diff --git a/includes/account.php b/includes/account.php index af41cbe..54373b0 100644 --- a/includes/account.php +++ b/includes/account.php @@ -18,6 +18,7 @@ require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); require_once("../includes/lib/check_weak_key.php"); + require_once("../includes/notary.inc.php"); loadem("account"); @@ -70,9 +71,7 @@ } $oldid=0; $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))); - $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + if(check_email_exists($_REQUEST['email'])==true) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email'])); @@ -160,17 +159,7 @@ { $row = mysql_fetch_assoc($res); echo $row['email']."
\n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); - - $query = "update `email` set `deleted`=NOW() where `id`='$id'"; - mysql_query($query); + account_email_delete($row['id']); $delcount++; } } @@ -192,6 +181,14 @@ if($process != "" && $oldid == 3) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1') { showheader(_("My CAcert.org Account!")); @@ -321,6 +318,8 @@ exit; } + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', @@ -629,32 +628,9 @@ { $row = mysql_fetch_assoc($res); echo $row['domain']."
\n"; - - $dres = mysql_query( - "select `domaincerts`.`id` - from `domaincerts` - where `domaincerts`.`domid` = '$id' - union distinct - select `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$id'"); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } - - mysql_query( - "update `domains` - set `deleted`=NOW() - where `id` = '$id'"); + account_domain_delete($row['id']); } + } } else @@ -668,6 +644,14 @@ if($process != "" && $oldid == 10) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + $CSR = clean_csr($_REQUEST['CSR']); if(strpos($CSR,"---BEGIN")===FALSE) { @@ -784,6 +768,8 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `domaincerts` set @@ -1205,17 +1191,17 @@ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $description= ""; - } + } - if(trim($_REQUEST['disablelogin']) == "1"){ - $disablelogin = 1; - }else{ - $disablelogin = 0; - } + if(trim($_REQUEST['disablelogin']) == "1"){ + $disablelogin = 1; + }else{ + $disablelogin = 0; + } - mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); + mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); + } - } if($oldid == 13 && $process != "") { csrf_check("perschange"); @@ -2698,6 +2684,13 @@ mysql_query($query); } + if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + { + $userid = intval($_REQUEST['userid']); + revoke_all_private_cert($userid); + $id=43; + } + if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; @@ -2994,23 +2987,39 @@ if($oldid == 50 && $process != "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); - $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"); - if(mysql_num_rows($res) > 0) - { - $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01' - WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); + if (trim($_REQUEST['arbitrationno'])==""){ + showheader(_("My CAcert.org Account!")); + echo _("You did not enter an arbitration number entry."); + showfooter(); + exit; + } + if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) { + showheader(_("My CAcert.org Account!")); + printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno']))); + showfooter(); + exit; + } + if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) { + showheader(_("My CAcert.org Account!")); + printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); + showfooter(); + exit; + } + if (check_client_cert_running($_REQUEST['userid'],1) || + check_server_cert_running($_REQUEST['userid'],1) || + check_gpg_cert_running($_REQUEST['userid'],1)) { + showheader(_("My CAcert.org Account!")); + printf(_("The CCA retention time for at least one certificate is not over. Can't continue.")); + showfooter(); + exit; + } + if (check_is_orgadmin($_REQUEST['userid'],1)) { + showheader(_("My CAcert.org Account!")); + printf(_("The user is listed as Organisation Administrator. Can't continue.")); + showfooter(); + exit; } + account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) diff --git a/includes/notary.inc.php b/includes/notary.inc.php index d6f86a8..37a7ed0 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -41,6 +41,15 @@ return intval($row['list']); } + function get_number_of_ttpassurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + function get_number_of_assurees ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` @@ -106,7 +115,7 @@ function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked) { - $apoints = max($row['points'],$row['awarded']); + $apoints = max($row['points'], $row['awarded']); $points += $apoints; $experience = " "; $revoked = false; # to be coded later (after DB-upgrade) @@ -192,15 +201,15 @@ ?> - - - - - - - - - + + + + + + + + +

