cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

Jumbo patch for the following issues:

Browse Source 
https://bugs.cacert.org/view.php?id=893
    Extend Delete account feature for support
  https://bugs.cacert.org/view.php?id=1123
    Add the Check CCA acception to all certificate creation processes
  https://bugs.cacert.org/view.php?id=1136
    Extend SE console with the functionality to revoke all user certificates of an user account
  https://bugs.cacert.org/view.php?id=1137
    Record the CCA acception for entering an assurance
  https://bugs.cacert.org/view.php?id=1177
    Combine wot.inc.php, notary.inc.php and temp-function.php
pull/1/head
Wytze van der Raay 11 years ago
parent 99a263d8b0
commit 3dfac78f84
14 changed files with 744 additions and 861 deletions
Show Stats Download Patch File Download Diff File

135
includes/account.php
Unescape Escape View File

@ -18,6 +18,7 @@
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once("../includes/lib/check_weak_key.php");
require_once("../includes/notary.inc.php");
loadem("account");
@ -70,9 +71,7 @@
}
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
$query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@ -160,17 +159,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
$query = "update `email` set `deleted`=NOW() where `id`='$id'";
mysql_query($query);
account_email_delete($row['id']);
$delcount++;
}
}
@ -192,6 +181,14 @@
if($process != "" && $oldid == 3)
{
if(!array_key_exists('CCA',$_REQUEST))
{
showheader(_("My CAcert.org Account!"));
echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
showfooter();
exit;
}
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
@ -321,6 +318,8 @@
exit;
}
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
$query = "insert into emailcerts set
`CN`='$defaultemail',
`keytype`='NS',
@ -629,32 +628,9 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
$dres = mysql_query(
"select `domaincerts`.`id`
from `domaincerts`
where `domaincerts`.`domid` = '$id'
union distinct
select `domaincerts`.`id`
from `domaincerts`, `domlink`
where `domaincerts`.`id` = `domlink`.`certid`
and `domlink`.`domid` = '$id'");
while($drow = mysql_fetch_assoc($dres))
{
mysql_query(
"update `domaincerts`
set `revoked`='1970-01-01 10:00:01'
where `id` = '".$drow['id']."'
and `revoked` = 0
and UNIX_TIMESTAMP(`expire`) -
UNIX_TIMESTAMP() > 0");
}
mysql_query(
"update `domains`
set `deleted`=NOW()
where `id` = '$id'");
account_domain_delete($row['id']);
}
}
}
else
@ -668,6 +644,14 @@
if($process != "" && $oldid == 10)
{
if(!array_key_exists('CCA',$_REQUEST))
{
showheader(_("My CAcert.org Account!"));
echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
showfooter();
exit;
}
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
@ -784,6 +768,8 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `domaincerts` set
@ -1205,17 +1191,17 @@
$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
}else{
$description= "";
}
}
if(trim($_REQUEST['disablelogin']) == "1"){
$disablelogin = 1;
}else{
$disablelogin = 0;
}
if(trim($_REQUEST['disablelogin']) == "1"){
$disablelogin = 1;
}else{
$disablelogin = 0;
}
mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
}
}
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@ -2698,6 +2684,13 @@
mysql_query($query);
}
if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
{
$userid = intval($_REQUEST['userid']);
revoke_all_private_cert($userid);
$id=43;
}
if($oldid == 48 && $_REQUEST['domain'] == "")
{
$id = $oldid;
@ -2994,23 +2987,39 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
if(mysql_num_rows($res) > 0)
{
$query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
$query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
mysql_query($query);
if (trim($_REQUEST['arbitrationno'])==""){
showheader(_("My CAcert.org Account!"));
echo _("You did not enter an arbitration number entry.");
showfooter();
exit;
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
showfooter();
exit;
}
if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
showfooter();
exit;
}
if (check_client_cert_running($_REQUEST['userid'],1) ||
check_server_cert_running($_REQUEST['userid'],1) ||
check_gpg_cert_running($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
showfooter();
exit;
}
if (check_is_orgadmin($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
showfooter();
exit;
}
account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
}
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)

