diff --git a/README.md b/README.md index 38098a2..d0746d5 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,10 @@ See the example site: https://certificatemonitor.org/ ## Requirements -- PHP 5.6+ +- PHP 5.6+ (7.0 recommended) - OpenSSL - PHP must allow remote fopen. +- PHP mbstring ## Installation @@ -19,15 +20,16 @@ Unpack, change some variables, setup a cronjob and go! First get the code and unpack it to your webroot: cd /var/www/html/ - git clone https://github.com/RaymiiOrg/certificate-expiry-monitor.git + git clone https://github.com/RCDaddy/certificate-expiry-monitor.git Create the database files, outside of your webroot. If you create these inside your webroot, everybody can read them. - touch /var/www/certificate-expiry-monitor-db/pre_checks.json - touch /var/www/certificate-expiry-monitor-db/checks.json - touch /var/www/certificate-expiry-monitor-db/deleted_checks.json + echo '{}' > /var/www/certificate-expiry-monitor-db/pre_checks.json + echo '{}' > /var/www/certificate-expiry-monitor-db/checks.json + echo '{}' > /var/www/certificate-expiry-monitor-db/deleted_checks.json chown -R $wwwuser /var/www/certificate-expiry-monitor-db/*.json + These files are used by the tool as database for checks. diff --git a/confirm.php b/confirm.php index e89d836..30a49e1 100644 --- a/confirm.php +++ b/confirm.php @@ -52,8 +52,6 @@ echo ""; } -require('inc/faq.php'); - require('inc/footer.php'); ?> diff --git a/functions/email.php b/functions/email.php deleted file mode 100644 index 6f0e1f3..0000000 --- a/functions/email.php +++ /dev/null @@ -1,193 +0,0 @@ -. - -function validate_email($email) { - if (!filter_var(mb_strtolower($email), FILTER_VALIDATE_EMAIL)) { - return false; - } else { - return true; - } -} - -function send_error_mail($domain, $email, $errors) { - echo "\t\tSending error mail to $email for $domain.\n"; - global $current_domain; - global $current_link; - global $check_file; - $domain = trim($domain); - $errors = implode("\r\n", $errors); - $json_file = file_get_contents($check_file); - if ($check_file === FALSE) { - echo "\t\tCan't open database.\n"; - return false; - } - $json_a = json_decode($json_file, true); - if ($json_a === NULL || json_last_error() !== JSON_ERROR_NONE) { - echo "\t\tCan't read database.\n"; - return false; - } - - foreach ($json_a as $key => $value) { - if ($value["domain"] == $domain && $value["email"] == $email) { - $id = $key; - $failures = $value['errors']; - $unsublink = "https://" . $current_link . "/unsubscribe.php?id=" . $id; - $to = $email; - $subject = "Certificate monitor " . htmlspecialchars($domain) . " failed."; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the check for the following domain has failed: \r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nError(s): " . htmlspecialchars($errors) . "\r\n\r\nFailure(s): " . htmlspecialchars($failures) . "\r\n\r\nPlease check this website or it's certificate. If the check fails 7 times we will remove it from our monitoring. If the check succeeds again within 7 failures, the failure count will reset.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; - $message = wordwrap($message, 70, "\r\n"); - $headers = 'From: noreply@' . $current_domain . "\r\n" . - 'Reply-To: noreply@' . $current_domain . "\r\n" . - 'Return-Path: noreply@' . $current_domain . "\r\n" . - 'X-Visitor-IP: ' . $visitor_ip . "\r\n" . - 'X-Coffee: Black' . "\r\n" . - 'List-Unsubscribe: " . "\r\n" . - 'X-Mailer: PHP/4.1.1'; - - if (mail($to, $subject, $message, $headers) === true) { - echo "\t\tEmail sent to $to.\n"; - return true; - } else { - echo "\t\tCan't send email.\n"; - return false; - } - } - } -} - -function send_cert_expired_email($days, $domain, $email, $raw_cert) { - global $current_domain; - global $current_link; - global $check_file; - $domain = trim($domain); - echo "\t\tDomain " . $domain . " expired " . $days . " ago.\n"; - - $file = file_get_contents($check_file); - if ($file === FALSE) { - echo "\t\tCan't open database.\n"; - return false; - } - $json_a = json_decode($file, true); - if ($json_a === null && json_last_error() !== JSON_ERROR_NONE) { - echo "\t\tCan't read database.\n"; - return false; - } - - foreach ($json_a as $key => $value) { - - if ($value["domain"] == $domain && $value["email"] == $email) { - - $id = $key; - $cert_cn = cert_cn($raw_cert); - $cert_subject = cert_subject($raw_cert); - $cert_serial = cert_serial($raw_cert); - $cert_expiry_date = cert_expiry_date($raw_cert); - $cert_validfrom_date = cert_valid_from($raw_cert); - - $now = time(); - $datefromdiff = $now - $cert_validfrom_date; - $datetodiff = $now - $cert_expiry_date; - $cert_valid_days_ago = floor($datefromdiff/(60*60*24)); - $cert_valid_days_ahead = floor($datetodiff/(60*60*24)); - - $unsublink = "https://" . $current_link . "/unsubscribe.php?id=" . $id; - - $to = $email; - $subject = "A certificate for " . htmlspecialchars($domain) . " expired " . htmlspecialchars($days) . " days ago"; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the following domain has a certificate in it's chain that has expired " . htmlspecialchars($days) . " days ago:\r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nCertificate Common Name: " . htmlspecialchars($cert_cn) . "\r\nCertificate Subject: " . htmlspecialchars($cert_subject) . "\r\nCertificate Serial: " . htmlspecialchars($cert_serial) . "\r\nCertificate Valid From: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_validfrom_date)) . " (" . $cert_valid_days_ago . " days ago)\r\nCertificate Valid Until: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_expiry_date)) . " (" . $cert_valid_days_ahead . " days ago)\r\n\r\nYou should renew and replace your certificate right now. If you haven't set up the certificate yourself, please forward this email to the person/company that did this for you.