Merge branch 'bug-1137' into merge-bug-1177-893-1136-1123-1137

Conflicts:
	includes/notary.inc.php

3 files changed, 141 insertions, 34 deletions

diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 8266b55..a662a5a 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -620,10 +620,22 @@
 	}
 
 	//functions to do with recording user agreements
+	/**
+	 * write_user_agreement()
+	 * writes a new record to the table user_agreement
+	 *
+	 * @param mixed $memid
+	 * @param mixed $document
+	 * @param mixed $method
+	 * @param mixed $comment
+	 * @param integer $active
+	 * @param integer $secmemid
+	 * @return
+	 */
 	function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
 	// write a new record to the table user_agreement
-		$query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
-			",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
+		$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
+			",`document`='".$document."',`date`=NOW(), `active`=".intval($active).",`method`='".$method."',`comment`='".$comment."'" ;
 		$res = mysql_query($query);
 	}
 
@@ -666,8 +678,8 @@
 	function get_last_user_agreement($memid, $type="CCA"){
 	//returns an array (`document`,`date`,`method`, `comment`,`active`)
 		$query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
- union
- (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+			union
+			(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) >0){
 			$row = mysql_fetch_assoc($res);
@@ -708,7 +720,7 @@
 	{
 ?>
 	<tr>
-		<td class="DataTD"><?=$field1?>:</td>
+		<td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td>
 		<td class="DataTD"><?=$field2?></td>
 	</tr>
 <?
@@ -735,7 +747,7 @@
 		if (count($methods) != 1) {
 ?>
 	<tr>
-		<td class="DataTD"><?=$text?></td>
+		<td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
 		<td class="DataTD">
 			<select name="method">
 <?
@@ -762,7 +774,7 @@
 	{
 ?>
 	<tr>
-		<td class="DataTD"><?=$field?>:</td>
+		<td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td>
 		<td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
 	</tr>
 <?
@@ -1041,5 +1053,48 @@
 		while($row = mysql_fetch_assoc($res)){
 			revoke_all_server_cert($row['id']);
 		}
+	}
+
+	/**
+	 * check_date_format()
+	 * checks if the date is entered in the right date format YYYY-MM-DD and
+	 * if the date is after the 1st January of the given year
+	 *
+	 * @param mixed $date
+	 * @param integer $year
+	 * @return
+	 */
+	function check_date_format($date, $year=2000){
+		if (!strpos($date,'-')) {
+			return FALSE;
+		}
+		$arr=explode('-',$date);
+
+		if ((count($arr)!=3)) {
+			return FALSE;
+		}
+		if (intval($arr[0])<=$year) {
+			return FALSE;
+		}
+		if (intval($arr[1])>12 or intval($arr[1])<=0) {
+			return FALSE;
+		}
+		if (intval($arr[2])>31 or intval($arr[2])<=0) {
+			return FALSE;
+		}
+
+		return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
+
+	}
 
+	/**
+	 * check_date_difference()
+	 * returns false if the date is larger then today + time diffrence
+	 *
+	 * @param mixed $date
+	 * @param integer $diff
+	 * @return
+	 */
+	function check_date_difference($date, $diff=1){
+		return (strtotime($date)<=time()+$diff*86400);
 	}
diff --git a/pages/wot/6.php b/pages/wot/6.php
index 037eb7e..1031090 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -45,15 +45,15 @@
 	AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname));
 	AssureTextLine(_("Name"),$name);
 	AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")");
-	AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
+	AssureMethodLine(_("Method"),$methods,'');
+	AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
+	AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
 	AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
-	AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day"));
-	AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face."));
+	AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
+	AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
 	AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
-	AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
-	AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
+	AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
+	AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
 	AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
-	AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname));
-	AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"));
 	AssureFoot($id,_("I confirm this Assurance"));
 ?>
diff --git a/www/wot.php b/www/wot.php
index 858f81b..daba46a 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -18,6 +18,8 @@
 <?
 require_once("../includes/loggedin.php");
 require_once("../includes/lib/l10n.php");
+require_once("../includes/notary.inc.php");
+
 
 
 function show_page($target,$message,$error)
@@ -113,9 +115,6 @@ function send_reminder()
 	$_SESSION['_config']['error'] = _("A reminder notice has been sent.");
 }
 