615
includes/notary.inc.php
Unescape Escape View File

@ -41,6 +41,15 @@
return intval($row['list']);
}
function get_number_of_ttpassurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
@ -106,7 +115,7 @@
function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
{
$apoints = max($row['points'],$row['awarded']);
$apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
$revoked = false; # to be coded later (after DB-upgrade)
@ -192,15 +201,15 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
</tr>
<tr>
<td class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
</tr>
</table>
<br/>
<?
@ -210,65 +219,68 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<tr>
<?
if ($support == "1")
{
?>
<td colspan="10" class="title"><?=$title?></td>
<td colspan="10" class="title"><?=$title?></td>
<?
} else {
?>
<td colspan="7" class="title"><?=$title?></td>
<? }
<td colspan="7" class="title"><?=$title?></td>
<?
}
?>
</tr>
<tr>
<td class="DataTD"><strong><?=_("ID")?></strong></td>
<td class="DataTD"><strong><?=_("Date")?></strong></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("ID")?></strong></td>
<td class="DataTD"><strong><?=_("Date")?></strong></td>
<?
if ($support == "1")
{
?>
<td class="DataTD"><strong><?=_("When")?></strong></td>
<td class="DataTD"><strong><?=_("Email")?></strong></td>
<? } ?>
<td class="DataTD"><strong><?=_("Who")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Location")?></strong></td>
<td class="DataTD"><strong><?=_("Method")?></strong></td>
<td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<td class="DataTD"><strong><?=_("When")?></strong></td>
<td class="DataTD"><strong><?=_("Email")?></strong></td>
<?
}
?>
<td class="DataTD"><strong><?=_("Who")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Location")?></strong></td>
<td class="DataTD"><strong><?=_("Method")?></strong></td>
<td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<?
if ($support == "1")
{
?>
<td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<?
}
?>
</tr>
</tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
{
?>
<tr>
<td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
<td class="DataTD"><?=$sumexperience?></td>
<tr>
<td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
<td class="DataTD"><?=$sumexperience?></td>
<?
if ($support == "1")
{
?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD">&nbsp;</td>
<?
}
?>
</tr>
</tr>
</table>
<br/>
<?
@ -277,52 +289,54 @@
function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
{
$tdstyle="";
$emopen="";
$emclose="";
$tdstyle="";
$emopen="";
$emclose="";
if ($awarded == $points)
{
if ($awarded == "0")
if ($awarded == $points)
{
if ($when < "2006-09-01")
if ($awarded == "0")
{
$tdstyle="style='background-color: #ffff80'";
$emopen="<em>";
$emclose="</em>";
if ($when < "2006-09-01")
{
$tdstyle="style='background-color: #ffff80'";
$emopen="<em>";
$emclose="</em>";
}
}
}
}
?>
<tr>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<tr>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<?
if ($support == "1")
{
if ($support == "1")
{
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
<? }
<?
}
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<?
if ($support == "1")
{
if ($revoked == true)
if ($support == "1")
{
if ($revoked == true)
{
?>
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<? } else {
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<?
} else {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
}
?>
</tr>
<?
@ -332,14 +346,14 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="4" class="title"><?=_("Summary of your Points")?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("Description")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
<td class="DataTD"><strong><?=_("Remark")?></strong></td>
<tr>
<td colspan="4" class="title"><?=_("Summary of your Points")?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("Description")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
<td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
@ -355,12 +369,12 @@
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
<tr>
<td class="DataTD"><strong><?=$title?></strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$points_countable?></td>
<td class="DataTD"><?=$remark?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=$title?></strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$points_countable?></td>
<td class="DataTD"><?=$remark?></td>
</tr>
<?
}
@ -430,6 +444,8 @@
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
case 'TTP-Assisted': // TTP assurances, limit to 35
case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
@ -575,14 +591,14 @@
return $issue_points;
}
function output_given_assurances($userid,$support)
function output_given_assurances($userid,$support=0)
{
output_assurances_header(_("Assurance Points You Issued"),$support);
output_given_assurances_content($userid,$points,$sum_experience,$support);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
function output_received_assurances($userid,$support)
function output_received_assurances($userid,$support=0)
{
output_assurances_header(_("Your Assurance Points"),$support);
output_received_assurances_content($userid,$points,$sum_experience,$support);
@ -602,18 +618,30 @@
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
