diff options
| author | Michael Tänzer <neo@nhng.de> | 2014-03-21 16:34:32 +0100 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2014-03-21 16:34:32 +0100 |
| commit | cff982918cd654ab9028ecc10b1ea3b2592ad9be (patch) | |
| tree | 20bad73fa37cabdda7a7d99f1e2b3f1dd9fd954a | |
| parent | f2e19ca512ab11d6eb17ea21efd2c36bedffe65a (diff) | |
| parent | 8568089afac180c1f3ff323a8775f974071a5cda (diff) | |
| download | cacert-devel-cff982918cd654ab9028ecc10b1ea3b2592ad9be.tar.gz cacert-devel-cff982918cd654ab9028ecc10b1ea3b2592ad9be.tar.xz cacert-devel-cff982918cd654ab9028ecc10b1ea3b2592ad9be.zip | |
Merge branch 'release' into bug-1221
| -rwxr-xr-x | CommModule/client.pl | 11 | ||||
| -rw-r--r-- | includes/account.php | 186 | ||||
| -rw-r--r-- | includes/lib/check_weak_key.php | 95 | ||||
| -rw-r--r-- | includes/notary.inc.php | 71 | ||||
| -rw-r--r-- | pages/account/11.php | 86 | ||||
| -rw-r--r-- | pages/account/13.php | 4 | ||||
| -rw-r--r-- | pages/account/21.php | 74 | ||||
| -rw-r--r-- | pages/account/5.php | 2 | ||||
| -rw-r--r-- | pages/account/6.php | 22 | ||||
| -rw-r--r-- | pages/index/0.php | 6 | ||||
| -rw-r--r-- | pages/index/1.php | 7 | ||||
| -rw-r--r-- | pages/wot/6.php | 2 | ||||
| -rw-r--r-- | scripts/53de-ate-amberg-email.txt | 93 | ||||
| -rw-r--r-- | scripts/53de-ate-amberg-mail.php.txt | 133 | ||||
| -rwxr-xr-x | scripts/db_migrations/version3.sh | 98 | ||||
| -rwxr-xr-x | scripts/db_migrations/version4.sh | 100 | ||||
| -rw-r--r-- | www/keygenIE.js | 4 | ||||
| -rw-r--r-- | www/wot.php | 7 |
18 files changed, 761 insertions, 240 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl index 1d87adb..532761e 100755 --- a/CommModule/client.pl +++ b/CommModule/client.pl @@ -834,8 +834,15 @@ sub HandleCerts($$) my $days=$org?($server?(365*2):365):calculateDays($row{"memid"}); - - $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$row{'md'}eq"sha1"?2:0,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject); + my $md_id = 0; + $md_id = 1 if( $row{'md'} eq "md5"); + $md_id = 2 if( $row{'md'} eq "sha1"); + $md_id = 3 if( $row{'md'} eq "rmd160"); + $md_id = 8 if( $row{'md'} eq "sha256"); + $md_id = 9 if( $row{'md'} eq "sha384"); + $md_id =10 if( $row{'md'} eq "sha512"); + + $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$md_id,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject); if(length($crt)) { if($crt=~m/^-----BEGIN CERTIFICATE-----/) diff --git a/includes/account.php b/includes/account.php index 25c0e85..ba9f610 100644 --- a/includes/account.php +++ b/includes/account.php @@ -22,14 +22,67 @@ loadem("account"); - $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); - $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); - $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; +/** + * Build a subject string as needed by the signer + * + * @param array(string) $domains + * First domain is used as CN and repeated in subjectAltName. Duplicates + * should already been removed + * + * @param bool $include_xmpp_addr + * [default: true] Whether to include the XmppAddr in the subjectAltName. + * This is needed if the Jabber server is jabber.example.com but a Jabber ID + * on that server would be alice@example.com + * + * @return string + */ +function buildSubject(array $domains, $include_xmpp_addr = true) { + $subject = "/CN=${domains[0]}"; + + foreach ($domains as $domain) { + $subject .= "/subjectAltName=DNS:$domain"; + + if ($include_xmpp_addr) { + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain"; + } + } + + return $subject; +} + +/** + * Builds the subject string from the session variables + * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows'] + * + * @return string + */ +function buildSubjectFromSession() { + $domains = array(); + + if (is_array($_SESSION['_config']['rows'])) { + $domains = array_merge($domains, $_SESSION['_config']['rows']); + } + + if (is_array($_SESSION['_config']['altrows'])) + foreach ($_SESSION['_config']['altrows'] as $row) { + if (substr($row, 0, 4) === "DNS:") { + $domains[] = substr($row, 4); + } + } + + return buildSubject(array_unique($domains)); +} - $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); - $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); - $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']); - $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']); + $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0; + $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0; + $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : ""; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; + + $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0; + $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0; + $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0; + $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0; if(!