- + - + - - + - - - - + + + + - - - - - - - - + + + + + + + + - + - + - - - - - - + + class="DataTD">: + + + + - + - +
: :
 :   

"; - $emclose=""; + if ($when < "2006-09-01") + { + $tdstyle="style='background-color: #ffff80'"; + $emopen=""; + $emclose=""; + } } } - } ?> - - > - > + + > + > > > - - > - > - > - > - > + > + > + > + > + > - >  ->  + - >');"> + >');"> - - - - - - - - + + + + + + + + - - - - - - + + + + + + [ ]

0){ $row = mysql_fetch_assoc($res); @@ -664,7 +692,7 @@ $rec=array(); } return $rec; -} + } function delete_user_agreement($memid, $type="CCA"){ //deletes all entries to an user for the given type of user agreements @@ -672,4 +700,413 @@ mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); } + // functions for 6.php (assure somebody) + + function AssureHead($confirmation,$checkname) + { +?> + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
:
>
+ +
+ +
:
+ + " /> +
+ + + + 0; + } + + function check_gpg_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()"; + }else{ + $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)"; + } + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + function check_client_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()"; + }else{ + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + } + $res = mysql_query($query1); + $r1 = mysql_num_rows($res)>0; + $res = mysql_query($query2); + $r2 = mysql_num_rows($res)>0; + return !!($r1 || $r2); + } + + function check_server_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query1 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `domaincerts`.`expire` > NOW() + and `domaincerts`.`revoked` < `domaincerts`.`created`"; + $query2 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `revoked`>NOW()"; + }else{ + $query1 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `expire`>(NOW()-90*86400) + and `revoked`<`created`"; + $query2 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `revoked`>(NOW()-90*86400)"; + } + $res = mysql_query($query1); + $r1 = mysql_num_rows($res)>0; + $res = mysql_query($query2); + $r2 = mysql_num_rows($res)>0; + return !!($r1 || $r2); + } + + function check_is_orgadmin($uid){ + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0"; + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + + // revokation of certificates + function revoke_all_client_cert($mailid){ + //revokes all client certificates for an email address + $mailid = intval($mailid); + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + } + } + + function revoke_all_server_cert($domainid){ + //revokes all server certs for an domain + $domainid = intval($domainid); + $query = + "select `domaincerts`.`id` + from `domaincerts` + where `domaincerts`.`domid` = '$domainid' + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid'"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0"); + } + } + + function revoke_all_private_cert($uid){ + //revokes all certificates linked to a personal accounts + //gpg revokation needs to be added to a later point + $uid=intval($uid); + $query = "select `id` from `email` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_client_cert($row['id']); + } + + + $query = "select `id` from `domains` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_server_cert($row['id']); + } + } + + /** + * check_date_format() + * checks if the date is entered in the right date format YYYY-MM-DD and + * if the date is after the 1st January of the given year + * + * @param mixed $date + * @param integer $year + * @return + */ + function check_date_format($date, $year=2000){ + if (!strpos($date,'-')) { + return FALSE; + } + $arr=explode('-',$date); + + if ((count($arr)!=3)) { + return FALSE; + } + if (intval($arr[0])<=$year) { + return FALSE; + } + if (intval($arr[1])>12 or intval($arr[1])<=0) { + return FALSE; + } + if (intval($arr[2])>31 or intval($arr[2])<=0) { + return FALSE; + } + + return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0])); + + } + + /** + * check_date_difference() + * returns false if the date is larger then today + time diffrence + * + * @param mixed $date + * @param integer $diff + * @return + */ + function check_date_difference($date, $diff=1){ + return (strtotime($date)<=time()+$diff*86400); + } diff --git a/includes/wot.inc.php b/includes/wot.inc.php deleted file mode 100644 index 9471bee..0000000 --- a/includes/wot.inc.php +++ /dev/null @@ -1,640 +0,0 @@ - '".intval($no_of_assurances)."'"); - return intval(query_get_number_of_rows($res)+1); - } - - function get_top_assuree_position ($no_of_assurees) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' - GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); - return intval(query_get_number_of_rows($res)+1); - } - - function get_given_assurances ($userid) - { - $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); - return $res; - } - - function get_received_assurances ($userid) - { - $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); - return $res; - } - - function get_given_assurances_summary ($userid) - { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); - return $res; - } - - function get_received_assurances_summary ($userid) - { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); - return $res; - } - - function get_user ($userid) - { - $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); - return mysql_fetch_assoc($res); - } - - function get_cats_state ($userid) - { - - $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 - WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); - return mysql_num_rows($res); - } - - function calc_experience ($row,&$points,&$experience,&$sum_experience) - { - $apoints = max($row['points'], $row['awarded']); - - $points += $apoints; - - $experience = " "; - if ($row['method'] == "Face to Face Meeting") - { - $sum_experience = $sum_experience +2; - $experience = "2"; - } - return $apoints; - } - - function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded) - { - $awarded = calc_points($row); - - if ($awarded > 100) - { - $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) - $awarded = 100; - } - else - $experience = 0; - - switch ($row['method']) - { - case 'Thawte Points Transfer': - case 'CT Magazine - Germany': - case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented - $awarded=sprintf("%s",_("Revoked")); - $experience=0; - break; - default: - $points += $awarded; - } - $sumexperience = $sumexperience + $experience; - } - - - function show_user_link ($name,$userid) - { - $name = trim($name); - if($name == "") - { - if ($userid == 0) - $name = _("System"); - else - $name = _("Deleted account"); - } - else - $name = "$name"; - return $name; - } - - function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer) - { - $num_of_assurances = get_number_of_assurances (intval($userid)); - $rank_of_assurer = get_top_assurer_position($num_of_assurances); - } - - function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree) - { - $num_of_assurees = get_number_of_assurees (intval($userid)); - $rank_of_assuree = get_top_assuree_position($num_of_assurees); - } - - -// ************* html table definitions ****************** - - function output_ranking($userid) - { - get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer); - get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree); - -?> - - - - - - - - - - -