//functions to do with recording user agreements
/**
* write_user_agreement()
* writes a new record to the table user_agreement
*
* @param mixed $memid
* @param mixed $document
* @param mixed $method
* @param mixed $comment
* @param integer $active
* @param integer $secmemid
* @return
*/
function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
// write a new record to the table user_agreement
$query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
$res = mysql_query($query);
}
function get_user_agreement_status($memid, $type="CCA"){
//returns 0 - no user agreement, 1- at least one entry
$query="SELECT u.`document` FROM `user_agreements` u
$query="SELECT u.`document` FROM `user_agreements` u
WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
$res = mysql_query($query);
if(mysql_num_rows($res) <=0){
@ -650,8 +678,8 @@
function get_last_user_agreement($memid, $type="CCA"){
//returns an array (`document`,`date`,`method`, `comment`,`active`)
$query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
union
(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
union
(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
$res = mysql_query($query);
if(mysql_num_rows($res) >0){
$row = mysql_fetch_assoc($res);
@ -664,7 +692,7 @@
$rec=array();
}
return $rec;
}
}
function delete_user_agreement($memid, $type="CCA"){
//deletes all entries to an user for the given type of user agreements
@ -672,4 +700,413 @@
mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
}
// functions for 6.php (assure somebody)
function AssureHead($confirmation,$checkname)
{
?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
<tr>
<td colspan="2" class="title"><?=$confirmation?></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
</tr>
<?
}
function AssureTextLine($field1,$field2)
{
?>
<tr>
<td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td>
<td class="DataTD"><?=$field2?></td>
</tr>
<?
}
function AssureBoxLine($type,$text,$checked)
{
?>
<tr>
<td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
<td class="DataTD"><?=$text?></td>
</tr>
<?
}
function AssureMethodLine($text,$methods,$remark)
{
if (count($methods) != 1) {
?>
<tr>
<td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
<td class="DataTD">
<select name="method">
<?
foreach($methods as $val) {
?>
<option value="<?=$val?>"><?=$val?></option>
<?
}
?>
</select>
<br />
<?=$remark?>
</td>
</tr>
<?
} else {
?>
<input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
<?
}
}
function AssureInboxLine($type,$field,$value,$description)
{
?>
<tr>
<td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td>
<td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
</tr>
<?
}
function AssureFoot($oldid,$confirm)
{
?>
<tr>
<td class="DataTD" colspan="2">
<input type="submit" name="process" value="<?=$confirm?>" />
<input type="submit" name="cancel" value="<?=_("Cancel")?>" />
</td>
</tr>
</table>
<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
<input type="hidden" name="oldid" value="<?=$oldid?>" />
</form>
<?
}
function account_email_delete($mailid){
//deletes an email entry from an acount
//revolkes all certifcates for that email address
//called from www/account.php if($process != "" && $oldid == 2)
//called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
//called from account_delete
$mailid = intval($mailid);
revoke_all_client_cert($mailid);
$query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
mysql_query($query);
}
function account_domain_delete($domainid){
//deletes an domain entry from an acount
//revolkes all certifcates for that domain address
//called from www/account.php if($process != "" && $oldid == 9)
//called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
//called from account_delete
$domainid = intval($domainid);
revoke_all_server_cert($domainid);
mysql_query(
"update `domains`
set `deleted`=NOW()
where `id` = '$domainid'");
}
function account_delete($id, $arbno, $adminid){
//deletes an account following the deleted account routnie V3
// called from www/account.php if($oldid == 50 && $process != "")
//change password
$id = intval($id);
$arbno = mysql_real_escape_string($arbno);
$adminid = intval($adminid);
$pool = 'abcdefghijklmnopqrstuvwxyz';
$pool .= '0123456789!()§';
$pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
srand ((double)microtime()*1000000);
$password="";
for($index = 0; $index < 30; $index++)
{
$password .= substr($pool,(rand()%(strlen ($pool))), 1);
}
mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
//create new mail for arbitration number
$query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
mysql_query($query);
$emailid = mysql_insert_id();
//set new mail as default
$query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
mysql_query($query);
//delete all other email address
$query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
account_email_delete($row['id']);
}
//delete all domains
$query = "select `id` from `domains` where `memid`='".$id."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
account_domain_delete($row['id']);
}
//clear alert settings
mysql_query(
"update `alerts` set
`general`='0',
`country`='0',
`regional`='0',
`radius`='0'
where `memid`='$id'");
//set default location
$query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
mysql_query($query);
//clear listings
