View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001446 | Main CAcert Website | General | public | 2018-11-04 04:51 | 2018-11-11 18:36 |
| Reporter | pmoulding@cacert.org | Assigned To | pmoulding@cacert.org | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | needs work | Resolution | open | ||
| Platform | Test CAcert Website | OS | N/A | OS Version | Test |
| Summary | 0001446: Add an autoloader as a step toward moving common code into classes | ||||
| Description | Common code should be in classes. Classes can be delivered from a single class directory. An autoloader can make the class loading automatic. The autoloader can replace the multiple occurrences of require/require_once. The autoloader class could also replace the prepend defined in the Apache config file, removing a roadblock for people who cannot access their Apache settings. | ||||
| Additional Information | Create a directory outside the Web root named class or the same directory inside the Web root with a Web server config line to limit access to the class directory. Create a class named cacert in a class file named cacert.php in the class directory. Add common code to every page to start with the loading of the cacert class. In the constructor of cacert, register an autoloader function named autoloader. Create the autoloader function to load classes from the class directory if they exist. The class could also set directory paths and other similar values, such as the domain name, for use on every page. | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
I modified index.php in my test to include a cacert.php. index.php (26,831 bytes)
<?php
/**
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once './cacert.php';
require_once '../includes/general.php';
echo '<p>Trying to stop redirect</p>';
exit;
require_once($cacert_includes . '/lib/l10n.php');
echo '<p>Trying to stop redirect</p>';
exit;
require_once($cacert_includes . '/notary.inc.php');
echo '<p>Trying to stop redirect</p>';
exit;
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
$process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
if($id == 2)
$id = 0;
$_SESSION['_config']['errmsg'] = "";
if($id == 17 || $id == 20)
{
include_once("../pages/index/$id.php");
exit;
}
loadem("index");
echo '<p>Trying to stop redirect</p>';
exit;
$_SESSION['_config']['hostname'] = $_SERVER['HTTP_HOST'];
if(($oldid == 6 || $id == 6) && intval($_SESSION['lostpw']['user']['id']) < 1)
{
$oldid = 0;
$id = 5;
}
if($oldid == 6 && $process != "")
{
$body = "";
$answers = 0;
$qs = array();
$id = $oldid;
$oldid = 0;
if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1'])
{
$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
}
if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2'])
{
$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
}
if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3'])
{
$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
}
if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4'])
{
$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
}
if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5'])
{
$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
$answers++;
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
}
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
if($answers < $_SESSION['lostpw']['total'] || $answers < 3)
{
$body = "Someone has just attempted to update the pass phrase on the following account:\n".
"Username(ID): ".$_SESSION['lostpw']['user']['email']."(".$_SESSION['lostpw']['user']['id'].")\n".
"email: ".$_SESSION['lostpw']['user']['email']."\n".
"IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
"---------------------------------------------------------------------\n".$body.
"---------------------------------------------------------------------\n";
sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
$_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
$_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
} else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
$_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
} else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
$_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters.");
} else {
$score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
$_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);
if($score < 3)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
} else {
$query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
mysql_query($query) || die(mysql_error());
showheader(_("Welcome to CAcert.org"));
echo _("Your Pass Phrase has been changed now. You can now login with your new password.");
showfooter();
exit;
}
}
}
if($oldid == 5 && $process != "")
{
$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
$_SESSION['lostpw']['day'] = intval($_REQUEST['day']);
$_SESSION['lostpw']['month'] = intval($_REQUEST['month']);
$_SESSION['lostpw']['year'] = intval($_REQUEST['year']);
$dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day'];
$query = "select * from `users` where `email`='$email' and `dob`='$dob'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$id = $oldid;
$oldid = 0;
$_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
} else {
$id = 6;
$_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
}
}
//client login
if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
{
include_once("../includes/lib/general.php");
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN']);
if($user_id >= 0)
{
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
"select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
if($_SESSION['profile']['id'] != 0)
{
$_SESSION['profile']['loggedin'] = 1;
//header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
exit;
} else {
$_SESSION['profile']['loggedin'] = 0;
}
}
}
if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
{
//header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
exit;
}
if($oldid == 4)
{
$oldid = 0;
$id = 4;
$_SESSION['_config']['errmsg'] = "";
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
$res = mysql_query($query);
$query = "SELECT 1 FROM `users` WHERE `email`='$email' and (UNIX_TIMESTAMP(`lastLoginAttempt`) < UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - 5 or `lastLoginAttempt` is NULL)" ;