$_SESSION['mconn']) @@ -739,35 +792,8 @@ exit; } - $subject = ""; - $count = 0; - $supressSAN=0; - if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; + $subject = buildSubjectFromSession(); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } else { - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - { - if(substr($row, 0, 4) == "DNS:") - { - $row = substr($row, 4); - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; @@ -793,7 +819,6 @@ echo _("Domain not verified."); showfooter(); exit; - } mysql_query($query); @@ -892,29 +917,7 @@ continue; } - $subject = ""; - $count = 0; - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } else { - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + $subject = buildSubjectFromSession(); $subject = mysql_real_escape_string($subject); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); @@ -936,6 +939,7 @@ { echo _("You did not select any certificates for renewal."); } + showfooter(); exit; } @@ -1187,25 +1191,7 @@ exit; } - - if($oldid == 6 && $_REQUEST['certid'] != "") - { - if(trim($_REQUEST['description']) != ""){ - $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $description= ""; - } - - if(trim($_REQUEST['disablelogin']) == "1"){ - $disablelogin = 1; - }else{ - $disablelogin = 0; - } - - mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); - } - - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1313,18 +1299,20 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + } //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); @@ -1459,7 +1447,6 @@ if($oldid == 16 && $process != "") { - if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100)) { $_REQUEST['codesign'] = 1; @@ -1962,20 +1949,7 @@ //if($org['contact']) // $csrsubject .= "/emailAddress=".trim($org['contact']); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - $csrsubject .= "/commonName=$row"; - $SAN=""; - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $subalt) - { - if($SAN != "") - $SAN .= ","; - $SAN .= "$subalt"; - } - - if($SAN != "") - $csrsubject .= "/subjectAltName=".$SAN; + $csrsubject .= buildSubjectFromSession(); $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; @@ -2771,8 +2745,8 @@ sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); - } + showfooter(); exit; } diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php index 217b885..8ad2ccf 100644 --- a/includes/lib/check_weak_key.php +++ b/includes/lib/check_weak_key.php @@ -128,15 +128,14 @@ function checkWeakKeyText($text) if ($algorithm === "rsaEncryption") { - if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, - $keysize)) + if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, $keysize)) { return failWithId("checkWeakKeyText(): Couldn't parse the RSA ". "key size.\nData:\n$text"); } else { $keysize = intval($keysize[1]); } - + if ($keysize < 2048) { return sprintf(_("The keys that you use are very small ". @@ -146,8 +145,7 @@ function checkWeakKeyText($text) "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>", "</a>"); } - - + $debianVuln = checkDebianVulnerability($text, $keysize); if ($debianVuln === true) { @@ -165,7 +163,7 @@ function checkWeakKeyText($text) "checkDebianVulnerability().\nKeysize: $keysize\n". "Data:\n$text"); } - + if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text, $exponent)) { @@ -187,9 +185,9 @@ function checkWeakKeyText($text) "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>", "</a>"); } elseif (!(bccomp($exponent, "65537") >= 0 && - (bccomp($exponent, "100000") === -1 || - // speed things up if way smaller than 2^256 - bccomp($exponent, bcpow("2", "256")) === -1) )) { + (bccomp($exponent, "100000") === -1 || + // speed things up if way smaller than 2^256 + bccomp($exponent, bcpow("2", "256")) === -1) )) { // 65537 <= exponent < 2^256 recommended by NIST // not critical but log so we have some statistics about // affected users @@ -198,10 +196,83 @@ function checkWeakKeyText($text) E_USER_NOTICE); } } - } - /* No weakness found */ - return ""; + // No weakness found + return ""; + } // End RSA + +/* +//Fails to work due to outdated OpenSSL 0.9.8o +//For this to work OpenSSL 1.0.1f or newer is required +//which is currently unavailable on the systems +//If DSA2048 or longer is used the CSR hangs pending on the signer. + if ($algorithm === "dsaEncryption") + { + if (!preg_match('/^\s*Public Key Algorithm:\s+dsaEncryption\s+pub:\s+([0-9a-fA-F:\s]+)\s+P:\s+([0-9a-fA-F:\s]+)\s+Q:\s+([0-9a-fA-F:\s]+)\s+G:\s+([0-9a-fA-F:\s]+)\s+$/sm', $text, $keydetail)) + { + return failWithId("checkWeakKeyText(): Couldn't parse the DSA ". + "key size.