Merge branch 'bug-1177' into bug-1137
[cacert-devel.git] / www / verify.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 loadem("index");
20
21 $type = array_key_exists('type',$_REQUEST)?$_REQUEST['type']:"";
22
23 if(array_key_exists('Notify',$_REQUEST) && $_REQUEST['Notify'] != "")
24 {
25 $body = sprintf("An abuse of the CAcert Email Ping system has been reported.\n\n");
26 if($type=="email") $body .= "EmailID: ".intval($_REQUEST['emailid'])."\n";
27 if($type=="domain") $body .= "DomainID: ".intval($_REQUEST['domainid'])."\n";
28 $body .= "Hash: ".sanitizeHTML($_REQUEST['hash'])."\n\n";
29
30 $body .= "Best regards"."\n";
31 $body .= "CAcert Website";
32
33 sendmail("support@cacert.org", "[CAcert.org] Verification Abuse", $body, "support@cacert.org", "", "", "");
34
35 showheader(_("Notification"), _("Notification"));
36 echo _("Email has been sent.");
37 showfooter();
38 exit;
39 }
40
41
42 if($type == "email")
43 {
44 $id = 1;
45 $emailid = intval($_REQUEST['emailid']);
46 $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
47
48 $query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
49 $res = mysql_query($query);
50 if(mysql_num_rows($res) > 0)
51 {
52 $row = mysql_fetch_assoc($res);
53 $row['attempts']++;
54 if($row['attempts'] >= 6)
55 {
56 mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
57 showheader(_("Error!"), _("Error!"));
58 echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
59 showfooter();
60 exit;
61 }
62 mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
63 }
64
65 $query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0";
66 $res = mysql_query($query);
67 if(mysql_num_rows($res) <= 0)
68 {
69 showheader(_("Error!"), _("Error!"));
70 echo _("The ID or Hash has already been verified, or something weird happened.");
71 showfooter();
72 exit;
73 }
74 $row = mysql_fetch_assoc($res);
75 if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
76 {
77 $query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
78 mysql_query($query);
79 $query = "update `users` set `verified`='1' where `id`='".intval($row['memid'])."' and `email`='".$row['email']."' and `verified`='0'";
80 mysql_query($query);
81 showheader(_("Updated"), _("Updated"));
82 echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
83 } else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
84 header("location: /index.php");
85 exit;
86 } else {
87 showheader(_("Updated"), _("Updated"));
88 printf(_("Are you sure you want to verify the email %s?"), $row['email']);
89 echo "<br>\n<form method='post' action='/verify.php'>";
90 echo "<input type='hidden' name='emailid' value='$emailid'>";
91 echo "<input type='hidden' name='hash' value='$hash'>";
92 echo "<input type='hidden' name='type' value='email'>";
93 echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
94 echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
95 echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
96 }
97 showfooter();
98 exit;
99 }
100 elseif($type == "domain")
101 {
102 $id = 7;
103 $domainid = intval($_REQUEST['domainid']);
104 $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
105
106 $query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
107 $res = mysql_query($query);
108 if(mysql_num_rows($res) > 0)
109 {
110 $row = mysql_fetch_assoc($res);
111 $row['attempts']++;
112 if($row['attempts'] >= 6)
113 {
114 $query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
115 showheader(_("Error!"), _("Error!"));
116 echo _("You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system");
117 showfooter();
118 exit;
119 }
120 $query = "update `domains` set `attempts`='".intval($row['attempts'])."' where `id`='$domainid'";
121 mysql_query($query);
122 }
123
124 $query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
125 $res = mysql_query($query);
126 if(mysql_num_rows($res) <= 0)
127 {
128 showheader(_("Error!"), _("Error!"));
129 echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
130 showfooter();
131 exit;
132 }
133 $row = mysql_fetch_assoc($res);
134 if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
135 {
136 $query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
137 mysql_query($query);
138 showheader(_("Updated"), _("Updated"));
139 echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
140 } else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
141 header("location: /index.php");
142 exit;
143 } else {
144 showheader(_("Updated"), _("Updated"));
145 printf(_("Are you sure you want to verify the domain %s?"), $row['domain']);
146 echo "<br>\n<form method='post' action='/verify.php'>";
147 echo "<input type='hidden' name='domainid' value='$domainid'>";
148 echo "<input type='hidden' name='hash' value='$hash'>";
149 echo "<input type='hidden' name='type' value='domain'>";
150 echo "<input type='submit' name='Yes' value='"._("Yes verify this domain")."'><br>\n";
151 echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
152 echo "<input type='submit' name='No' value='"._("Do not verify this domain")."'></form>\n";
153 }
154 showfooter();
155 exit;
156 }
157 else
158 {
159 showheader(_("Error!"), _("Error!"));
160 echo _("Parameters are missing. Please try the complete URL.");
161 showfooter();
162 exit;
163 }
164 ?>