Merge branch 'bug-1318' into testserver-stable
[cacert-devel.git] / includes / general.php
index a03a45f..9727374 100644 (file)
 //     if($_SESSION['profile']['id'] > 0)
 //             session_regenerate_id();
 
+       //cf. http://stackoverflow.com/a/14532168
+       if(!defined('ENT_HTML401'))     define('ENT_HTML401', 0);
+       if(!defined('ENT_XML1'))        define('ENT_XML1', 16);
+       if(!defined('ENT_XHTML'))       define('ENT_XHTML', 32);
+       if(!defined('ENT_HTML5'))       define('ENT_HTML5', (32|16));
+
        $pageLoadTime_Start = microtime(true);
 
        $junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"),
                }
        }
 
+       function isValidWildcard($name){
+               if(substr($name,0,2) == "*."){
+                       $name = substr($name, 2);
+               }
+               if(!preg_match('/^(\\.(?!-)[a-z0-9_-]*[a-z0-9])+$/i','.'.$name)){
+                       return false;
+               }
+               return strpos($name, "*") === false;
+       }
+
        function getcn()
        {
                unset($_SESSION['_config']['rows']);
                        $bits = explode(".", $CN);
                        $dom = "";
                        $cnok = 0;
+
+                       if(!isValidWildcard($CN)){
+                               $_SESSION['_config']['rejected'][] = $CN;
+                               continue;
+                       }
+
                        for($i = count($bits) - 1; $i >= 0; $i--)
                        {
                                if($dom)
                                        $dom = $bits[$i];
                                $_SESSION['_config']['row'] = "";
                                $dom = mysql_real_escape_string($dom);
-                               $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
+                               $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` = '$dom' and `deleted`=0 and `hash`=''";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) > 0)
                                {
                        else
                                continue;
 
+                       if(!isValidWildcard($alt)){
+                               $_SESSION['_config']['rejected'][] = $alt;
+                               continue;
+                       }
+
                        $bits = explode(".", $alt);
                        $dom = "";
                        $altok = 0;
                                        $dom = $bits[$i];
                                $_SESSION['_config']['altrow'] = "";
                                $dom = mysql_real_escape_string($dom);
-                               $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
+                               $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` = '$dom' and `deleted`=0 and `hash`=''";
                                $res = mysql_query($query);
                                if(mysql_num_rows($res) > 0)
                                {
                        $CN = $_SESSION['_config']["$cnc.CN"];
                        $bits = explode(".", $CN);
                        $dom = "";
+
+                        if(!isValidWildcard($CN)){
+                                $_SESSION['_config']['rejected'][] = $CN;
+                                continue;
+                        }
+
                        for($i = count($bits) - 1; $i >= 0; $i--)
                        {
                                if($dom)
                        else
                                continue;
 
+                        if(!isValidWildcard($alt)){
+                                $_SESSION['_config']['rejected'][] = $alt;
+                                continue;
+                        }
+
                        $bits = explode(".", $alt);
                        $dom = "";
                        for($i = count($bits) - 1; $i >= 0; $i--)
 
                        foreach($mxhosts as $key => $domain)
                        {
-                               $fp = @fsockopen($domain,25,$errno,$errstr,5);
+                               $fp_opt = array(
+                                       'ssl' => array(
+                                               'verify_peer'   => false,       // Opportunistic Encryption
+                                               )
+                                       );
+                               $fp_ctx = stream_context_create($fp_opt);
+                               $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
                                if($fp)
                                {
+                                       stream_set_blocking($fp, true);
 
