cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Jumbo patch for the following issues:

Browse source 
https://bugs.cacert.org/view.php?id=893
    Extend Delete account feature for support
  https://bugs.cacert.org/view.php?id=1123
    Add the Check CCA acception to all certificate creation processes
  https://bugs.cacert.org/view.php?id=1136
    Extend SE console with the functionality to revoke all user certificates of an user account
  https://bugs.cacert.org/view.php?id=1137
    Record the CCA acception for entering an assurance
  https://bugs.cacert.org/view.php?id=1177
    Combine wot.inc.php, notary.inc.php and temp-function.php
This commit is contained in:
Wytze van der Raay 2013-09-06 15:21:06 +00:00
parent 99a263d8b0
commit 3dfac78f84
14 changed files with 764 additions and 881 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
includes/account.php
View file

@ -18,6 +18,7 @@
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once("../includes/lib/check_weak_key.php");
require_once("../includes/notary.inc.php");
loadem("account");
@ -70,9 +71,7 @@
}
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@ -160,17 +159,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
$query = "update `email` set `deleted`=NOW() where `id`='$id'";
mysql_query($query);
account_email_delete($row['id']);
$delcount++;
}
}
@ -192,6 +181,14 @@
if($process != "" && $oldid == 3)
{
if(!array_key_exists('CCA',$_REQUEST))
{
showheader(_("My CAcert.org Account!"));
echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
showfooter();
exit;
}
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
@ -321,6 +318,8 @@
exit;
}
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
$query = "insert into emailcerts set
`CN`='$defaultemail',
`keytype`='NS',
@ -629,32 +628,9 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
$dres = mysql_query(
"select `domaincerts`.`id`
from `domaincerts`
where `domaincerts`.`domid` = '$id'
union distinct
select `domaincerts`.`id`
from `domaincerts`, `domlink`
where `domaincerts`.`id` = `domlink`.`certid`
and `domlink`.`domid` = '$id'");
while($drow = mysql_fetch_assoc($dres))
{
mysql_query(
"update `domaincerts`
set `revoked`='1970-01-01 10:00:01'
where `id` = '".$drow['id']."'
and `revoked` = 0
and UNIX_TIMESTAMP(`expire`) -
UNIX_TIMESTAMP() > 0");
}
mysql_query(
"update `domains`
set `deleted`=NOW()
where `id` = '$id'");
account_domain_delete($row['id']);
}
}
}
else
@ -668,6 +644,14 @@
if($process != "" && $oldid == 10)
{
if(!array_key_exists('CCA',$_REQUEST))
{
showheader(_("My CAcert.org Account!"));
echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
showfooter();
exit;
}
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
@ -784,6 +768,8 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `domaincerts` set
@ -1205,17 +1191,17 @@
$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$description= "";
}
if(trim($_REQUEST['disablelogin']) == "1"){
$disablelogin = 1;
}else{
$disablelogin = 0;
}
mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
}
if(trim($_REQUEST['disablelogin']) == "1"){
$disablelogin = 1;
}else{
$disablelogin = 0;
}
mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
}
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@ -2698,6 +2684,13 @@
mysql_query($query);
}
if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
{
$userid = intval($_REQUEST['userid']);
revoke_all_private_cert($userid);
$id=43;
}
if($oldid == 48 && $_REQUEST['domain'] == "")
{
$id = $oldid;
@ -2994,23 +2987,39 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
if(mysql_num_rows($res) > 0)
{
$query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
if (trim($_REQUEST['arbitrationno'])==""){
showheader(_("My CAcert.org Account!"));
echo _("You did not enter an arbitration number entry.");
showfooter();
exit;
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
showfooter();
exit;
}
if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
showfooter();
exit;
}
if (check_client_cert_running($_REQUEST['userid'],1) ||
check_server_cert_running($_REQUEST['userid'],1) ||
check_gpg_cert_running($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
showfooter();
exit;
}
if (check_is_orgadmin($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
showfooter();
exit;
}
account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
}
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)

