From 17c30fc3007df960781d1d5845e06cc9e3e7b4ae Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 14:55:51 +0000 Subject: [PATCH 01/20] Update email.php Fix typo in message --- functions/email.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/functions/email.php b/functions/email.php index 6f0e1f3..7ab6e0c 100644 --- a/functions/email.php +++ b/functions/email.php @@ -107,7 +107,7 @@ function send_cert_expired_email($days, $domain, $email, $raw_cert) { $to = $email; $subject = "A certificate for " . htmlspecialchars($domain) . " expired " . htmlspecialchars($days) . " days ago"; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the following domain has a certificate in it's chain that has expired " . htmlspecialchars($days) . " days ago:\r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nCertificate Common Name: " . htmlspecialchars($cert_cn) . "\r\nCertificate Subject: " . htmlspecialchars($cert_subject) . "\r\nCertificate Serial: " . htmlspecialchars($cert_serial) . "\r\nCertificate Valid From: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_validfrom_date)) . " (" . $cert_valid_days_ago . " days ago)\r\nCertificate Valid Until: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_expiry_date)) . " (" . $cert_valid_days_ahead . " days ago)\r\n\r\nYou should renew and replace your certificate right now. If you haven't set up the certificate yourself, please forward this email to the person/company that did this for you.\r\n\rThis website is now non-functional and displays errors to it's users. Please fix this issue as soon as possible.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; + $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the following domain has a certificate in its chain that has expired " . htmlspecialchars($days) . " days ago:\r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nCertificate Common Name: " . htmlspecialchars($cert_cn) . "\r\nCertificate Subject: " . htmlspecialchars($cert_subject) . "\r\nCertificate Serial: " . htmlspecialchars($cert_serial) . "\r\nCertificate Valid From: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_validfrom_date)) . " (" . $cert_valid_days_ago . " days ago)\r\nCertificate Valid Until: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_expiry_date)) . " (" . $cert_valid_days_ahead . " days ago)\r\n\r\nYou should renew and replace your certificate right now. If you haven't set up the certificate yourself, please forward this email to the person/company that did this for you.\r\n\rThis website is now non-functional and displays errors to it's users. Please fix this issue as soon as possible.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; $message = wordwrap($message, 70, "\r\n"); $headers = 'From: noreply@' . $current_domain . "\r\n" . 'Reply-To: noreply@' . $current_domain . "\r\n" . @@ -190,4 +190,4 @@ function send_expires_in_email($days, $domain, $email, $raw_cert) { } -?> \ No newline at end of file +?> From 5885051f36ad814fcb6274213bb626784a8629de Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 14:57:51 +0000 Subject: [PATCH 02/20] Update README.md fix issues --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 38098a2..f8d0f66 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,11 @@ First get the code and unpack it to your webroot: Create the database files, outside of your webroot. If you create these inside your webroot, everybody can read them. - touch /var/www/certificate-expiry-monitor-db/pre_checks.json - touch /var/www/certificate-expiry-monitor-db/checks.json - touch /var/www/certificate-expiry-monitor-db/deleted_checks.json - chown -R $wwwuser /var/www/certificate-expiry-monitor-db/*.json +echo '{}' > /var/www/certificate-expiry-monitor-db/pre_checks.json +echo '{}' > /var/www/certificate-expiry-monitor-db/checks.json +echo '{}' > /var/www/certificate-expiry-monitor-db/deleted_checks.json +chown -R $wwwuser /var/www/certificate-expiry-monitor-db/*.json + These files are used by the tool as database for checks. From 52883737a6bba43f2e50c4aa72b8518c1259a5fb Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 14:59:25 +0000 Subject: [PATCH 03/20] Update unsubscribe.php Visitor IP is missing when manually unsubscribing --- unsubscribe.