$query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
mysql_query($query);
//set lanuage to default
//set default language
mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
//delete secondary langugaes
mysql_query("delete from `addlang` where `userid`='".$id."'");
//change secret questions
for($i=1;$i<=5;$i++){
$q="";
$a="";
for($index = 0; $index < 30; $index++)
{
$q .= substr($pool,(rand()%(strlen ($pool))), 1);
$a .= substr($pool,(rand()%(strlen ($pool))), 1);
}
$query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
mysql_query($query);
}
//change personal information to arbitration number and DOB=1900-01-01
$query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
$details = mysql_fetch_assoc(mysql_query($query));
$query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
`new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
mysql_query($query);
$query = "update `users` set `fname`='".$arbno."',
`mname`='".$arbno."',
`lname`='".$arbno."',
`suffix`='".$arbno."',
`dob`='1900-01-01'
where `id`='".$id."'";
mysql_query($query);
//clear all admin and board flags
mysql_query(
"update `users` set
`assurer`='0',
`assurer_blocked`='0',
`codesign`='0',
`orgadmin`='0',
`ttpadmin`='0',
`locadmin`='0',
`admin`='0',
`adadmin`='0',
`tverify`='0',
`board`='0'
where `id`='$id'");
//block account
mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
}
function check_email_exists($email){
// called from includes/account.php if($process != "" && $oldid == 1)
// called from includes/account.php if($oldid == 50 && $process != "")
$email = mysql_real_escape_string($email);
$query = "select 1 from `email` where `email`='$email' and `deleted`=0";
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
function check_gpg_cert_running($uid,$cca=0){
//if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
}else{
$query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
}
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
function check_client_cert_running($uid,$cca=0){
//if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
}else{
$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
$res = mysql_query($query2);
$r2 = mysql_num_rows($res)>0;
return !!($r1 || $r2);
}
function check_server_cert_running($uid,$cca=0){
//if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
$query1 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `domaincerts`.`expire` > NOW()
and `domaincerts`.`revoked` < `domaincerts`.`created`";
$query2 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `revoked`>NOW()";
}else{
$query1 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `expire`>(NOW()-90*86400)
and `revoked`<`created`";
$query2 = "
select 1 from `domaincerts` join `domains`
on `domaincerts`.`domid` = `domains`.`id`
where `domains`.`memid` = '$uid'
and `revoked`>(NOW()-90*86400)";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
$res = mysql_query($query2);
$r2 = mysql_num_rows($res)>0;
return !!($r1 || $r2);
}
function check_is_orgadmin($uid){
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
$query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
$res = mysql_query($query);
return mysql_num_rows($res) > 0;
}
// revokation of certificates
function revoke_all_client_cert($mailid){
//revokes all client certificates for an email address
$mailid = intval($mailid);
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres)){
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
}
}
function revoke_all_server_cert($domainid){
//revokes all server certs for an domain
$domainid = intval($domainid);
$query =
"select `domaincerts`.`id`
from `domaincerts`
where `domaincerts`.`domid` = '$domainid'
union distinct
select `domaincerts`.`id`
from `domaincerts`, `domlink`
where `domaincerts`.`id` = `domlink`.`certid`
and `domlink`.`domid` = '$domainid'";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
mysql_query(
"update `domaincerts`
set `revoked`='1970-01-01 10:00:01'
where `id` = '".$drow['id']."'
and `revoked` = 0");
}
}
function revoke_all_private_cert($uid){
//revokes all certificates linked to a personal accounts
//gpg revokation needs to be added to a later point
$uid=intval($uid);
$query = "select `id` from `email` where `memid`='".$uid."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
revoke_all_client_cert($row['id']);
}
$query = "select `id` from `domains` where `memid`='".$uid."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
revoke_all_server_cert($row['id']);
}
}
/**
* check_date_format()
* checks if the date is entered in the right date format YYYY-MM-DD and
* if the date is after the 1st January of the given year
*
* @param mixed $date
* @param integer $year
* @return
*/
function check_date_format($date, $year=2000){
if (!strpos($date,'-')) {
return FALSE;
}
$arr=explode('-',$date);
if ((count($arr)!=3)) {
return FALSE;
}
if (intval($arr[0])<=$year) {
return FALSE;
}
if (intval($arr[1])>12 or intval($arr[1])<=0) {
return FALSE;
}
if (intval($arr[2])>31 or intval($arr[2])<=0) {
return FALSE;
}
return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
}
/**
* check_date_difference()
* returns false if the date is larger then today + time diffrence
*
* @param mixed $date
* @param integer $diff
* @return
*/
function check_date_difference($date, $diff=1){
return (strtotime($date)<=time()+$diff*86400);
}