643
includes/notary.inc.php
View file

@ -41,6 +41,15 @@
return intval($row['list']);
}
function get_number_of_ttpassurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
@ -106,7 +115,7 @@
function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
{
$apoints = max($row['points'],$row['awarded']);
$apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
$revoked = false; # to be coded later (after DB-upgrade)
@ -192,15 +201,15 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
</tr>
<tr>
<td class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
</tr>
</table>
<br/>
<?
@ -210,65 +219,68 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<tr>
<?
if ($support == "1")
{
?>
<td colspan="10" class="title"><?=$title?></td>
<td colspan="10" class="title"><?=$title?></td>
<?
} else {
?>
<td colspan="7" class="title"><?=$title?></td>
<? }
?>
</tr>
<tr>
<td class="DataTD"><strong><?=_("ID")?></strong></td>
<td class="DataTD"><strong><?=_("Date")?></strong></td>
<?
if ($support == "1")
{
?>
<td class="DataTD"><strong><?=_("When")?></strong></td>
<td class="DataTD"><strong><?=_("Email")?></strong></td>
<? } ?>
<td class="DataTD"><strong><?=_("Who")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Location")?></strong></td>
<td class="DataTD"><strong><?=_("Method")?></strong></td>
<td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<?
if ($support == "1")
{
?>
<td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<td colspan="7" class="title"><?=$title?></td>
<?
}
?>
</tr>
</tr>
<tr>
<td class="DataTD"><strong><?=_("ID")?></strong></td>
<td class="DataTD"><strong><?=_("Date")?></strong></td>
<?
if ($support == "1")
{
?>
<td class="DataTD"><strong><?=_("When")?></strong></td>
<td class="DataTD"><strong><?=_("Email")?></strong></td>
<?
}
?>
<td class="DataTD"><strong><?=_("Who")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Location")?></strong></td>
<td class="DataTD"><strong><?=_("Method")?></strong></td>
<td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<?
if ($support == "1")
{
?>
<td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<?
}
?>
</tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
{
?>
<tr>
<td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
<td class="DataTD"><?=$sumexperience?></td>
<tr>
<td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
<td class="DataTD"><?=$sumexperience?></td>
<?
if ($support == "1")
{
?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD">&nbsp;</td>
<?
}
?>
</tr>
</tr>
</table>
<br/>
<?
@ -277,52 +289,54 @@
function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
{
$tdstyle="";
$emopen="";
$emclose="";
$tdstyle="";
$emopen="";
$emclose="";
if ($awarded == $points)
{
if ($awarded == "0")
if ($awarded == $points)
{
if ($when < "2006-09-01")
if ($awarded == "0")
{
$tdstyle="style='background-color: #ffff80'";
$emopen="<em>";
$emclose="</em>";
if ($when < "2006-09-01")
{
$tdstyle="style='background-color: #ffff80'";
$emopen="<em>";
$emclose="</em>";
}
}
}
}
?>
<tr>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<tr>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<?
if ($support == "1")
{
if ($support == "1")
{
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
<? }
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<?
if ($support == "1")
{
if ($revoked == true)
{
?>
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<? } else {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<?
if ($support == "1")
{
if ($revoked == true)
{
?>
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<?
} else {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
?>
</tr>
<?
@ -332,14 +346,14 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="4" class="title"><?=_("Summary of your Points")?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("Description")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
<td class="DataTD"><strong><?=_("Remark")?></strong></td>
<tr>
<td colspan="4" class="title"><?=_("Summary of your Points")?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("Description")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
<td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
@ -355,12 +369,12 @@
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
<tr>
<td class="DataTD"><strong><?=$title?></strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$points_countable?></td>
<td class="DataTD"><?=$remark?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=$title?></strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$points_countable?></td>
<td class="DataTD"><?=$remark?></td>
</tr>
<?
}
@ -430,6 +444,8 @@
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
case 'TTP-Assisted': // TTP assurances, limit to 35
case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
@ -575,14 +591,14 @@
return $issue_points;
}
function output_given_assurances($userid,$support)
function output_given_assurances($userid,$support=0)
{
output_assurances_header(_("Assurance Points You Issued"),$support);
output_given_assurances_content($userid,$points,$sum_experience,$support);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
function output_received_assurances($userid,$support)
function output_received_assurances($userid,$support=0)
{
output_assurances_header(_("Your Assurance Points"),$support);