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/unsubscribe.php b/unsubscribe.php index 09b57c7..e1cfa14 100644 --- a/unsubscribe.php +++ b/unsubscribe.php @@ -28,8 +28,8 @@ if ( isset($_GET['cron']) && !empty($_GET['cron']) ) { $cron = htmlspecialchars($_GET['cron']); } - if ($cron = "auto") { - $userip = "Removed automatically because to many errors occured."; + if ($cron == "auto") { + $userip = "Removed automatically because too many errors occured."; } $uuid_pattern = "/([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/"; if (preg_match($uuid_pattern, $id)) { From 5d9f2a9cebb015e579a65d91f26bb9e0982e7dbc Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:00:50 +0000 Subject: [PATCH 04/20] Update confirm.php Adding listing feature --- confirm.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/confirm.php b/confirm.php index e89d836..30a49e1 100644 --- a/confirm.php +++ b/confirm.php @@ -52,8 +52,6 @@ echo ""; } -require('inc/faq.php'); - require('inc/footer.php'); ?> From 0b27369df1f048db8a67cbe22cc89046189b3264 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:01:40 +0000 Subject: [PATCH 05/20] Create get_checks.php Adding listing feature --- functions/get_checks.php | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 functions/get_checks.php diff --git a/functions/get_checks.php b/functions/get_checks.php new file mode 100644 index 0000000..9508b82 --- /dev/null +++ b/functions/get_checks.php @@ -0,0 +1,26 @@ +. + function get_domain_checks() { + global $current_domain; + global $current_link; + global $check_file; + $file = file_get_contents($check_file); + if ($file === FALSE) { + return null; + } + $json_a = json_decode($file, true); + if ($json_a === null && json_last_error() !== JSON_ERROR_NONE) { + return null; + } + return $json_a; +} From 72c2114baf986e039b57fac68651e0450bd0fa9d Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:02:53 +0000 Subject: [PATCH 06/20] Update variables.php Adding listing feature --- functions/variables.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/functions/variables.php b/functions/variables.php index 0dca401..b5551af 100644 --- a/functions/variables.php +++ b/functions/variables.php @@ -31,10 +31,14 @@ $current_domain = "certificatemonitor.org"; $current_link = "certificatemonitor.org"; +$showListOfDomains = false; +$showEmailsOnListOfDomains = false; +$showClickToUnsubscribeOnListOfDomains = false; + // set this to a location outside of your webroot so that it cannot be accessed via the internets. $pre_check_file = '/home/certmon/domains/certificatemonitor.org/cert-monitor/pre_checks.json'; $check_file = '/home/certmon/domains/certificatemonitor.org/cert-monitor/checks.json'; $deleted_check_file = '/home/certmon/domains/certificatemonitor.org/cert-monitor/deleted_checks.json'; -?> \ No newline at end of file +?> From 4e09a162af353ebb8fffc2e10ed19fec34ecb808 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:03:47 +0000 Subject: [PATCH 07/20] Update faq.php --- inc/faq.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/inc/faq.php b/inc/faq.php index 969700e..4223f2f 100644 --- a/inc/faq.php +++ b/inc/faq.php @@ -18,6 +18,12 @@
+View list of domains'; + } +?> +

FAQ

Is this service free?

@@ -66,4 +72,4 @@

Yes. You can check out Cipherli.st for secure server settings and guides. You can also use the SSL Decoder to check your current setup.


-


\ No newline at end of file +


From 2c489a521202be2b9991fb546bae7255bd7f2628 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:04:32 +0000 Subject: [PATCH 08/20] Update header.php --- inc/header.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/header.php b/inc/header.php index 4bab5b6..712d2a6 100644 --- a/inc/header.php +++ b/inc/header.php @@ -34,8 +34,8 @@ echo "
"; echo "
"; -echo "

"; +echo "

"; echo htmlspecialchars($title); -echo "

"; +echo "

"; -?> \ No newline at end of file +?> From 1a1d32cadfad5750b4e24659ce9cfefeaaebc6c9 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:05:12 +0000 Subject: [PATCH 09/20] Create list.php --- list.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 list.php diff --git a/list.php b/list.php new file mode 100644 index 0000000..82a9787 --- /dev/null +++ b/list.php @@ -0,0 +1,48 @@ +. + +error_reporting(E_ALL & ~E_NOTICE); +foreach (glob("functions/*.php") as $filename) { + require($filename); +} + +require('inc/header.php'); + +echo "
"; + +if ($showListOfDomains) { + $listOfChecks = get_domain_checks(); + + if ($listOfChecks == null) { + echo ""; + } else { + echo '
' . ($showClickToUnsubscribeOnListOfDomains ? '' : '') . ''; + foreach ($listOfChecks as $key => $value) { + echo ' 0 ? 'danger' : '') . '">' : '') . ''; + } + echo '
DomainErrorsEmailEmail
' . $listOfChecks[$key]["domain"] . '' . $listOfChecks[$key]["errors"] . '' . ($showEmailsOnListOfDomains ? $listOfChecks[$key]["email"] : '****') . ($showClickToUnsubscribeOnListOfDomains ? 'Remove from checks