-                                       $line = fgets($fp, 4096);
-                                        while(substr($line, 0, 4) == "220-")
-                                               $line = fgets($fp, 4096);
-                                       if(substr($line, 0, 3) != "220")
+                                       $has_starttls = false;
+
+                                       do {
+                                               $line = fgets($fp, 4096);
+                                       } while(substr($line, 0, 4) == "220-");
+                                       if(substr($line, 0, 3) != "220") {
+                                               fclose($fp);
                                                continue;
-                                       fputs($fp, "HELO www.cacert.org\r\n");
-                                       $line = fgets($fp, 4096);
-                                       while(substr($line, 0, 3) == "220")
+                                       }
+
+                                       fputs($fp, "EHLO www.cacert.org\r\n");
+                                       do {
                                                $line = fgets($fp, 4096);
-                                       if(substr($line, 0, 3) != "250")
+                                               $has_starttls |= substr(trim($line),4) == "STARTTLS";
+                                       } while(substr($line, 0, 4) == "250-");
+                                       if(substr($line, 0, 3) != "250") {
+                                               fclose($fp);
                                                continue;
-                                       fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
-                                       $line = fgets($fp, 4096);
+                                       }
+
+                                       if($has_starttls) {
+                                               fputs($fp, "STARTTLS\r\n");
+                                               do {
+                                                       $line = fgets($fp, 4096);
+                                               } while(substr($line, 0, 4) == "220-");
+                                               if(substr($line, 0, 3) != "220") {
+                                                       fclose($fp);
+                                                       continue;
+                                               }
+
+                                               stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+
+                                               fputs($fp, "EHLO www.cacert.org\r\n");
+                                               do {
+                                                       $line = fgets($fp, 4096);
+                                               } while(substr($line, 0, 4) == "250-");
+                                               if(substr($line, 0, 3) != "250") {
+                                                       fclose($fp);
+                                                       continue;
+                                               }
+                                       }
 
-                                       if(substr($line, 0, 3) != "250")
+                                       fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
+                                       do {
+                                               $line = fgets($fp, 4096);
+                                       } while(substr($line, 0, 4) == "250-");
+                                       if(substr($line, 0, 3) != "250") {
+                                               fclose($fp);
                                                continue;
+                                       }
+
                                        fputs($fp, "RCPT TO:<$email>\r\n");
-                                       $line = trim(fgets($fp, 4096));
+                                       do {
+                                               $line = fgets($fp, 4096);
+                                       } while(substr($line, 0, 4) == "250-");
+                                       if(substr($line, 0, 3) != "250") {
+                                               fclose($fp);
+                                               continue;
+                                       }
+
                                        fputs($fp, "QUIT\r\n");
                                        fclose($fp);
 
                                        $line = mysql_real_escape_string(trim(strip_tags($line)));
                                        $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
-                                       if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
+                                       if(isset($_SESSION['profile']) && is_array($_SESSION['profile']) && isset($_SESSION['profile']['id'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
                                        mysql_query($query);
 
                                        if(substr($line, 0, 3) != "250")
                        $subject="";
                        if(mysql_num_rows($res) > 0)
                        {
-                               printf(_("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status."));
+                               printf('<p>' . _("Your certificate request is still queued and hasn't been processed yet. Please wait, and go to Certificates -> View to see it's status." . '</p>'));
                                $subject="[CAcert.org] Certificate TIMEOUT";
                                $body = "A certificate has timed out!\n\n";
                        }
                        else
                        {
-                               printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." certid:$table:".intval($certid), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
+                               printf('<p>' . _("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.") . " certid:$table:".intval($certid) . '</p>', "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
                                $subject="[CAcert.org] Certificate FAILURE";
                                $body = "A certificate has failed: $table $certid $id $show\n\n";
                        }
 
                        $body .= _("Best regards")."\n"._("CAcert.org Support!");
 
-                       sendmail("philipp@cacert.org", $subject, $body, "returns@cacert.org", "", "", "CAcert Support");
+                       sendmail("sw-message@cacert.org", $subject, $body, "returns@cacert.org", "", "", "CAcert Support");
 
                        if($show) showfooter();
                        if($show) exit;
                return $res;
        }
 
+       /**
+         * Returns the given ip address truncated to /16 (ipv4) or to /48 (ipv6)
+         */
+       function anonymizeIP($ip){
+               $bits = @inet_pton($ip);
+               if($bits === false) {
+                       return false;
+               }
 
-?>
+               if(strlen($bits) == 4) {
+                       $bits[2] = "\0";
+                       $bits[3] = "\0";
+                       $newIP = @inet_ntop($bits);
+                       if($newIP !== false) {
+                               $newIP .= "/16";
+                       }
+                       return $newIP;
+               } else if(strlen($bits) == 16) {
+                       for($i=6;$i<16;$i++){
+                               $bits[$i]="\0";
+                       }
+                       $newIP = @inet_ntop($bits);
+                       if($newIP !== false) {
+                               $newIP .= "/48";
+                       }
+                       return $newIP;
+               }
+               return false;
+       }