output_received_assurances_content($userid,$points,$sum_experience,$support);
@ -602,18 +618,30 @@
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
//functions to do with recording user agreements
/**
* write_user_agreement()
* writes a new record to the table user_agreement
*
* @param mixed $memid
* @param mixed $document
* @param mixed $method
* @param mixed $comment
* @param integer $active
* @param integer $secmemid
* @return
*/
function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
// write a new record to the table user_agreement
$query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
$res = mysql_query($query);
}
function get_user_agreement_status($memid, $type="CCA"){
//returns 0 - no user agreement, 1- at least one entry
$query="SELECT u.`document` FROM `user_agreements` u
$query="SELECT u.`document` FROM `user_agreements` u
WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
$res = mysql_query($query);
if(mysql_num_rows($res) <=0){
@ -650,8 +678,8 @@
function get_last_user_agreement($memid, $type="CCA"){
//returns an array (`document`,`date`,`method`, `comment`,`active`)
$query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
union
(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
union
(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
$res = mysql_query($query);
if(mysql_num_rows($res) >0){
$row = mysql_fetch_assoc($res);
@ -664,7 +692,7 @@
$rec=array();
}
return $rec;
}
}
function delete_user_agreement($memid, $type="CCA"){
//deletes all entries to an user for the given type of user agreements
@ -672,4 +700,413 @@
mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
}
// functions for 6.php (assure somebody)
function AssureHead($confirmation,$checkname)
{
?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
<tr>
<td colspan="2" class="title"><?=$confirmation?></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
</tr>
<?
}
function AssureTextLine($field1,$field2)
{
?>
<tr>
<td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td>
<td class="DataTD"><?=$field2?></td>
</tr>
<?
}
function AssureBoxLine($type,$text,$checked)
{
?>
<tr>
<td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
<td class="DataTD"><?=$text?></td>
</tr>
<?
}
function AssureMethodLine($text,$methods,$remark)
{
if (count($methods) != 1) {
?>
<tr>
<td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
<td class="DataTD">
<select name="method">
<?
foreach($methods as $val) {
?>
<option value="<?=$val?>"><?=$val?></option>
<?
}
?>
</select>
<br />
<?=$remark?>
</td>
</tr>
<?
} else {
?>
<input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
<?
}
}
function AssureInboxLine($type,$field,$value,$description)
{
?>
<tr>
<td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td>
<td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
</tr>
<?
}
function AssureFoot($oldid,$confirm)
{
?>
<tr>
<td class="DataTD" colspan="2">
<input type="submit" name="process" value="<?=$confirm?>" />
<input type="submit" name="cancel" value="<?=_("Cancel")?>" />
</td>
</tr>
</table>
<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
<input type="hidden" name="oldid" value="<?=$oldid?>" />
</form>
<?
}
function account_email_delete($mailid){
//deletes an email entry from an acount
//revolkes all certifcates for that email address
//called from www/account.php if($process != "" && $oldid == 2)
//called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
//called from account_delete
$mailid = intval($mailid);
revoke_all_client_cert($mailid);
$query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
mysql_query($query);
}
function account_domain_delete($domainid){
//deletes an domain entry from an acount
//revolkes all certifcates for that domain address
//called from www/account.php if($process != "" && $oldid == 9)
//called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
//called from account_delete
$domainid = intval($domainid);
revoke_all_server_cert($domainid);
mysql_query(
"update `domains`
set `deleted`=NOW()
where `id` = '$domainid'");
}
function account_delete($id, $arbno, $adminid){
//deletes an account following the deleted account routnie V3
// called from www/account.php if($oldid == 50 && $process != "")
//change password
$id = intval($id);
$arbno = mysql_real_escape_string($arbno);
$adminid = intval($adminid);
$pool = 'abcdefghijklmnopqrstuvwxyz';
$pool .= '0123456789!()§';
$pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
srand ((double)microtime()*1000000);
$password="";
for($index = 0; $index < 30; $index++)
{
$password .= substr($pool,(rand()%(strlen ($pool))), 1);
}
mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
//create new mail for arbitration number
$query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
mysql_query($query);
$emailid = mysql_insert_id();
//set new mail as default
$query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
mysql_query($query);
//delete all other email address
$query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
account_email_delete($row['id']);
}
//delete all domains
$query = "select `id` from `domains` where `memid`='".$id."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
account_domain_delete($row['id']);
}
//clear alert settings
mysql_query(
"update `alerts` set
`general`='0',
`country`='0',
`regional`='0',
`radius`='0'
where `memid`='$id'");
