CAcert Code Development list.

["J. Wren Hunt" <wren AT hunt.org>]

 The following change address a trouble report regarding password length.
 (These error messages bug the heck out of me. Tell the user is 
password is too short but
don't tell him the minimum length!)

 http://wrenhunt.homelinux.org/svnrepos/cacert/trunk/www/index.php


--
Cheers,

Wren

AIM & Yahoo!:  wrenhunt
MSN:           
wrenhunt AT hotmail.com
PGP key at:    https://www.biglumber.com/x/web?qs=0x4a24d6f4



    This file is part of CAcert.

    CAcert has been released under the CAcert Source License
    which can be found included with these source files or can
    be downloaded from the internet from the following address:
    http://www.cacert.org/src-lic.php

    CAcert is distributed WITHOUT ANY WARRANTY; without even
    the implied warranty of MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.  See the License for more details.
*/ ?>
\n".
				"From: CAcert-Support

"); $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct, system admins have been notified."); } else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") { $_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank."); } else if(strlen($_SESSION['lostpw']['pw1']) < 6) { $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted was too short. It must be at least 6 characters."); } else { $score = checkpw($_SESSION['lostpw']['pw1'], $_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'], $_SESSION['lostpw']['user']['mname'], $_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']); if($score < 3) { $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6."); } else { $query = "update `users` set `password`=password('".$_SESSION['lostpw']['pw1']."') where `id`='".$_SESSION['lostpw']['user']['id']."'"; mysql_query($query) || die(mysql_error()); showheader(_("Welcome to CAcert.org")); echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); showfooter(); exit; } } } if($oldid == 5 && $process != "") { $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($email))); $_SESSION['lostpw']['day'] = intval($day); $_SESSION['lostpw']['month'] = intval($month); $_SESSION['lostpw']['year'] = intval($year); $dob = $_SESSION['lostpw']['year']."-".$_SESSION['lostpw']['month']."-".$_SESSION['lostpw']['day']; $query = "select * from `users` where `email`='$email' and `dob`='$dob'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { $id = $oldid; unset($oldid); $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file"); } else { $id = 6; $_SESSION['lostpw']['user'] = mysql_fetch_assoc($res); } } if($id == 4 && $_SERVER['HTTP_HOST'] == "secure.cacert.org") { $query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); $_SESSION['profile']['loggedin'] = 1; header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); exit; } } if($id == 4 && $_SESSION['profile']['loggedin'] == 1) { header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); exit; } if($oldid == 4) { unset($oldid); $id = 4; $_SESSION['_config']['errmsg'] = ""; $email = mysql_escape_string(stripslashes($email)); $pword = mysql_escape_string(stripslashes($pword)); $query = "select * from `users` where `email`='$email' and `password`=password('$pword')"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $_SESSION['profile'] = mysql_fetch_assoc($res); if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".$_SESSION['_config']['language']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } else { $_SESSION['_config']['language'] = $_SESSION['profile']['language']; putenv("LANG=".$_SESSION['_config']['language']); setlocale(LC_ALL, $_SESSION['_config']['language']); $domain = 'messages'; bindtextdomain("$domain", "/home/cacert/locale"); textdomain("$domain"); } $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; $_SESSION['profile']['loggedin'] = 1; if($_SESSION['_config']['oldlocation'] != "") header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']); else header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); exit; } $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase."); } if($process && $oldid == 1) { $id = 2; unset($oldid); $_SESSION['_config']['errmsg'] = ""; $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($email))); $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes($fname))); $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes($mname))); $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes($lname))); $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes($suffix))); $_SESSION['signup']['day'] = intval($day); $_SESSION['signup']['month'] = intval($month); $_SESSION['signup']['year'] = intval($year); $_SESSION['signup']['pword1'] = mysql_escape_string(stripslashes($pword1)); $_SESSION['signup']['pword2'] = mysql_escape_string(stripslashes($pword2)); $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes($Q1))); $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes($Q2))); $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes($Q3))); $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes($Q4))); $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes($Q5))); $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes($A1))); $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes($A2))); $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes($A3))); $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes($A4))); $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes($A5))); if($_SESSION['signup']['fname'] == "" || $_SESSION['signup']['lname'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("First and/or last names were blank.")."