640
includes/wot.inc.php
Unescape Escape View File

@ -1,640 +0,0 @@
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2011 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
function query_init ($query)
{
return mysql_query($query);
}
function query_getnextrow ($res)
{
$row1 = mysql_fetch_assoc($res);
return $row1;
}
function query_get_number_of_rows ($resultset)
{
return intval(mysql_num_rows($resultset));
}
function get_number_of_assurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_number_of_ttpassurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
}
function get_top_assurer_position ($no_of_assurances)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
function get_top_assuree_position ($no_of_assurees)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting'
GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
return intval(query_get_number_of_rows($res)+1);
}
function get_given_assurances ($userid)
{
$res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
return $res;
}
function get_received_assurances ($userid)
{
$res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
return $res;
}
function get_given_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
return $res;
}
function get_user ($userid)
{
$res = query_init ("select * from `users` where `id`='".intval($userid)."'");
return mysql_fetch_assoc($res);
}
function get_cats_state ($userid)
{
$res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
return mysql_num_rows($res);
}
function calc_experience ($row,&$points,&$experience,&$sum_experience)
{
$apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
if ($row['method'] == "Face to Face Meeting")
{
$sum_experience = $sum_experience +2;
$experience = "2";
}
return $apoints;
}
function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
{
$awarded = calc_points($row);
if ($awarded > 100)
{
$experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
$awarded = 100;
}
else
$experience = 0;
switch ($row['method'])
{
case 'Thawte Points Transfer':
case 'CT Magazine - Germany':
case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
$awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
$experience=0;
break;
default:
$points += $awarded;
}
$sumexperience = $sumexperience + $experience;
}
function show_user_link ($name,$userid)
{
$name = trim($name);
if($name == "")
{
if ($userid == 0)
$name = _("System");
else
$name = _("Deleted account");
}
else
$name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
return $name;
}
function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
{
$num_of_assurances = get_number_of_assurances (intval($userid));
$rank_of_assurer = get_top_assurer_position($num_of_assurances);
}
function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
{
$num_of_assurees = get_number_of_assurees (intval($userid));
$rank_of_assuree = get_top_assuree_position($num_of_assurees);
}
// ************* html table definitions ******************
function output_ranking($userid)
{
get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
</tr>
<tr>
<td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
</tr>
</table>
<br/>
<?
}
function output_assurances_header($title)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="7" class="title"><?=$title?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("ID")?></strong></td>
<td class="DataTD"><strong><?=_("Date")?></strong></td>
<td class="DataTD"><strong><?=_("Who")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Location")?></strong></td>
<td class="DataTD"><strong><?=_("Method")?></strong></td>
<td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
</tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
{
?>
<tr>
<td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
<td class="DataTD"><?=$sumexperience?></td>
</tr>
</table>
<br/>
<?
}
function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
{
$tdstyle="";
$emopen="";
$emclose="";
if ($awarded == $points)
{
if ($awarded == "0")
{
if ($when < "2006-09-01")
{
$tdstyle="style='background-color: #ffff80'";
$emopen="<em>";
$emclose="</em>";
}
}
}
?>
<tr>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
</tr>
<?
}
function output_summary_header()
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="4" class="title"><?=_("Summary of your Points")?></td>
</tr>
<tr>
<td class="DataTD"><strong><?=_("Description")?></strong></td>
<td class="DataTD"><strong><?=_("Points")?></strong></td>
<td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
<td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
function output_summary_footer()
{
?>
</table>
<br/>
<?
}
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
<tr>
<td class="DataTD"><strong><?=$title?></strong></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$points_countable?></td>
<td class="DataTD"><?=$remark?></td>
</tr>
<?
}
// ************* output given assurances ******************
function output_given_assurances_content($userid,&$points,&$sum_experience)
{
$points = 0;
$sumexperience = 0;
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
$fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
}
}
// ************* output received assurances ******************
function output_received_assurances_content($userid,&$points,&$sum_experience)
{
$points = 0;
$sumexperience = 0;
$res = get_received_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
$fromuser = get_user (intval($row['from']));
calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
}
}
// ************* output summary table ******************
function check_date_limit ($userid,$age)
{
$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
$res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
return intval(query_get_number_of_rows($res));
}
function calc_points($row)
{
$awarded = intval($row['awarded']);
if ($awarded == "")
$awarded = 0;
if (intval($row['points']) < $awarded)
$points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