'; + } +} else { + echo ""; +} + +require('inc/footer.php'); + +?> From 873d4f2b1e6e5c03ba567018882a3fe6275c35b5 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 6 Dec 2018 15:05:56 +0000 Subject: [PATCH 10/20] Update unsubscribe.php --- unsubscribe.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/unsubscribe.php b/unsubscribe.php index e1cfa14..ca4464d 100644 --- a/unsubscribe.php +++ b/unsubscribe.php @@ -59,10 +59,6 @@ echo "
"; } -echo "
"; -require('inc/faq.php'); -echo "
"; - require('inc/footer.php'); ?> From c64cf2d7f4f70f2a04f430b98830ee6c452d2e32 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 10:12:50 +0000 Subject: [PATCH 11/20] changed git clone link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f8d0f66..8e963b3 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Unpack, change some variables, setup a cronjob and go! First get the code and unpack it to your webroot: cd /var/www/html/ - git clone https://github.com/RaymiiOrg/certificate-expiry-monitor.git + git clone https://github.com/RCDaddy/certificate-expiry-monitor.git Create the database files, outside of your webroot. If you create these inside your webroot, everybody can read them. From d2a29d058c76254eb6e619f6781432cd15336092 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 10:14:23 +0000 Subject: [PATCH 12/20] fixed formating --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8e963b3..c470173 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,10 @@ First get the code and unpack it to your webroot: Create the database files, outside of your webroot. If you create these inside your webroot, everybody can read them. -echo '{}' > /var/www/certificate-expiry-monitor-db/pre_checks.json -echo '{}' > /var/www/certificate-expiry-monitor-db/checks.json -echo '{}' > /var/www/certificate-expiry-monitor-db/deleted_checks.json -chown -R $wwwuser /var/www/certificate-expiry-monitor-db/*.json + echo '{}' > /var/www/certificate-expiry-monitor-db/pre_checks.json + echo '{}' > /var/www/certificate-expiry-monitor-db/checks.json + echo '{}' > /var/www/certificate-expiry-monitor-db/deleted_checks.json + chown -R $wwwuser /var/www/certificate-expiry-monitor-db/*.json These files are used by the tool as database for checks. From 8f6d8e481f8728239a23a542134ea82dc065cdb5 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 16:44:18 +0000 Subject: [PATCH 13/20] Add slack integration --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index c470173..488f8e3 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,14 @@ Also change the `$current_domain` variable, it is used in all the email addresse And `$current_link`, which may or may not be the same. It is used in the confirm and unsubscribe links, and depends on your webserver configuration. `example.com/subdir` here means your unsubscribe links will start `https://example.com/subdir/unsubscribe.php`. $current_link = "certificatemonitor.org"; + +If you use Slack/Rocketchat, you can set up automatic posts whenever a subscription is added or removed, or checked and found to be expiring soon, expired or failed. To do this, create an [incoming webhook](https://api.slack.com/incoming-webhooks) and add its URL to the configuration (if you don't want this function, leave the string empty): + + $slack_webhook = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"; + + or + + $slack_webhook = "https://my.rocketchat.com/XXXXXXXXXXXXXXXXXXXXXXXX"; Set up the cronjob to run once a day: From 1a2c95b57ce5690d3980208d2b492b7ed5e4381b Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 16:46:39 +0000 Subject: [PATCH 14/20] Update add_check.php --- functions/add_check.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/functions/add_check.php b/functions/add_check.php index 8776a0f..281484d 100644 --- a/functions/add_check.php +++ b/functions/add_check.php @@ -121,7 +121,20 @@ function add_domain_check($id,$visitor_ip) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - + slack_send_array(array('attachments' => array(array( + 'fallback' => $subject, + 'color' => '#00ff00', + 'pretext' => $subject, + 'title' => $json_a[$id]['domain'], + 'title_link' => 'https://' . $json_a[$id]['domain'], + 'text' => 'Subscription confirmed for this domain:', + 'fields' => array( + array('title' => 'Domain', 'value' => $json_a[$id]['domain']), + array('title' => 'Email', 'value' => $json_a[$id]['email']), + array('title' => 'Confirmed from', 'value' => $visitor_ip, 'short' => TRUE), + array('title' => 'Confirmed date', 