diff options
| author | Benny Baumann <BenBE@geshi.org> | 2013-09-06 05:40:36 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2013-09-06 05:40:36 +0200 |
| commit | 18a9f2205edaaf42ab15f48c2165c31883bba8e5 (patch) | |
| tree | 2d68fc0f549cb1b7c1fd9ba087ee0e74c9e49ec9 | |
| parent | 0b92c4652f949b0a795e15064efe9f41c1eca769 (diff) | |
| parent | 24603f28cde091813d8022daa9153eb4ab685ca4 (diff) | |
| download | cacert-devel-18a9f2205edaaf42ab15f48c2165c31883bba8e5.tar.gz cacert-devel-18a9f2205edaaf42ab15f48c2165c31883bba8e5.tar.xz cacert-devel-18a9f2205edaaf42ab15f48c2165c31883bba8e5.zip | |
Merge branch 'merge-bug-1177-893-1136-1123-1137' into release
Conflicts:
www/gpg.php
| -rw-r--r-- | includes/account.php | 135 | ||||
| -rw-r--r-- | includes/notary.inc.php | 615 | ||||
| -rw-r--r-- | includes/wot.inc.php | 640 | ||||
| -rw-r--r-- | pages/account/10.php | 8 | ||||
| -rw-r--r-- | pages/account/3.php | 28 | ||||
| -rw-r--r-- | pages/account/43.php | 21 | ||||
| -rw-r--r-- | pages/account/50.php | 6 | ||||
| -rw-r--r-- | pages/gpg/0.php | 2 | ||||
| -rw-r--r-- | pages/wot/15.php | 2 | ||||
| -rw-r--r-- | pages/wot/4.php | 2 | ||||
| -rw-r--r-- | pages/wot/6.php | 16 | ||||
| -rw-r--r-- | www/disputes.php | 32 | ||||
| -rw-r--r-- | www/gpg.php | 14 | ||||
| -rw-r--r-- | www/wot.php | 85 |
14 files changed, 746 insertions, 860 deletions
diff --git a/includes/account.php b/includes/account.php index 1a381b8..6a92669 100644 --- a/includes/account.php +++ b/includes/account.php @@ -18,6 +18,7 @@ require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); require_once("../includes/lib/check_weak_key.php"); + require_once("../includes/notary.inc.php"); loadem("account"); @@ -70,9 +71,7 @@ } $oldid=0; $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))); - $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + if(check_email_exists($_REQUEST['email'])==true) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email'])); @@ -163,17 +162,7 @@ { $row = mysql_fetch_assoc($res); echo $row['email']."<br>\n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); - - $query = "update `email` set `deleted`=NOW() where `id`='$id'"; - mysql_query($query); + account_email_delete($row['id']); $delcount++; } } @@ -193,6 +182,14 @@ if($process != "" && $oldid == 3) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1') { showheader(_("My CAcert.org Account!")); @@ -322,6 +319,8 @@ exit; } + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', @@ -630,32 +629,9 @@ { $row = mysql_fetch_assoc($res); echo $row['domain']."<br>\n"; - - $dres = mysql_query( - "select `domaincerts`.`id` - from `domaincerts` - where `domaincerts`.`domid` = '$id' - union distinct - select `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$id'"); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } - - mysql_query( - "update `domains` - set `deleted`=NOW() - where `id` = '$id'"); + account_domain_delete($row['id']); } + } } else @@ -669,6 +645,14 @@ if($process != "" && $oldid == 10) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + $CSR = clean_csr($_REQUEST['CSR']); if(strpos($CSR,"---BEGIN")===FALSE) { @@ -785,6 +769,8 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `domaincerts` set @@ -1206,17 +1192,17 @@ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); }else{ $description= ""; - } + } - if(trim($_REQUEST['disablelogin']) == "1"){ - $disablelogin = 1; - }else{ - $disablelogin = 0; - } + if(trim($_REQUEST['disablelogin']) == "1"){ + $disablelogin = 1; + }else{ + $disablelogin = 0; + } - mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); + mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); + } - } if($oldid == 13 && $process != "") { csrf_check("perschange"); @@ -2699,6 +2685,13 @@ mysql_query($query); } + if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + { + $userid = intval($_REQUEST['userid']); + revoke_all_private_cert($userid); + $id=43; + } + if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; @@ -2995,23 +2988,39 @@ if($oldid == 50 && $process != "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); - $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"); - if(mysql_num_rows($res) > 0) - { - $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01' - WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); + if (trim($_REQUEST['arbitrationno'])==""){ + showheader(_("My CAcert.org Account!")); + echo _("You did not enter an arbitration number entry."); + showfooter(); + exit; + } + if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) { + showheader(_("My CAcert.org Account!")); + printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno']))); + showfooter(); + exit; + } + if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) { + showheader(_("My CAcert.org Account!")); + printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); + showfooter(); + exit; + } + if (check_client_cert_running($_REQUEST['userid'],1) || + check_server_cert_running($_REQUEST['userid'],1) || + check_gpg_cert_running($_REQUEST['userid'],1)) { + showheader(_("My CAcert.org Account!")); + printf(_("The CCA retention time for at least one certificate is not over. Can't continue.")); + showfooter(); + exit; + } + if (check_is_orgadmin($_REQUEST['userid'],1)) { + showheader(_("My CAcert.org Account!")); + printf(_("The user is listed as Organisation Administrator. Can't continue.")); + showfooter(); + exit; } + account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) diff --git a/includes/notary.inc.php b/includes/notary.inc.php index d6f86a8..37a7ed0 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -41,6 +41,15 @@ return intval($row['list']); } + function get_number_of_ttpassurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + function get_number_of_assurees ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` @@ -106,7 +115,7 @@ function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked) { - $apoints = max($row['points'],$row['awarded']); + $apoints = max($row['points'], $row['awarded']); $points += $apoints; $experience = " "; $revoked = false; # to be coded later (after DB-upgrade) @@ -192,15 +201,15 @@ ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td class="title"><?=_("Assurer Ranking")?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> - </tr> + <tr> + <td class="title"><?=_("Assurer Ranking")?