//set default location
$query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
mysql_query($query);
//clear listings
$query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
mysql_query($query);
//set lanuage to default
//set default language
mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
//delete secondary langugaes
mysql_query("delete from `addlang` where `userid`='".$id."'");
//change secret questions
for($i=1;$i<=5;$i++){
$q="";
$a="";
for($index = 0; $index < 30; $index++)
{
$q .= substr($pool,(rand()%(strlen ($pool))), 1);
$a .= substr($pool,(rand()%(strlen ($pool))), 1);
}
$query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
mysql_query($query);
}
//change personal information to arbitration number and DOB=1900-01-01
$query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
$details = mysql_fetch_assoc(mysql_query($query));
$query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
`new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
mysql_query($query);
$query = "update `users` set `fname`='".$arbno."',
`mname`='".$arbno."',
`lname`='".$arbno."',
`suffix`='".$arbno."',
`dob`='1900-01-01'
where `id`='".$id."'";
mysql_query($query);
//clear all admin and board flags
mysql_query(
"update `users` set
`assurer`='0',
`assurer_blocked`='0',
`codesign`='0',
`orgadmin`='0',
`ttpadmin`='0',
`locadmin`='0',
`admin`='0',
`adadmin`='0',
`tverify`='0',
`board`='0'
where `id`='$id'");
//block account
mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
}
function check_email_exists($email){
// called from includes/account.php if($process != "" && $oldid == 1)
// called from includes/account.php if($oldid == 50 && $process != "")
$email = mysql_real_escape_string($email);
$query = "select 1 from `email` where `email`='$email' and `deleted`=0";
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
function check_gpg_cert_running($uid,$cca=0){
//if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
}else{
$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
}
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
function check_client_cert_running($uid,$cca=0){
//if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
}else{
$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
$res = mysql_query($query2);
$r2 = mysql_num_rows($res)>0;
return !!($r1 || $r2);
}
function check_server_cert_running($uid,$cca=0){
//if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
$query1 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `domaincerts`.`expire` > NOW()
and `domaincerts`.`revoked` < `domaincerts`.`created`";
$query2 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `revoked`>NOW()";
}else{
$query1 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `expire`>(NOW()-90*86400)
and `revoked`<`created`";
$query2 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `revoked`>(NOW()-90*86400)";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
$res = mysql_query($query2);
$r2 = mysql_num_rows($res)>0;
return !!($r1 || $r2);
}
function check_is_orgadmin($uid){
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
$query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
// revokation of certificates
function revoke_all_client_cert($mailid){
//revokes all client certificates for an email address
$mailid = intval($mailid);
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres)){
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
}
}
function revoke_all_server_cert($domainid){
//revokes all server certs for an domain
$domainid = intval($domainid);
$query =
"select `domaincerts`.`id`
from `domaincerts`
where `domaincerts`.`domid` = '$domainid'
union distinct
select `domaincerts`.`id`
from `domaincerts`, `domlink`
where `domaincerts`.`id` = `domlink`.`certid`
and `domlink`.`domid` = '$domainid'";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
mysql_query(
"update `domaincerts`
set `revoked`='1970-01-01 10:00:01'
where `id` = '".$drow['id']."'
and `revoked` = 0");
}
}
function revoke_all_private_cert($uid){
//revokes all certificates linked to a personal accounts
//gpg revokation needs to be added to a later point
$uid=intval($uid);
$query = "select `id` from `email` where `memid`='".$uid."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
revoke_all_client_cert($row['id']);
}
$query = "select `id` from `domains` where `memid`='".$uid."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
revoke_all_server_cert($row['id']);
}
}
/**
* check_date_format()
* checks if the date is entered in the right date format YYYY-MM-DD and
* if the date is after the 1st January of the given year
*
* @param mixed $date
* @param integer $year
* @return
*/
function check_date_format($date, $year=2000){
if (!strpos($date,'-')) {
return FALSE;
}
$arr=explode('-',$date);
if ((count($arr)!=3)) {
return FALSE;
}
if (intval($arr[0])<=$year) {
return FALSE;
}
if (intval($arr[1])>12 or intval($arr[1])<=0) {
return FALSE;
}
if (intval($arr[2])>31 or intval($arr[2])<=0) {
return FALSE;
}
return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
}
/**
* check_date_difference()
* returns false if the date is larger then today + time diffrence
*
* @param mixed $date
* @param integer $diff
* @return
*/
function check_date_difference($date, $diff=1){
return (strtotime($date)<=time()+$diff*86400);
}

