bug-1339: remove all traces of OTP
[cacert-devel.git] / www / index.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 require_once('../includes/lib/l10n.php');
20
21
22 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
23 $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
24 $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
25
26 if($id == 2)
27 $id = 0;
28
29 $_SESSION['_config']['errmsg'] = "";
30
31 if($id == 17 || $id == 20)
32 {
33 include_once("../pages/index/$id.php");
34 exit;
35 }
36
37 loadem("index");
38
39 $_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
40
41 if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
42 {
43 $oldid = 0;
44 $id = 5;
45 }
46
47 if($oldid == 6 && $process != "")
48 {
49 $body = "";
50 $answers = 0;
51 $qs = array();
52 $id = $oldid;
53 $oldid = 0;
54 if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
55 {
56 $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
57
58 if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
59 $answers++;
60 $body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
61 }
62 if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
63 {
64 $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
65
66 if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
67 $answers++;
68 $body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
69 }
70 if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
71 {
72 $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
73
74 if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
75 $answers++;
76 $body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
77 }
78 if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
79 {
80 $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
81
82 if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
83 $answers++;
84 $body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
85 }
86 if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
87 {
88 $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
89
90 if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
91 $answers++;
92 $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
93 }
94
95 $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
96 $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
97
98 if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
99 {
100 $body = "Someone has just attempted to update the pass phrase on the following account:\n".
101 "Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
102 "email: ".$_SESSION['lostpw']['user']['email']."\n".
103 "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
104 "---------------------------------------------------------------------\n".$body.
105 "---------------------------------------------------------------------\n";
106 sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
107 $_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
108 $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
109 } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
110 $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
111 } else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
112 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters.");
113 } else {
114 $score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
115 $_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
116 if($score < 3)
117 {
118 $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
119 } else {
120 $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
121 where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
122 mysql_query($query) || die(mysql_error());
123 showheader(_("Welcome to CAcert.org"));
124 echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
125 showfooter();
126 exit;
127 }
128 }
129 }
130
131 if($oldid == 5 && $process != "")
132 {
133 $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
134 $_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
135 $_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
136 $_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
137 $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
138 $query = "select * from `users` where `email`='$email' and `dob`='$dob'";
139 $res = mysql_query($query);
140 if(mysql_num_rows($res) <= 0)
141 {
142 $id = $oldid;
143 $oldid = 0;
144 $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
145 } else {
146 $id = 6;
147 $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
148 }
149 }
150
151 if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
152 {
153 include_once("../includes/lib/general.php");
154 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
155 $_SERVER['SSL_CLIENT_I_DN_CN']);
156
157 if($user_id >= 0)
158 {
159 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
160 "select * from `users` where
161 `id`='$user_id' and `deleted`=0 and `locked`=0"));
162
163 if($_SESSION['profile']['id'] != 0)
164 {
165 $_SESSION['profile']['loggedin'] = 1;
166 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
167 exit;
168 } else {
169 $_SESSION['profile']['loggedin'] = 0;
170 }
171 }
172 }
173
174 if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
175 {
176 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
177 exit;
178 }
179
180 if($oldid == 4)
181 {
182 $oldid = 0;
183 $id = 4;
184
185 $_SESSION['_config']['errmsg'] = "";
186
187 $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
188 $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
189 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
190 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
191 $res = mysql_query($query);
192 if(mysql_num_rows($res) > 0)
193 {
194 $_SESSION['profile'] = "";
195 unset($_SESSION['profile']);
196 $_SESSION['profile'] = mysql_fetch_assoc($res);
197 $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
198 mysql_query($query);
199
200 if($_SESSION['profile']['language'] == "")
201 {
202 $query = "update `users` set `language`='".L10n::get_translation()."'