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> + </tr> </table> <br/> <? @@ -210,65 +219,68 @@ { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> + <tr> <? if ($support == "1") { ?> - <td colspan="10" class="title"><?=$title?></td> + <td colspan="10" class="title"><?=$title?></td> <? } else { ?> - <td colspan="7" class="title"><?=$title?></td> -<? } + <td colspan="7" class="title"><?=$title?></td> +<? + } ?> - </tr> - <tr> - <td class="DataTD"><strong><?=_("ID")?></strong></td> - <td class="DataTD"><strong><?=_("Date")?></strong></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("ID")?></strong></td> + <td class="DataTD"><strong><?=_("Date")?></strong></td> <? if ($support == "1") { ?> - <td class="DataTD"><strong><?=_("When")?></strong></td> - <td class="DataTD"><strong><?=_("Email")?></strong></td> -<? } ?> - <td class="DataTD"><strong><?=_("Who")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Location")?></strong></td> - <td class="DataTD"><strong><?=_("Method")?></strong></td> - <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> + <td class="DataTD"><strong><?=_("When")?></strong></td> + <td class="DataTD"><strong><?=_("Email")?></strong></td> +<? + } +?> + <td class="DataTD"><strong><?=_("Who")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Location")?></strong></td> + <td class="DataTD"><strong><?=_("Method")?></strong></td> + <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> <? if ($support == "1") { ?> - <td class="DataTD"><strong><?=_("Revoke")?></strong></td> + <td class="DataTD"><strong><?=_("Revoke")?></strong></td> <? } ?> - </tr> + </tr> <? } function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support) { ?> - <tr> - <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"> </td> - <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> - <td class="DataTD"><?=$sumexperience?></td> + <tr> + <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"> </td> + <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> + <td class="DataTD"><?=$sumexperience?></td> <? if ($support == "1") { ?> - <td class="DataTD"> </td> + <td class="DataTD"> </td> <? } ?> - </tr> + </tr> </table> <br/> <? @@ -277,52 +289,54 @@ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked) { - $tdstyle=""; - $emopen=""; - $emclose=""; + $tdstyle=""; + $emopen=""; + $emclose=""; - if ($awarded == $points) - { - if ($awarded == "0") + if ($awarded == $points) { - if ($when < "2006-09-01") + if ($awarded == "0") { - $tdstyle="style='background-color: #ffff80'"; - $emopen="<em>"; - $emclose="</em>"; + if ($when < "2006-09-01") + { + $tdstyle="style='background-color: #ffff80'"; + $emopen="<em>"; + $emclose="</em>"; + } } } - } ?> - <tr> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> + <tr> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> <? - if ($support == "1") - { + if ($support == "1") + { ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td> -<? } +<? + } ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> <? - if ($support == "1") - { - if ($revoked == true) + if ($support == "1") { + if ($revoked == true) + { ?> - <td class="DataTD" <?=$tdstyle?>> </td> -<? } else { + <td class="DataTD" <?=$tdstyle?>> </td> +<? + } else { ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> <? + } } - } ?> </tr> <? @@ -332,14 +346,14 @@ { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="4" class="title"><?=_("Summary of your Points")?></td> - </tr> - <tr> - <td class="DataTD"><strong><?=_("Description")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> - <td class="DataTD"><strong><?=_("Remark")?></strong></td> + <tr> + <td colspan="4" class="title"><?=_("Summary of your Points")?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("Description")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> + <td class="DataTD"><strong><?=_("Remark")?></strong></td> </tr> <? } @@ -355,12 +369,12 @@ function output_summary_row($title,$points,$points_countable,$remark) { ?> - <tr> - <td class="DataTD"><strong><?=$title?></strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"><?=$points_countable?></td> - <td class="DataTD"><?=$remark?></td> - </tr> + <tr> + <td class="DataTD"><strong><?=$title?></strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=$points_countable?></td> + <td class="DataTD"><?=$remark?></td> + </tr> <? } @@ -430,6 +444,8 @@ break; case 'Unknown': // to be revoked in the future? limit to max 50 pts? case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? + case 'TTP-Assisted': // TTP assurances, limit to 35 + case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30 case '': // to be revoked in the future? limit to max 50 pts? case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? break; @@ -575,14 +591,14 @@ return $issue_points; } - function output_given_assurances($userid,$support) + function output_given_assurances($userid,$support=0) { output_assurances_header(_("Assurance Points You Issued"),$support); output_given_assurances_content($userid,$points,$sum_experience,$support); output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support); } - function output_received_assurances($userid,$support) + function output_received_assurances($userid,$support=0) { output_assurances_header(_("Your Assurance Points"),$support); output_received_assurances_content($userid,$points,$sum_experience,$support); @@ -602,18 +618,30 @@ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } - + //functions to do with recording user agreements + /** + * write_user_agreement() + * writes a new record to the table user_agreement + * + * @param mixed $memid + * @param mixed $document + * @param mixed $method + * @param mixed $comment + * @param integer $active + * @param integer $secmemid + * @return + */ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){ // write a new record to the table user_agreement - $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid. - ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ; + $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid). + ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ; $res = mysql_query($query); } - + function get_user_agreement_status($memid, $type="CCA"){ //returns 0 - no user agreement, 1- at least one entry - $query="SELECT u.`document` FROM `user_agreements` u + $query="SELECT u.