Source code taken from cacert-20141124.tar.bz2
[cacert.git] / stamp / common.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once("/www/includes/general.php");
20
21 function clean($key)
22 {
23 return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key]))));
24 }
25
26 function checkhostname($ref)
27 {
28 $ref = trim($ref);
29 if($ref[count($ref)-1] == "." || $ref[count($ref)-1] == ":")
30 $ref = substr($ref, 0, -1);
31
32 $stampid = 0;
33 $query = "select * from `stampcache` where `hostname`='$ref'";
34 $res = mysql_query($query);
35 if(mysql_num_rows($res) > 0)
36 {
37 $row = mysql_fetch_assoc($res);
38 if($row['cacheexpire'] >= date("U"))
39 return(array($row['valid'], $row));
40 else {
41 if($row['certid'] > 0)
42 {
43 if($row['org'] == 0)
44 $query = "select * from `domaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0";
45 else
46 $query = "select * from `orgdomaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0";
47 if($_REQUEST['debug'] == 1)
48 echo $query."<br>\n";
49 $res = mysql_query($query);
50 if(mysql_num_rows($res) > 0)
51 {
52 $query = "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$row[id]'";
53 if($_REQUEST['debug'] == 1)
54 echo $query."<br>\n";
55 mysql_query($query);
56 return(array($row['valid'], $row));
57 }
58 }
59 $stampid = $row['id'];
60 }
61 }
62
63 $query = "select *,`domaincerts`.`id` as `certid`,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
64 where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and
65 `domaincerts`.`revoked`=0 and `domaincerts`.`expire` > NOW() and
66 (`domaincerts`.`subject` like '%=DNS:$ref/%' OR `domaincerts`.`subject` like '%=$ref/%' OR
67 `domaincerts`.`subject` like '%=DNS:$ref' OR `domaincerts`.`subject` like '%=$ref')
68 group by `domaincerts`.`id` order by `domaincerts`.`id`";
69 if($_REQUEST['debug'] == 1)
70 echo $query."<br>\n";
71 $res = mysql_query($query);
72 if(mysql_num_rows($res) <= 0)
73 {
74 $bits = explode(".", $ref);
75 for($i = 1; $i < count($bits); $i++)
76 {
77 if($ref2 != "")
78 $ref2 .= ".";
79 $ref2 .= $bits[$i];
80 }
81 $query = "select *,`domaincerts`.`id` as `certid`,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
82 where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and
83 `domaincerts`.`revoked`=0 and `domaincerts`.`expire` > NOW() and
84 (`domaincerts`.`subject` like '%=DNS:$ref/%' or `domaincerts`.`subject` like '%=DNS:*.$ref2/%' OR
85 `domaincerts`.`subject` like '%=DNS:$ref' or `domaincerts`.`subject` like '%=DNS:*.$ref2' OR
86 `domaincerts`.`subject` like '%=$ref/%' or `domaincerts`.`subject` like '%=*.$ref2/%' OR
87 `domaincerts`.`subject` like '%=$ref' or `domaincerts`.`subject` like '%=*.$ref2')
88 group by `domaincerts`.`id` order by `domaincerts`.`id`";
89 if($_REQUEST['debug'] == 1)
90 echo $query."<br>\n";
91 $res = mysql_query($query);
92 if(mysql_num_rows($res) <= 0)
93 {
94 $query = "select *,`orgdomaincerts`.`id` as `certid`,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
95 (`orgdomaincerts`.`subject` like '%=DNS:$ref/%' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2/%' OR
96 `orgdomaincerts`.`subject` like '%=DNS:$ref' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2' OR
97 `orgdomaincerts`.`subject` like '%=$ref/%' or `orgdomaincerts`.`subject` like '%=*.$ref2/%' OR
98 `orgdomaincerts`.`subject` like '%=$ref' or `orgdomaincerts`.`subject` like '%=*.$ref2') AND
99 `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
100 `orgdomaincerts`.`revoked`=0 and `orgdomaincerts`.`expire` > NOW()
101 group by `orgdomaincerts`.`id` order by `orgdomaincerts`.`id`";
102 if($_REQUEST['debug'] == 1)
103 echo $query."<br>\n";
104 $res = mysql_query($query);
105 if(mysql_num_rows($res) <= 0)
106 {
107 $invalid = 1;
108 } else {
109 $org = 1;
110 }
111 }
112 }
113
114 if($invalid == 0)
115 {
116 $cert = mysql_fetch_assoc($res);
117 if($org == 0)
118 {
119 $query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
120 `notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' and `notary`.`deleted`=0 GROUP BY `notary`.`to`";
121 $user = mysql_fetch_assoc(mysql_query($query));
122 } else {
123 $query = "select * from `orginfo` where `id`='$cert[orgid]'";
124 $orgi = mysql_fetch_assoc(mysql_query($query));
125 }
126
127 if($stampid <= 0)
128 {
129 $query = "insert into `stampcache` set `certid`='$cert[certid]',`cacheexpire`='".(date("U")+600)."',`issued`='$cert[issued]',
130 `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]',
131 `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid'";
132 } else {
133 $query = "update `stampcache` set `certid`='$cert[certid]',`cacheexpire`='".(date("U")+600)."',`issued`='$cert[issued]',
134 `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]',
135 `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid' where `id`='$stampid'";
136 }
137 mysql_query($query);
138 } else if($stampid > 0) {
139 mysql_query("update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'");
140 } else {
141 $query = "insert into `stampcache` set `cacheexpire`='".(date("U")+600)."',`hostname`='$ref',`valid`='$invalid'";
142 mysql_query($query);
143 }
144
145 $arr = array("issued" => $cert['issued'], "expire" => $cert['expire'], "subject" => $cert['subject'], "hostname" => $ref,
146 "org" => $org, "points" => $user['total'], "O" => $orgi['O'], "L" => $orgi['L'], "ST" => $orgi['ST'],
147 "C" => $orgi['C']);
148
149 return(array($invalid, $arr));
150 }
151 ?>