\r\n\rThis website is now non-functional and displays errors to it's users. Please fix this issue as soon as possible.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; - $message = wordwrap($message, 70, "\r\n"); - $headers = 'From: noreply@' . $current_domain . "\r\n" . - 'Reply-To: noreply@' . $current_domain . "\r\n" . - 'Return-Path: noreply@' . $current_domain . "\r\n" . - 'X-Visitor-IP: ' . $visitor_ip . "\r\n" . - 'X-Coffee: Black' . "\r\n" . - 'List-Unsubscribe: " . "\r\n" . - 'X-Mailer: PHP/4.1.1'; - - if (mail($to, $subject, $message, $headers) === true) { - echo "\t\tEmail sent to $to.\n"; - return true; - } else { - echo "\t\tCan't send email.\n"; - return false; - } - } - } - -} - -function send_expires_in_email($days, $domain, $email, $raw_cert) { - global $current_domain; - global $current_link; - global $check_file; - $domain = trim($domain); - echo "\t\tDomain " . $domain . " expires in " . $days . " days.\n"; - - $file = file_get_contents($check_file); - if ($file === FALSE) { - echo "\t\tCan't open database.\n"; - return false; - } - $json_a = json_decode($file, true); - if ($json_a === null && json_last_error() !== JSON_ERROR_NONE) { - echo "\t\tCan't read database.\n"; - return false; - } - - foreach ($json_a as $key => $value) { - - if ($value["domain"] == $domain && $value["email"] == $email) { - - $id = $key; - $cert_cn = cert_cn($raw_cert); - $cert_subject = cert_subject($raw_cert); - $cert_serial = cert_serial($raw_cert); - $cert_expiry_date = cert_expiry_date($raw_cert); - $cert_validfrom_date = cert_valid_from($raw_cert); - - $now = time(); - $datefromdiff = $now - $cert_validfrom_date; - $datetodiff = $cert_expiry_date - $now; - $cert_valid_days_ago = floor($datefromdiff/(60*60*24)); - $cert_valid_days_ahead = floor($datetodiff/(60*60*24)); - - $unsublink = "https://" . $current_link . "/unsubscribe.php?id=" . $id; - - $to = $email; - $subject = "A certificate for " . htmlspecialchars($domain) . " expires in " . htmlspecialchars($days) . " days"; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the following domain has a certificate in it's chain that will expire in " . htmlspecialchars($days) . " days:\r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nCertificate Common Name: " . htmlspecialchars($cert_cn) . "\r\nCertificate Subject: " . htmlspecialchars($cert_subject) . "\r\nCertificate Serial: " . htmlspecialchars($cert_serial) . "\r\nCertificate Valid From: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_validfrom_date)) . " (" . $cert_valid_days_ago . " days ago)\r\nCertificate Valid Until: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_expiry_date)) . " (" . $cert_valid_days_ahead . " days left)\r\n\r\nYou should renew and replace your certificate before it expires. If you haven't set up the certificate yourself, please forward this email to the person/company that did this for you.\r\n\r\nNot replacing your certificate before the expiry date will result in a non-functional website with errors.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; - $message = wordwrap($message, 70, "\r\n"); - $headers = 'From: noreply@' . $current_domain . "\r\n" . - 'Reply-To: noreply@' . $current_domain . "\r\n" . - 'Return-Path: noreply@' . $current_domain . "\r\n" . - 'X-Visitor-IP: ' . $visitor_ip . "\r\n" . - 'X-Coffee: Black' . "\r\n" . - 'List-Unsubscribe: " . "\r\n" . - 'X-Mailer: PHP/4.1.1'; - - if (mail($to, $subject, $message, $headers) === true) { - echo "\t\tEmail sent to $to.\n"; - return true; - } else { - echo "\t\tCan't send email.\n"; - return false; - } - } - } -} - - -?> \ No newline at end of file diff --git a/functions/get_checks.php b/functions/get_checks.php new file mode 100644 index 0000000..9508b82 --- /dev/null +++ b/functions/get_checks.php @@ -0,0 +1,26 @@ +. + function get_domain_checks() { + global $current_domain; + global $current_link; + global $check_file; + $file = file_get_contents($check_file); + if ($file === FALSE) { + return null; + } + $json_a = json_decode($file, true); + if ($json_a === null && json_last_error() !== JSON_ERROR_NONE) { + return null; + } + return $json_a; +} diff --git a/functions/variables.php b/functions/variables.php index 0dca401..b5551af 100644 --- a/functions/variables.php +++ b/functions/variables.php @@ -31,10 +31,14 @@ $current_domain = "certificatemonitor.org"; $current_link = "certificatemonitor.org"; +$showListOfDomains = false; +$showEmailsOnListOfDomains = false; +$showClickToUnsubscribeOnListOfDomains = false; + // set this to a location outside of your webroot so that it cannot be accessed via the internets. $pre_check_file = '/home/certmon/domains/certificatemonitor.org/cert-monitor/pre_checks.json'; $check_file = '/home/certmon/domains/certificatemonitor.org/cert-monitor/checks.json'; $deleted_check_file = '/home/certmon/domains/certificatemonitor.org/cert-monitor/deleted_checks.json'; -?> \ No newline at end of file +?> diff --git a/inc/faq.php b/inc/faq.php index 969700e..4223f2f 100644 --- a/inc/faq.php +++ b/inc/faq.php @@ -18,6 +18,12 @@
+View list of domains'; + } +?> +