`document` FROM `user_agreements` u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; $res = mysql_query($query); if(mysql_num_rows($res) <=0){ @@ -650,8 +678,8 @@ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + union + (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; $res = mysql_query($query); if(mysql_num_rows($res) >0){ $row = mysql_fetch_assoc($res); @@ -664,7 +692,7 @@ $rec=array(); } return $rec; -} + } function delete_user_agreement($memid, $type="CCA"){ //deletes all entries to an user for the given type of user agreements @@ -672,4 +700,413 @@ mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); } + // functions for 6.php (assure somebody) + + function AssureHead($confirmation,$checkname) + { +?> +<form method="post" action="wot.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600"> + <tr> + <td colspan="2" class="title"><?=$confirmation?></td> + </tr> + <tr> + <td class="DataTD" colspan="2" align="left"><?=$checkname?></td> + </tr> +<? + } + + function AssureTextLine($field1,$field2) + { +?> + <tr> + <td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td> + <td class="DataTD"><?=$field2?></td> + </tr> +<? + } + + function AssureBoxLine($type,$text,$checked) + { +?> + <tr> + <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td> + <td class="DataTD"><?=$text?></td> + </tr> +<? + } + + function AssureMethodLine($text,$methods,$remark) + { + if (count($methods) != 1) { +?> + <tr> + <td class="DataTD"><?=$text.(empty($text)?'':':')?></td> + <td class="DataTD"> + <select name="method"> +<? + foreach($methods as $val) { +?> + <option value="<?=$val?>"><?=$val?></option> +<? + } +?> + </select> + <br /> + <?=$remark?> + </td> + </tr> +<? + } else { +?> + <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" /> +<? + } + } + + function AssureInboxLine($type,$field,$value,$description) + { +?> + <tr> + <td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td> + <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> + </tr> +<? + } + + function AssureFoot($oldid,$confirm) + { ?> + <tr> + <td class="DataTD" colspan="2"> + <input type="submit" name="process" value="<?=$confirm?>" /> + <input type="submit" name="cancel" value="<?=_("Cancel")?>" /> + </td> + </tr> +</table> +<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" /> +<input type="hidden" name="oldid" value="<?=$oldid?>" /> +</form> +<? + } + + function account_email_delete($mailid){ + //deletes an email entry from an acount + //revolkes all certifcates for that email address + //called from www/account.php if($process != "" && $oldid == 2) + //called from www/diputes.php if($type == "reallyemail") / if($action == "accept") + //called from account_delete + $mailid = intval($mailid); + revoke_all_client_cert($mailid); + $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; + mysql_query($query); + } + + function account_domain_delete($domainid){ + //deletes an domain entry from an acount + //revolkes all certifcates for that domain address + //called from www/account.php if($process != "" && $oldid == 9) + //called from www/diputes.php if($type == "reallydomain") / if($action == "accept") + //called from account_delete + $domainid = intval($domainid); + revoke_all_server_cert($domainid); + mysql_query( + "update `domains` + set `deleted`=NOW() + where `id` = '$domainid'"); + } + + function account_delete($id, $arbno, $adminid){ + //deletes an account following the deleted account routnie V3 + // called from www/account.php if($oldid == 50 && $process != "") + //change password + $id = intval($id); + $arbno = mysql_real_escape_string($arbno); + $adminid = intval($adminid); + $pool = 'abcdefghijklmnopqrstuvwxyz'; + $pool .= '0123456789!()§'; + $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; + srand ((double)microtime()*1000000); + $password=""; + for($index = 0; $index < 30; $index++) + { + $password .= substr($pool,(rand()%(strlen ($pool))), 1); + } + mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'"); + + //create new mail for arbitration number + $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1"; + mysql_query($query); + $emailid = mysql_insert_id(); + + //set new mail as default + $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'"; + mysql_query($query); + + //delete all other email address + $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + account_email_delete($row['id']); + } + + //delete all domains + $query = "select `id` from `domains` where `memid`='".$id."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + account_domain_delete($row['id']); + } + + //clear alert settings + mysql_query( + "update `alerts` set + `general`='0', + `country`='0', + `regional`='0', + `radius`='0' + where `memid`='$id'"); + + //set default location + $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'"; + mysql_query($query); + + //clear listings + $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'"; + mysql_query($query); + + //set lanuage to default + //set default language + mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'"); + //delete secondary langugaes + mysql_query("delete from `addlang` where `userid`='".$id."'"); + + //change secret questions + for($i=1;$i<=5;$i++){ + $q=""; + $a=""; + for($index = 0; $index < 30; $index++) + { + $q .= substr($pool,(rand()%(strlen ($pool))), 1); + $a .= substr($pool,(rand()%(strlen ($pool))), 1); + } + $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'"; + mysql_query($query); + } + + //change personal information to arbitration number and DOB=1900-01-01 + $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; + $details = mysql_fetch_assoc(mysql_query($query)); + $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', + `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'"; + mysql_query($query); + $query = "update `users` set `fname`='".$arbno."', + `mname`='".$arbno."', + `lname`='".$arbno."', + `suffix`='".$arbno."', + `dob`='1900-01-01' + where `id`='".