cacert-webdb/includes/lib/account.php

<?php
/*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

/**
 * Function to recalculate the cached Assurer status
 *
 * @param int $userID
 * 	if the user ID is not given the flag will be recalculated for all users
 *
 * @return bool
 * 	false if there was an error on fixing the flag. This does NOT return the
 * 	new value of the flag
 */
function fix_assurer_flag($userID = NULL)
{
	// Update Assurer-Flag on users table if 100 points and CATS passed.
	//
	// We may have some performance issues here if no userID is given
	// there are ~150k assurances and ~220k users currently
	// but the exists-clause on cats_passed should be a good filter
	$sql = '
		UPDATE `users` AS `u` SET `assurer` = 1
		WHERE '.(
					($userID === NULL) ?
					'`u`.`assurer` = 0' :
					'`u`.`id` = \''.intval($userID).'\''
				).'
			AND EXISTS(
				SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv`
				WHERE `cp`.`variant_id` = `cv`.`id`
					AND `cv`.`type_id` = 1
					AND `cp`.`user_id` = `u`.`id`
			)
			AND (
				SELECT SUM(`points`) FROM `notary` AS `n`
				WHERE `n`.`to` = `u`.`id`
					AND (`n`.`expire` > now()
					     OR `n`.`expire` IS NULL)
					AND `n`.`deleted` = 0
			) >= 100';

	$query = mysql_query($sql);
	if (!$query) {
		return false;
	}
	// Challenge has been passed and non-expired points >= 100

	// Reset flag if requirements are not met
	//
	// Also a bit performance critical but assurer flag is only set on
	// ~5k accounts
	$sql = '
		UPDATE `users` AS `u` SET `assurer` = 0
		WHERE '.(
					($userID === NULL) ?
					'`u`.`assurer` <> 0' :
					'`u`.`id` = \''.intval($userID).'\''
				).'
			AND (
				NOT EXISTS(
					SELECT 1 FROM `cats_passed` AS `cp`,
						`cats_variant` AS `cv`
					WHERE `cp`.`variant_id` = `cv`.`id`
						AND `cv`.`type_id` = 1
						AND `cp`.`user_id` = `u`.`id`
				)
				OR (
					SELECT SUM(`points`) FROM `notary` AS `n`
					WHERE `n`.`to` = `u`.`id`
						AND (
							`n`.`expire` > now()
							OR `n`.`expire` IS NULL
						)
						AND `n`.`deleted` = 0
				) < 100
			)';

	$query = mysql_query($sql);
	if (!$query) {
		return false;
	}

	return true;
}

/**
 * Supported hash algorithms for signing certificates
 */
class HashAlgorithms {
	/**
	 * Default hash algorithm identifier for signing
	 * @var string
	 */
	public static $default = 'sha256';

	/**
	 * Get display strings for the supported hash algorithms
	 * @return array(string=>array('name'=>string, 'info'=>string))
	 *     - [$hash_identifier]['name'] = Name that should be displayed in UI
	 *     - [$hash_identifier]['info'] = Additional information that can help
	 *       with the selection of a suitable algorithm
	 */
	public static function getInfo() {
		return array(
				'sha256' => array(
						'name' => 'SHA-256',
						'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
					),
				'sha384' => array(
						'name' => 'SHA-384',
						'info' => '',
					),
				'sha512' => array(
						'name' => 'SHA-512',
						'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
					),
			);
	}

	/**
	 * Check if the input is a supported hash algorithm identifier otherwise
	 * return the identifier of the default hash algorithm
	 *
	 * @param string $hash_identifier
	 * @return string The cleaned identifier
	 */
	public static function clean($hash_identifier) {
		if (array_key_exists($hash_identifier, self::getInfo() )) {
			return $hash_identifier;
		} else {
			return self::$default;
		}
	}
}
Fix for https://bugs.cacert.org/view.php?id=942 (CATS import interface is not fit to handle non-Assurer Challenge tests) 2011-08-03 10:04:41 +00:00			`<?php`
			`/*`
			`LibreSSL - CAcert web application`
			`Copyright (C) 2004-2008 CAcert Inc.`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; version 2 of the License.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA`
			`*/`

Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`/**`
			`* Function to recalculate the cached Assurer status`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			`*`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`* @param int $userID`
			`* if the user ID is not given the flag will be recalculated for all users`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			`*`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`* @return bool`
			`* false if there was an error on fixing the flag. This does NOT return the`
			`* new value of the flag`
			`*/`
			`function fix_assurer_flag($userID = NULL)`
Fix for https://bugs.cacert.org/view.php?id=942 (CATS import interface is not fit to handle non-Assurer Challenge tests) 2011-08-03 10:04:41 +00:00			`{`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`// Update Assurer-Flag on users table if 100 points and CATS passed.`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			`//`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`// We may have some performance issues here if no userID is given`
			`// there are ~150k assurances and ~220k users currently`
			`// but the exists-clause on cats_passed should be a good filter`
			`$sql = '`
			UPDATE `users` AS `u` SET `assurer` = 1
			`WHERE '.(`
			`($userID === NULL) ?`
			'`u`.`assurer` = 0' :
			'`u`.`id` = \''.intval($userID).'\''
			`).'`
			`AND EXISTS(`
			SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv`
			WHERE `cp`.`variant_id` = `cv`.`id`
			AND `cv`.`type_id` = 1
			AND `cp`.`user_id` = `u`.`id`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			`)`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`AND (`
			SELECT SUM(`points`) FROM `notary` AS `n`
			WHERE `n`.`to` = `u`.`id`
			AND (`n`.`expire` > now()
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			OR `n`.`expire` IS NULL)
			AND `n`.`deleted` = 0
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`) >= 100';`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`$query = mysql_query($sql);`
Fix for https://bugs.cacert.org/view.php?id=942 (CATS import interface is not fit to handle non-Assurer Challenge tests) 2011-08-03 10:04:41 +00:00			`if (!$query) {`
			`return false;`
			`}`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`// Challenge has been passed and non-expired points >= 100`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00
Fix for https://bugs.cacert.org/view.php?id=942 (CATS import interface is not fit to handle non-Assurer Challenge tests) 2011-08-03 10:04:41 +00:00			`// Reset flag if requirements are not met`
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`//`
			`// Also a bit performance critical but assurer flag is only set on`
			`// ~5k accounts`
			`$sql = '`
			UPDATE `users` AS `u` SET `assurer` = 0
			`WHERE '.(`
			`($userID === NULL) ?`
			'`u`.`assurer` <> 0' :
			'`u`.`id` = \''.intval($userID).'\''
			`).'`
			`AND (`
			`NOT EXISTS(`
			SELECT 1 FROM `cats_passed` AS `cp`,
			`cats_variant` AS `cv`
			WHERE `cp`.`variant_id` = `cv`.`id`
			AND `cv`.`type_id` = 1
			AND `cp`.`user_id` = `u`.`id`
			`)`
			`OR (`
			SELECT SUM(`points`) FROM `notary` AS `n`
			WHERE `n`.`to` = `u`.`id`
			`AND (`
			`n`.`expire` > now()
			OR `n`.`expire` IS NULL
			`)`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			AND `n`.`deleted` = 0
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`) < 100`
			`)';`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00
Fix for https://bugs.cacert.org/view.php?id=1024 Assurer flag is not set correctly on updatesort.php run 2012-08-10 11:08:22 +00:00			`$query = mysql_query($sql);`
Fix for https://bugs.cacert.org/view.php?id=942 (CATS import interface is not fit to handle non-Assurer Challenge tests) 2011-08-03 10:04:41 +00:00			`if (!$query) {`
			`return false;`
			`}`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00
Fix for https://bugs.cacert.org/view.php?id=942 (CATS import interface is not fit to handle non-Assurer Challenge tests) 2011-08-03 10:04:41 +00:00			`return true;`
Combined fixes for - https://bugs.cacert.org/view.php?id=413 "Add a web page indicating the certificate request is still pending" - https://bugs.cacert.org/view.php?id=1138 "Implement to log the SE activity" - https://bugs.cacert.org/view.php?id=1221 "Inconsistency in Assurance Management" 2014-06-07 09:13:27 +00:00			`}`
Intermediate patch for https://bugs.cacert.org/view.php?id=807 "CAcert ignores signature algorithm from csr". This patch introduces the UI for our members to choose which signature algorithm they want their certificates signed with. Among the choices are SHA-256, SHA-384 and SHA-512. Further choices may be included as our signer and web frontend permit. 2014-06-13 16:00:16 +00:00
			`/**`
			`* Supported hash algorithms for signing certificates`
			`*/`
			`class HashAlgorithms {`
			`/**`
			`* Default hash algorithm identifier for signing`
			`* @var string`
			`*/`
			`public static $default = 'sha256';`

			`/**`
			`* Get display strings for the supported hash algorithms`
			`* @return array(string=>array('name'=>string, 'info'=>string))`
			`* - [$hash_identifier]['name'] = Name that should be displayed in UI`
			`* - [$hash_identifier]['info'] = Additional information that can help`
			`* with the selection of a suitable algorithm`
			`*/`
			`public static function getInfo() {`
			`return array(`
			`'sha256' => array(`
			`'name' => 'SHA-256',`
			`'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),`
			`),`
			`'sha384' => array(`
			`'name' => 'SHA-384',`
			`'info' => '',`
			`),`
			`'sha512' => array(`
			`'name' => 'SHA-512',`
			`'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),`
			`),`
			`);`
			`}`

			`/**`
			`* Check if the input is a supported hash algorithm identifier otherwise`
			`* return the identifier of the default hash algorithm`
			`*`
			`* @param string $hash_identifier`
			`* @return string The cleaned identifier`
			`*/`
			`public static function clean($hash_identifier) {`
			`if (array_key_exists($hash_identifier, self::getInfo() )) {`
			`return $hash_identifier;`
			`} else {`
			`return self::$default;`
			`}`
			`}`
			`}`