$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
if($row['email'] == "")
$id = 42;
else
$_POST['email'] = $row['email'];
}
if($oldid == 44)
{
showheader(_("My CAcert.org Account!"));
if(intval($_POST['userid']) <= 0)
{
echo _("No such user found.");
} else {
mysql_query("update `users` set `password`=password('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
printf(_("The password for %s has been updated sucessfully in the system."), $row['email']);
case 35: $expand = " explode('orgadmin');"; break;
case 42:
case 43: $expand = " explode('sysadmin');"; break;
case 43:
case 44: $expand = " explode('sysadmin');"; break;
case 500:
case 501:
case 502:
@ -161,7 +162,7 @@ function hideall() {
<h3onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3>
<ulclass="menu"id="WoT"><li><ahref="wot.php?id=0"><?=_("About")?></a></li><li><ahref="wot.php?id=1"><?=_("Find an Assurer")?></a></li><li><ahref="wot.php?id=3"><?=_("Rules")?></a></li><li><?if($_SESSION['profile']['points']<100){?><ahref="wot.php?id=2"><?=_("Becoming an Assurer")?></a><?}else{?><ahref="wot.php?id=5"><?=_("Assure Someone")?></a><?}?></li><li><ahref="wot.php?id=4"><?=_("Trusted Third Parties")?></a></li><li><ahref="http://www.cacert.org/docs/CAP.pdf"><?=_("WoT Form")?></a></li><li><ahref="http://www.cacert.org/docs/TTP.pdf"><?=_("TTP Form")?></a></li></ul>
msgid "Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info."
msgid "Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it."
msgid "No such certificate attached to your account."
msgstr ""
#: www/account/43.php:39
#: includes/account.php:1770
msgid "No such user found."
msgstr ""
#: www/account/43.php:47
#, php-format
msgid "No users found matching %s"
msgstr ""
@ -1381,15 +1398,19 @@ msgstr ""
msgid "One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy."
msgstr ""
#: www/account/43.php:35
msgid "Only the first 100 rows are displayed."
msgstr ""
#: www/help/3.php:8
msgid "Open Directory Security folder"
msgstr ""
#: includes/account_stuff.php:156
#: includes/account_stuff.php:157
msgid "Org Admin"
msgstr ""
#: includes/account_stuff.php:146
#: includes/account_stuff.php:147
msgid "Org Client Certs"
msgstr ""
@ -1397,7 +1418,7 @@ msgstr ""
msgid "Org Client and Server Certificates"
msgstr ""
#: includes/account_stuff.php:150
#: includes/account_stuff.php:151
msgid "Org Server Certs"
msgstr ""
@ -1504,7 +1525,8 @@ msgstr ""
msgid "Please note: All html will be stripped from the contact information box, a link to an email form will automatically be inserted to ensure your privacy."
msgid "System will send you an email with a link in it, you just open the link in a webbrowser."
msgstr ""
#: includes/account_stuff.php:162
#: includes/account_stuff.php:163
msgid "TTP Form"
msgstr ""
@ -1857,6 +1879,11 @@ msgstr ""
msgid "The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"
msgstr ""
#: includes/account.php:1774
#, php-format
msgid "The password for %s has been updated sucessfully in the system."
msgstr ""
#: www/help/2.php:53
msgid "The point is, as the current situation holds, you should be weary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes."
msgstr ""
@ -1897,7 +1924,7 @@ msgstr ""
msgid "There is several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!)."
msgstr ""
#: www/wot.php:292
#: www/wot.php:296
msgid "There was an error and I couldn't proceed"
msgstr ""
@ -1945,7 +1972,8 @@ msgstr ""
msgid "To provide a trust mechanism to go with the security aspects of encryption."
msgid "When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address date of birth and some lost pass phrase question and answers."
msgid "With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued."
msgstr ""
#: includes/account_stuff.php:162
#: includes/account_stuff.php:163
msgid "WoT Form"
msgstr ""
@ -2150,12 +2179,12 @@ msgstr ""
msgid "You are putting your trust in people you don't know!"
msgstr ""
#: www/wot.php:246
#: www/wot.php:250
#, php-format
msgid "You are receiving this email because you have assured %s %s (%s)."
msgstr ""
#: www/wot.php:225
#: www/wot.php:229
#, php-format
msgid "You are receiving this email because you have been assured by %s %s (%s)."
msgstr ""
@ -2209,7 +2238,7 @@ msgstr ""
msgid "You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR."
msgstr ""
#: www/wot.php:247
#: www/wot.php:251
#, php-format
msgid "You issued them %s points and they now have %s points in total."
msgstr ""
@ -2239,11 +2268,11 @@ msgstr ""
msgid "You must sight at least one form of government issued photo identification. It's preferable if 2 forms of Government issued photo ID are presented, as less points may be issued if there is any doubt on the person by the person issuing points;"
msgstr ""
#: www/wot.php:235
#: www/wot.php:239
msgid "You now have over 100 points and can start assuring others."
msgstr ""
#: www/wot.php:230
#: www/wot.php:234
msgid "You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years."
msgstr ""
@ -2263,7 +2292,7 @@ msgstr ""
msgid "You tried to use an invalid language."
msgstr ""
#: www/wot.php:226
#: www/wot.php:230
#, php-format
msgid "You were issued %s points and you now have %s points in total."
msgstr ""
@ -2288,7 +2317,7 @@ msgstr ""
msgid "You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email."
msgstr ""
#: www/wot.php:251
#: www/wot.php:255
msgid "You've Assured Another Member."
msgstr ""
@ -2296,11 +2325,11 @@ msgstr ""
msgid "You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system"
msgstr ""
#: www/wot.php:241
#: www/wot.php:245
msgid "You've been Assured."
msgstr ""
#: www/wot/10.php:19
#: www/account/43.php:145 www/wot/10.php:19
msgid "Your Assurance Points"
msgstr ""
@ -2320,7 +2349,7 @@ msgstr ""
msgid "Your account and/or email address has been verified. You can now start issuing certificates for this address."
msgstr ""
#: www/wot.php:273
#: www/wot.php:277
msgid "Your account information has been updated."
msgstr ""
@ -2356,7 +2385,7 @@ msgstr ""
msgid "Your domain has been verified. You can now start issuing certificates for this domain."
<h3><?=_("So, dammit, what's the point of all this then?")?></h3>
<p><?=_("The point is, as the current situation holds, you should be weary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes.")?></p>
<h3><aname="refs"></a><?=_("References")?></h3>
<p><ahref="http://www.counterpane.com/pki-risks.pdf"><?=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?></a> - http://www.counterpane.com/pki-risks.pdf</p>
<p><ahref="http://www.schneier.com/paper-pki.pdf"><?=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?></a> - http://www.counterpane.com/pki-risks.pdf</p>
<p><ahref="http://www.webtrust.org/certauth.htm"><?=_("WebTrust for Certification Authorities")?></a> - http://www.webtrust.org/certauth.htm</p>
<p><ahref="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp"><?=_("Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp</p>