-
- - - - - - - - - - - - - - - - - - - - - - -
: :
-
-"; - $emclose=""; - } - } - } - -?> - - > - > - > - > - > - > - > - - - - - - - - - - - - - -
-
- - - - - - - - 100, awarded shows correct value - else - $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value - switch ($row['method']) - { - case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) - case 'CT Magazine - Germany': // revoke c't (only one test-entry) - case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) - $points = 0; - break; - case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) - if ($points <= 2) // maybe limit to 35/50 pts in the future? - $points = 0; - break; - case 'Unknown': // to be revoked in the future? limit to max 50 pts? - case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? - case 'TTP-Assisted': // TTP assurances, limit to 35 - case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30 - case '': // to be revoked in the future? limit to max 50 pts? - case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? - break; - default: // should never happen ... ;-) - $points = 0; - } - if ($points < 0) // ignore negative points (bug needs to be fixed) - $points = 0; - return $points; - } - - function max_points($userid) - { - return output_summary_content ($userid,0); - } - - function output_summary_content($userid,$display_output) - { - $sum_points = 0; - $sum_experience = 0; - $sum_experience_other = 0; - $max_points = 100; - $max_experience = 50; - - $experience_limit_reached_txt = _("Limit reached"); - - if (check_date_limit($userid,18) != 1) - { - $max_experience = 10; - $experience_limit_reached_txt = _("Limit given by PoJAM reached"); - } - if (check_date_limit($userid,14) != 1) - { - $max_experience = 0; - $experience_limit_reached_txt = _("Limit given by PoJAM reached"); - } - - $res = get_received_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) - { - $points = calc_points ($row); - - if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) - { - $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']); - $points = $max_points; - } - $sum_points += $points*intval($row['number']); - } - - $res = get_given_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) - { - switch ($row['method']) - { - case 'Face to Face Meeting': // count Face to Face only - $sum_experience += 2*intval($row['number']); - break; - } - - } - - if ($sum_points > $max_points) - { - $sum_points_countable = $max_points; - $remark_points = _("Limit reached"); - } - else - { - $sum_points_countable = $sum_points; - $remark_points = " "; - } - if ($sum_experience > $max_experience) - { - $sum_experience_countable = $max_experience; - $remark_experience = $experience_limit_reached_txt; - } - else - { - $sum_experience_countable = $sum_experience; - $remark_experience = " "; - } - - if ($sum_experience_countable + $sum_experience_other > $max_experience) - { - $sum_experience_other_countable = $max_experience-$sum_experience_countable; - $remark_experience_other = $experience_limit_reached_txt; - } - else - { - $sum_experience_other_countable = $sum_experience_other; - $remark_experience_other = " "; - } - - if ($sum_points_countable < $max_points) - { - if ($sum_experience_countable != 0) - $remark_experience = _("Points on hold due to less assurance points"); - $sum_experience_countable = 0; - if ($sum_experience_other_countable != 0) - $remark_experience_other = _("Points on hold due to less assurance points"); - $sum_experience_other_countable = 0; - } - - $issue_points = 0; - $cats_test_passed = get_cats_state ($userid); - if ($cats_test_passed == 0) - { - $issue_points_txt = ""._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer").""; - if ($sum_points_countable < $max_points) - { - $issue_points_txt = ""; - $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points)); - $issue_points_txt .= ""; - } - } - else - { - $experience_total = $sum_experience_countable+$sum_experience_other_countable; - $issue_points_txt = ""; - if ($sum_points_countable == $max_points) - $issue_points = 10; - if ($experience_total >= 10) - $issue_points = 15; - if ($experience_total >= 20) - $issue_points = 20; - if ($experience_total >= 30) - $issue_points = 25; - if ($experience_total >= 40) - $issue_points = 30; - if ($experience_total >= 50) - $issue_points = 35; - if ($issue_points != 0) - $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points); - } - if ($display_output) - { - output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points); - output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience); - output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other); - output_summary_row (_("Total Points")," ",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt); - } - return $issue_points; - } - - function output_given_assurances($userid) - { - output_assurances_header(_("Assurance Points You Issued")); - output_given_assurances_content($userid,$points,$sum_experience); - output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience); - } - - function output_received_assurances($userid) - { - output_assurances_header(_("Your Assurance Points")); - output_received_assurances_content($userid,$points,$sum_experience); - output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience); - } - - function output_summary($userid) - { - output_summary_header(); - output_summary_content($userid,1); - output_summary_footer(); - } - - function output_end_of_page() - { -?> -