else
$points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
switch ($row['method'])
{
case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
case 'CT Magazine - Germany': // revoke c't (only one test-entry)
case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
$points = 0;
break;
case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
if ($points <= 2) // maybe limit to 35/50 pts in the future?
$points = 0;
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
case 'TTP-Assisted': // TTP assurances, limit to 35
case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
default: // should never happen ... ;-)
$points = 0;
}
if ($points < 0) // ignore negative points (bug needs to be fixed)
$points = 0;
return $points;
}
function max_points($userid)
{
return output_summary_content ($userid,0);
}
function output_summary_content($userid,$display_output)
{
$sum_points = 0;
$sum_experience = 0;
$sum_experience_other = 0;
$max_points = 100;
$max_experience = 50;
$experience_limit_reached_txt = _("Limit reached");
if (check_date_limit($userid,18) != 1)
{
$max_experience = 10;
$experience_limit_reached_txt = _("Limit given by PoJAM reached");
}
if (check_date_limit($userid,14) != 1)
{
$max_experience = 0;
$experience_limit_reached_txt = _("Limit given by PoJAM reached");
}
$res = get_received_assurances_summary($userid);
while($row = mysql_fetch_assoc($res))
{
$points = calc_points ($row);
if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
{
$sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
$points = $max_points;
}
$sum_points += $points*intval($row['number']);
}
$res = get_given_assurances_summary($userid);
while($row = mysql_fetch_assoc($res))
{
switch ($row['method'])
{
case 'Face to Face Meeting': // count Face to Face only
$sum_experience += 2*intval($row['number']);
break;
}
}
if ($sum_points > $max_points)
{
$sum_points_countable = $max_points;
$remark_points = _("Limit reached");
}
else
{
$sum_points_countable = $sum_points;
$remark_points = "&nbsp;";
}
if ($sum_experience > $max_experience)
{
$sum_experience_countable = $max_experience;
$remark_experience = $experience_limit_reached_txt;
}
else
{
$sum_experience_countable = $sum_experience;
$remark_experience = "&nbsp;";
}
if ($sum_experience_countable + $sum_experience_other > $max_experience)
{
$sum_experience_other_countable = $max_experience-$sum_experience_countable;
$remark_experience_other = $experience_limit_reached_txt;
}
else
{
$sum_experience_other_countable = $sum_experience_other;
$remark_experience_other = "&nbsp;";
}
if ($sum_points_countable < $max_points)
{
if ($sum_experience_countable != 0)
$remark_experience = _("Points on hold due to less assurance points");
$sum_experience_countable = 0;
if ($sum_experience_other_countable != 0)
$remark_experience_other = _("Points on hold due to less assurance points");
$sum_experience_other_countable = 0;
}
$issue_points = 0;
$cats_test_passed = get_cats_state ($userid);
if ($cats_test_passed == 0)
{
$issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
if ($sum_points_countable < $max_points)
{
$issue_points_txt = "<strong style='color: red'>";
$issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
$issue_points_txt .= "</strong>";
}
}
else
{
$experience_total = $sum_experience_countable+$sum_experience_other_countable;
$issue_points_txt = "";
if ($sum_points_countable == $max_points)
$issue_points = 10;
if ($experience_total >= 10)
$issue_points = 15;
if ($experience_total >= 20)
$issue_points = 20;
if ($experience_total >= 30)
$issue_points = 25;
if ($experience_total >= 40)
$issue_points = 30;
if ($experience_total >= 50)
$issue_points = 35;
if ($issue_points != 0)
$issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
}
if ($display_output)
{
output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
}
return $issue_points;
}
function output_given_assurances($userid)
{
output_assurances_header(_("Assurance Points You Issued"));
output_given_assurances_content($userid,$points,$sum_experience);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
}
function output_received_assurances($userid)
{
output_assurances_header(_("Your Assurance Points"));
output_received_assurances_content($userid,$points,$sum_experience);
output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
}
function output_summary($userid)
{
output_summary_header();
output_summary_content($userid,1);
output_summary_footer();
}
function output_end_of_page()
{
?>
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
// functions for 6.php (assure somebody)
function AssureHead($confirmation,$checkname)
{
?>
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
<tr>
<td colspan="2" class="title"><?=$confirmation?></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
</tr>
<?
}
function AssureTextLine($field1,$field2)
{
?>
<tr>
<td class="DataTD"><?=$field1?>:</td>
<td class="DataTD"><?=$field2?></td>
</tr>
<?
}
function AssureCCABoxLine($type,$text)
{
return;
AssureBoxLine($type,$text);
}
function AssureBoxLine($type,$text,$checked)
{
?>
<tr>
<td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
<td class="DataTD"><?=$text?></td>
</tr>
<?
}
function AssureMethodLine($text,$methods,$remark)
{
if (count($methods) != 1)
{
?>
<tr>
<td class="DataTD"><?=$text?></td>
<td class="DataTD">
<select name="method">
<?
foreach($methods as $val) { ?>
<option value="<?=$val?>"> <?=$val?></option>
<? } ?>
</select>
</br><?=$remark?>
</td>
</tr>
<?
} else {
?>
<input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>">
<?
}
}
function AssureInboxLine($type,$field,$value,$description)
{
?>
<tr>
<td class="DataTD"><?=$field?>:</td>
<td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
</tr>
<?
}
function AssureFoot($oldid,$confirm)
{?>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
</tr>
</table>
<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
<input type="hidden" name="oldid" value="<?=$oldid?>">
</form>
<?
}

