cacert-webdb/www/wot.php

<? /*
    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>

    This file is part of CAcert.

    CAcert has been released under the CAcert Source License
    which can be found included with these source files or can
    be downloaded from the internet from the following address:
    http://www.cacert.org/src-lic.php

    CAcert is distributed WITHOUT ANY WARRANTY; without even
    the implied warranty of MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.  See the License for more details.
*/ ?>
<?
	require_once("../includes/loggedin.php");

	loadem("account");

	if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
	{
		showheader(_("My CAcert.org Account!"));
		echo "<p>"._("You don't have access to view these pages.")."</p>";
		showfooter();
		exit;
	}

	if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
	{
		unset($oldid);
		$id = 5;
	}

	if($oldid == 5)
	{
		$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'";
		$res = mysql_query($query);
		if(mysql_num_rows($res) != 1)
		{
			$id = $oldid;
			unset($oldid);
			$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
		} else {
			$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
		}
	}

	if($oldid == 5 || $oldid == 6)
	{
		if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
		{
			$id = 5;
			unset($oldid);
			$_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");
		}
	}

	if($oldid == 5 || $oldid == 6)
	{
		$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
							`to`='".$_SESSION['_config']['notarise']['id']."'";
		$_SESSION['_config']['alreadydone'] = 0;
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] <= 150)
		{
			$id = 5;
			unset($oldid);
			$_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");
		} elseif($oldid == 5) {
			$id = 6;
		}
		if($id == 6 && mysql_num_rows($res) > 0)
		{
			$_SESSION['_config']['alreadydone'] = 1;
		}
		unset($_SESSION['_config']['pointsalready']);
		if($id == 6 && $_SESSION['profile']['points'] > 150)
		{
			$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
			$res = mysql_query($query);
			$drow = mysql_fetch_assoc($res);
			$_SESSION['_config']['pointsalready'] = $drow['total'];
		}
	}

	if($oldid == 6)
	{
		if($_POST['assertion'] != 1 || $_POST['rules'] != 1)
		{
			$id = $oldid;
			unset($oldid);
			$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
		}

		if($_POST['certify'] != 1 && $_SESSION['profile']['admin'] != 1)
		{
			$id = $oldid;
			unset($oldid);
			$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
		}
	}

	if($oldid == 6 && $_SESSION['profile']['admin'] != 1)
	{
		if($_POST['location'] == "")
		{
			$id = $oldid;
			unset($oldid);
			$_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");
		}
	}

	if($oldid == 6)
	{
		$max =  maxpoints();
		if($_POST['points'] > $max)
			$_POST['points'] = $max;
		$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
		$res = mysql_query($query);
		$drow = mysql_fetch_assoc($res);
		if(($drow['total'] + $_POST['points']) > 100 && $max < 100)
			$_POST['points'] = 100 - $drow['total'];
		if(($drow['total'] + $_POST['points']) > $max && $max >= 100)
			$_POST['points'] = $max - $drow['total'];
		if($_POST['points'] < 0)
			$_POST['points'] = 0;

		if(mysql_escape_string(stripslashes($_POST['date'])) == "")
			$_POST['date'] = date("Y-m-d H:i:s");

		$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
						`to`='".$_SESSION['_config']['notarise']['id']."',
						`points`='".intval($_POST['points'])."',
						`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
						`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
						`when`=NOW()";
		if($_SESSION['profile']['admin'] == 1)
			$query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
		mysql_query($query);
		if($_SESSION['profile']['points'] < 150)
		{
			$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
							`to`='".$_SESSION['profile']['id']."',
							`points`='2',
							`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
							`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
							`method`='Administrative Increase',
							`when`=NOW()";
			mysql_query($query);
			$_SESSION['profile']['points'] += 2;
		}

		if($_SESSION['_config']['notarise']['language'] != "")
		{
			$userlang = $_SESSION['_config']['notarise']['language'];
			putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
			setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);
		}