640
includes/wot.inc.php
View file

@ -1,640 +0,0 @@
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2011 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
function query_init ($query)
{
return mysql_query($query);
}
function query_getnextrow ($res)
{
$row1 = mysql_fetch_assoc($res);
return $row1;
}
function query_get_number_of_rows ($resultset)
{
return intval(mysql_num_rows($resultset));
}
function get_number_of_assurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_number_of_ttpassurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_top_assurer_position ($no_of_assurances)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
function get_top_assuree_position ($no_of_assurees)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting'
GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
return intval(query_get_number_of_rows($res)+1);
}
function get_given_assurances ($userid)
{
$res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
return $res;
}
function get_received_assurances ($userid)
{
$res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
return $res;
}
function get_given_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
return $res;
}
function get_user ($userid)
{
$res = query_init ("select * from `users` where `id`='".intval($userid)."'");
return mysql_fetch_assoc($res);
}
function get_cats_state ($userid)
{
$res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
return mysql_num_rows($res);
}
function calc_experience ($row,&$points,&$experience,&$sum_experience)
{
$apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
if ($row['method'] == "Face to Face Meeting")
{
$sum_experience = $sum_experience +2;
$experience = "2";
}
return $apoints;
}
function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
{
$awarded = calc_points($row);
if ($awarded > 100)
{
$experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
$awarded = 100;
}
else
$experience = 0;
switch ($row['method'])
{
case 'Thawte Points Transfer':
case 'CT Magazine - Germany':
case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
$awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
$experience=0;
break;
default:
$points += $awarded;
}
$sumexperience = $sumexperience + $experience;
}
function show_user_link ($name,$userid)
{
$name = trim($name);
if($name == "")
{
if ($userid == 0)
$name = _("System");
else
$name = _("Deleted account");
}
else
$name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
return $name;
}
function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
{
$num_of_assurances = get_number_of_assurances (intval($userid));
$rank_of_assurer = get_top_assurer_position($num_of_assurances);
}
function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
{
$num_of_assurees = get_number_of_assurees (intval($userid));
$rank_of_assuree = get_top_assuree_position($num_of_assurees);
}
// ************* html table definitions ******************
function output_ranking($userid)
{
get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
</tr>
</table>
<br/>
<?
}
function output_assurances_header($title)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="7" class="title"><?=$title?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("ID")?></strong></td>
<td class="DataTD"><strong><?=_("Date")?></strong></td>
<td class="DataTD"><strong><?=_("Who")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Location")?></strong></td>
<td class="DataTD"><strong><?=_("Method")?></strong></td>
<td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
</tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
{
?>
<tr>
<td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
<td class="DataTD"><?=$sumexperience?></td>
</tr>
</table>
<br/>
<?
}
function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
{
$tdstyle="";
$emopen="";
$emclose="";
if ($awarded == $points)
{
if ($awarded == "0")
{
if ($when < "2006-09-01")
{
$tdstyle="style='background-color: #ffff80'";
$emopen="<em>";
$emclose="</em>";
}
}
}
?>
<tr>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
</tr>
<?
}
function output_summary_header()
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="4" class="title"><?=_("Summary of your Points")?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("Description")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
<td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
function output_summary_footer()
{
?>
</table>
<br/>
<?
}
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
<tr>
<td class="DataTD"><strong><?=$title?></strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$points_countable?></td>
<td class="DataTD"><?=$remark?></td>
</tr>
<?
}
// ************* output given assurances ******************
function output_given_assurances_content($userid,&$points,&$sum_experience)
{
$points = 0;
$sumexperience = 0;
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
$fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
}
}
// ************* output received assurances ******************
function output_received_assurances_content($userid,&$points,&$sum_experience)
{
$points = 0;
$sumexperience = 0;
$res = get_received_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
$fromuser = get_user (intval($row['from']));
calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
}
}
// ************* output summary table ******************
function check_date_limit ($userid,$age)
{
$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
$res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
return intval(query_get_number_of_rows($res));
}
function calc_points($row)
{
$awarded = intval($row['awarded']);
if ($awarded == "")
$awarded = 0;
if (intval($row['points']) < $awarded)
$points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
else
$points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
switch ($row['method'])