$rateLimit = mysql_num_rows(mysql_query($query)) > 0;
if(mysql_num_rows($res) > 0 && $rateLimit)
{
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
$_SESSION['profile'] = mysql_fetch_assoc($res);
$query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
$_SESSION['profile']['loggedin'] = 1;
if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
$_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
$_SESSION['profile']['Q5'] == "")
{
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$_SESSION['_config']['oldlocation'] = "account.php?id=13";
}
if (!isset($_SESSION['_config']['oldlocation'])){
$_SESSION['_config']['oldlocation']='';
}
if (checkpwlight($pword) < 3)
$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
if($_SESSION['_config']['oldlocation'] != ""){
//header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
}else{
//header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
}
exit;
} else if($rateLimit){
$query = "update `users` set `lastLoginAttempt`=CURRENT_TIMESTAMP WHERE `email`='$email'";
mysql_query($query);
}
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=0 and `deleted`=0";
$res = mysql_query($query);
if(!$rateLimit || mysql_num_rows($res) <= 0) {
$_SESSION['_config']['errmsg'] = _("Login failed due to incorrect email address, wrong passphrase or because the rate limit of one login per 5 seconds was hit.");
} else {
$_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
}
}
// check for CCA acceptance prior to login
if ($oldid == 52 )
{
// Check if the user is already authenticated
if (!array_key_exists('profile',$_SESSION)
|| !array_key_exists('loggedin',$_SESSION['profile'])
|| $_SESSION['profile']['loggedin'] != 1)
{
//header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
exit;
}
if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
{
write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
$_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
if (array_key_exists("oldlocation",$_SESSION['_config'])
&& $_SESSION['_config']['oldlocation']!="")
{
//header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
exit;
} else {
//header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
exit;
}
}
// User didn't agree
//header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
exit;
}
if($process && $oldid == 1)
{
$id = 2;
$oldid = 0;
$_SESSION['_config']['errmsg'] = "";
$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
$_SESSION['signup']['day'] = intval($_REQUEST['day']);
$_SESSION['signup']['month'] = intval($_REQUEST['month']);
$_SESSION['signup']['year'] = intval($_REQUEST['year']);
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1'])));
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2'])));
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4']))));
$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5']))));
$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1']))));
$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2']))));
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3']))));
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
$_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0);
$_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0);
$_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0);
$_SESSION['signup']['radius'] = intval(array_key_exists('radius',$_REQUEST)?$_REQUEST['radius']:0);
$_SESSION['signup']['cca_agree'] = intval(array_key_exists('cca_agree',$_REQUEST)?$_REQUEST['cca_agree']:0);
if($_SESSION['signup']['Q1'] == $_SESSION['signup']['Q2'] ||
$_SESSION['signup']['Q1'] == $_SESSION['signup']['Q3'] ||
$_SESSION['signup']['Q1'] == $_SESSION['signup']['Q4'] ||
$_SESSION['signup']['Q1'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['Q2'] == $_SESSION['signup']['Q3'] ||
$_SESSION['signup']['Q2'] == $_SESSION['signup']['Q4'] ||
$_SESSION['signup']['Q2'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['Q3'] == $_SESSION['signup']['Q4'] ||
$_SESSION['signup']['Q3'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['Q4'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['Q1'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['Q2'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['Q3'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['Q4'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['A2'] == $_SESSION['signup']['Q3'] ||
$_SESSION['signup']['A2'] == $_SESSION['signup']['Q4'] ||
$_SESSION['signup']['A2'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['A3'] == $_SESSION['signup']['Q4'] ||
$_SESSION['signup']['A3'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['A4'] == $_SESSION['signup']['Q5'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['A2'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['A3'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['A4'] ||
$_SESSION['signup']['A1'] == $_SESSION['signup']['A5'] ||
$_SESSION['signup']['A2'] == $_SESSION['signup']['A3'] ||
$_SESSION['signup']['A2'] == $_SESSION['signup']['A4'] ||
$_SESSION['signup']['A2'] == $_SESSION['signup']['A5'] ||
$_SESSION['signup']['A3'] == $_SESSION['signup']['A4'] ||
$_SESSION['signup']['A3'] == $_SESSION['signup']['A5'] ||
$_SESSION['signup']['A4'] == $_SESSION['signup']['A5'])
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
}
if($_SESSION['signup']['Q1'] == "" || $_SESSION['signup']['Q2'] == "" ||
$_SESSION['signup']['Q3'] == "" || $_SESSION['signup']['Q4'] == "" ||
$_SESSION['signup']['Q5'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>\n";
}
if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."<br>\n";
}
if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 ||
$_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31 ||
!checkdate($_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) ||
mktime(0,0,0,$_SESSION['signup']['month'],$_SESSION['signup']['day'],$_SESSION['signup']['year']) > time() )
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."<br>\n";
}
if($_SESSION['signup']['cca_agree'] == "0")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("You have to agree to the CAcert Community agreement.")."<br>\n";
}
if($_SESSION['signup']['email'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Email Address was blank")."<br>\n";