FAQ

Is this service free?

@@ -66,4 +72,4 @@

Yes. You can check out Cipherli.st for secure server settings and guides. You can also use the SSL Decoder to check your current setup.


-


\ No newline at end of file +


diff --git a/inc/header.php b/inc/header.php index 4bab5b6..712d2a6 100644 --- a/inc/header.php +++ b/inc/header.php @@ -34,8 +34,8 @@ echo "
"; echo "
"; -echo "

"; +echo "

"; echo htmlspecialchars($title); -echo "

"; +echo "

"; -?> \ No newline at end of file +?> diff --git a/list.php b/list.php new file mode 100644 index 0000000..82a9787 --- /dev/null +++ b/list.php @@ -0,0 +1,48 @@ +. + +error_reporting(E_ALL & ~E_NOTICE); +foreach (glob("functions/*.php") as $filename) { + require($filename); +} + +require('inc/header.php'); + +echo "
"; + +if ($showListOfDomains) { + $listOfChecks = get_domain_checks(); + + if ($listOfChecks == null) { + echo ""; + } else { + echo '
' . ($showClickToUnsubscribeOnListOfDomains ? '' : '') . ''; + foreach ($listOfChecks as $key => $value) { + echo ' 0 ? 'danger' : '') . '">' : '') . ''; + } + echo '
DomainErrorsEmailEmail
' . $listOfChecks[$key]["domain"] . '' . $listOfChecks[$key]["errors"] . '' . ($showEmailsOnListOfDomains ? $listOfChecks[$key]["email"] : '****') . ($showClickToUnsubscribeOnListOfDomains ? 'Remove from checks
'; + } +} else { + echo ""; +} + +require('inc/footer.php'); + +?> diff --git a/unsubscribe.php b/unsubscribe.php index 09b57c7..ca4464d 100644 --- a/unsubscribe.php +++ b/unsubscribe.php @@ -28,8 +28,8 @@ if ( isset($_GET['cron']) && !empty($_GET['cron']) ) { $cron = htmlspecialchars($_GET['cron']); } - if ($cron = "auto") { - $userip = "Removed automatically because to many errors occured."; + if ($cron == "auto") { + $userip = "Removed automatically because too many errors occured."; } $uuid_pattern = "/([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/"; if (preg_match($uuid_pattern, $id)) { @@ -59,10 +59,6 @@ echo "
"; } -echo "
"; -require('inc/faq.php'); -echo "
"; - require('inc/footer.php'); ?>