'value' => date("Y-m-d H:i:s T"), 'short' => TRUE), + ) + )))); if (mail($to, $subject, $message, $headers) === true) { $result['success'][] = true; @@ -131,4 +144,4 @@ function add_domain_check($id,$visitor_ip) { } return $result; -} \ No newline at end of file +} From 01958477a25db6ec0a9c4bdb1d0231339f0d5243 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 16:48:16 +0000 Subject: [PATCH 15/20] Update email.php --- functions/email.php | 68 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/functions/email.php b/functions/email.php index 7ab6e0c..148f4f8 100644 --- a/functions/email.php +++ b/functions/email.php @@ -57,6 +57,19 @@ function send_error_mail($domain, $email, $errors) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; + slack_send_array(array('attachments' => array(array( + 'fallback' => $subject, + 'color' => '#ff0000', + 'pretext' => $subject, + 'title' => $domain, + 'title_link' => 'https://' . $domain, + 'text' => 'Failed to check certificates for this domain:', + 'fields' => array( + array('title' => 'Errors', 'value' => $errors), + array('title' => 'Failures', 'value' => $failures) + ) + )))); + if (mail($to, $subject, $message, $headers) === true) { echo "\t\tEmail sent to $to.\n"; return true; @@ -117,6 +130,22 @@ function send_cert_expired_email($days, $domain, $email, $raw_cert) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; + slack_send_array(array('attachments' => array(array( + 'fallback' => $subject, + 'color' => '#ff0000', + 'pretext' => $subject, + 'title' => $domain, + 'title_link' => 'https://' . $domain, + 'text' => 'The following certificate in the chain for this domain has expired:', + 'fields' => array( + array('title' => 'Common Name', 'value' => $cert_cn), + array('title' => 'Subject', 'value' => $cert_subject), + array('title' => 'Serial', 'value' => $cert_serial), + array('title' => 'Valid From', 'value' => date("Y-m-d H:i:s T", $cert_validfrom_date), 'short' => TRUE), + array('title' => 'Valid Until', 'value' => date("Y-m-d H:i:s T", $cert_expiry_date), 'short' => TRUE) + ) + )))); + if (mail($to, $subject, $message, $headers) === true) { echo "\t\tEmail sent to $to.\n"; return true; @@ -178,6 +207,22 @@ function send_expires_in_email($days, $domain, $email, $raw_cert) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; + slack_send_array(array('attachments' => array(array( + 'fallback' => $subject, + 'color' => '#ffff00', + 'pretext' => $subject, + 'title' => $domain, + 'title_link' => 'https://' . $domain, + 'text' => 'The following certificate in the chain for this domain is about to expire:', + 'fields' => array( + array('title' => 'Common Name', 'value' => $cert_cn), + array('title' => 'Subject', 'value' => $cert_subject), + array('title' => 'Serial', 'value' => $cert_serial), + array('title' => 'Valid From', 'value' => date("Y-m-d H:i:s T", $cert_validfrom_date), 'short' => TRUE), + array('title' => 'Valid Until', 'value' => date("Y-m-d H:i:s T", $cert_expiry_date), 'short' => TRUE) + ) + )))); + if (mail($to, $subject, $message, $headers) === true) { echo "\t\tEmail sent to $to.\n"; return true; @@ -189,5 +234,28 @@ function send_expires_in_email($days, $domain, $email, $raw_cert) { } } +function slack_send_array($payload) { + global $slack_webhook; + if (!$payload) { + echo "\t\tNot sending empty Slack payload.\n"; + return FALSE; + } + if (!$slack_webhook) { + echo "\t\tNo Slack webhook URL set.\n"; + return FALSE; + } + $ch = curl_init($slack_webhook); + $postdata = array('payload' => json_encode($payload)); + curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); + $result = curl_exec($ch); + $http = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + if ($result && $http == 200) { + echo "\n\t\tSlack message sent.\n"; + } else { + echo "\n\t\tError sending Slack message.\n"; + } + return $result; +} ?> From dae595ca8aaaf8729313118bb8296171384346fa Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 16:49:10 +0000 Subject: [PATCH 16/20] Update remove_check.php --- functions/remove_check.php | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/functions/remove_check.php b/functions/remove_check.php index 0425f24..953687c 100644 --- a/functions/remove_check.php +++ b/functions/remove_check.php @@ -91,7 +91,22 @@ function remove_domain_check($id,$visitor_ip) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - if (mail($to, $subject, $message, $headers) === true) { + slack_send_array(array('attachments' => array(array( + 'fallback' => $subject, + 'color' => '#ffff00', + 'pretext' => $subject, + 