$id."'"; + mysql_query($query); + + //clear all admin and board flags + mysql_query( + "update `users` set + `assurer`='0', + `assurer_blocked`='0', + `codesign`='0', + `orgadmin`='0', + `ttpadmin`='0', + `locadmin`='0', + `admin`='0', + `adadmin`='0', + `tverify`='0', + `board`='0' + where `id`='$id'"); + + //block account + mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now() + } + + + function check_email_exists($email){ + // called from includes/account.php if($process != "" && $oldid == 1) + // called from includes/account.php if($oldid == 50 && $process != "") + $email = mysql_real_escape_string($email); + $query = "select 1 from `email` where `email`='$email' and `deleted`=0"; + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + function check_gpg_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()"; + }else{ + $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)"; + } + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + function check_client_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()"; + }else{ + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + } + $res = mysql_query($query1); + $r1 = mysql_num_rows($res)>0; + $res = mysql_query($query2); + $r2 = mysql_num_rows($res)>0; + return !!($r1 || $r2); + } + + function check_server_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query1 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `domaincerts`.`expire` > NOW() + and `domaincerts`.`revoked` < `domaincerts`.`created`"; + $query2 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `revoked`>NOW()"; + }else{ + $query1 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `expire`>(NOW()-90*86400) + and `revoked`<`created`"; + $query2 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `revoked`>(NOW()-90*86400)"; + } + $res = mysql_query($query1); + $r1 = mysql_num_rows($res)>0; + $res = mysql_query($query2); + $r2 = mysql_num_rows($res)>0; + return !!($r1 || $r2); + } + + function check_is_orgadmin($uid){ + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0"; + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + + // revokation of certificates + function revoke_all_client_cert($mailid){ + //revokes all client certificates for an email address + $mailid = intval($mailid); + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + } + } + + function revoke_all_server_cert($domainid){ + //revokes all server certs for an domain + $domainid = intval($domainid); + $query = + "select `domaincerts`.`id` + from `domaincerts` + where `domaincerts`.`domid` = '$domainid' + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid'"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0"); + } + } + + function revoke_all_private_cert($uid){ + //revokes all certificates linked to a personal accounts + //gpg revokation needs to be added to a later point + $uid=intval($uid); + $query = "select `id` from `email` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_client_cert($row['id']); + } + + + $query = "select `id` from `domains` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_server_cert($row['id']); + } + } + + /** + * check_date_format() + * checks if the date is entered in the right date format YYYY-MM-DD and + * if the date is after the 1st January of the given year + * + * @param mixed $date + * @param integer $year + * @return + */ + function check_date_format($date, $year=2000){ + if (!strpos($date,'-')) { + return FALSE; + } + $arr=explode('-',$date); + + if ((count($arr)!=3)) { + return FALSE; + } + if (intval($arr[0])<=$year) { + return FALSE; + } + if (intval($arr[1])>12 or intval($arr[1])<=0) { + return FALSE; + } + if (intval($arr[2])>31 or intval($arr[2])<=0) { + return FALSE; + } + + return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0])); + + } + + /** + * check_date_difference() + * returns false if the date is larger then today + time diffrence + * + * @param mixed $date + * @param integer $diff + * @return + */ + function check_date_difference($date, $diff=1){ + return (strtotime($date)<=time()+$diff*86400); + } diff --git a/includes/wot.inc.php b/includes/wot.inc.php deleted file mode 100644 index 9471bee..0000000 --- a/includes/wot.inc.php +++ /dev/null @@ -1,640 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2011 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - - function query_init ($query) - { - return mysql_query($query); - } - - function query_getnextrow ($res) - { - $row1 = mysql_fetch_assoc($res); - return $row1; - } - - function query_get_number_of_rows ($resultset) - { - return intval(mysql_num_rows($resultset)); - } - - function get_number_of_assurances ($userid) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' "); - $row = query_getnextrow($res); - - return intval($row['list']); - } - - function get_number_of_ttpassurances ($userid) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); - $row = query_getnextrow($res); - - return intval($row['list']); - } - - function get_number_of_assurees ($userid) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' "); - $row = query_getnextrow($res); - - return intval($row['list']); - } - - function get_top_assurer_position ($no_of_assurances) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' - GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); - return intval(query_get_number_of_rows($res)+1); - } - - function get_top_assuree_position ($no_of_assurees) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' - GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); - return intval(query_get_number_of_rows($res)+1); - } - - function get_given_assurances ($userid) - { - $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); - return $res; - } - - function get_received_assurances ($userid) - { - $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); - return $res; - } - - function get_given_assurances_summary ($userid) - { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); - return $res; - } - - function get_received_assurances_summary ($userid) - { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); - return $res; - } - - function get_user ($userid) - { - $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); - return mysql_fetch_assoc($res); - } - - function get_cats_state ($userid) - { - - $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 - WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); - return mysql_num_rows($res); - } - - function calc_experience ($row,&$points,&$experience,&$sum_experience) - { - $apoints = max($row['points'], $row['awarded']); - - $points += $apoints; - - $experience = " "; - if ($row['method'] == "Face to Face Meeting") - { - $sum_experience = $sum_experience +2; - $experience = "2"; - } - return $apoints; - } - - function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded) - { - $awarded = calc_points($row); - - if ($awarded > 100) - { - $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) - $awarded = 100; - } - else - $experience = 0; - - switch ($row['method']) - { - case 'Thawte Points Transfer': - case 'CT Magazine - Germany': - case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented - $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked")); - $experience=0; - break; - default: - $points += $awarded; - } - $sumexperience = $sumexperience + $experience; - } - - - function show_user_link ($name,$userid) - { - $name = trim($name); - if($name == "") - { - if ($userid == 0) - $name = _("System"); - else - $name = _("Deleted account"); - } - else - $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>$name</a>"; - return $name; - } - - function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer) - { - $num_of_assurances = get_number_of_assurances (intval($userid)); - $rank_of_assurer = get_top_assurer_position($num_of_assurances); - } - - function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree) - { - $num_of_assurees = get_number_of_assurees (intval($userid)); - $rank_of_assuree = get_top_assuree_position($num_of_assurees); - } - - -// ************* html table definitions ****************** - - function output_ranking($userid) - { - get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer); - get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree); - -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td class="title"><?=_("Assurer Ranking")?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> - </tr> -</table> -<br/> -<? - } - - function output_assurances_header($title) - { -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="7" class="title"><?=$title?></td> - </tr> - <tr> - <td class="DataTD"><strong><?=_("ID")?></strong></td> - <td class="DataTD"><strong><?=_("Date")?></strong></td> - <td class="DataTD"><strong><?=_("Who")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Location")?></strong></td> - <td class="DataTD"><strong><?=_("Method")?></strong></td> - <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> - </tr> -<? - } - - function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience) - { -?> - <tr> - <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"> </td> - <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> - <td class="DataTD"><?=$sumexperience?></td> - </tr> -</table> -<br/> -<? - } - - function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience) - { - - $tdstyle=""; - $emopen=""; - $emclose=""; - - if ($awarded == $points) - { - if ($awarded == "0") - { - if ($when < "2006-09-01") - { - $tdstyle="style='background-color: #ffff80'"; - $emopen="<em>"; - $emclose="</em>"; - } - } - } - -?> - <tr> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> - </tr> -<? - } - - function output_summary_header() - { -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="4" class="title"><?=_("Summary of your Points")?></td> - </tr> - <tr> - <td class="DataTD"><strong><?=_("Description")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> - <td class="DataTD"><strong><?=_("Remark")?></strong></td> - </tr> -<? - } - - function output_summary_footer() - { -?> -</table> -<br/> -<? - } - - function output_summary_row($title,$points,$points_countable,$remark) - { -?> - <tr> - <td class="DataTD"><strong><?=$title?></strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"><?=$points_countable?></td> - <td class="DataTD"><?=$remark?></td> - </tr> -<? - } - - -// ************* output given assurances ****************** - - function output_given_assurances_content($userid,&$points,&$sum_experience) - { - $points = 0; - $sumexperience = 0; - $res = get_given_assurances(intval($userid)); - while($row = mysql_fetch_assoc($res)) - { - $fromuser = get_user (intval($row['to'])); - $apoints = calc_experience ($row,$points,$experience,$sum_experience); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); - output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); - } - } - -// ************* output received assurances ****************** - - function output_received_assurances_content($userid,&$points,&$sum_experience) - { - $points = 0; - $sumexperience = 0; - $res = get_received_assurances(intval($userid)); - while($row = mysql_fetch_assoc($res)) - { - $fromuser = get_user (intval($row['from'])); - calc_assurances ($row,$points,$experience,$sum_experience,$awarded); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from'])); - output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); - } - } - -// ************* output summary table ****************** - - function check_date_limit ($userid,$age) - { - $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age)); - $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'"); - return intval(query_get_number_of_rows($res)); - } - - function calc_points($row) - { - $awarded = intval($row['awarded']); - if ($awarded == "") - $awarded = 0; - if (intval($row['points']) < $awarded) - $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value - else - $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value - switch ($row['method']) - { - case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) - case 'CT Magazine - Germany': // revoke c't (only one test-entry) - case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) - $points = 0; - break; - case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) - if ($points <= 2) // maybe limit to 35/50 pts in the future? - $points = 0; - break; - case 'Unknown': // to be revoked in the future? limit to max 50 pts? - case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? - case 'TTP-Assisted': // TTP assurances, limit to 35 - case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30 - case '': // to be revoked in the future? limit to max 50 pts? - case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? - break; - default: // should never happen ... ;-) - $points = 0; - } - if ($points < 0) // ignore negative points (bug needs to be fixed) - $points = 0; - return $points; - } - - function max_points($userid) - { - return output_summary_content ($userid,0); - } - - function output_summary_content($userid,$display_output) - { - $sum_points = 0; - $sum_experience = 0; - $sum_experience_other = 