diff options
author | Michael Tänzer <neo@nhng.de> | 2014-01-15 01:03:11 +0100 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2014-01-15 01:03:11 +0100 |
commit | bc5cb72198019f4b27aa8e11b250c65cc8ca5717 (patch) | |
tree | 2970ddbd2bfcb5caf8224377ea203f1ccaf7ff1d | |
parent | 41e6ea88f5a2a6ac374f26f2239f87e1d7164255 (diff) | |
parent | 1cbbc32a0b73db83460cf947228bb12ef339ac5a (diff) | |
download | cacert-devel-bc5cb72198019f4b27aa8e11b250c65cc8ca5717.tar.gz cacert-devel-bc5cb72198019f4b27aa8e11b250c65cc8ca5717.tar.xz cacert-devel-bc5cb72198019f4b27aa8e11b250c65cc8ca5717.zip |
Merge remote-tracking branch 'origin/bug-1137' into release
-rw-r--r-- | includes/notary.inc.php | 71 | ||||
-rw-r--r-- | pages/wot/6.php | 2 | ||||
-rw-r--r-- | www/wot.php | 7 |
3 files changed, 46 insertions, 34 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php index 1f0ec92..b34b2f4 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -639,10 +639,16 @@ $res = mysql_query($query); } + /** + * get_user_agreement_status() + * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded + * @param mixed $memid + * @param string $type + * @return + */ function get_user_agreement_status($memid, $type="CCA"){ - //returns 0 - no user agreement, 1- at least one entry $query="SELECT u.`document` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ; $res = mysql_query($query); if(mysql_num_rows($res) <=0){ return 0; @@ -651,53 +657,62 @@ } } + /** + * get_first_user_agreement() + * returns the first user_agreement entry of the requested type depending on thes status of active of a given user + * @param mixed $memid + * @param integer $active, 0 - passive, 1 -active + * @param string $type + * @return + */ function get_first_user_agreement($memid, $active=1, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) - if($active==1){ - $filter="u.`memid`=".$memid; - }else{ - $filter="u.`secmemid`=".$memid; - } - $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND ".$filter." - ORDER BY u.`date` Limit 1;"; + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) . + " ORDER BY u.`date` Limit 1;"; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } + /** + * get_last_user_agreement() + * returns the last user_agreement entry of a given type and of a given user + * @param mixed $memid + * @param string $type + * @return + */ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) - $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } - function delete_user_agreement($memid, $type="CCA"){ + /** + * delete_user_agreement() + * deletes all entries for a given type from user_agreement of a given user, if type is not given all + * @param mixed $memid + * @param string $type + * @return + */ + function delete_user_agreement($memid, $type=false){ //deletes all entries to an user for the given type of user agreements - mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); - mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); + if ($type === false) { + $filter = ''; + } else { + $filter = " and `document` = '" . mysql_real_escape_string($type) . "'"; + } + mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter ); } // functions for 6.php (assure somebody) diff --git a/pages/wot/6.php b/pages/wot/6.php index ef8cac7..a565aa7 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -79,7 +79,7 @@ AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); AssureFoot($id,_("I confirm this Assurance")); ?> diff --git a/www/wot.php b/www/wot.php index 8395a58..7200517 100644 --- a/www/wot.php +++ b/www/wot.php @@ -371,7 +371,8 @@ $iecho= "c"; `when`=NOW()"; //record active acceptance by Assurer if (check_date_format(trim($_REQUEST['date']),2010)) { - write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']); + write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']); + write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); } if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; @@ -379,10 +380,6 @@ $iecho= "c"; mysql_query($query); fix_assurer_flag($_SESSION['_config']['notarise']['id']); include_once("../includes/notary.inc.php"); -/*to be activated after CCA accept option is implemented in form - write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/ -/* to be activated after the CCA recording is announced - write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */ if($_SESSION['profile']['points'] < 150) { |