diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-06-15 13:40:57 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-06-15 13:40:57 +0200 |
| commit | eac1f92e5f27e7c65dfb624744666091ccab328f (patch) | |
| tree | 30bbe367f6b828f62eed30a5ba8ec49e37df0549 | |
| parent | a3dbfe74d3521763418f44943a7ccfd974bc33bd (diff) | |
| parent | d2ad5c5c27f4daeabd3f53268cdeab2b706e6e97 (diff) | |
| download | cacert-devel-eac1f92e5f27e7c65dfb624744666091ccab328f.tar.gz cacert-devel-eac1f92e5f27e7c65dfb624744666091ccab328f.tar.xz cacert-devel-eac1f92e5f27e7c65dfb624744666091ccab328f.zip | |
Merge branch 'release' into bug-782
Conflicts:
includes/account.php
pages/account/12.php
Signed-off-by: Michael Tänzer <neo@nhng.de>
34 files changed, 1468 insertions, 398 deletions
diff --git a/CommModule/server.pl b/CommModule/server.pl index c70bc9a..6084042 100755 --- a/CommModule/server.pl +++ b/CommModule/server.pl @@ -955,10 +955,10 @@ sub analyze($) if($bytes[1] == 0) # NUL Request { SysLog "NUL Request detected.\n"; - if($fields[1]) + if($fields[1] =~ /^\d+\.\d+$/) { open OUT,">timesync.sh"; - print OUT "date -u $fields[1]\n"; + print OUT "date -u '$fields[1]'\n"; print OUT "hwclock --systohc\n"; close OUT; } diff --git a/includes/account.php b/includes/account.php index 95c2316..c2db9e6 100644 --- a/includes/account.php +++ b/includes/account.php @@ -152,6 +152,9 @@ { foreach($_REQUEST['delid'] as $id) { + if (0==$delcount) { + echo _('The following email addresses have been removed:')."<br>\n"; + } $id = intval($id); $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and `email`!='".$_SESSION['profile']['email']."'"; @@ -179,10 +182,8 @@ { echo _("You did not select any email accounts for removal."); } - if($delcount > 0) + if(0 == $delcount) { - echo _("The following accounts have been removed:")."<br>\n"; - } else { echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken."); } @@ -428,6 +429,7 @@ `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".$_SESSION['_config']['codesign']."', + `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `rootcert`='".$_SESSION['_config']['rootcert']."', `description`='".$_SESSION['_config']['description']."'"; mysql_query($query); @@ -630,13 +632,14 @@ echo $row['domain']."<br>\n"; $dres = mysql_query( - "select distinct `domaincerts`.`id` - from `domaincerts`, `domlink` + "select `domaincerts`.`id` + from `domaincerts` where `domaincerts`.`domid` = '$id' - or ( - `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$id' - )"); + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$id'"); while($drow = mysql_fetch_assoc($dres)) { mysql_query( diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 148a0ac..b9544e0 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -262,6 +262,7 @@ function hideall() { <ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul> </div> <? } ?> + <? include("about_menu.php"); ?> </div> <div id="content"> <div class="story"> diff --git a/includes/general.php b/includes/general.php index d762586..bcbe38d 100644 --- a/includes/general.php +++ b/includes/general.php @@ -797,4 +797,5 @@ return $res; } + ?> diff --git a/includes/keygen.php b/includes/keygen.php new file mode 100644 index 0000000..09ec7f9 --- /dev/null +++ b/includes/keygen.php @@ -0,0 +1,128 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> + + <noscript> + <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p> + <p><?=_('If you don\'t want to do that for any reason, you can use '. + 'manually created certificate requests instead.')?></p> + </noscript> + + <div id="noActiveX" style="color:red"> + <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p> + <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '. + 'later versions you have to add this website to the list of trusted sites '. + 'in the internet settings.')?></p> + <p><?php + printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '. + 'Websites", click on "Custom Level", set "ActiveX control '. + 'elements that are not marked as safe initialized on start in '. + 'scripts" to "Confirm" and click "OK". Now click "Sites", add '. + '"%s" and "%s" to your list of trusted sites and make the '. + 'changes come into effect by clicking "Close" and "OK".'), + 'https://'.$_SESSION['_config']['normalhostname'], + 'https://'.$_SESSION['_config']['securehostname'])?