'title' => $deleted_json_a[$id]['domain'], + 'title_link' => 'https://' . $deleted_json_a[$id]['domain'], + 'text' => 'Subscription removed for this domain:', + 'fields' => array( + array('title' => 'Domain', 'value' => $deleted_json_a[$id]['domain']), + array('title' => 'Email', 'value' => $deleted_json_a[$id]['email']), + array('title' => 'Removed from', 'value' => $visitor_ip, 'short' => TRUE), + array('title' => 'Removed date', 'value' => date("Y-m-d H:i:s T"), 'short' => TRUE), + ) + )))); + + if (mail($to, $subject, $message, $headers) === true) { $result['success'][] = true; } else { $result['errors'][] = "Can't send email."; @@ -100,4 +115,4 @@ function remove_domain_check($id,$visitor_ip) { return $result; } } -} \ No newline at end of file +} From fd3242dc3ffb4dfd18f6985d7f6ff16bec60cbe1 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 16:50:11 +0000 Subject: [PATCH 17/20] Update variables.php --- functions/variables.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/functions/variables.php b/functions/variables.php index b5551af..0547054 100644 --- a/functions/variables.php +++ b/functions/variables.php @@ -31,6 +31,8 @@ $current_domain = "certificatemonitor.org"; $current_link = "certificatemonitor.org"; +$slack_webhook = ""; + $showListOfDomains = false; $showEmailsOnListOfDomains = false; $showClickToUnsubscribeOnListOfDomains = false; From d3a20ae35c57027de42d91092cd0b2c4fe1f5fa2 Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Fri, 7 Dec 2018 16:53:20 +0000 Subject: [PATCH 18/20] Added additional requirements. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c470173..d0746d5 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,10 @@ See the example site: https://certificatemonitor.org/ ## Requirements -- PHP 5.6+ +- PHP 5.6+ (7.0 recommended) - OpenSSL - PHP must allow remote fopen. +- PHP mbstring ## Installation From bd41cd6059054856f14f8d505d13b24f8f31349c Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Tue, 16 Apr 2019 13:58:52 +0100 Subject: [PATCH 19/20] Revert "Add Slack/Rocketchat integration" --- README.md | 8 ----- functions/add_check.php | 17 ++-------- functions/email.php | 68 -------------------------------------- functions/remove_check.php | 19 ++--------- functions/variables.php | 2 -- 5 files changed, 4 insertions(+), 110 deletions(-) diff --git a/README.md b/README.md index 4ab5d92..d0746d5 100644 --- a/README.md +++ b/README.md @@ -49,14 +49,6 @@ Also change the `$current_domain` variable, it is used in all the email addresse And `$current_link`, which may or may not be the same. It is used in the confirm and unsubscribe links, and depends on your webserver configuration. `example.com/subdir` here means your unsubscribe links will start `https://example.com/subdir/unsubscribe.php`. $current_link = "certificatemonitor.org"; - -If you use Slack/Rocketchat, you can set up automatic posts whenever a subscription is added or removed, or checked and found to be expiring soon, expired or failed. To do this, create an [incoming webhook](https://api.slack.com/incoming-webhooks) and add its URL to the configuration (if you don't want this function, leave the string empty): - - $slack_webhook = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"; - - or - - $slack_webhook = "https://my.rocketchat.com/XXXXXXXXXXXXXXXXXXXXXXXX"; Set up the cronjob to run once a day: diff --git a/functions/add_check.php b/functions/add_check.php index 281484d..8776a0f 100644 --- a/functions/add_check.php +++ b/functions/add_check.php @@ -121,20 +121,7 @@ function add_domain_check($id,$visitor_ip) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - slack_send_array(array('attachments' => array(array( - 'fallback' => $subject, - 'color' => '#00ff00', - 'pretext' => $subject, - 'title' => $json_a[$id]['domain'], - 'title_link' => 'https://' . $json_a[$id]['domain'], - 'text' => 'Subscription confirmed for this domain:', - 'fields' => array( - array('title' => 'Domain', 'value' => $json_a[$id]['domain']), - array('title' => 'Email', 'value' => $json_a[$id]['email']), - array('title' => 'Confirmed from', 'value' => $visitor_ip, 'short' => TRUE), - array('title' => 'Confirmed date', 'value' => date("Y-m-d H:i:s T"), 'short' => TRUE), - ) - )))); + if (mail($to, $subject, $message, $headers) === true) { $result['success'][] = true; @@ -144,4 +131,4 @@ function add_domain_check($id,$visitor_ip) { } return $result; -} +} \ No newline at end of file diff --git a/functions/email.php b/functions/email.php index 148f4f8..7ab6e0c 100644 --- a/functions/email.php +++ b/functions/email.php @@ -57,19 +57,6 @@ function send_error_mail($domain, $email, $errors) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - slack_send_array(array('attachments' => array(array( - 'fallback' => $subject, - 'color' => '#ff0000', - 'pretext' => $subject, - 'title' => $domain, - 'title_link' => 'https://' . $domain, - 'text' => 'Failed to check certificates for this domain:', - 'fields' => array( - array('title' => 'Errors', 'value' => $errors), - array('title' => 'Failures', 'value' => $failures) - ) - )))); - if (mail($to, $subject, $message, $headers) === true) { echo "\t\tEmail sent to $to.