\nData:\n$text"); + } + + $key_pub = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[1]), "ABCDEF", "abcdef"); + $key_P = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[2]), "ABCDEF", "abcdef"); + $key_Q = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[3]), "ABCDEF", "abcdef"); + $key_G = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[4]), "ABCDEF", "abcdef"); + + //Verify the numbers provided by the client + $num_pub = @gmp_init($key_pub, 16); + $num_P = @gmp_init($key_P, 16); + $num_Q = @gmp_init($key_Q, 16); + $num_G = @gmp_init($key_G, 16); + + $bit_P = ltrim(gmp_strval($num_P, 2), "0"); + $keysize = strlen($bit_P); + + if ($keysize < 2048) { + return sprintf(_("The keys that you use are very small ". + "and therefore insecure. Please generate stronger ". + "keys. More information about this issue can be ". + "found in %sthe wiki%s"), + "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>", + "</a>"); + } + + //Following checks based on description of key generation in Wikipedia + //These checks do not ensure a strong key, but at least check for enough sanity in the key material + // cf. https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation + + //Check that P is prime + if(!gmp_testprime($num_P)) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to have a non-prime public modulus.\nData:\n$text"); + } + + //Check that Q is prime + if(!gmp_testprime($num_Q)) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to have a non-prime Q-value.\nData:\n$text"); + } + + //Check if P-1 is diviseable by Q + if(0 !== gmp_cmp("1", gmp_mod($num_P, $num_Q))) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to have P mod Q === 1 (i.e. P-1 is not diviseable by Q).\nData:\n$text"); + } + + //Check the numbers are all less than the public modulus P + if(0 <= gmp_cmp($num_Q, $num_P) || 0 <= gmp_cmp($num_G, $num_P) || 0 <= gmp_cmp($num_pub, $num_P)) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to be normalized to have Q < P, G < P and pub < P.\nData:\n$text"); + } + + // No weakness found + return ""; + } // End DSA +*/ + + + return _("The keys you supplied use an unrecognized algorithm. ". + "For security reasons these keys can not be signed by CAcert."); } /** diff --git a/includes/notary.inc.php b/includes/notary.inc.php index 8868d62..1a9c2ce 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -639,10 +639,16 @@ $res = mysql_query($query); } + /** + * get_user_agreement_status() + * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded + * @param mixed $memid + * @param string $type + * @return + */ function get_user_agreement_status($memid, $type="CCA"){ - //returns 0 - no user agreement, 1- at least one entry $query="SELECT u.`document` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ; $res = mysql_query($query); if(mysql_num_rows($res) <=0){ return 0; @@ -651,53 +657,62 @@ } } + /** + * get_first_user_agreement() + * returns the first user_agreement entry of the requested type depending on thes status of active of a given user + * @param mixed $memid + * @param integer $active, 0 - passive, 1 -active + * @param string $type + * @return + */ function get_first_user_agreement($memid, $active=1, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) - if($active==1){ - $filter="u.`memid`=".$memid; - }else{ - $filter="u.`secmemid`=".$memid; - } - $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND ".$filter." - ORDER BY u.`date` Limit 1;"; + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) . + " ORDER BY u.