{
case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
case 'CT Magazine - Germany': // revoke c't (only one test-entry)
case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
$points = 0;
break;
case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
if ($points <= 2) // maybe limit to 35/50 pts in the future?
$points = 0;
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
case 'TTP-Assisted': // TTP assurances, limit to 35
case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
default: // should never happen ... ;-)
$points = 0;
}
if ($points < 0) // ignore negative points (bug needs to be fixed)
$points = 0;
return $points;
}
function max_points($userid)
{
return output_summary_content ($userid,0);
}
function output_summary_content($userid,$display_output)
{
$sum_points = 0;
$sum_experience = 0;
$sum_experience_other = 0;
$max_points = 100;
$max_experience = 50;
$experience_limit_reached_txt = _("Limit reached");
if (check_date_limit($userid,18) != 1)
{
$max_experience = 10;
$experience_limit_reached_txt = _("Limit given by PoJAM reached");
}
if (check_date_limit($userid,14) != 1)
{
$max_experience = 0;
$experience_limit_reached_txt = _("Limit given by PoJAM reached");
}
$res = get_received_assurances_summary($userid);
while($row = mysql_fetch_assoc($res))
{
$points = calc_points ($row);
if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
{
$sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
$points = $max_points;
}
$sum_points += $points*intval($row['number']);
}
$res = get_given_assurances_summary($userid);
while($row = mysql_fetch_assoc($res))
{
switch ($row['method'])
{
case 'Face to Face Meeting': // count Face to Face only
$sum_experience += 2*intval($row['number']);
break;
}
}
if ($sum_points > $max_points)
{
$sum_points_countable = $max_points;
$remark_points = _("Limit reached");
}
else
{
$sum_points_countable = $sum_points;
$remark_points = "&nbsp;";
}
if ($sum_experience > $max_experience)
{
$sum_experience_countable = $max_experience;
$remark_experience = $experience_limit_reached_txt;
}
else
{
$sum_experience_countable = $sum_experience;
$remark_experience = "&nbsp;";
}
if ($sum_experience_countable + $sum_experience_other > $max_experience)
{
$sum_experience_other_countable = $max_experience-$sum_experience_countable;
$remark_experience_other = $experience_limit_reached_txt;
}
else
{
$sum_experience_other_countable = $sum_experience_other;
$remark_experience_other = "&nbsp;";
}
if ($sum_points_countable < $max_points)
{
if ($sum_experience_countable != 0)
$remark_experience = _("Points on hold due to less assurance points");
$sum_experience_countable = 0;
if ($sum_experience_other_countable != 0)
$remark_experience_other = _("Points on hold due to less assurance points");
$sum_experience_other_countable = 0;
}
$issue_points = 0;
$cats_test_passed = get_cats_state ($userid);
if ($cats_test_passed == 0)
{
$issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
if ($sum_points_countable < $max_points)
{
$issue_points_txt = "<strong style='color: red'>";
$issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
$issue_points_txt .= "</strong>";
}
}
else
{
$experience_total = $sum_experience_countable+$sum_experience_other_countable;
$issue_points_txt = "";
if ($sum_points_countable == $max_points)
$issue_points = 10;
if ($experience_total >= 10)
$issue_points = 15;
if ($experience_total >= 20)
$issue_points = 20;
if ($experience_total >= 30)
$issue_points = 25;
if ($experience_total >= 40)
$issue_points = 30;
if ($experience_total >= 50)
$issue_points = 35;
if ($issue_points != 0)
$issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
}
if ($display_output)
{
output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
}
return $issue_points;
}
function output_given_assurances($userid)
{
output_assurances_header(_("Assurance Points You Issued"));
output_given_assurances_content($userid,$points,$sum_experience);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
}
function output_received_assurances($userid)
{
output_assurances_header(_("Your Assurance Points"));
output_received_assurances_content($userid,$points,$sum_experience);
output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
}
function output_summary($userid)
{
output_summary_header();
output_summary_content($userid,1);
output_summary_footer();
}
function output_end_of_page()
{
?>
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
// functions for 6.php (assure somebody)
function AssureHead($confirmation,$checkname)
{
?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
<tr>
<td colspan="2" class="title"><?=$confirmation?></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
</tr>
<?
}
function AssureTextLine($field1,$field2)
{
?>
<tr>
<td class="DataTD"><?=$field1?>:</td>
<td class="DataTD"><?=$field2?></td>
</tr>
<?
}
function AssureCCABoxLine($type,$text)
{
return;
AssureBoxLine($type,$text);
}
function AssureBoxLine($type,$text,$checked)
{
?>
<tr>
<td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
<td class="DataTD"><?=$text?></td>
</tr>
<?
}
function AssureMethodLine($text,$methods,$remark)
{
if (count($methods) != 1)
{
?>
<tr>
<td class="DataTD"><?=$text?></td>
<td class="DataTD">
<select name="method">
<?
foreach($methods as $val) { ?>
<option value="<?=$val?>"> <?=$val?></option>
<? } ?>
</select>
</br><?=$remark?>
</td>
</tr>
<?
} else {
?>
<input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>">
<?
}
}
function AssureInboxLine($type,$field,$value,$description)
{
?>
<tr>
<td class="DataTD"><?=$field?>:</td>
<td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
</tr>
<?
}
function AssureFoot($oldid,$confirm)
{?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
</tr>
</table>
<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
<input type="hidden" name="oldid" value="<?=$oldid?>">
</form>
<?
}