203 where `id`='".intval($_SESSION['profile']['id'])."'";
204 mysql_query($query);
205 } else {
206 L10n::set_translation($_SESSION['profile']['language']);
207 L10n::init_gettext();
208 }
209 $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
210 $res = mysql_query($query);
211 $row = mysql_fetch_assoc($res);
212 $_SESSION['profile']['points'] = $row['total'];
213 $_SESSION['profile']['loggedin'] = 1;
214 if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
215 $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
216 $_SESSION['profile']['Q5'] == "")
217 {
218 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
219 $_SESSION['_config']['oldlocation'] = "account.php?id=13";
220 }
221 if (checkpwlight($pword) < 3)
222 $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
223 if($_SESSION['_config']['oldlocation'] != "")
224 header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
225 else
226 header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
227 exit;
228 }
229
230 $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
231 `password`=password('$pword')) and `verified`=0 and `deleted`=0";
232 $res = mysql_query($query);
233 if(mysql_num_rows($res) <= 0)
234 {
235 $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase.");
236 } else {
237 $_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
238 }
239 }
240
241 if($process && $oldid == 1)
242 {
243 $id = 2;
244 $oldid = 0;
245
246 $_SESSION['_config']['errmsg'] = "";
247
248 $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
249 $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
250 $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
251 $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
252 $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
253 $_SESSION['signup']['day'] = intval($_REQUEST['day']);
254 $_SESSION['signup']['month'] = intval($_REQUEST['month']);
255 $_SESSION['signup']['year'] = intval($_REQUEST['year']);
256 $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
257 $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
258 $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
259 $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
260 $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
261 $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
262 $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
263 $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
264 $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
265 $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
266 $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
267 $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
268 $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
269 $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
270 $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
271 $_SESSION['signup']['radius'] = intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0);
272 $_SESSION['signup']['cca_agree'] = intval(array_key_exists('cca_agree',$_REQUEST)?$_REQUEST['cca_agree']:0);
273
274
275 if($_SESSION['signup']['Q1'] == $_SESSION['signup']['Q2'] ||
276 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q3'] ||
277 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q4'] ||
278 $_SESSION['signup']['Q1'] == $_SESSION['signup']['Q5'] ||
279 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q3'] ||
280 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q4'] ||
281 $_SESSION['signup']['Q2'] == $_SESSION['signup']['Q5'] ||
282 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q4'] ||
283 $_SESSION['signup']['Q3'] == $_SESSION['signup']['Q5'] ||
284 $_SESSION['signup']['Q4'] == $_SESSION['signup']['Q5'] ||
285 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q1'] ||
286 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q2'] ||
287 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q3'] ||
288 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q4'] ||
289 $_SESSION['signup']['A1'] == $_SESSION['signup']['Q5'] ||
290 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q3'] ||
291 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q4'] ||
292 $_SESSION['signup']['A2'] == $_SESSION['signup']['Q5'] ||
293 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q4'] ||
294 $_SESSION['signup']['A3'] == $_SESSION['signup']['Q5'] ||
295 $_SESSION['signup']['A4'] == $_SESSION['signup']['Q5'] ||
296 $_SESSION['signup']['A1'] == $_SESSION['signup']['A2'] ||
297 $_SESSION['signup']['A1'] == $_SESSION['signup']['A3'] ||
298 $_SESSION['signup']['A1'] == $_SESSION['signup']['A4'] ||
299 $_SESSION['signup']['A1'] == $_SESSION['signup']['A5'] ||
300 $_SESSION['signup']['A2'] == $_SESSION['signup']['A3'] ||
301 $_SESSION['signup']['A2'] == $_SESSION['signup']['A4'] ||
302 $_SESSION['signup']['A2'] == $_SESSION['signup']['A5'] ||
303 $_SESSION['signup']['A3'] == $_SESSION['signup']['A4'] ||
304 $_SESSION['signup']['A3'] == $_SESSION['signup']['A5'] ||
305 $_SESSION['signup']['A4'] == $_SESSION['signup']['A5'])
306 {
307 $id = 1;
308 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
309 }
310
311 if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" ||
312 $_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" ||
313 $_SESSION['signup']['Q5'] == "")
314 {
315 $id = 1;
316 $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>\n";
317 }
318 if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
319 {
320 $id = 1;
321 $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
322 }
323 if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
324 $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31 ||
325 !checkdate($_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) ||
326 mktime(0,0,0,$_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) > time() )
327 {
328 $id = 1;
329 $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
330 }
331 if($_SESSION['signup']['cca_agree'] == "0")
332 {
333 $id = 1;
334 $_SESSION['_config']['errmsg'] .= _("You have to agree to the CAcert Community agreement.")."<br>\n";
335 }
336 if($_SESSION['signup']['email'] == "")
337 {
338 $id = 1;
339 $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
340 }
341 if($_SESSION['signup']['pword1'] == "")
342 {
343 $id = 1;
344 $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
345 }
346 if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
347 {
348 $id = 1;