`date` Limit 1;"; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } + /** + * get_last_user_agreement() + * returns the last user_agreement entry of a given type and of a given user + * @param mixed $memid + * @param string $type + * @return + */ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) - $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } - function delete_user_agreement($memid, $type="CCA"){ + /** + * delete_user_agreement() + * deletes all entries for a given type from user_agreement of a given user, if type is not given all + * @param mixed $memid + * @param string $type + * @return + */ + function delete_user_agreement($memid, $type=false){ //deletes all entries to an user for the given type of user agreements - mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); - mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); + if ($type === false) { + $filter = ''; + } else { + $filter = " and `document` = '" . mysql_real_escape_string($type) . "'"; + } + mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter ); } // functions for 6.php (assure somebody) diff --git a/pages/account/11.php b/pages/account/11.php index 4e070cb..5f94122 100644 --- a/pages/account/11.php +++ b/pages/account/11.php @@ -15,39 +15,61 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> + <p> -<?=_("Please make sure the following details are correct before proceeding any further.")?> +<?=_("Please make sure the following details are correct before proceeding ". + "any further.")?> </p> -<?// print_r($_SESSION['_config']['altrows']); ?> + +<p><? +if (is_array($_SESSION['_config']['rows'])) { + foreach ($_SESSION['_config']['rows'] as $row) { + echo _("CommonName"), ": $row<br>\n"; + } +} + +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row<br>\n"; + } +} +?></p> + <p> -<? if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) { ?> -<?=_("CommonName")?>: <?=$row?><br> -<? } ?> -<? if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) { ?> -<?=_("subjectAltName")?>: <?=$row?><br> -<? } ?> -<? if(1 == 0) { ?> -<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br> -<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br> -<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br> -<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br> -<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br> -<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br> -<? } ?> -<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?> -<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?> -<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br> -<? foreach($_SESSION['_config']['rejected'] as $row) { ?> -<?=_("Rejected")?>: <a href="account.php?id=7&newdomain=<?=$row?>"><?=$row?></a><br> -<? } } ?> -<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?> -<form method="post" action="account.php"> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -<? } else { ?> -<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b> -<? } ?> +<?=_("No additional information will be included on certificates because it ". + "can not be automatically checked by the system.")?> </p> + +<p><? +if (array_key_exists('rejected',$_SESSION['_config']) && + is_array($_SESSION['_config']['rejected'])) { + echo _("The following hostnames were rejected because the system couldn't ". + "link them to your account, if they are valid please verify the ". + "domains against your account."), "<br>\n"; + + foreach ($_SESSION['_config']['rejected'] as $row) { + echo _("Rejected"); + echo ": <a href='account.php?id=7&newdomain=$row'>$row</a><br>\n"; + } +} +?></p> + +<? +if (is_array($_SESSION['_config']['rows']) || + is_array($_SESSION['_config']['altrows'])) { + ?> + <form method="post" action="account.php"> + <p> + <input type="submit" name="process" value="<?=_("Submit")?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </p> + </form> + <? +} else { + ?> + <p> + <b><?=_("Unable to continue as no valid commonNames or ". + "subjectAltNames were present on your certificate request.")?></b> + </p> + <? +} diff --git a/pages/account/13.php b/pages/account/13.php index 1c1cfc6..08f325d 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -23,7 +23,8 @@ $year = intval(substr($user['dob'], 0, 4)); $month = intval(substr($user['dob'], 5, 2)); $day = intval(substr($user['dob'], 8, 2)); - $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']); + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; + if($showdetails){ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; $body .= _("You receive this automatic mail since you yourself or someone ". @@ -160,6 +161,7 @@ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> </tr> <tr> + <input type="hidden" name="showdetails" value="1" /> <? } ?> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> diff --git a/pages/account/21.php b/pages/account/21.php index 6c3786b..75827fb 100644 --- a/pages/account/21.php +++ b/pages/account/21.php @@ -14,41 +14,57 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $org = $_SESSION['_config']['row']; - if($org['id'] <= 0) - $org = $_SESSION['_config']['altrow']; +*/ + +$org = $_SESSION['_config']['row']; +if ($org['id'] <= 0) { + $org = $_SESSION['_config']['altrow']; +} ?> -<p> -<?=_("Please make sure the following details are correct before proceeding any further.")?> -</p> <p> -<? if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) { ?> -<?=_("CommonName")?>: <?=$row?><br> -<? } ?> -<? if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) { ?> -<?=_("subjectAltName")?>: <?=$row?><br> -<? } ?> -<?=_("Organisation")?>: <?=$org['O']?><br> -<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br> -<?=_("Location")?>: <?=$org['L']?><br> -<?=_("State/Province")?>: <?=$org['ST']?><br> -<?=_("Country")?>: <?=$org['C']?><br> +<?=_("Please make sure the following details are correct before proceeding ". + "any further.")?> +</p> +<p><? +if (is_array($_SESSION['_config']['rows'])) { + foreach ($_SESSION['_config']['rows'] as $row) { + echo _("CommonName"), ": $row<br>\n"; + } +} -<form method="post" action="account.php"> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row<br>\n"; + } +} +echo _("Organisation"), ": {$org['O']}<br>\n"; +echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n"; +echo _("Location"), ": {$org['L']}<br>\n"; +echo _("State/Province"), ": {$org['ST']}<br>\n"; +echo _("Country"), ": {$org['C']}<br>\n"; +?> -<? if($_SESSION['profile']['admin'] == 1) { ?> -<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> -<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?> -<? } ?> +<form method="post" action="account.php"> + <p> + <input type="submit" name="process" value="<?=_("Submit")?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </p> + + <? + if ($_SESSION['profile']['admin'] == 1) { + ?> + <p> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <input type="checkbox" name="ocspcert" value="OCSPCert"/> + <?=_("OCSP certificate")?> + </p> + <? + } + ?> </form> -</p> diff --git a/pages/account/5.php b/pages/account/5.php index 44763e2..934ca0c 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -91,7 +91,7 @@ <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"> - <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> + <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> <input type="hidden" name="cert_<?=$row['id']?>" value="1" /> </td> <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> diff --git a/pages/account/6.php b/pages/account/6.php index 0054b7a..8455499 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -115,7 +115,6 @@ if (array_key_exists('format', $_REQUEST)) { echo "<pre>$cert</pre>"; ?> -<form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("Information about the certificate")?></td> @@ -133,16 +132,6 @@ if (array_key_exists('format', $_REQUEST)) { $row['revoke'] = _("Not Revoked"); ?> <tr> - <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> -<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td> -<? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td> -<? } else { ?> - <td class="DataTD"> </td> -<? } ?> - </tr> - <tr> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=$verified?></td> </tr> @@ -165,21 +154,14 @@ if (array_key_exists('format', $_REQUEST)) { <tr> <td class="DataTD"><?=_("Login")?></td> <td class="DataTD"> - <input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> + <input type="checkbox" name="disablelogin" disabled="disabled" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> </td> </tr> <tr> <td class="DataTD"><?=_("Comment")?></td> - <td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> + <td class="DataTD"><?=htmlspecialchars($row['description'])?></td> </tr> </table> -<input type="hidden" name="oldid" value="6"> -<input type="hidden" name="certid" value="<?=$certid?>"> -</form> - <? showfooter(); exit; diff --git a/pages/index/0.php b/pages/index/0.php index b1359f6..c5301d3 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -17,7 +17,11 @@ */ ?> <h3><?=_("Are you new to CAcert?")?></h3> -<p><?=sprintf(_("If you want to have free certificates issued to you, join the %s CAcert Community %s."),"<a href=\"https://www.cacert.org/index.php?id=1\">","</a>")?