0; - $max_points = 100; - $max_experience = 50; - - $experience_limit_reached_txt = _("Limit reached"); - - if (check_date_limit($userid,18) != 1) - { - $max_experience = 10; - $experience_limit_reached_txt = _("Limit given by PoJAM reached"); - } - if (check_date_limit($userid,14) != 1) - { - $max_experience = 0; - $experience_limit_reached_txt = _("Limit given by PoJAM reached"); - } - - $res = get_received_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) - { - $points = calc_points ($row); - - if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) - { - $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']); - $points = $max_points; - } - $sum_points += $points*intval($row['number']); - } - - $res = get_given_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) - { - switch ($row['method']) - { - case 'Face to Face Meeting': // count Face to Face only - $sum_experience += 2*intval($row['number']); - break; - } - - } - - if ($sum_points > $max_points) - { - $sum_points_countable = $max_points; - $remark_points = _("Limit reached"); - } - else - { - $sum_points_countable = $sum_points; - $remark_points = " "; - } - if ($sum_experience > $max_experience) - { - $sum_experience_countable = $max_experience; - $remark_experience = $experience_limit_reached_txt; - } - else - { - $sum_experience_countable = $sum_experience; - $remark_experience = " "; - } - - if ($sum_experience_countable + $sum_experience_other > $max_experience) - { - $sum_experience_other_countable = $max_experience-$sum_experience_countable; - $remark_experience_other = $experience_limit_reached_txt; - } - else - { - $sum_experience_other_countable = $sum_experience_other; - $remark_experience_other = " "; - } - - if ($sum_points_countable < $max_points) - { - if ($sum_experience_countable != 0) - $remark_experience = _("Points on hold due to less assurance points"); - $sum_experience_countable = 0; - if ($sum_experience_other_countable != 0) - $remark_experience_other = _("Points on hold due to less assurance points"); - $sum_experience_other_countable = 0; - } - - $issue_points = 0; - $cats_test_passed = get_cats_state ($userid); - if ($cats_test_passed == 0) - { - $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>"; - if ($sum_points_countable < $max_points) - { - $issue_points_txt = "<strong style='color: red'>"; - $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points)); - $issue_points_txt .= "</strong>"; - } - } - else - { - $experience_total = $sum_experience_countable+$sum_experience_other_countable; - $issue_points_txt = ""; - if ($sum_points_countable == $max_points) - $issue_points = 10; - if ($experience_total >= 10) - $issue_points = 15; - if ($experience_total >= 20) - $issue_points = 20; - if ($experience_total >= 30) - $issue_points = 25; - if ($experience_total >= 40) - $issue_points = 30; - if ($experience_total >= 50) - $issue_points = 35; - if ($issue_points != 0) - $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points); - } - if ($display_output) - { - output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points); - output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience); - output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other); - output_summary_row (_("Total Points")," ",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt); - } - return $issue_points; - } - - function output_given_assurances($userid) - { - output_assurances_header(_("Assurance Points You Issued")); - output_given_assurances_content($userid,$points,$sum_experience); - output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience); - } - - function output_received_assurances($userid) - { - output_assurances_header(_("Your Assurance Points")); - output_received_assurances_content($userid,$points,$sum_experience); - output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience); - } - - function output_summary($userid) - { - output_summary_header(); - output_summary_content($userid,1); - output_summary_footer(); - } - - function output_end_of_page() - { -?> - <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> -<? - } - -// functions for 6.php (assure somebody) - -function AssureHead($confirmation,$checkname) -{ -?> -<form method="post" action="wot.php"> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600"> - <tr> - <td colspan="2" class="title"><?=$confirmation?></td> - </tr> - <tr> - <td class="DataTD" colspan="2" align="left"><?=$checkname?></td> - </tr> -<? - } - -function AssureTextLine($field1,$field2) -{ -?> - <tr> - <td class="DataTD"><?=$field1?>:</td> - <td class="DataTD"><?=$field2?></td> - </tr> -<? -} - -function AssureCCABoxLine($type,$text) -{ - return; - AssureBoxLine($type,$text); -} - -function AssureBoxLine($type,$text,$checked) -{ -?> - <tr> - <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td> - <td class="DataTD"><?=$text?></td> - </tr> -<? -} - -function AssureMethodLine($text,$methods,$remark) -{ - if (count($methods) != 1) - { -?> - <tr> - <td class="DataTD"><?=$text?></td> - <td class="DataTD"> - <select name="method"> -<? - foreach($methods as $val) { ?> - <option value="<?=$val?>"> <?=$val?></option> - -<? } ?> - </select> - </br><?=$remark?> - </td> - </tr> -<? - } else { -?> - <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>"> -<? - } -} - -function AssureInboxLine($type,$field,$value,$description) -{ -?> - <tr> - <td class="DataTD"><?=$field?>:</td> - <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> - </tr> -<? -} - -function AssureFoot($oldid,$confirm) -{?> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td> - </tr> - </table> - <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>"> - <input type="hidden" name="oldid" value="<?=$oldid?>"> -</form> -<? -} - diff --git a/pages/account/10.php b/pages/account/10.php index f83e0d8..6371f76 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -38,7 +38,9 @@ <p><?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80/></p> <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br> -<input type="submit" name="process" value="<?=_("Submit")?>"/> -<input type="hidden" name="oldid" value="<?=$id?>"/> +<textarea name="CSR" cols="80" rows="15"></textarea><br /> +<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?></p> +<input type="submit" name="process" value="<?=_("Submit")?