[ ]

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:
>
- -
-
:
">
- - -
-

-
-"/> - +
+

CCA")?>
+

+" /> + diff --git a/pages/account/3.php b/pages/account/3.php index c2165c2..b760c11 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -70,17 +70,21 @@ if($_SESSION['profile']['points'] >= 50) = 100 && $_SESSION['profile']['codesign'] > 0) { ?> + + + - - +
- -
+ + + +

@@ -92,8 +96,11 @@ if($_SESSION['profile']['points'] >= 50) - - + + + + + @@ -114,6 +121,15 @@ if($_SESSION['profile']['points'] >= 50) + + + + + CCA")?>
+ + + + " /> diff --git a/pages/account/43.php b/pages/account/43.php index 234e01a..a942f18 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval($_REQUEST['userid']) > 0) { - $id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; + $userid = intval($_REQUEST['userid']); + $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); : - + @@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); + + +
')) return false;"> + + + + +
+ +
+ ()
@@ -837,7 +848,7 @@ function showassuredto() - : + :   @@ -883,7 +894,7 @@ function showassuredby() - : + :   diff --git a/pages/account/50.php b/pages/account/50.php index 1604156..a4c2413 100644 --- a/pages/account/50.php +++ b/pages/account/50.php @@ -19,12 +19,16 @@
- + + + + + diff --git a/pages/gpg/0.php b/pages/gpg/0.php index 7c7a37b..f490511 100644 --- a/pages/gpg/0.php +++ b/pages/gpg/0.php @@ -22,6 +22,8 @@