></p> +<p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p> + +<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p> + +<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p> <p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.php">',"</a>")?> <?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p> diff --git a/pages/index/1.php b/pages/index/1.php index a60a242..4f0ca83 100644 --- a/pages/index/1.php +++ b/pages/index/1.php @@ -15,9 +15,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> +<p><?=_("By joining CAcert and becoming a member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> <p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> +<b><?=_("Note: Please enter your date of birth and names as they are written in your official documents.")?></b><br /><br /> +<?=_("Because CAcert is a certificate authority (CA) people rely on us knowing about the identity of the users of our certificates. So even as we value privacy very much, we need to collect at least some basic information about our members. This is especially the case for everybody who wants to take part in our web of trust.")?> +<?=_("Your private information will be used for internal procedures only and will not be shared with third parties.")?> +</p> +<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> <?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br> <b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b> </p> diff --git a/pages/wot/6.php b/pages/wot/6.php index ef8cac7..a565aa7 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -79,7 +79,7 @@ AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); AssureFoot($id,_("I confirm this Assurance")); ?> diff --git a/scripts/53de-ate-amberg-email.txt b/scripts/53de-ate-amberg-email.txt new file mode 100644 index 0000000..d8f76ff --- /dev/null +++ b/scripts/53de-ate-amberg-email.txt @@ -0,0 +1,93 @@ +[Deutsch] + +Es hat sich viel getan in den letzten Jahren. Eine ganze Reihe von bisher +eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. +Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. +in dem CAcert Community Agreement) wurden beschlossen. Die Assurer +Training Events wollen versuchen, die ganzen Informationen unter's +Volk zu bringen: + +- Welcher Satz fehlt auf alten CAP Formularen? +- Warum soll ich mir R/L/O einpraegen? +- Wie verhaelst du dich, + wenn du ein fremdes Ausweisdokument das erste Mal pruefst? + +Antworten auf diese und weitere Fragen erhaelst du bei den +Assurer Training Events (ATEs). + +Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung +trainiert und auditiert, um die Qualitaet der Assurances in der +taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und +Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die +Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, +wie diese vermieden werden koennen. + +Wie IanG sagte: The ATE or Assurer Training Event is exceptionally +recommended for all Assurers, and include parts which contribute +directly to our audit. Come and find out how you can also contribute. + +Die kommende Veranstaltung in deiner Naehe findet statt am: + +- Montag, den 6. Januar 2014 +- in der Zeit von: 12:00 - ca. 16:00 Uhr +- ASAMnet e.V. +- Emailfabrik 1. Stock +- Emailfabrikstrasse 12 +- 92224 Amberg + + +Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im +Wiki [https://wiki.cacert.org/Events/2014-01-06ATE-Amberg] +Blog [http://blog.cacert.org/2013/12/ate-amberg-de-2014-01-06/] + +Teilnehmer Registrierung mit Rueckantwort: + 'Ich moechte am ATE-Amberg teilnehmen' + +Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. + +Kontakt: events@cacert.org + + + +[English] + +During the last year many changes took place inside CAcert. Many "oral" +rules have been put into Policies. New procedures +(e.g. Assurer Challenge) and obligations +(e.g. CAcert Community Agreement) have been put into live. +The Assurer Training Events (ATE) try to spread this information: + +- What is missing on the "old" CAP forms? +- Why should I remember R/L/O? +- What can you do if an Assuree shows an ID document unknown to you? + +These and more questions will be answered during the +Assurer Training Events (ATEs) + +Furthermore, the ATE trains how to do assurances and audits assurances, +to measure the quality of assurances in the daily routine. Here are some +possible errors and pitfalls which need to be found. Assurers have the +opportunity to see those errors and how to avoid them. + +As IanG said: The ATE