Fix for https://bugs.cacert.org/view.php?id=942

(CATS import interface is not fit to handle non-Assurer Challenge tests)
13 years ago · 6ef19fd6eb
parent f27e77391e
commit 6ef19fd6eb
4 changed files with 56 additions and 16 deletions
--- a/includes/general.php
+++ b/includes/general.php
@ -38,6 +38,7 @@
 	$_SESSION['_config']['filepath'] = "/www";

 	require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
+	require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php');

 	if(array_key_exists('HTTP_HOST',$_SERVER) &&
 			$_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
@ -847,19 +848,6 @@
 		$text=preg_replace("/[^\w-.@]/","",$text);
 		return($text);
 	}
-
-	function fix_assurer_flag($userID)
-	{
-		// Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
-		$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).
-			 '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
-			 ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100
-	 
-		// Reset flag if requirements are not met
-		$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID).
-			'\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
-			 ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)');
-	}
 	
 	// returns 0 if $userID is an Assurer
 	// Otherwise :
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@ -0,0 +1,51 @@
+<?php
+/*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2008  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+function fix_assurer_flag($userID)
+{
+	// Update Assurer-Flag on users table if 100 points.
+	// Should the number of points be SUM(points) or SUM(awarded)?
+	$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '.
+		'`u`.`id` = \''.(int)intval($userID).'\' AND '.
+		'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '.
+			'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '.
+			'`cp`.`user_id` = `u`.`id`) AND '.
+		'(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
+			'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100');
+	// Challenge has been passed and non-expired points >= 100
+	
+	if (!$query) {
+		return false;
+	}
+ 
+	// Reset flag if requirements are not met
+	$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '.
+		'`u`.`id` = \''.(int)intval($userID).'\' AND '.
+		'(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '.
+			'`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '.
+			'AND `cp`.`user_id` = `u`.`id`) OR '.
+		'(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
+			'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)');
+	
+	if (!$query) {
+		return false;
+	}
+	
+	return true;
+}
--- a/scripts/assurer.php
+++ b/scripts/assurer.php
@ -30,7 +30,7 @@
 	$query = "
 select u.email, fname, lname, sum(n.points) from users u, notary n
 where n.to=u.id
-   and not exists(select 1 from cats_passed cp where cp.user_id=u.id)
+   and not EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)
   and exists(select 1 from notary n2 where n2.from=u.id and year(n2.`when`)>2007)
   and (select count(*) from notary n3 where n3.from=u.id) > 1
 group by email, fname, lname
--- a/www/cats/cats_import.php
+++ b/www/cats/cats_import.php
@ -24,6 +24,8 @@
   API for CATS to import passed tests into main CAcert database.
 */

+require_once('../../includes/lib/account.php');
+
 function sanitize_string($buffer) {
 return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES);
 }
@ -154,8 +156,7 @@ if (!$query) {
 }

 // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
-$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100
-if (!$query) {
+if (!fix_assurer_flag($userID)) {
  echo 'Invalid query'."\r\n";
  trigger_error('Invalid query', E_USER_ERROR);
  exit();