cannot continue.");
533 die;
534 }
535
536
537 if(trim($who) == "" || trim($email) == "" || trim($subject) == "" || trim($message) == "")
538 {
539 $id = $oldid;
540 $process = "";
541 $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
542 $oldid = 0;
543 }
544 }
545
546 if($oldid == 11 && $process != "")
547 {
548 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
549 if (isset($process[0])){
550 sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
551 showheader(_("Welcome to CAcert.org"));
552 echo _("Your message has been sent to the general support list.");
553 showfooter();
554 exit;
555 }
556 if (isset($process[1])){
557 sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
558 showheader(_("Welcome to CAcert.org"));
559 echo _("Your message has been sent.");
560 showfooter();
561 exit;
562 }
563 }
564
565 if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
566 $_SESSION['signup']['year'] = "19XX";
567
568 if ($id == 12)
569 {
570 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
571 $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
572 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
573 }
574
575 if ($id == 19)
576 {
577 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
578 $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
579 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
580 }
581
582 if ($id == 8)
583 {
584 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
585 $newUrl = $protocol . '://wiki.cacert.org/Board';
586 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
587 }
588
589 showheader(_("Welcome to CAcert.org"));
590 includeit($id);
591 showfooter();
592 ?>