8
pages/account/10.php
Unescape Escape View File

@ -38,7 +38,9 @@
<p><?=_("Optional comment, only used in the certifictate overview")?><br>
<input type="text" name="description" maxlength="80" size=80/></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br>
<input type="submit" name="process" value="<?=_("Submit")?>"/>
<input type="hidden" name="oldid" value="<?=$id?>"/>
<textarea name="CSR" cols="80" rows="15"></textarea><br />
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?></p>
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
</form>

28
pages/account/3.php
Unescape Escape View File

@ -70,17 +70,21 @@ if($_SESSION['profile']['points'] >= 50)
<? } ?>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr>
<td class="DataTD">
<input type="checkbox" name="codesign" value="1" />
</td>
<td class="DataTD" align="left">
<input type="checkbox" name="codesign" value="1" /> <?=_("Code Signing")?></td>
<td class="DataTD" align="left">
<?=_("Code Signing")?><br />
<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="checkbox" name="login" value="1" checked="checked" /> <?=_("Enable certificate login with this certificate")?><br />
<td class="DataTD">
<input type="checkbox" name="login" value="1" checked="checked" />
</td>
<td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
</td>
</tr>
@ -92,8 +96,11 @@ if($_SESSION['profile']['points'] >= 50)
</tr>
<tr name="expertoff" style="display:none">
<td class="DataTD" colspan="2" align="left">
<input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?>
<td class="DataTD">
<input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" />
</td>
<td class="DataTD">
<?=_("Show advanced options")?>
</td>
</tr>
@ -114,6 +121,15 @@ if($_SESSION['profile']['points'] >= 50)
<td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" name="CCA" />
</td>
<td class="DataTD" align="left">
<strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>

21
pages/account/43.php
Unescape Escape View File

@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
if(intval($_REQUEST['userid']) > 0)
{
$id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
$userid = intval($_REQUEST['userid']);
$query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Last Name")?>:</td>
<td class="DataTD"> <input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=intval($id)?>">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
</tr>
<tr>
@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<?
} ?>
</tr>
<tr>
<td colspan="6" class="title">
<form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
<input type="hidden" name="action" value="revokecert">
<input type="hidden" name="oldid" value="43">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="submit" value="<?=_('revoke certificates')?>">
</form>
</td>
</tr>
</table>
<br>
<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
(<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
<br />
@ -837,7 +848,7 @@ function showassuredto()
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>
@ -883,7 +894,7 @@ function showassuredby()
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>

6
pages/account/50.php
Unescape Escape View File

@ -19,12 +19,16 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Change Password")?></td>
<td colspan="2" class="title"><?=_("Delete Account")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
</tr>
<tr>
<td class="DataTD"><?=_("New Username from arbitration number + sequence number a20xxyyzz.a.b")?>:</td>
<td class="DataTD"><input type="text" name="arbitrationno"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
</tr>

2
pages/gpg/0.php
Unescape Escape View File

@ -22,6 +22,8 @@
<p><?=_("Optional comment, only used in the certifictate overview")?><br />
<input type="text" name="description" maxlength="80" size=80 /></p>
<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?></p>
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
</form>

2
pages/wot/15.php
Unescape Escape View File

@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$userid = intval($_SESSION['profile']['id']);

2
pages/wot/4.php
Unescape Escape View File

@ -15,7 +15,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once(dirname(__FILE__).'/../../includes/wot.inc.php');
require_once(dirname(__FILE__).'/../../includes/notary.inc.php');
?>
<h3><?=_("Trusted Third Parties")?></h3>