}
if($_SESSION['signup']['pword1'] == "")
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."<br>\n";
}
if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2'])
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."<br>\n";
}
$score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']);
if($score < 3)
{
$id = 1;
$_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6.");
}
if($id == 2)
{
$query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
$res1 = mysql_query($query);
$query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0";
$res2 = mysql_query($query);
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
$id = 1;
$_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."<br>\n";
}
$query = "select `domain` from `baddomains` where `domain`=RIGHT('".$_SESSION['signup']['email']."', LENGTH(`domain`))";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$domain = mysql_fetch_assoc($res);
$domain = $domain['domain'];
$id = 1;
$_SESSION['_config']['errmsg'] .= sprintf(_("We don't allow signups from people using email addresses from %s"), $domain)."<br>\n";
}
}
if($id == 2)
{
$checkemail = checkEmail($_SESSION['signup']['email']);
if($checkemail != "OK")
{
$id = 1;
if (substr($checkemail, 0, 1) == "4")
{
$_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
} else {
$_SESSION['_config']['errmsg'] .= _("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid");
}
$_SESSION['_config']['errmsg'] .= "<br>\n$checkemail<br>\n";
}
}
if($id == 2)
{
$hash = make_hash();
$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
`password`=sha1('".$_SESSION['signup']['pword1']."'),
`fname`='".$_SESSION['signup']['fname']."',
`mname`='".$_SESSION['signup']['mname']."',
`lname`='".$_SESSION['signup']['lname']."',
`suffix`='".$_SESSION['signup']['suffix']."',
`dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."',
`Q1`='".$_SESSION['signup']['Q1']."',
`Q2`='".$_SESSION['signup']['Q2']."',
`Q3`='".$_SESSION['signup']['Q3']."',
`Q4`='".$_SESSION['signup']['Q4']."',
`Q5`='".$_SESSION['signup']['Q5']."',
`A1`='".$_SESSION['signup']['A1']."',
`A2`='".$_SESSION['signup']['A2']."',
`A3`='".$_SESSION['signup']['A3']."',
`A4`='".$_SESSION['signup']['A4']."',
`A5`='".$_SESSION['signup']['A5']."',
`created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
mysql_query($query);
$memid = mysql_insert_id();
$query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',
`hash`='$hash',
`created`=NOW(),
`memid`='$memid'";
mysql_query($query);
$emailid = mysql_insert_id();
$query = "insert into `alerts` set `memid`='$memid',
`general`='".$_SESSION['signup']['general']."',
`country`='".$_SESSION['signup']['country']."',
`regional`='".$_SESSION['signup']['regional']."',
`radius`='".$_SESSION['signup']['radius']."'";
mysql_query($query);
write_user_agreement($memid, "CCA", "account creation", "", 1);
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
foreach($_SESSION['signup'] as $key => $val)
$_SESSION['signup'][$key] = "";
unset($_SESSION['signup']);
}
}
if($oldid == 11 && $process != "")
{
$who = stripslashes($_REQUEST['who']);
$email = stripslashes($_REQUEST['email']);
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$secrethash = $_REQUEST['secrethash2'];
//check for spam via honeypot
if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
echo _("Form could not be sent.");
showfooter();
exit;
}
if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
{
$id = $oldid;
$process = "";
$_SESSION['_config']['errmsg'] = _("This seems like you have cookies or Javascript disabled, cannot continue.");
$oldid = 0;
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
//echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
//if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
echo _("This seems like you have cookies or Javascript disabled, cannot continue.");
die;
}
if(strstr($subject, "botmetka") || strstr($subject, "servermetka") || strstr($who,"\n") || strstr($email,"\n") || strstr($subject,"\n") )
{
$id = $oldid;
$process = "";
$_SESSION['_config']['errmsg'] = _("This seems like potential spam, cannot continue.");
$oldid = 0;
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
sendmail("support@cacert.org", "[CAcert.org] Possible SPAM", $message, $email, "", "", "CAcert Support");
//echo "Alert! Alert! Alert! SPAM SPAM SPAM!!!<br><br><br>";
//if($_SESSION['_config']['secrethash'] != $secrethash) echo "Hash does not match: $secrethash vs. ".$_SESSION['_config']['secrethash']."\n";
echo _("This seems like potential spam, cannot continue.");
die;
}
if(trim($who) == "" || trim($email) == "" || trim($subject) == "" || trim($message) == "")
{
$id = $oldid;
$process = "";
$_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."<br>\n";
$oldid = 0;
}
}
if($oldid == 11 && $process != "")
{
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
if (isset($process[0])){
sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent to the general support list.");
showfooter();
exit;
}
if (isset($process[1])){
sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
showheader(_("Welcome to CAcert.org"));
echo _("Your message has been sent.");
showfooter();
exit;
}
}
if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
$_SESSION['signup']['year'] = "19XX";
if ($id == 12)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
// header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
if ($id == 19)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
$newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
// header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
if ($id == 8)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
$newUrl = $protocol . '://wiki.cacert.org/Board';
//header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
?>
|
|
|
The included cacert.php brings in a common cacert.php file from outside the Web root. There is a .ini file at the same level. cacert.ini (221 bytes)
; Configuration for CAcert.local. [Domain] domain_name = cacert.local domain_name_display = CAcert.local [database] database_name = cacert_test database_password = cacert_test database_user = cacert_test cacert-2.php (359 bytes)
<?php
/**
* cacert is the first class you load.