or Assurer Training Event is exceptionally +recommended for all Assurers and includes parts which contribute +directly to our audit. Come and find out how you can also contribute. + +The next event held in your area will be: + +- Monday, January 6th 2014 +- during: 12:00 - ca. 16:00 +- ASAMnet e.V. +- Emailfabrik 1. Stock +- Emailfabrikstrasse 12 +- 92224 Amberg + +Details to the location can be found: +Wiki [https://wiki.cacert.org/Events/2014-01-06ATE-Amberg] +Blog [http://blog.cacert.org/2013/12/ate-amberg-de-2014-01-06/] + +User reply for registration: 'I will attend the ATE-Amberg' + +The event team is looking forward for your attendance: + +Contact: events@cacert.org diff --git a/scripts/53de-ate-amberg-mail.php.txt b/scripts/53de-ate-amberg-mail.php.txt new file mode 100644 index 0000000..4be2ebd --- /dev/null +++ b/scripts/53de-ate-amberg-mail.php.txt @@ -0,0 +1,133 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2013 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("53de-ate-amberg-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, United States +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2093625; // Los Angeles, CA ??? +// $locid = 2094326 // Los Angeles (Los Angeles), California, United States +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 1260319; // Muenchen +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany +// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany +// $locid = 2262656; // Melbourne, Victoria, Australia +// $locid = 2185076; // Raleigh (Wake), North Carolina, United States + +// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013 +// $locid = 2126955; // Lawrence (Douglas), Kansas, United States +// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS"; +// $city = "January 19th 2013"; + +// ATE-Kiel 2013-02-11 +// $locid = 919560; // Kiel, Schleswig-Holstein, Germany +// $eventname = "ATE-Kiel"; +// $city = "11. Februar 2013"; + +// Linuxtag, Berlin, May 22-25, 2013, +// $locid = 228950; // Berlin +// $eventname = "Linuxtag Berlin"; +// $city = "22.-25. Mai, 2013"; + +// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany +// $eventname = "ATE-Luebeck"; +// $city = "07. Juni 2013"; + +// $locid = 675661; // Graz, Steiermark, Austria +// $eventname = "ATE-Graz"; +// $city = "16. August 2013"; + +// $locid = 1992733; // Wien, Wien, Austria +// $eventname = "ATE-Wien"; +// $city = "15. Oktober 2013"; + + $locid = 54334; // Amberg, Bayern, Germany + $eventname = "ATE-Amberg"; + $city = "06. Januar 2014"; + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/db_migrations/version3.sh b/scripts/db_migrations/version3.sh new file mode 100755 index 0000000..8febfe7 --- /dev/null +++ b/scripts/db_migrations/version3.sh @@ -0,0 +1,98 @@ +#!/bin/sh +# LibreSSL - CAcert web application +# Copyright (C) 2004-2011 CAcert Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + +# script to do database migrations + +# This particular version migrates from the preversioned state to version 1 +# If you want to reuse it for further migrations you probably should pay special +# attention because you have to adjust it a bit + +set -e # script fails if any command fails + +STDIN=0 +STDOUT=1 +STDERR=2 + +if [ "$1" = "--help" ]; then + cat >&$STDERR <<- USAGE + Usage: $0 [MYSQL_OPTIONS] + You have to specify all options needed by "mysql" as if you had started + the MySQL command line client directly (including the name of the + database to operate on). The MySQL user used has to have enough + privileges to do all necessary operations (among others CREATE, ALTER, + DROP, UPDATE, INSERT, DELETE). + You might need to enter the mysql password multiple times if you + specify the -p option. + USAGE + exit 1 +fi + +mysql_opt=" --batch --skip-column-names $@" + +schema_version=$( mysql $mysql_opt <<- 'SQL' + + SELECT MAX(`version`) FROM `schema_version`; +SQL +) +if [ $schema_version != 2 ]; then + cat >&$STDERR <<- ERROR + Error: database schema is not in the right version to do the migration! + Expected version: 2 + ERROR + exit 2 +fi + +mysql $mysql_opt <<- 'SQL' + + +-- alter table Admin log + +ALTER TABLE `adminlog` ADD `type` VARCHAR( 50 ) NOT NULL , + ADD `information` VARCHAR( 50 ) NOT NULL; + +-- create new table OrgAdminLog + +CREATE TABLE IF NOT EXISTS `orgadminlog` ( + `when` datetime NOT NULL, + `oid` int(11) NOT NULL, + `adminid` int(11) NOT NULL, + `type` varchar(50) NOT