349 $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
350 }
351
352 $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
353 if($score < 3)
354 {
355 $id = 1;
356 $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
357 }
358
359 if($id == 2)
360 {
361 $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
362 $res1 = mysql_query($query);
363
364 $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
365 $res2 = mysql_query($query);
366 if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
367 {
368 $id = 1;
369 $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
370 }
371
372 $query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
373 $res = mysql_query($query);
374 if(mysql_num_rows($res) > 0)
375 {
376 $domain = mysql_fetch_assoc($res);
377 $domain = $domain['domain'];
378 $id = 1;
379 $_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
380 }
381 }
382
383 if($id == 2)
384 {
385 $checkemail = checkEmail($_SESSION['signup']['email']);
386 if($checkemail != "OK")
387 {
388 $id = 1;
389 if (substr($checkemail, 0, 1) == "4")
390 {
391 $_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
392 } else {
393 $_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
394 }
395 $_SESSION['_config']['errmsg'] .= "<br>\n$checkemail<br>\n";
396 }
397 }
398
399 if($id == 2)
400 {
401 $hash = make_hash();
402
403 $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
404 `password`=sha1('".$_SESSION['signup']['pword1']."'),
405 `fname`='".$_SESSION['signup']['fname']."',
406 `mname`='".$_SESSION['signup']['mname']."',
407 `lname`='".$_SESSION['signup']['lname']."',
408 `suffix`='".$_SESSION['signup']['suffix']."',
409 `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
410 `Q1`='".$_SESSION['signup']['Q1']."',
411 `Q2`='".$_SESSION['signup']['Q2']."',
412 `Q3`='".$_SESSION['signup']['Q3']."',
413 `Q4`='".$_SESSION['signup']['Q4']."',
414 `Q5`='".$_SESSION['signup']['Q5']."',
415 `A1`='".$_SESSION['signup']['A1']."',
416 `A2`='".$_SESSION['signup']['A2']."',
417 `A3`='".$_SESSION['signup']['A3']."',
418 `A4`='".$_SESSION['signup']['A4']."',
419 `A5`='".$_SESSION['signup']['A5']."',
420 `created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
421 mysql_query($query);
422 $memid = mysql_insert_id();
423 $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
424 `hash`='$hash',
425 `created`=NOW(),
426 `memid`='$memid'";
427 mysql_query($query);
428 $emailid = mysql_insert_id();
429 $query = "insert into `alerts` set `memid`='$memid',
430 `general`='".$_SESSION['signup']['general']."',
431 `country`='".$_SESSION['signup']['country']."',
432 `regional`='".$_SESSION['signup']['regional']."',
433 `radius`='".$_SESSION['signup']['radius']."'";
434 mysql_query($query);
435 include_once("../includes/notary.inc.php");
436 write_user_agreement($memid, "CCA", "account creation", "", 1);
437
438 $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
439 $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
440 $body .= _("Best regards")."\n"._("CAcert.org Support!");
441
442 sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
443 foreach($_SESSION['signup'] as $key => $val)
444 $_SESSION['signup'][$key] = "";
445 unset($_SESSION['signup']);
446 }
447 }
448
449 if($oldid == 11 && $process != "")
450 {
451 $who = stripslashes($_REQUEST['who']);
452 $email = stripslashes($_REQUEST['email']);
453 $subject = stripslashes($_REQUEST['subject']);
454 $message = stripslashes($_REQUEST['message']);
455 $secrethash = $_REQUEST['secrethash2'];
456
457 //check for spam via honeypot
458 if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
459 echo _("Form could not be sent.");
460 showfooter();
461 exit;
462 }
463
464 if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
465 {
466 $id = $oldid;
467 $process = "";
468 $_SESSION['_config']['errmsg'] = _("This seems like you have cookies or Javascript disabled, cannot continue.");
469 $oldid = 0;
470
471 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
472 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
473 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
474 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
475 echo _("This seems like you have cookies or Javascript disabled, cannot continue.");
476 die;
477 }
478 if(strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
479 {
480 $id = $oldid;
481 $process = "";
482 $_SESSION['_config']['errmsg'] = _("This seems like potential spam, cannot continue.");
483 $oldid = 0;
484
485 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
486 sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
487 //echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
488 //if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
489 echo _("This seems like potential spam, cannot continue.");
490 die;
491 }
492
493
494 if(trim($who) == "" || trim($email) == "" || trim($subject) == "" || trim($message) == "")
495 {
496 $id = $oldid;
497 $process = "";
498 $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
499 $oldid = 0;
500 }
501 }
502
503 if($oldid == 11 && $process != "")
504 {
505 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
506 if (isset($process[0])){
507 sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
508 showheader(_("Welcome to CAcert.org"));
509 echo _("Your message has been sent to the general support list.");
510 showfooter();
511 exit;
512 }
513 if (isset($process[1])){
514 sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
515 showheader(_("Welcome to CAcert.org"));
516 echo _("Your message has been sent.");
517 showfooter();
518 exit;
519 }
520 }
521
522 if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
523 $_SESSION['signup']['year'] = "19XX";
524
525 if ($id == 12)
526 {
527 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
528 $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
529 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
530 }
531
532 if ($id == 19)
533 {
534 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
535 $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
536 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
537 }
538
539 if ($id == 8)
540 {
541 $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
542 $newUrl = $protocol . '://wiki.cacert.org/Board';
543 header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
544 }
545
546 showheader(_("Welcome to CAcert.org"));
547 includeit($id);
548 showfooter();
549 ?>