\n"; } if($_SESSION['signup']['year'] < 1900 || $_SESSION['signup']['month'] < 1 || $_SESSION['signup']['month'] > 12 || $_SESSION['signup']['day'] < 1 || $_SESSION['signup']['day'] > 31) { $id = 1; $_SESSION['_config']['errmsg'] .= _("Invalid date of birth")."
\n"; } if($_SESSION['signup']['email'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("Email Address was blank")."
\n"; } if($_SESSION['signup']['pword1'] == "") { $id = 1; $_SESSION['_config']['errmsg'] .= _("Pass Phrases were blank")."
\n"; } if($_SESSION['signup']['pword1'] != $_SESSION['signup']['pword2']) { $id = 1; $_SESSION['_config']['errmsg'] .= _("Pass Phrases don't match")."
\n"; } $score = checkpw($_SESSION['signup']['pword1'], $_SESSION['signup']['email'], $_SESSION['signup']['fname'], $_SESSION['signup']['mname'], $_SESSION['signup']['lname'], $_SESSION['signup']['suffix']); if($score < 3) { $id = 1; $_SESSION['_config']['errmsg'] = _("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored $score points out of 6."); } $query = "select * from `email` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0"; $res1 = mysql_query($query); $query = "select * from `users` where `email`='".$_SESSION['signup']['email']."' and `deleted`=0"; $res2 = mysql_query($query); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { $id = 1; $_SESSION['_config']['errmsg'] .= _("This email address is currently valid in the system.")."
\n"; } if($id == 2) { $rnd = fopen("/dev/urandom", "r"); $hash = md5(fgets($rnd, 64)); fclose($rnd); $query = "insert into `users` set `email`='".$_SESSION['signup']['email']."', `password`=password('".$_SESSION['signup']['pword1']."'), `fname`='".$_SESSION['signup']['fname']."', `mname`='".$_SESSION['signup']['mname']."', `lname`='".$_SESSION['signup']['lname']."', `suffix`='".$_SESSION['signup']['suffix']."', `dob`='".$_SESSION['signup']['year']."-".$_SESSION['signup']['month']."-".$_SESSION['signup']['day']."', `Q1`='".$_SESSION['signup']['Q1']."', `Q2`='".$_SESSION['signup']['Q2']."', `Q3`='".$_SESSION['signup']['Q3']."', `Q4`='".$_SESSION['signup']['Q4']."', `Q5`='".$_SESSION['signup']['Q5']."', `A1`='".$_SESSION['signup']['A1']."', `A2`='".$_SESSION['signup']['A2']."', `A3`='".$_SESSION['signup']['A3']."', `A4`='".$_SESSION['signup']['A4']."', `A5`='".$_SESSION['signup']['A5']."', `created`=NOW()"; mysql_query($query); $memid = mysql_insert_id(); $query = "insert into `email` set `email`='".$_SESSION['signup']['email']."', `hash`='$hash', `created`=NOW(), `memid`='$memid'"; mysql_query($query); $emailid = mysql_insert_id(); $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support "); } } if($oldid == 11 && $process != "") { $who = mysql_escape_string(stripslashes($who)); $email = mysql_escape_string(stripslashes($email)); $subject = mysql_escape_string(stripslashes($subject)); $message = addslashes(stripslashes($message)); if($who == "" || $email == "" || $subject == "" || $message == "") { $id = $oldid; $_SESSION['_config']['errmsg'] = _("All fields are mandatory.")."
\n"; unset($oldid); } } if($oldid == 11 && $process != "" && $_POST['support'] != "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; mail("support AT cacert.org", "[CAcert.org] ".$subject, $message, "From: $email"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent."); showfooter(); exit; } if($oldid == 11 && $process != "" && $_POST['support'] == "yes") { $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; mail("cacert-support AT lists.cacert.org, $email", "[website form email]: ".$subject, $message, "From: website-form AT cacert.org\nReply-To: $email"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent to the general support list."); showfooter(); exit; } if($_SESSION['signup']['year'] < 1900) $_SESSION['signup']['year'] = "19XX"; showheader(_("Welcome to CAcert.org")); includeit($id); showfooter(); ?> Index: index.php
===================================================================
--- index.php   (revision 87)
+++ index.php   (working copy)
@@ -92,7 +92,7 @@
                } else if($_SESSION['lostpw']['pw1'] != 
$_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
                        $_SESSION['_config']['errmsg'] = _("New Pass Phrases 
specified don't match or were blank.");
                } else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
-                       $_SESSION['_config']['errmsg'] = _("The Pass Phrase 
you submitted was too short.");
+                       $_SESSION['_config']['errmsg'] = _("The Pass Phrase 
you submitted was too short. It must be at least 6 characters.");
                } else {
                        $score = checkpw($_SESSION['lostpw']['pw1'], 
$_SESSION['lostpw']['user']['email'], $_SESSION['lostpw']['user']['fname'],
                                $_SESSION['lostpw']['user']['mname'], 
$_SESSION['lostpw']['user']['lname'], $_SESSION['lostpw']['user']['suffix']);