-
-
-
 	loadem("account");
 	if(array_key_exists('date',$_POST) && $_POST['date'] != "")
 		$_SESSION['_config']['date'] = $_POST['date'];
@@ -238,37 +237,79 @@ function send_reminder()
 	if($oldid == 6)
 	{
 $iecho= "c";
+		//date checks
+		if(trim($_REQUEST['date']) == '')
+		{
+			show_page("VerifyData","",_("You must enter the date when you met the assuree."));
+			exit;
+		}
+
+		if(!check_date_format(trim($_REQUEST['date'])))
+		{
+			show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
+			exit;
+		}
+
+		if(!check_date_difference(trim($_REQUEST['date'])))
+		{
+			show_page("VerifyData","",_("You must not enter a date in the future."));
+			exit;
+		}
+
+		//proof of identity check and accept arbitration, implements CCA
 		if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
 		{
 			show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
 			exit;
 		}
 
-/*		if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+		//proof of CCA agreement by assuree after 2010-01-01
+		if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
 		{
 			show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
 			exit;
 		}
-*/
 
+		//assurance done according to rules
+		if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+		{
+			show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
+			exit;
+		}
+
+		//met assuree in person, not appliciable fot TTP / TTP Topup assurances
 		if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_SESSION['profile']['ttpadmin'] != 1)
 		{
 			show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
 			exit;
 		}
 
-		if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
+		//check location, min 3 characters
+		if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
 		{
 			show_page("VerifyData","",_("You failed to enter a location of your meeting."));
 			exit;
 		}
 
+		if(strlen(trim($_REQUEST['location']))<=2)
+		{
+			show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
+			exit;
+		}
+
+		//check for points in range 0-35, for nucleus 35 + 15 temporary
 		if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
 		{
 			show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
 			exit;
 		}
 
+		if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+		{
+			show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+			exit;
+		}
+
 		$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
 		$res = mysql_query($query);
 		$row = mysql_fetch_assoc($res);
@@ -315,7 +356,7 @@ $iecho= "c";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
 		{
-                        show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
+			show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
 			exit;
 		}
 	}
@@ -328,8 +369,19 @@ $iecho= "c";
 						`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
 						`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
 						`when`=NOW()";
-		if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
-			$query .= ",\n`method`='TTP-Assisted'";
+		//record active acceptance by Assurer
+		if (check_date_format(trim($_REQUEST['date']),2010)) {
+			write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
+		}
+		if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
+		{
+			$query .= ",\n`method`='Temporary Increase'";
+			$query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
+			$query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
+		} else if($_SESSION['profile']['board'] == 1) {
+			$query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
+		} else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+			$query .= ",\n`method`='Trusted Third Parties'";
 		}
 		mysql_query($query);
 		fix_assurer_flag($_SESSION['_config']['notarise']['id']);
@@ -404,16 +456,16 @@ $iecho= "c";
 		echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
 ?><form method="post" action="wot.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
-  <tr>
-    <td colspan="2" class="title"><?=_("Assure Someone")?></td>
-  </tr>
-  <tr>
-    <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
-  </tr>
-  <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
-  </tr>
+	<tr>
+		<td colspan="2" class="title"><?=_("Assure Someone")?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Email")?>:</td>
+		<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+	</tr>
+	<tr>
+		<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+	</tr>
 </table>
 <input type="hidden" name="oldid" value="5">
 </form>
@@ -466,7 +518,7 @@ $iecho= "c";
 			$subject = $_REQUEST['subject'];
 			$userid = intval($_REQUEST['userid']);
 			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
-	                $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+			$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
 						where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
 			if($points > 0)
 			{