You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cacert-webdb/www/wot.php

450 lines
18 KiB
PHTML

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
require_once("../includes/loggedin.php");
loadem("account");
20 years ago
if($_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
if($_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location'];
19 years ago
if($oldid == 12)
{
$id = $oldid;
}
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You don't have access to view these pages.")."</p>";
showfooter();
exit;
}
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
{
unset($oldid);
$id = 5;
}
20 years ago
if($oldid == 5 && $_POST['reminder'] != "")
{
19 years ago
$body = "";
if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
{
$userlang = $_POST['reminder-lang'];
$_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
putenv("LANG=".$userlang);
setlocale(LC_ALL, $userlang);
$body .= $_SESSION['_config']['translations'][$userlang].":\n\n";
$body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
$body .= "\n\nEnglish:\n\n";
}
$body .= sprintf("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued.", $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
20 years ago
$body .= "Best regards"."\n";
$body .= "CAcert Support Team";
19 years ago
sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
{
$userlang = $_SESSION['profile']['language'];
putenv("LANG=".$userlang);
setlocale(LC_ALL, $userlang);
}
20 years ago
$_SESSION['_config']['remindersent'] = 1;
$_SESSION['_config']['error'] = _("A reminder notice has been sent.");
$id = $oldid;
unset($oldid);
}
if($oldid == 5)
{
20 years ago
$_SESSION['_config']['noemailfound'] = 0;
$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
$_SESSION['_config']['noemailfound'] = 1;
} else {
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
}
}
if($oldid == 5 || $oldid == 6)
{
18 years ago
if($_REQUEST['cancel'] != "")
{
header("location: wot.php");
exit;
}
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
{
$id = 5;
unset($oldid);
20 years ago
$_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");
}
}
if($oldid == 5 || $oldid == 6)
{
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
`to`='".$_SESSION['_config']['notarise']['id']."'";
$_SESSION['_config']['alreadydone'] = 0;
$res = mysql_query($query);
if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200)
{
$id = 5;
unset($oldid);
20 years ago
$_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");
} elseif($oldid == 5) {
$id = 6;
}
if($id == 6 && mysql_num_rows($res) > 0)
{
$_SESSION['_config']['alreadydone'] = 1;
}
unset($_SESSION['_config']['pointsalready']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['pointsalready'] = $drow['total'];
}
unset($_SESSION['_config']['verified']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select `verified` from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['verified'] = $drow['verified'];
}
}
if($oldid == 6)
{
20 years ago
if($_POST['assertion'] != 1 || $_POST['rules'] != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
}
18 years ago
if($_POST['certify'] != 1 && $_SESSION['profile']['board'] != 1 && $_SESSION['profile']['ttpadmin'] != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
}
}
18 years ago
if($oldid == 6 && $_SESSION['profile']['board'] != 1 && $_SESSION['profile']['ttpadmin'] != 1)
{
20 years ago
if($_POST['location'] == "")
{
$id = $oldid;
unset($oldid);
20 years ago
$_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");
}
}
19 years ago
if($oldid == 6)
{
$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
19 years ago
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
19 years ago
{
$id = $oldid;
unset($oldid);
19 years ago
$_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS.");
19 years ago
}
}
18 years ago
if($oldid == 6 && $_REQUEST['points'] == "")
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person.");
}
if($oldid == 6)
{
$max = maxpoints();
18 years ago
$awarded = $newpoints = intval($_POST['points']);
if($newpoints > $max)
$newpoints = $max;
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && $drow['total'] > 150)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You tried to give a temporary points increase to someone that already has more then 150 points. Can't continue.")."</p>";
showfooter();
exit;
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You didn't list a valid sponsor for this action.")."</p>";
showfooter();
exit;
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) > 0)
{
$resc = mysql_query("select * from `users` where `id`='".intval($_POST['sponsor'])."' and `board`='1'");
$rc = mysql_num_rows($resc);
$sponsor = mysql_fetch_assoc($resc);
if($rc <= 0)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You listed an invalid sponsor for this action.")."</p>";
showfooter();
exit;
}
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$_POST['method'] == "Administrative Increase";
$newpoints = 200 - $drow['total'];
if(intval($_POST['expire']) > 45)
$_POST['expire'] = 45;
if(intval($_POST['expire']) <= 7)
$_POST['expire'] = 7;
} else {
$_POST['expire'] = 0;
if(($drow['total'] + $newpoints) > 100 && $max < 100)