+

CCA")?>
+

" /> diff --git a/pages/wot/15.php b/pages/wot/15.php index 8579588..cca2702 100644 --- a/pages/wot/15.php +++ b/pages/wot/15.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $userid = intval($_SESSION['profile']['id']); diff --git a/pages/wot/4.php b/pages/wot/4.php index befdfe4..628e6a5 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -15,7 +15,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -require_once(dirname(__FILE__).'/../../includes/wot.inc.php'); +require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); ?>

diff --git a/pages/wot/6.php b/pages/wot/6.php index 28c1875..1031090 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -40,20 +40,20 @@ $name = $fname." ".$mname." ".$lname." ".$suffix; $_SESSION['_config']['wothash'] = md5($name."-".$dob); - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); AssureTextLine(_("Name"),$name); AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); - AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureMethodLine(_("Method"),$methods,''); + AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"
"._("Please adjust the date if you assured the person on a different day")); - AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face.")); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"
"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); - AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),""._("Assurance Policy")." - "._("Assurance Handbook").""); + AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); + AssureTextLine(_("Policy"),""._("CAcert Community Agreement")." -"._("Assurance Policy")." - "._("Assurance Handbook").""); AssureInboxLine("points",_("Points"),"","
(Max. ".maxpoints().")"); - AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the CAcert Community Agreement"),$fname)); - AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the CAcert Community Agreement")); AssureFoot($id,_("I confirm this Assurance")); ?> diff --git a/www/disputes.php b/www/disputes.php index 4944d8c..34a447a 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -17,6 +17,7 @@ */ ?> \n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'"); - - $do = `../scripts/runclient`; - $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'"; - mysql_query($query); + account_email_delete($row['id']); } mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'"); - $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); - $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); - $res = mysql_query("select * from `users` where `id`='$oldmemid'"); - $user = mysql_fetch_assoc($res); + $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); + $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); + $res = mysql_query("select * from `users` where `id`='$oldmemid'"); + $user = mysql_fetch_assoc($res); if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email']) { mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'"); @@ -160,17 +150,13 @@ showheader(_("Domain Dispute")); echo "

"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."

"; echo "

"._("The following accounts have been removed:")."
\n"; + //new account_domain_delete($domainid, $memberID) $query = "select * from `domains` where `id`='$domainid' and deleted=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { - echo $_SESSION['_config']['domain']."
\n"; - mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'"); - $query = "select * from `domlink` where `domid`='$domainid'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); - $do = `../scripts/runserver`; + echo $_SESSION['_config']['domain']."
\n"; + account_domain_delete($domainid); } mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'"); showfooter(); diff --git a/www/gpg.php b/www/gpg.php index bf8ba29..f24d84c 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -18,6 +18,7 @@ 35)) + { + show_page("VerifyData","",_("The number of points you entered are out of the range given by policy.")); + exit; + } + $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); @@ -315,7 +356,7 @@ $iecho= "c"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { - show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); + show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); exit; } } @@ -328,6 +369,10 @@ $iecho= "c"; `location`='".mysql_escape_string(stripslashes($_POST['location']))."', `date`='".mysql_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; + //record active acceptance by Assurer + if (check_date_format(trim($_REQUEST['date']),2010)) { + write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']); + } if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; } @@ -404,16 +449,16 @@ $iecho= "c"; echo "

"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."

"; ?>
:
:
- - - - - - - - - - + + + + + + + + + +
:
">
:
">
@@ -466,7 +511,7 @@ $iecho= "c"; $subject = $_REQUEST['subject']; $userid = intval($_REQUEST['userid']); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); - $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); if($points > 0) {