Merge branch 'bug-1003' into release

5 files changed, 151 insertions, 13 deletions

diff --git a/includes/lib/account.php b/includes/lib/account.php
index f7a24fa..c7697ce 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -19,6 +19,8 @@
 
 function fix_assurer_flag($userID)
 {
+	// If requirements for assurers are modified see also scripts/cron/updatesort.php
+
 	// Update Assurer-Flag on users table if 100 points.
 	// Should the number of points be SUM(points) or SUM(awarded)?
 	$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '.
@@ -29,11 +31,11 @@ function fix_assurer_flag($userID)
 		'(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
 			'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100');
 	// Challenge has been passed and non-expired points >= 100
-	
+
 	if (!$query) {
 		return false;
 	}
- 
+
 	// Reset flag if requirements are not met
 	$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '.
 		'`u`.`id` = \''.(int)intval($userID).'\' AND '.
@@ -42,10 +44,10 @@ function fix_assurer_flag($userID)
 			'AND `cp`.`user_id` = `u`.`id`) OR '.
 		'(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
 			'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)');
-	
+
 	if (!$query) {
 		return false;
 	}
-	
+
 	return true;
 }
\ No newline at end of file
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
new file mode 100755
index 0000000..572c1fd
--- /dev/null
+++ b/scripts/cron/permissionreview.php
@@ -0,0 +1,102 @@
+#!/usr/bin/php -q
+<?php
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012  CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+require_once(dirname(__FILE__).'/../../includes/mysql.php');
+
+$BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
+
+$flags = array(
+	'admin' => 'Support Engineer',
+	'orgadmin' => 'Organisation Assurer',
+	'board' => 'Board Member',
+	'ttpadmin' => 'Trusted Third Party Admin',
+	'tverify' => 'Tverify Admin',
+	'locadmin' => 'Location Admin'
+	);
+
+$adminlist = array();
+
+foreach ($flags as $flag => $description) {
+	$query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
+	if(! $res = mysql_query($query) ) {
+		fwrite(STDERR,
+				"MySQL query for flag $flag failed:\n".
+				"\"$query\"\n".
+				mysql_error()
+			);
+		
+		continue;
+	}
+	
+	$admins = array();
+	$adminlist[$flag] = "";
+	
+	while ($row = mysql_fetch_assoc($res)) {
+		$admins[] = $row;
+		$adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n";
+	}
+	
+	foreach ($admins as $admin) {
+		$message = <<<EOF
+Hello $admin[fname],
+
+you get this message, because you are listed as $description on
+CAcert.org. Please review the following list of persons with the same privilege
+and report to the responsible team leader or board
+($BOARD_PRIVATE) if you spot any errors.
+
+$adminlist[$flag]
+
+
+Best Regards,
+CAcert Support
+EOF;
+		sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+	}
+}
+
+
+
+$message = <<<EOF
+Dear Board Members,
+
+it's time for the permission review again. Here is the list of privileged users
+in the CAcert web application. Please review them and also ask the persons 
+responsible for an up-to-date copy of access lists not directly recorded in the
+web application (critical admins, software assessors etc.) 
+
+
+EOF;
+
+foreach ($flags as $flag => $description) {
+	$message .= <<<EOF
+List of ${description}s:
+$adminlist[$flag]
+
+EOF;
+}
+
+$message .= <<<EOF
+
+Best Regards,
+CAcert Support
+EOF;
+
+sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org');
diff --git a/scripts/removedead.php b/scripts/cron/removedead.php
index 23c4cd9..aadda81 100755
--- a/scripts/removedead.php
+++ b/scripts/cron/removedead.php
@@ -17,8 +17,8 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-	include_once("/home/cacert/www/includes/mysql.php");
-	require_once('/home/cacert/www/includes/lib/l10n.php');
+	require_once(dirname(__FILE__).'/../../includes/mysql.php');
+	require_once(dirname(__FILE__).'/../../includes/lib/l10n.php');
 
 	$query = "select * from `users`	where `users`.`verified`=0 and
 			(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800";
diff --git a/scripts/updatesort.php b/scripts/cron/updatesort.php
index 4d36bfc..498eda2 100755
--- a/scripts/updatesort.php
+++ b/scripts/cron/updatesort.php
@@ -16,12 +16,27 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
-	include_once("../includes/mysql.php");
+	require_once(dirname(__FILE__).'/../../includes/mysql.php');
 
 
 
-	//mysql_query("update users set assurer=0");
-	$query = "select notary.`to` as uid from notary group by notary.`to` having sum(points)>=100;";
+	/* Set assurer flag for accounts who miss it
+
+	   See also includes/lib/account.php, function fix_assurer_flag($userID)
+
+	   We may have some performance problems here, there are 150k assurances and 220k users
+	   in the production database. The exists-clause on cats_passed should be a good filter... */
+	   
+  /* Synchronisation of assurer flag currently deactivated, see https://bugs.cacert.org/view.php?id=1003
+     and https://bugs.cacert.org/view.php?id=1024 */
+/*
+	$query = "select `n`.`to` as `uid` from `notary` as `n`, `users` as `u` ".
+	         "  where `n`.`to`=`u`.`id` and `u`.`assurer`<>'1' ".
+	         "    and (`n`.`expire` > now() OR `n`.`expire` IS NULL) ".
+	         "    and exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` ".
+	         "                 where `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id` = 1 and `cp`.`user_id`=`n`.`to`)".
+	         "  group by `n`.`to` having sum(`n`.`points`)>=100";
+
 	$res = mysql_query($query);
 	while($row = mysql_fetch_assoc($res))
 	{
@@ -29,7 +44,28 @@
 		//echo $query."\n";
 		mysql_query($query);
 	}
-
+*/
+	/* Remove assurer flag from accounts not eligible.
+
+	   Also a bit performance critical, but assurer flag is only set at 5k accounts
+
+	*/
+  /* Synchronisation of assurer flag currently deactivated, see https://bugs.cacert.org/view.php?id=1003
+     and https://bugs.cacert.org/view.php?id=1024 */
+/*
+    $query = "select `u`.id as `uid` from `users` as `u` " .
+	         "  where `u`.`assurer` = '1' ".
+	         "    and (not exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` ".
+	         "                     where `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id` = 1 and `cp`.`user_id`=`u`.`id`) ".
+	         "         or (select sum(`n`.`points`) from `notary` as `n` where `n`.`to`=`u`.`id` and (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100) ";
+	$res = mysql_query($query);
+	while($row = mysql_fetch_assoc($res))
+	{
+		$query = "update users set `assurer`='0' where `id`='${row['uid']}'";
+		//echo $query."\n";
+		mysql_query($query);
+	}
+*/
 
 	mysql_query("update `locations` set `acount`=0");
 	$query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`
@@ -72,6 +108,4 @@
 	}
 
 
-
-
 ?>
diff --git a/scripts/warning.php b/scripts/cron/warning.php
index b578c09..18e89da 100755
--- a/scripts/warning.php
+++ b/scripts/cron/warning.php
@@ -17,7 +17,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-	include_once("/home/cacert/www/includes/mysql.php");
+	require_once(dirname(__FILE__).'/../../includes/mysql.php');
 
 	$days = array("1" => "3", "15" => "2", "30" => "1", "45" => "0");