$newpoints = 100 - $drow['total'];
if(($drow['total'] + $newpoints) > $max && $max >= 100)
$newpoints = $max - $drow['total'];
if($newpoints < 0)
$newpoints = 0;
}
20 years ago
if(mysql_escape_string(stripslashes($_POST['date'])) == "")
20 years ago
$_POST['date'] = date("Y-m-d H:i:s");
18 years ago
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
18 years ago
`to`='".$_SESSION['_config']['notarise']['id']."' AND
18 years ago
`awarded`='$awarded' AND
18 years ago
`location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
`date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
$res = mysql_query($query);
18 years ago
if(mysql_num_rows($res) > 0)
18 years ago
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue.");
}
}
if($oldid == 6)
{
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['_config']['notarise']['id']."',
18 years ago
`points`='$newpoints', `awarded`='$awarded',
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
20 years ago
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$query .= ",\n`method`='Temporary Increase'";
$query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
$query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
} else if($_SESSION['profile']['board'] == 1) {
$query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
18 years ago
} else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
$query .= ",\n`method`='Trusted Third Parties'";
}
mysql_query($query);
20 years ago
if($_SESSION['profile']['points'] < 150)
20 years ago
{
$addpoints = 0;
if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
$addpoints = 2;
else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
$addpoints = 1;
20 years ago
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['profile']['id']."',
18 years ago
`points`='$addpoints', `awarded`='$addpoints',
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
20 years ago
`method`='Administrative Increase',
`when`=NOW()";
20 years ago
mysql_query($query);
$_SESSION['profile']['points'] += $addpoints;
20 years ago
}
20 years ago
if($_SESSION['_config']['notarise']['language'] != "")
{
$userlang = $_SESSION['_config']['notarise']['language'];
putenv("LANG=".$userlang);
19 years ago
setlocale(LC_ALL, $userlang);
20 years ago
}
20 years ago
$body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
if($_POST['points'] != $newpoints)
$body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
else
$body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
{
$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
}
if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
{
20 years ago
$body .= _("You now have over 100 points and can start assuring others.")."\n\n";
$body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntry), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
$body .= "https://www.cacert.org/wot.php?id=8\n\n";
$body .= _("You can list your location by going to:")."\n\n";
$body .= "https://www.cacert.org/wot.php?id=7\n\n";
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
$body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
20 years ago
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
20 years ago
19 years ago
putenv("LANG=".$_SESSION['profile']['language']);
setlocale(LC_ALL, $_SESSION['profile']['language']);
20 years ago
$body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
if($_POST['points'] != $newpoints)
$body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
else
$body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
$body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
20 years ago
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
}
showheader(_("My CAcert.org Account!"));
20 years ago
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
?><form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Assure Someone")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" value=""></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="5">
</form>
<?
showfooter();
exit;
}
if($oldid == 8)
{
$info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
$_SESSION['profile']['listme'] = $listme;
$_SESSION['profile']['contactinfo'] = $info;
$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your account information has been updated.")."</p>";
showfooter();
exit;
}
18 years ago
if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
{
19 years ago
if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
{
unset($oldid);
$id = 9;
$error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons.");
} else {
18 years ago
$body = $_REQUEST['message'];
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{
sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'],
$_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your email has been sent to ").$user['fname'].".</p>";
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
showfooter();
exit;
} else {
showheader(_("My CAcert.org Account!"));
echo _("Sorry, I was unable to locate that user.");
showfooter();
exit;
}
19 years ago
}
} elseif($oldid == 9) {
unset($oldid);
$error = _("There was an error and I couldn't proceed");
$id = 9;
}
showheader(_("My CAcert.org Account!"));
includeit($id, "wot");
showfooter();
?>