		$body  = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
		$body .= sprintf(_("You were issued %s points and you now have %s points in total."), $_POST['points'], ($_POST['points'] + $drow['total']))."\n\n";

		if(($drow['total'] + $_POST['points']) < 100 && ($drow['total'] + $_POST['points']) >= 50)
		{
			$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
		}

		if(($drow['total'] + $_POST['points']) >= 100 && $_POST['points'] > 0)
		{
			$body .= _("You now have over 100 points and can start assuring others.")."\n\n";
		}

		$body .= _("Best Regards")."\n";
		$body .= _("CAcert Support Team");

		sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Website");

		putenv("LANG=".$_SESSION['_config']['language']);
		setlocale(LC_ALL, $_SESSION['_config']['language']);

		$body  = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
		$body .= sprintf(_("You issued them %s points and they now have %s points in total."), $_POST['points'], ($_POST['points'] + $drow['total']))."\n\n";
		$body .= _("Best Regards")."\n";
		$body .= _("CAcert Support Team");

		sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");

		showheader(_("My CAcert.org Account!"));
		echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
		showfooter();
		exit;
	}

	if($oldid == 8)
	{
		$info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
		$listme = intval($_POST['listme']);
		if($listme < 0 || $listme > 1)
			$listme = 0;

		$_SESSION['profile']['listme'] = $listme;
		$_SESSION['profile']['contactinfo'] = $info;

		$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
		mysql_query($query);

		showheader(_("My CAcert.org Account!"));
		echo "<p>"._("Your account information has been updated.")."</p>";
		showfooter();
		exit;
	}

	if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0)
	{
		$body = $_POST['message'];
		$subject = $_POST['subject'];
		sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'],
			$_SESSION['profile']['email'], "returns@cacert.org", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
		showheader(_("My CAcert.org Account!"));
		echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";
		echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
		showfooter();
		exit;
	} elseif($oldid == 9) {
		unset($oldid);
		$error = _("There was an error and I couldn't proceed");
		$id = 9;
	}

	showheader(_("My CAcert.org Account!"));
	includeit($id, "wot");
	showfooter();
?>
* empty log message * 2004-10-16 00:28:17 +00:00			`<? /*`
			`Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>`

			`This file is part of CAcert.`

			`CAcert has been released under the CAcert Source License`
			`which can be found included with these source files or can`
			`be downloaded from the internet from the following address:`
			`http://www.cacert.org/src-lic.php`

			`CAcert is distributed WITHOUT ANY WARRANTY; without even`
			`the implied warranty of MERCHANTABILITY or FITNESS FOR A`
			`PARTICULAR PURPOSE. See the License for more details.`
			`*/ ?>`
			`<?`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`require_once("../includes/loggedin.php");`
* empty log message * 2004-10-16 00:28:17 +00:00
			`loadem("account");`

			`if(($id == 5 \|\| $oldid == 5 \|\| $id == 6 \|\| $oldid == 6) && $_SESSION['profile']['points'] < 100)`
			`{`
			`showheader(_("My CAcert.org Account!"));`
			`echo "<p>"._("You don't have access to view these pages.")."</p>";`
			`showfooter();`
			`exit;`
			`}`

			`if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)`
			`{`
			`unset($oldid);`
			`$id = 5;`
			`}`

			`if($oldid == 5)`
			`{`
updates + change password admin function 2004-11-03 01:45:21 +00:00			$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'";
* empty log message * 2004-10-16 00:28:17 +00:00			`$res = mysql_query($query);`
			`if(mysql_num_rows($res) != 1)`
			`{`
			`$id = $oldid;`
			`unset($oldid);`
			`$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");`
			`} else {`
			`$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);`
			`}`
			`}`

			`if($oldid == 5 \|\| $oldid == 6)`
			`{`
			`if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])`
			`{`
			`$id = 5;`
			`unset($oldid);`
update 2004-10-24 01:46:49 +00:00			`$_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");`
* empty log message * 2004-10-16 00:28:17 +00:00			`}`
			`}`