8
pages/account/10.php
View file

@ -38,7 +38,9 @@
<p><?=_("Optional comment, only used in the certifictate overview")?><br>
<input type="text" name="description" maxlength="80" size=80/></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>"/>
<input type="hidden" name="oldid" value="<?=$id?>"/>
<textarea name="CSR" cols="80" rows="15"></textarea><br />
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?></p>
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
</form>

28
pages/account/3.php
View file

@ -70,17 +70,21 @@ if($_SESSION['profile']['points'] >= 50)
<? } ?>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr>
<td class="DataTD">
<input type="checkbox" name="codesign" value="1" />
</td>
<td class="DataTD" align="left">
<input type="checkbox" name="codesign" value="1" /> <?=_("Code Signing")?></td>
<td class="DataTD" align="left">
<?=_("Code Signing")?><br />
<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="checkbox" name="login" value="1" checked="checked" /> <?=_("Enable certificate login with this certificate")?><br />
<td class="DataTD">
<input type="checkbox" name="login" value="1" checked="checked" />
</td>
<td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
</td>
</tr>
@ -92,8 +96,11 @@ if($_SESSION['profile']['points'] >= 50)
</tr>
<tr name="expertoff" style="display:none">
<td class="DataTD" colspan="2" align="left">
<input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?>
<td class="DataTD">
<input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" />
</td>
<td class="DataTD">
<?=_("Show advanced options")?>
</td>
</tr>
@ -114,6 +121,15 @@ if($_SESSION['profile']['points'] >= 50)
<td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" name="CCA" />
</td>
<td class="DataTD" align="left">
<strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>

21
pages/account/43.php
View file

@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
if(intval($_REQUEST['userid']) > 0)
{
$id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
$userid = intval($_REQUEST['userid']);
$query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Last Name")?>:</td>
<td class="DataTD"> <input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=intval($id)?>">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
</tr>
<tr>
@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<?
} ?>
</tr>
<tr>
<td colspan="6" class="title">
<form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
<input type="hidden" name="action" value="revokecert">
<input type="hidden" name="oldid" value="43">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="submit" value="<?=_('revoke certificates')?>">
</form>
</td>
</tr>
</table>
<br>
<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
(<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
<br />
@ -837,7 +848,7 @@ function showassuredto()
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>
@ -883,7 +894,7 @@ function showassuredby()
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>

6
pages/account/50.php
View file

@ -19,12 +19,16 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Change Password")?></td>
<td colspan="2" class="title"><?=_("Delete Account")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
</tr>
<tr>
<td class="DataTD"><?=_("New Username from arbitration number + sequence number a20xxyyzz.a.b")?>:</td>
<td class="DataTD"><input type="text" name="arbitrationno"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
</tr>

2
pages/gpg/0.php
View file

@ -22,6 +22,8 @@
<p><?=_("Optional comment, only used in the certifictate overview")?><br />
<input type="text" name="description" maxlength="80" size=80 /></p>
<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?></p>
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
</form>

2
pages/wot/15.php
View file

@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$userid = intval($_SESSION['profile']['id']);