16
pages/wot/6.php
Unescape Escape View File

@ -40,20 +40,20 @@
$name = $fname." ".$mname." ".$lname." ".$suffix;
$_SESSION['_config']['wothash'] = md5($name."-".$dob);
include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname));
AssureTextLine(_("Name"),$name);
AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")");
AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
AssureMethodLine(_("Method"),$methods,'');
AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day"));
AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face."));
AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname));
AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"));
AssureFoot($id,_("I confirm this Assurance"));
?>

32
www/disputes.php
Unescape Escape View File

@ -17,6 +17,7 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
require_once("../includes/notary.inc.php");
loadem("account");
@ -58,24 +59,13 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
$query = "select `emailcerts`.`id`
from `emaillink`,`emailcerts` where
`emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
`revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
group by `emailcerts`.`id`";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
$do = `../scripts/runclient`;
$query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
mysql_query($query);
account_email_delete($row['id']);
}
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
$rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
$rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
$rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
$rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
@ -160,17 +150,13 @@
showheader(_("Domain Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
//new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
echo $_SESSION['_config']['domain']."<br>\n";
mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
$query = "select * from `domlink` where `domid`='$domainid'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
$do = `../scripts/runserver`;
echo $_SESSION['_config']['domain']."<br>\n";
account_domain_delete($domainid);
}
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();

11
www/gpg.php
Unescape Escape View File

@ -18,6 +18,7 @@
<?
require_once("../includes/loggedin.php");
require_once("../includes/lib/general.php");
require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
@ -83,6 +84,14 @@ function verifyEmail($email)
$state=0;
if($oldid == "0" && $CSR != "")
{
if(!array_key_exists('CCA',$_REQUEST))
{
showheader(_("My CAcert.org Account!"));
echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
showfooter();
exit;
}
$err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX',
"",
$tmpdir);
@ -293,6 +302,8 @@ function verifyEmail($email)
if($oldid == "0" && $CSR != "")
{
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
//set variable for comment
if(trim($_REQUEST['description']) == ""){
$description= "";

87
www/wot.php
Unescape Escape View File

@ -18,6 +18,8 @@
<?
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once("../includes/notary.inc.php");
function show_page($target,$message,$error)
@ -113,9 +115,6 @@ function send_reminder()
$_SESSION['_config']['error'] = _("A reminder notice has been sent.");
}
loadem("account");
if(array_key_exists('date',$_POST) && $_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
@ -127,7 +126,7 @@ function send_reminder()
if($oldid == 12)
$id = $oldid;
if($oldid == 4)
{
if ($_POST['ttp']!='') {
@ -238,37 +237,79 @@ function send_reminder()
if($oldid == 6)
{
$iecho= "c";
//date checks
if(trim($_REQUEST['date']) == '')
{
show_page("VerifyData","",_("You must enter the date when you met the assuree."));
exit;
}
if(!check_date_format(trim($_REQUEST['date'])))
{
show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
exit;
}
if(!check_date_difference(trim($_REQUEST['date'])))
{
show_page("VerifyData","",_("You must not enter a date in the future."));
exit;
}
//proof of identity check and accept arbitration, implements CCA
if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
//proof of CCA agreement by assuree after 2010-01-01
if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
//assurance done according to rules
if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
*/
if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
//met assuree in person, not appliciable for TTP / TTP Topup assurances
if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_REQUEST['method'] != "Trusted 3rd Parties")
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
//check location, min 3 characters
if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
{
show_page("VerifyData","",_("You failed to enter a location of your meeting."));
exit;
}
if($_REQUEST['points'] == "")
if(strlen(trim($_REQUEST['location']))<=2)
{
show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
exit;
}
//check for points in range 0-35, for nucleus 35 + 15 temporary
if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
{
show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
exit;
}
if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
{
show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
exit;
}
$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
@ -315,7 +356,7 @@ $iecho= "c";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
exit;
}
}
@ -328,6 +369,10 @@ $iecho= "c";
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
}
if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
}
@ -404,16 +449,16 @@ $iecho= "c";
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
?><form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Assure Someone")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
<tr>
<td colspan="2" class="title"><?=_("Assure Someone")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="5">
</form>
@ -466,7 +511,7 @@ $iecho= "c";
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{

Write Preview
Loading…
Cancel
Save