NULL, + `information` varchar(50) NOT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1; + +-- alter table OrgDomainCerts +ALTER TABLE `orgdomaincerts` ADD orgadminid int(11) NULL, + ADD revokeorgadminid int(11) NULL; + +-- alter table OrgEmailCerts +ALTER TABLE `orgemailcerts` ADD orgadminid int(11) NULL, + ADD revokeorgadminid int(11) NULL; + + + + -- Update schema version number + INSERT INTO `schema_version` + (`version`, `when`) VALUES + ('3' , NOW() ); +SQL + + +echo "Database successfully migrated to version 3" +exit 0 + diff --git a/scripts/db_migrations/version4.sh b/scripts/db_migrations/version4.sh new file mode 100755 index 0000000..9a8aded --- /dev/null +++ b/scripts/db_migrations/version4.sh @@ -0,0 +1,100 @@ +#!/bin/sh +# LibreSSL - CAcert web application +# Copyright (C) 2004-2011 CAcert Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + +# script to do database migrations + +# This particular version migrates from the preversioned state to version 1 +# If you want to reuse it for further migrations you probably should pay special +# attention because you have to adjust it a bit + +set -e # script fails if any command fails + +STDIN=0 +STDOUT=1 +STDERR=2 + +if [ "$1" = "--help" ]; then + cat >&$STDERR <<- USAGE + Usage: $0 [MYSQL_OPTIONS] + You have to specify all options needed by "mysql" as if you had started + the MySQL command line client directly (including the name of the + database to operate on). The MySQL user used has to have enough + privileges to do all necessary operations (among others CREATE, ALTER, + DROP, UPDATE, INSERT, DELETE). + You might need to enter the mysql password multiple times if you + specify the -p option. + USAGE + exit 1 +fi + +mysql_opt=" --batch --skip-column-names $@" + +schema_version=$( mysql $mysql_opt <<- 'SQL' + + SELECT MAX(`version`) FROM `schema_version`; +SQL +) +if [ $schema_version != 3 ]; then + cat >&$STDERR <<- ERROR + Error: database schema is not in the right version to do the migration! + Expected version: 3 + ERROR + exit 2 +fi + +mysql $mysql_opt <<- 'SQL' + +-- dump table AdminLog +SELECT * + INTO OUTFILE "adminlog_table_backup_1135" + FIELDS TERMINATED BY ',' + OPTIONALLY ENCLOSED BY '"' + LINES TERMINATED BY "\n" + FROM `adminlog`; +SQL + + +echo "Dump table create in adminlog_table_backup_1135" + + +mysql $mysql_opt <<- 'SQL' +-- update table admin log + +UPDATE `adminlog` SET `type` = 'old name or dob change', +`information` = 'see adminlog_table_backup_1135'; + +-- alter table admin log + +ALTER TABLE `adminlog` + DROP `old-lname`, + DROP `old-dob`, + DROP `new-lname`, + DROP `new-dob`; + + + -- Update schema version number + INSERT INTO `schema_version` + (`version`, `when`) VALUES + ('4' , NOW() ); +SQL + + +echo "Database successfully migrated to version 4" +exit 0 + diff --git a/www/keygenIE.js b/www/keygenIE.js index be2d184..4c15b23 100644 --- a/www/keygenIE.js +++ b/www/keygenIE.js @@ -247,6 +247,7 @@ var CAcert_keygen_IE = function () { privateKey.Algorithm = algorithmOid; privateKey.Length = bits; privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES + privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10"); request.InitializeFromPrivateKey( @@ -545,7 +546,8 @@ var CAcert_keygen_IE = function () { } cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits - //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE + // Allow exporting the private key + cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE generatingKeyNotice.style.display = ""; diff --git a/www/wot.php b/www/wot.php index be97cb4..dec4246 100644 --- a/www/wot.php +++ b/www/wot.php @@ -372,7 +372,8 @@ $iecho= "c"; `when`=NOW()"; //record active acceptance by Assurer if (check_date_format(trim($_REQUEST['date']),2010)) { - write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']); + write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']); + write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); } if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; @@ -380,10 +381,6 @@ $iecho= "c"; mysql_query($query); fix_assurer_flag($_SESSION['_config']['notarise']['id']); include_once("../includes/notary.inc.php"); -/*to be activated after CCA accept option is implemented in form - write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/ -/* to be activated after the CCA recording is announced - write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */ if($_SESSION['profile']['points'] < 150) { |