2
pages/wot/4.php
View file

@ -15,7 +15,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once(dirname(__FILE__).'/../../includes/wot.inc.php');
require_once(dirname(__FILE__).'/../../includes/notary.inc.php');
?>
<h3><?=_("Trusted Third Parties")?></h3>

16
pages/wot/6.php
View file

@ -40,20 +40,20 @@
$name = $fname." ".$mname." ".$lname." ".$suffix;
$_SESSION['_config']['wothash'] = md5($name."-".$dob);
include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname));
AssureTextLine(_("Name"),$name);
AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")");
AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
AssureMethodLine(_("Method"),$methods,'');
AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day"));
AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face."));
AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname));
AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"));
AssureFoot($id,_("I confirm this Assurance"));
?>

32
www/disputes.php
View file

@ -17,6 +17,7 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
require_once("../includes/notary.inc.php");
loadem("account");
@ -58,24 +59,13 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
$do = `../scripts/runclient`;
$query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
mysql_query($query);
account_email_delete($row['id']);
}
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
$rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
$rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
$rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
$rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
@ -160,17 +150,13 @@
showheader(_("Domain Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
//new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
echo $_SESSION['_config']['domain']."<br>\n";
mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
$query = "select * from `domlink` where `domid`='$domainid'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
$do = `../scripts/runserver`;
echo $_SESSION['_config']['domain']."<br>\n";
account_domain_delete($domainid);
}
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();

11
www/gpg.php
View file

@ -18,6 +18,7 @@
<?
require_once("../includes/loggedin.php");
require_once("../includes/lib/general.php");
require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
@ -83,6 +84,14 @@ function verifyEmail($email)
$state=0;
if($oldid == "0" && $CSR != "")
{
if(!array_key_exists('CCA',$_REQUEST))
{
showheader(_("My CAcert.org Account!"));
echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
showfooter();
exit;
}
$err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX',
"",
$tmpdir);
@ -293,6 +302,8 @@ function verifyEmail($email)
if($oldid == "0" && $CSR != "")
{
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
//set variable for comment
if(trim($_REQUEST['description']) == ""){
$description= "";

97
www/wot.php
View file

@ -18,6 +18,8 @@
<?
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once("../includes/notary.inc.php");
function show_page($target,$message,$error)
@ -113,9 +115,6 @@ function send_reminder()
$_SESSION['_config']['error'] = _("A reminder notice has been sent.");
}
loadem("account");
if(array_key_exists('date',$_POST) && $_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
@ -127,7 +126,7 @@ function send_reminder()
if($oldid == 12)
$id = $oldid;
if($oldid == 4)
{
if ($_POST['ttp']!='') {
@ -238,37 +237,79 @@ function send_reminder()
if($oldid == 6)
{
$iecho= "c";
//date checks
if(trim($_REQUEST['date']) == '')
{
show_page("VerifyData","",_("You must enter the date when you met the assuree."));
exit;
}
if(!check_date_format(trim($_REQUEST['date'])))
{
show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
exit;
}
if(!check_date_difference(trim($_REQUEST['date'])))
{
show_page("VerifyData","",_("You must not enter a date in the future."));
exit;
}
//proof of identity check and accept arbitration, implements CCA
if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
*/
if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
//proof of CCA agreement by assuree after 2010-01-01
if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
//assurance done according to rules
if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
//met assuree in person, not appliciable for TTP / TTP Topup assurances
if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_REQUEST['method'] != "Trusted 3rd Parties")
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
//check location, min 3 characters
if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
{
show_page("VerifyData","",_("You failed to enter a location of your meeting."));
exit;
}
if($_REQUEST['points'] == "")
if(strlen(trim($_REQUEST['location']))<=2)
{
show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
exit;
}
//check for points in range 0-35, for nucleus 35 + 15 temporary
if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
{
show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
exit;
}
if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
{
show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
exit;
}
$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
@ -315,7 +356,7 @@ $iecho= "c";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
exit;
}
}
@ -328,6 +369,10 @@ $iecho= "c";
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
}
if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
}
@ -404,16 +449,16 @@ $iecho= "c";
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
?><form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Assure Someone")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
<tr>
<td colspan="2" class="title"><?=_("Assure Someone")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="5">
</form>
@ -466,7 +511,7 @@ $iecho= "c";
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{