* cacert autoloads other classes in the same directory.
*/
$settings = parse_ini_file('cacert.ini');
$settings['base_directory'] = __DIR__ . '/';
$settings['class_directory'] = $settings['base_directory'] . 'class/';
require_once $settings['class_directory'] . 'cacert.php';
$cacert = new cacert($settings);
|
|
|
The cacert.php file includes class/cacert.php cacert-3.php (2,264 bytes)
<?php
/**
* cacert is the first class you load.
* cacert autoloads other classes in the same directory.
*/
class cacert
{
protected $base_directory;
protected $class_directory;
protected $class_suffix = '.php';
protected $web_directory;
protected $database_name;
protected $database_password;
protected $database_user;
protected $host_name;
protected $host_name_display;
public function __construct($settings)
{
$this->base_directory = $settings['base_directory'];
$this->class_directory = $settings['class_directory'];
$this->web_directory = $_SERVER['DOCUMENT_ROOT'];
if (substr($this->web_directory, -1) != '/') { $this->web_directory .= '/'; }
if (isset($settings['domain_name'])) { $this->host_name = $settings['domain_name']; }
else { $this->host_name = $_SERVER['HTTP_HOST']; }
if (isset($settings['domain_name_display'])) { $this->host_name_display = $settings['domain_name_display']; }
else { $this->host_name_display = $this->host_name; }
if (isset($settings['database_name'])) { $this->database_name = $settings['database_name']; }
if (isset($settings['database_password'])) { $this->database_password = $settings['database_password']; }
if (isset($settings['database_user'])) { $this->database_user = $settings['database_user']; }
$result = spl_autoload_register ('cacert::autoload');
}
protected function autoload($class)
{
$file = $this->class_directory . $class . $this->class_suffix;
if (file_exists($file))
{
require_once $file;
return true;
}
return false;
}
public function database_name() { return $this->database_name; }
public function database_password() { return $this->database_password; }
public function database_user() { return $this->database_user; }
public function host_name() { return $this->host_name; }
public function host_name_display() { return $this->host_name_display; }
public function web_directory() { return $this->web_directory; }
}
|
|
|
This structure was copied from other projects. You might like to work on the names, locations, and what is included from the .ini. I started a separate issue for the .ini and included the .ini here only as a simple way to load the .ini. The contents of the .ini would be better discussed in the other issue. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-11-04 04:51 | pmoulding@cacert.org | New Issue | |
| 2018-11-04 04:51 | pmoulding@cacert.org | Assigned To | => jandd |
| 2018-11-04 07:01 | pmoulding@cacert.org | File Added: cacert.php | |
| 2018-11-04 07:01 | pmoulding@cacert.org | File Added: index.php | |
| 2018-11-04 07:01 | pmoulding@cacert.org | Note Added: 0005647 | |
| 2018-11-04 07:03 | pmoulding@cacert.org | File Added: cacert.ini | |
| 2018-11-04 07:03 | pmoulding@cacert.org | File Added: cacert-2.php | |
| 2018-11-04 07:03 | pmoulding@cacert.org | Note Added: 0005648 | |
| 2018-11-04 07:03 | pmoulding@cacert.org | File Added: cacert-3.php | |
| 2018-11-04 07:03 | pmoulding@cacert.org | Note Added: 0005649 | |
| 2018-11-04 07:07 | pmoulding@cacert.org | Note Added: 0005650 | |
| 2018-11-04 09:09 | jandd | Project | Infrastructure => Main CAcert Website |
| 2018-11-04 09:09 | jandd | Category | general => General |
| 2018-11-04 09:11 | jandd | Assigned To | jandd => |
| 2018-11-09 21:59 | Ted | Relationship added | child of 0001260 |
| 2018-11-09 22:00 | Ted | Assigned To | => pmoulding@cacert.org |
| 2018-11-09 22:00 | Ted | Status | new => needs work |