\n"; return true; @@ -130,22 +117,6 @@ function send_cert_expired_email($days, $domain, $email, $raw_cert) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - slack_send_array(array('attachments' => array(array( - 'fallback' => $subject, - 'color' => '#ff0000', - 'pretext' => $subject, - 'title' => $domain, - 'title_link' => 'https://' . $domain, - 'text' => 'The following certificate in the chain for this domain has expired:', - 'fields' => array( - array('title' => 'Common Name', 'value' => $cert_cn), - array('title' => 'Subject', 'value' => $cert_subject), - array('title' => 'Serial', 'value' => $cert_serial), - array('title' => 'Valid From', 'value' => date("Y-m-d H:i:s T", $cert_validfrom_date), 'short' => TRUE), - array('title' => 'Valid Until', 'value' => date("Y-m-d H:i:s T", $cert_expiry_date), 'short' => TRUE) - ) - )))); - if (mail($to, $subject, $message, $headers) === true) { echo "\t\tEmail sent to $to.\n"; return true; @@ -207,22 +178,6 @@ function send_expires_in_email($days, $domain, $email, $raw_cert) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - slack_send_array(array('attachments' => array(array( - 'fallback' => $subject, - 'color' => '#ffff00', - 'pretext' => $subject, - 'title' => $domain, - 'title_link' => 'https://' . $domain, - 'text' => 'The following certificate in the chain for this domain is about to expire:', - 'fields' => array( - array('title' => 'Common Name', 'value' => $cert_cn), - array('title' => 'Subject', 'value' => $cert_subject), - array('title' => 'Serial', 'value' => $cert_serial), - array('title' => 'Valid From', 'value' => date("Y-m-d H:i:s T", $cert_validfrom_date), 'short' => TRUE), - array('title' => 'Valid Until', 'value' => date("Y-m-d H:i:s T", $cert_expiry_date), 'short' => TRUE) - ) - )))); - if (mail($to, $subject, $message, $headers) === true) { echo "\t\tEmail sent to $to.\n"; return true; @@ -234,28 +189,5 @@ function send_expires_in_email($days, $domain, $email, $raw_cert) { } } -function slack_send_array($payload) { - global $slack_webhook; - if (!$payload) { - echo "\t\tNot sending empty Slack payload.\n"; - return FALSE; - } - if (!$slack_webhook) { - echo "\t\tNo Slack webhook URL set.\n"; - return FALSE; - } - $ch = curl_init($slack_webhook); - $postdata = array('payload' => json_encode($payload)); - curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); - $result = curl_exec($ch); - $http = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - if ($result && $http == 200) { - echo "\n\t\tSlack message sent.\n"; - } else { - echo "\n\t\tError sending Slack message.\n"; - } - return $result; -} ?> diff --git a/functions/remove_check.php b/functions/remove_check.php index 953687c..0425f24 100644 --- a/functions/remove_check.php +++ b/functions/remove_check.php @@ -91,22 +91,7 @@ function remove_domain_check($id,$visitor_ip) { 'List-Unsubscribe: " . "\r\n" . 'X-Mailer: PHP/4.1.1'; - slack_send_array(array('attachments' => array(array( - 'fallback' => $subject, - 'color' => '#ffff00', - 'pretext' => $subject, - 'title' => $deleted_json_a[$id]['domain'], - 'title_link' => 'https://' . $deleted_json_a[$id]['domain'], - 'text' => 'Subscription removed for this domain:', - 'fields' => array( - array('title' => 'Domain', 'value' => $deleted_json_a[$id]['domain']), - array('title' => 'Email', 'value' => $deleted_json_a[$id]['email']), - array('title' => 'Removed from', 'value' => $visitor_ip, 'short' => TRUE), - array('title' => 'Removed date', 'value' => date("Y-m-d H:i:s T"), 'short' => TRUE), - ) - )))); - - if (mail($to, $subject, $message, $headers) === true) { + if (mail($to, $subject, $message, $headers) === true) { $result['success'][] = true; } else { $result['errors'][] = "Can't send email."; @@ -115,4 +100,4 @@ function remove_domain_check($id,$visitor_ip) { return $result; } } -} +} \ No newline at end of file diff --git a/functions/variables.php b/functions/variables.php index 0547054..b5551af 100644 --- a/functions/variables.php +++ b/functions/variables.php @@ -31,8 +31,6 @@ $current_domain = "certificatemonitor.org"; $current_link = "certificatemonitor.org"; -$slack_webhook = ""; - $showListOfDomains = false; $showEmailsOnListOfDomains = false; $showClickToUnsubscribeOnListOfDomains = false; From e4ba385e14e82d66d0eccdc6b885ab6b46d0bf1b Mon Sep 17 00:00:00 2001 From: RCDaddy Date: Thu, 12 Sep 2019 10:27:58 +0100 Subject: [PATCH 20/20] Delete email.php --- functions/email.php | 193 -------------------------------------------- 1 file changed, 193 deletions(-) delete mode 100644 functions/email.php diff --git a/functions/email.php b/functions/email.php deleted file mode 100644 index 7ab6e0c..0000000 --- a/functions/email.php +++ /dev/null @@ -1,193 +0,0 @@ -. - -function validate_email($email) { - if (!filter_var(mb_strtolower($email), FILTER_VALIDATE_EMAIL)) { - return false; - } else { - return true; - } -} - -function send_error_mail($domain, $email, $errors) { - echo "\t\tSending error mail to $email for $domain.\n"; - global $current_domain; - global $current_link; - global $check_file; - $domain = trim($domain); - $errors = implode("\r\n", $errors); - $json_file = file_get_contents($check_file); - if ($check_file === FALSE) { - echo "\t\tCan't open database.\n"; - return false; - } - $json_a = json_decode($json_file, true); - if ($json_a === NULL || json_last_error() !== JSON_ERROR_NONE) { - echo "\t\tCan't read database.\n"; - return false; - } - - foreach ($json_a as $key => $value) { - if ($value["domain"] == $domain && $value["email"] == $email) { - $id = $key; - $failures = $value['errors']; - $unsublink = "https://" . $current_link . "/unsubscribe.php?id=" . $id; - $to = $email; - $subject = "Certificate monitor " . htmlspecialchars($domain) . " failed."; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the check for the following domain has failed: \r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nError(s): " . htmlspecialchars($errors) . "\r\n\r\nFailure(s): " . htmlspecialchars($failures) . "\r\n\r\nPlease check this website or it's certificate. If the check fails 7 times we will remove it from our monitoring. If the check succeeds again within 7 failures, the failure count will reset.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; - $message = wordwrap($message, 70, "\r\n"); - $headers = 'From: noreply@' . $current_domain . "\r\n" . - 'Reply-To: noreply@' . $current_domain . "\r\n" . - 'Return-Path: noreply@' . $current_domain . "\r\n" . - 'X-Visitor-IP: ' . $visitor_ip . "\r\n" . - 'X-Coffee: Black' . "\r\n" . - 'List-Unsubscribe: " . "\r\n" . - 'X-Mailer: PHP/4.1.1'; - - if (mail($to, $subject, $message, $headers) === true) { - echo "\t\tEmail sent to $to.\n"; - return true; - } else { - echo "\t\tCan't send email.\n"; - return false; - } - } - } -} - -function send_cert_expired_email($days, $domain, $email, $raw_cert) { - global $current_domain; - global $current_link; - global $check_file; - $domain = trim($domain); - echo "\t\tDomain " . $domain . " expired " . $days . " ago.\n"; - - $file = file_get_contents($check_file); - if ($file === FALSE) { - echo "\t\tCan't open database.\n"; - return false; - } - $json_a = json_decode($file, true); - if ($json_a === null && json_last_error() !== JSON_ERROR_NONE) { - echo "\t\tCan't read database.\n"; - return false; - } - - foreach ($json_a as $key => $value) { - - if ($value["domain"] == $domain && $value["email"] == $email) { - - $id = $key; - $cert_cn = cert_cn($raw_cert); - $cert_subject = cert_subject($raw_cert); - $cert_serial = cert_serial($raw_cert); - $cert_expiry_date = cert_expiry_date($raw_cert); - $cert_validfrom_date = cert_valid_from($raw_cert); - - $now = time(); - $datefromdiff = $now - $cert_validfrom_date; - $datetodiff = $now - $cert_expiry_date; - $cert_valid_days_ago = floor($datefromdiff/(60*60*24)); - $cert_valid_days_ahead = floor($datetodiff/(60*60*24)); - - $unsublink = "https://" . $current_link . "/unsubscribe.php?id=" . $id; - - $to = $email; - $subject = "A certificate for " . htmlspecialchars($domain) . " expired " . htmlspecialchars($days) . " days ago"; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the following domain has a certificate in its chain that has expired " . htmlspecialchars($days) . " days ago:\r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nCertificate Common Name: " . htmlspecialchars($cert_cn) . "\r\nCertificate Subject: " . htmlspecialchars($cert_subject) . "\r\nCertificate Serial: " . htmlspecialchars($cert_serial) . "\r\nCertificate Valid From: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_validfrom_date)) . " (" . $cert_valid_days_ago . " days ago)\r\nCertificate Valid Until: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_expiry_date)) . " (" . $cert_valid_days_ahead . " days ago)\r\n\r\nYou should renew and replace your certificate right now. If you haven't set up the certificate yourself, please forward this email to the person/company that did this for you.