			`if($oldid == 5 \|\| $oldid == 6)`
			`{`
			$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
			`to`='".$_SESSION['_config']['notarise']['id']."'";
bug updates, tweaks etc 2004-11-30 23:31:18 +00:00			`$_SESSION['_config']['alreadydone'] = 0;`
* empty log message * 2004-10-16 00:28:17 +00:00			`$res = mysql_query($query);`
updates 2004-10-31 04:22:52 +00:00			`if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] <= 150)`
* empty log message * 2004-10-16 00:28:17 +00:00			`{`
			`$id = 5;`
			`unset($oldid);`
update 2004-10-24 01:46:49 +00:00			`$_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");`
* empty log message * 2004-10-16 00:28:17 +00:00			`} elseif($oldid == 5) {`
			`$id = 6;`
			`}`
bug updates, tweaks etc 2004-11-30 23:31:18 +00:00			`if($id == 6 && mysql_num_rows($res) > 0)`
			`{`
			`$_SESSION['_config']['alreadydone'] = 1;`
			`}`
			`unset($_SESSION['_config']['pointsalready']);`
			`if($id == 6 && $_SESSION['profile']['points'] > 150)`
			`{`
			$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
			`$res = mysql_query($query);`
			`$drow = mysql_fetch_assoc($res);`
			`$_SESSION['_config']['pointsalready'] = $drow['total'];`
			`}`
* empty log message * 2004-10-16 00:28:17 +00:00			`}`

			`if($oldid == 6)`
			`{`
language updates 2004-10-16 16:22:33 +00:00			`if($_POST['assertion'] != 1 \|\| $_POST['rules'] != 1)`
			`{`
			`$id = $oldid;`
			`unset($oldid);`
			`$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");`
			`}`

			`if($_POST['certify'] != 1 && $_SESSION['profile']['admin'] != 1)`
* empty log message * 2004-10-16 00:28:17 +00:00			`{`
			`$id = $oldid;`
			`unset($oldid);`
			`$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");`
			`}`
			`}`

language updates 2004-10-16 16:22:33 +00:00			`if($oldid == 6 && $_SESSION['profile']['admin'] != 1)`
* empty log message * 2004-10-16 00:28:17 +00:00			`{`
bug fixes 2004-12-03 23:19:04 +00:00			`if($_POST['location'] == "")`
* empty log message * 2004-10-16 00:28:17 +00:00			`{`
			`$id = $oldid;`
			`unset($oldid);`
bug fixes 2004-12-03 23:19:04 +00:00			`$_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");`
* empty log message * 2004-10-16 00:28:17 +00:00			`}`
			`}`

			`if($oldid == 6)`
			`{`
			`$max = maxpoints();`
			`if($_POST['points'] > $max)`
			`$_POST['points'] = $max;`
			$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
			`$res = mysql_query($query);`
			`$drow = mysql_fetch_assoc($res);`
			`if(($drow['total'] + $_POST['points']) > 100 && $max < 100)`
			`$_POST['points'] = 100 - $drow['total'];`
			`if(($drow['total'] + $_POST['points']) > $max && $max >= 100)`
			`$_POST['points'] = $max - $drow['total'];`
			`if($_POST['points'] < 0)`
			`$_POST['points'] = 0;`
bug fixes 2004-10-31 07:08:42 +00:00
updates + change password admin function 2004-11-03 01:45:21 +00:00			`if(mysql_escape_string(stripslashes($_POST['date'])) == "")`
bug fixes 2004-10-31 07:08:42 +00:00			`$_POST['date'] = date("Y-m-d H:i:s");`

* empty log message * 2004-10-16 00:28:17 +00:00			$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
			`to`='".$_SESSION['_config']['notarise']['id']."',
			`points`='".intval($_POST['points'])."',
updates + change password admin function 2004-11-03 01:45:21 +00:00			`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
bug fixes 2004-12-02 11:42:34 +00:00			`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
			`when`=NOW()";
language updates 2004-10-16 16:22:33 +00:00			`if($_SESSION['profile']['admin'] == 1)`
updates + change password admin function 2004-11-03 01:45:21 +00:00			$query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
* empty log message * 2004-10-16 00:28:17 +00:00			`mysql_query($query);`
bug fixes 2004-10-31 07:08:42 +00:00			`if($_SESSION['profile']['points'] < 150)`
bug updates 2004-10-31 01:25:51 +00:00			`{`
			$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
			`to`='".$_SESSION['profile']['id']."',
			`points`='2',
updates + change password admin function 2004-11-03 01:45:21 +00:00			`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
			`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
bug fixes 2004-12-02 11:42:34 +00:00			`method`='Administrative Increase',
			`when`=NOW()";
bug updates 2004-10-31 01:25:51 +00:00			`mysql_query($query);`
bug fixes 2004-10-31 07:08:42 +00:00			`$_SESSION['profile']['points'] += 2;`
bug updates 2004-10-31 01:25:51 +00:00			`}`
* empty log message * 2004-10-16 00:28:17 +00:00
language updates 2004-10-16 15:41:39 +00:00			`if($_SESSION['_config']['notarise']['language'] != "")`
			`{`
			`$userlang = $_SESSION['_config']['notarise']['language'];`
			`putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);`
			`setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);`
			`}`

