cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fix-client-certificate-login
use-https-for-verification-links
fix-client-cert-issues
main
fix-email-address-maintenance-bug-1543
fix/bug-1550
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd89c90943e'
${ noResults }
cacert-webdb/www/wot.php

310 lines
12 KiB
PHP
Raw Blame History

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
require_once("../includes/loggedin.php");
loadem("account");
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You don't have access to view these pages.")."</p>";
showfooter();
exit;
}
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
{
unset($oldid);
$id = 5;
}
if($oldid == 5)
{
$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
} else {
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
}
}
if($oldid == 5 || $oldid == 6)
{
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
{
$id = 5;
unset($oldid);
$_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");
}
}
if($oldid == 5 || $oldid == 6)
{
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
`to`='".$_SESSION['_config']['notarise']['id']."'";
$_SESSION['_config']['alreadydone'] = 0;
$res = mysql_query($query);
if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] <= 150)
{
$id = 5;
unset($oldid);
$_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");
} elseif($oldid == 5) {
$id = 6;
}
if($id == 6 && mysql_num_rows($res) > 0)
{
$_SESSION['_config']['alreadydone'] = 1;
}
unset($_SESSION['_config']['pointsalready']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['pointsalready'] = $drow['total'];
}
unset($_SESSION['_config']['verified']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select `verified` from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['verified'] = $drow['verified'];
}
}
if($oldid == 6)
{
if($_POST['assertion'] != 1 || $_POST['rules'] != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
}
if($_POST['certify'] != 1 && $_SESSION['profile']['board'] != 1)
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
}
}
if($oldid == 6 && $_SESSION['profile']['board'] != 1)
{
if($_POST['location'] == "")
{
$id = $oldid;
unset($oldid);
$_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");
}
}
if($oldid == 6)
{
$max = maxpoints();
$newpoints = intval($_POST['points']);
if($newpoints > $max)
$newpoints = $max;
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && $drow['total'] > 150)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You tried to give a temporary points increase to someone that already has more then 150 points. Can't continue.")."</p>";
showfooter();
exit;
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You didn't list a valid sponsor for this action.")."</p>";
showfooter();
exit;
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) > 0)
{
$resc = mysql_query("select * from `users` where `id`='".intval($_POST['sponsor'])."' and `board`='1'");
$rc = mysql_num_rows($resc);
$sponsor = mysql_fetch_assoc($resc);
if($rc <= 0)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You listed an invalid sponsor for this action.")."</p>";
showfooter();
exit;
}
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$_POST['method'] == "Administrative Increase";
$newpoints = 200 - $drow['total'];
if(intval($_POST['expire']) > 45)
$_POST['expire'] = 45;
if(intval($_POST['expire']) <= 7)
$_POST['expire'] = 7;
} else {
$_POST['expire'] = 0;
if(($drow['total'] + $newpoints) > 100 && $max < 100)
$newpoints = 100 - $drow['total'];
if(($drow['total'] + $newpoints) > $max && $max >= 100)
$newpoints = $max - $drow['total'];
if($newpoints < 0)
$newpoints = 0;
}
if(mysql_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s");
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['_config']['notarise']['id']."',
`points`='$newpoints',
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$query .= ",\n`method`='Temporary Increase'";
$query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
$query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
} else if($_SESSION['profile']['board'] == 1) {
$query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
}
mysql_query($query);
if($_SESSION['profile']['points'] < 150)
{
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['profile']['id']."',
`points`='2',
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
mysql_query($query);
$_SESSION['profile']['points'] += 2;
}
if($_SESSION['_config']['notarise']['language'] != "")
{
$userlang = $_SESSION['_config']['notarise']['language'];
putenv("LANG=".$userlang);
setlocale(LC_ALL, $$userlang);
}
$body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
if($_POST['points'] != $newpoints)
$body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
else
$body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
{
$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
}
if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
{
$body .= _("You now have over 100 points and can start assuring others.")."\n\n";
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
$body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Website");
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
if($_POST['points'] != $newpoints)
$body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
else
$body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
$body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "returns@cacert.org", "", "CAcert Support");
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "returns@cacert.org", "", "CAcert Website");
}
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
showfooter();
exit;
}
if($oldid == 8)
{
$info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
$_SESSION['profile']['listme'] = $listme;
$_SESSION['profile']['contactinfo'] = $info;
$query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your account information has been updated.")."</p>";
showfooter();
exit;
}
if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0)
{
$body = $_POST['message'];
$subject = $_POST['subject'];
sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'],
$_SESSION['profile']['email'], "returns@cacert.org", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".</p>";
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
showfooter();
exit;
} elseif($oldid == 9) {
unset($oldid);
$error = _("There was an error and I couldn't proceed");
$id = 9;
}
showheader(_("My CAcert.org Account!"));
includeit($id, "wot");
showfooter();
?>
View Git Blame Copy Permalink