>" /> +<input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/account/3.php b/pages/account/3.php index c2165c2..b760c11 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -70,17 +70,21 @@ if($_SESSION['profile']['points'] >= 50) <? } ?> <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <tr> + <td class="DataTD"> + <input type="checkbox" name="codesign" value="1" /> + </td> <td class="DataTD" align="left"> - <input type="checkbox" name="codesign" value="1" /> <?=_("Code Signing")?></td> - <td class="DataTD" align="left"> + <?=_("Code Signing")?><br /> <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> </td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="2" align="left"> - <input type="checkbox" name="login" value="1" checked="checked" /> <?=_("Enable certificate login with this certificate")?><br /> + <td class="DataTD"> + <input type="checkbox" name="login" value="1" checked="checked" /> + </td> + <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> </td> </tr> @@ -92,8 +96,11 @@ if($_SESSION['profile']['points'] >= 50) </tr> <tr name="expertoff" style="display:none"> - <td class="DataTD" colspan="2" align="left"> - <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?> + <td class="DataTD"> + <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> + </td> + <td class="DataTD"> + <?=_("Show advanced options")?> </td> </tr> @@ -114,6 +121,15 @@ if($_SESSION['profile']['points'] >= 50) <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> </tr> <tr> + <td class="DataTD"> + <input type="checkbox" name="CCA" /> + </td> + <td class="DataTD" align="left"> + <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?> + </td> + </tr> + <tr> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td> </tr> </table> diff --git a/pages/account/43.php b/pages/account/43.php index 234e01a..a942f18 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval($_REQUEST['userid']) > 0) { - $id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; + $userid = intval($_REQUEST['userid']); + $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td class="DataTD"><?=_("Last Name")?>:</td> <td class="DataTD"> <input type="hidden" name="oldid" value="43"> <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($id)?>"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> </tr> <tr> @@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <? } ?> </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + </form> + </td> + </tr> </table> <br> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) <br /> @@ -837,7 +848,7 @@ function showassuredto() </tr> <? } ?> <tr> - <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> <td class="DataTD"><?=$points?></td> <td class="DataTD" colspan="3"> </td> </tr> @@ -883,7 +894,7 @@ function showassuredby() </tr> <? } ?> <tr> - <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> <td class="DataTD"><?=$points?></td> <td class="DataTD" colspan="3"> </td> </tr> diff --git a/pages/account/50.php b/pages/account/50.php index 1604156..a4c2413 100644 --- a/pages/account/50.php +++ b/pages/account/50.php @@ -19,13 +19,17 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="2" class="title"><?=_("Change Password")?></td> + <td colspan="2" class="title"><?=_("Delete Account")?></td> </tr> <tr> <td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td> </tr> <tr> + <td class="DataTD"><?=_("New Username from arbitration number + sequence number a20xxyyzz.a.b")?>:</td> + <td class="DataTD"><input type="text" name="arbitrationno"></td> + </tr> + <tr> <td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td> </tr> <tr> diff --git a/pages/gpg/0.php b/pages/gpg/0.php index 7c7a37b..f490511 100644 --- a/pages/gpg/0.php +++ b/pages/gpg/0.php @@ -22,6 +22,8 @@ <p><?=_("Optional comment, only used in the certifictate overview")?><br /> <input type="text" name="description" maxlength="80" size=80 /></p> <textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br /> +<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?></p> <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/wot/15.php b/pages/wot/15.php index 8579588..cca2702 100644 --- a/pages/wot/15.php +++ b/pages/wot/15.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $userid = intval($_SESSION['profile']['id']); diff --git a/pages/wot/4.php b/pages/wot/4.php index befdfe4..628e6a5 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -15,7 +15,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -require_once(dirname(__FILE__).'/../../includes/wot.inc.php'); +require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); ?> <h3><?=_("Trusted Third Parties")?></h3> diff --git a/pages/wot/6.php b/pages/wot/6.php index 28c1875..1031090 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -40,20 +40,20 @@ $name = $fname." ".$mname." ".$lname." ".$suffix; $_SESSION['_config']['wothash'] = md5($name."-".$dob); - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); AssureTextLine(_("Name"),$name); AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); - AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureMethodLine(_("Method"),$methods,''); + AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day")); - AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face.")); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); - AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); - AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname)); - AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>")); AssureFoot($id,_("I confirm this Assurance")); ?> diff --git a/www/disputes.php b/www/disputes.php index 4944d8c..34a447a 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -17,6 +17,7 @@ */ ?> <? require_once("../includes/loggedin.php"); + require_once("../includes/notary.inc.php"); loadem("account"); @@ -58,24 +59,13 @@ { $row = mysql_fetch_assoc($res); echo $row['email']."<br>\n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'"); - - $do = `../scripts/runclient`; - $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'"; - mysql_query($query); + account_email_delete($row['id']); } mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'"); - $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); - $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); - $res = mysql_query("select * from `users` where `id`='$oldmemid'"); - $user = mysql_fetch_assoc($res); + $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); + $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); + $res = mysql_query("select * from `users` where `id`='$oldmemid'"); + $user = mysql_fetch_assoc($res); if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email']) { mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'"); @@ -160,17 +150,13 @@ showheader(_("Domain Dispute")); echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>"; echo "<p>"._("The following accounts have been removed:")."