\r\n\rThis website is now non-functional and displays errors to it's users. Please fix this issue as soon as possible.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; - $message = wordwrap($message, 70, "\r\n"); - $headers = 'From: noreply@' . $current_domain . "\r\n" . - 'Reply-To: noreply@' . $current_domain . "\r\n" . - 'Return-Path: noreply@' . $current_domain . "\r\n" . - 'X-Visitor-IP: ' . $visitor_ip . "\r\n" . - 'X-Coffee: Black' . "\r\n" . - 'List-Unsubscribe: " . "\r\n" . - 'X-Mailer: PHP/4.1.1'; - - if (mail($to, $subject, $message, $headers) === true) { - echo "\t\tEmail sent to $to.\n"; - return true; - } else { - echo "\t\tCan't send email.\n"; - return false; - } - } - } - -} - -function send_expires_in_email($days, $domain, $email, $raw_cert) { - global $current_domain; - global $current_link; - global $check_file; - $domain = trim($domain); - echo "\t\tDomain " . $domain . " expires in " . $days . " days.\n"; - - $file = file_get_contents($check_file); - if ($file === FALSE) { - echo "\t\tCan't open database.\n"; - return false; - } - $json_a = json_decode($file, true); - if ($json_a === null && json_last_error() !== JSON_ERROR_NONE) { - echo "\t\tCan't read database.\n"; - return false; - } - - foreach ($json_a as $key => $value) { - - if ($value["domain"] == $domain && $value["email"] == $email) { - - $id = $key; - $cert_cn = cert_cn($raw_cert); - $cert_subject = cert_subject($raw_cert); - $cert_serial = cert_serial($raw_cert); - $cert_expiry_date = cert_expiry_date($raw_cert); - $cert_validfrom_date = cert_valid_from($raw_cert); - - $now = time(); - $datefromdiff = $now - $cert_validfrom_date; - $datetodiff = $cert_expiry_date - $now; - $cert_valid_days_ago = floor($datefromdiff/(60*60*24)); - $cert_valid_days_ahead = floor($datetodiff/(60*60*24)); - - $unsublink = "https://" . $current_link . "/unsubscribe.php?id=" . $id; - - $to = $email; - $subject = "A certificate for " . htmlspecialchars($domain) . " expires in " . htmlspecialchars($days) . " days"; - $message = "Hello,\r\n\r\nYou have a subscription to monitor the certificate of " . htmlspecialchars($domain) . " with the the Certificate Expiry Monitor. This is a service which monitors an SSL certificate on a website, and notifies you when it is about to expire. This extra notification helps you remember to renew your certificate on time.\r\n\r\nWe've noticed that the following domain has a certificate in it's chain that will expire in " . htmlspecialchars($days) . " days:\r\n\r\nDomain: " . htmlspecialchars($domain) . "\r\nCertificate Common Name: " . htmlspecialchars($cert_cn) . "\r\nCertificate Subject: " . htmlspecialchars($cert_subject) . "\r\nCertificate Serial: " . htmlspecialchars($cert_serial) . "\r\nCertificate Valid From: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_validfrom_date)) . " (" . $cert_valid_days_ago . " days ago)\r\nCertificate Valid Until: " . htmlspecialchars(date("Y-m-d H:i:s T", $cert_expiry_date)) . " (" . $cert_valid_days_ahead . " days left)\r\n\r\nYou should renew and replace your certificate before it expires. If you haven't set up the certificate yourself, please forward this email to the person/company that did this for you.\r\n\r\nNot replacing your certificate before the expiry date will result in a non-functional website with errors.\r\n\r\nTo unsubscribe from notifications for this domain please click or copy and paste the below link in your browser:\r\n\r\n" . $unsublink . "\r\n\r\n\r\n Have a nice day,\r\nThe Certificate Expiry Monitor Service.\r\nhttps://" . $current_link . ""; - $message = wordwrap($message, 70, "\r\n"); - $headers = 'From: noreply@' . $current_domain . "\r\n" . - 'Reply-To: noreply@' . $current_domain . "\r\n" . - 'Return-Path: noreply@' . $current_domain . "\r\n" . - 'X-Visitor-IP: ' . $visitor_ip . "\r\n" . - 'X-Coffee: Black' . "\r\n" . - 'List-Unsubscribe: " . "\r\n" . - 'X-Mailer: PHP/4.1.1'; - - if (mail($to, $subject, $message, $headers) === true) { - echo "\t\tEmail sent to $to.\n"; - return true; - } else { - echo "\t\tCan't send email.\n"; - return false; - } - } - } -} - - -?>