bug updates 2004-10-31 01:25:51 +00:00			`$body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";`
			`$body .= sprintf(_("You were issued %s points and you now have %s points in total."), $_POST['points'], ($_POST['points'] + $drow['total']))."\n\n";`
* empty log message * 2004-10-16 00:28:17 +00:00
			`if(($drow['total'] + $_POST['points']) < 100 && ($drow['total'] + $_POST['points']) >= 50)`
			`{`
			`$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";`
			`}`

			`if(($drow['total'] + $_POST['points']) >= 100 && $_POST['points'] > 0)`
			`{`
update 2004-10-24 01:46:49 +00:00			`$body .= _("You now have over 100 points and can start assuring others.")."\n\n";`
* empty log message * 2004-10-16 00:28:17 +00:00			`}`

			`$body .= _("Best Regards")."\n";`
			`$body .= _("CAcert Support Team");`

bug fixes 2004-12-09 01:48:16 +00:00			`sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Website");`
language updates 2004-10-16 15:41:39 +00:00
			`putenv("LANG=".$_SESSION['_config']['language']);`
			`setlocale(LC_ALL, $_SESSION['_config']['language']);`
* empty log message * 2004-10-16 00:28:17 +00:00
bug updates 2004-10-31 01:25:51 +00:00			`$body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";`
			`$body .= sprintf(_("You issued them %s points and they now have %s points in total."), $_POST['points'], ($_POST['points'] + $drow['total']))."\n\n";`
* empty log message * 2004-10-16 00:28:17 +00:00			`$body .= _("Best Regards")."\n";`
			`$body .= _("CAcert Support Team");`

bug fixes 2004-12-09 01:48:16 +00:00			`sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");`
* empty log message * 2004-10-16 00:28:17 +00:00
			`showheader(_("My CAcert.org Account!"));`
update 2004-10-24 01:46:49 +00:00			`echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";`
* empty log message * 2004-10-16 00:28:17 +00:00			`showfooter();`
			`exit;`
			`}`

			`if($oldid == 8)`
			`{`
updates + change password admin function 2004-11-03 01:45:21 +00:00			`$info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));`
* empty log message * 2004-10-16 00:28:17 +00:00			`$listme = intval($_POST['listme']);`
			`if($listme < 0 \|\| $listme > 1)`
			`$listme = 0;`

			`$_SESSION['profile']['listme'] = $listme;`
			`$_SESSION['profile']['contactinfo'] = $info;`

			$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
			`mysql_query($query);`

			`showheader(_("My CAcert.org Account!"));`
			`echo "<p>"._("Your account information has been updated.")."</p>";`
			`showfooter();`
			`exit;`
			`}`

			`if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0)`
			`{`
			`$body = $_POST['message'];`
			`$subject = $_POST['subject'];`
bug fixes 2004-12-09 01:48:16 +00:00			`sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'],`
			`$_SESSION['profile']['email'], "returns@cacert.org", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);`
* empty log message * 2004-10-16 00:28:17 +00:00			`showheader(_("My CAcert.org Account!"));`
			`echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";`
			`echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";`
			`showfooter();`
			`exit;`
			`} elseif($oldid == 9) {`
			`unset($oldid);`
			`$error = _("There was an error and I couldn't proceed");`
			`$id = 9;`
			`}`

			`showheader(_("My CAcert.org Account!"));`
			`includeit($id, "wot");`
			`showfooter();`
			`?>`