<br>\n"; + //new account_domain_delete($domainid, $memberID) $query = "select * from `domains` where `id`='$domainid' and deleted=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { - echo $_SESSION['_config']['domain']."<br>\n"; - mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'"); - $query = "select * from `domlink` where `domid`='$domainid'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); - $do = `../scripts/runserver`; + echo $_SESSION['_config']['domain']."<br>\n"; + account_domain_delete($domainid); } mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'"); showfooter(); diff --git a/www/gpg.php b/www/gpg.php index bf8ba29..2fdc518 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -17,7 +17,11 @@ */ ?> <? require_once("../includes/loggedin.php"); +<<<<<<< HEAD require_once("../includes/lib/general.php"); +======= + require_once('../includes/notary.inc.php'); +>>>>>>> merge-bug-1177-893-1136-1123-1137 $id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0; @@ -83,6 +87,14 @@ function verifyEmail($email) $state=0; if($oldid == "0" && $CSR != "") { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + $err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX', "", $tmpdir); @@ -293,6 +305,8 @@ function verifyEmail($email) if($oldid == "0" && $CSR != "") { + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + //set variable for comment if(trim($_REQUEST['description']) == ""){ $description= ""; diff --git a/www/wot.php b/www/wot.php index 858f81b..8395a58 100644 --- a/www/wot.php +++ b/www/wot.php @@ -18,6 +18,8 @@ <? require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); +require_once("../includes/notary.inc.php"); + function show_page($target,$message,$error) @@ -113,9 +115,6 @@ function send_reminder() $_SESSION['_config']['error'] = _("A reminder notice has been sent."); } - - - loadem("account"); if(array_key_exists('date',$_POST) && $_POST['date'] != "") $_SESSION['_config']['date'] = $_POST['date']; @@ -127,7 +126,7 @@ function send_reminder() if($oldid == 12) $id = $oldid; - + if($oldid == 4) { if ($_POST['ttp']!='') { @@ -238,37 +237,79 @@ function send_reminder() if($oldid == 6) { $iecho= "c"; + //date checks + if(trim($_REQUEST['date']) == '') + { + show_page("VerifyData","",_("You must enter the date when you met the assuree.")); + exit; + } + + if(!check_date_format(trim($_REQUEST['date']))) + { + show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD.")); + exit; + } + + if(!check_date_difference(trim($_REQUEST['date']))) + { + show_page("VerifyData","",_("You must not enter a date in the future.")); + exit; + } + + //proof of identity check and accept arbitration, implements CCA if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1) { show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); exit; } -/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1) + //proof of CCA agreement by assuree after 2010-01-01 + if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010))) + { + show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); + exit; + } + + //assurance done according to rules + if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1) { show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); exit; } -*/ - if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1) + //met assuree in person, not appliciable for TTP / TTP Topup assurances + if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_REQUEST['method'] != "Trusted 3rd Parties") { show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); exit; } - if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "") + //check location, min 3 characters + if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "") { show_page("VerifyData","",_("You failed to enter a location of your meeting.")); exit; } + if(strlen(trim($_REQUEST['location']))<=2) + { + show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country.")); + exit; + } + + //check for points in range 0-35, for nucleus 35 + 15 temporary if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points'])) { show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person.")); exit; } + if($_REQUEST['points'] <0 || ($_REQUEST['points']>35)) + { + show_page("VerifyData","",_("The number of points you entered are out of the range given by policy.")); + exit; + } + $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); @@ -315,7 +356,7 @@ $iecho= "c"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { - show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); + show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); exit; } } @@ -328,6 +369,10 @@ $iecho= "c"; `location`='".mysql_escape_string(stripslashes($_POST['location']))."', `date`='".mysql_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; + //record active acceptance by Assurer + if (check_date_format(trim($_REQUEST['date']),2010)) { + write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']); + } if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; } @@ -404,16 +449,16 @@ $iecho= "c"; echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>"; ?><form method="post" action="wot.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Assure Someone")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="email" id="email" value=""></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> - </tr> + <tr> + <td colspan="2" class="title"><?=_("Assure Someone")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="email" id="email" value=""></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> </table> <input type="hidden" name="oldid" value="5"> </form> @@ -466,7 +511,7 @@ $iecho= "c"; $subject = $_REQUEST['subject']; $userid = intval($_REQUEST['userid']); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); - $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); if($points > 0) { |