> + </p> + </div> + + <form method="post" style="display:none" action="account.php" + id="CertReqForm"> + <input type="hidden" name="oldid" value="<?=intval($id)?>" /> + <input type="hidden" id="CSR" name="CSR" /> + <input type="hidden" name="keytype" value="MS" /> + + <p><?=_('Security level')?>: + <select id="SecurityLevel"> + <option value="high" selected="selected"><?=_('High')?></option> + <option value="medium"><?=_('Medium')?></option> + <option value="custom"><?=_('Custom')?>…</option> + </select> + </p> + + <fieldset id="customSettings" style="display:none"> + <legend><?=_('Custom Parameters')?></legend> + + <p><?=_('Cryptography Provider')?>: + <select id="CspProvider"></select> + </p> + <p><?=_('Algorithm')?>: <select id="algorithm"></select></p> + <p><?=_('Keysize')?>: + <input id="keySize" type="number" /> + <?=_('Minimum Size')?>: <span id="keySizeMin"></span>, + <?=_('Maximum Size')?>: <span id="keySizeMax"></span>, + <?php + // TRANSLATORS: this specifies the step between two valid key + // sizes. E.g. if the step is 512 and the minimum is 1024 and + // the maximum is 2048, then only 1024, 1536 and 2048 bits may + // be specified as key size. + echo _('Step')?>: <span id="keySizeStep"></span></p> + <p style="color:red"><?php + printf(_('Please note that RSA key sizes smaller than %d bit '. + 'will not be accepted by CAcert.'), + 1024)?> + </p> + </fieldset> + + <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p> + <p id="generatingKeyNotice" style="display:none"> + <?=_('Generating your key. Please wait')?>…</p> + </form> + + <!-- Error messages used in the JavaScript. Defined here so they can be + translated without passing the JavaScript code through PHP --> + <p id="createRequestErrorChooseAlgorithm" style="display:none"> + <?=_('Could not generate certificate request. Probably you need to '. + 'choose a different algorithm.')?> + </p> + <p id="createRequestErrorConfirmDialogue" style="display:none"> + <?=_('Could not generate certificate request. Please confirm the '. + 'dialogue if you are asked if you want to generate the key.')?> + </p> + <p id="createRequestErrorConnectDevice" style="display:none"> + <?=_('Could not generate certificate request. Please make sure the '. + 'cryptography device (e.g. the smartcard) is connected.')?> + </p> + <p id="createRequestError" style="display:none"> + <?=_('Could not generate certificate request.')?> + </p> + <p id="invalidKeySizeError" style="display:none"> + <?=_('You have specified an invalid key size')?> + </p> + <p id="unsupportedPlatformError" style="display:none"> + <?=_('Could not initialize the cryptographic module for your '. + 'platform. Currently we support Microsoft Windows XP, Vista '. + 'and 7. If you\'re using one of these platforms and see this '. + 'error message anyway you might have to enable ActiveX as '. + 'described in the red explanation text and accept loading of '. + 'the module.')?> + </p> + + <script type="text/javascript" src="keygenIE.js"></script> + +<? } else { ?> + <p> + <form method="post" action="account.php"> + <input type="hidden" name="keytype" value="NS"> + <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> + + <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + </form> + </p> +<? } diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample index eb86401..10185fc 100644 --- a/includes/mysql.php.sample +++ b/includes/mysql.php.sample @@ -64,7 +64,8 @@ fputs($smtp, "DATA\r\n"); $InputBuffer = fgets($smtp, 1024); fputs($smtp, "X-Mailer: CAcert.org Website\r\n"); - fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); + if (array_key_exists("REMOTE_ADDR", $_SERVER)) + fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); fputs($smtp, "Sender: $errorsto\r\n"); fputs($smtp, "Errors-To: $errorsto\r\n"); if($replyto != "") diff --git a/includes/notary.inc.php b/includes/notary.inc.php index cc0e0eb..240b649 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -602,4 +602,74 @@ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } + + //functions to do with recording user agreements + function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){ + // write a new record to the table user_agreement + $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid. + ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ; + $res = mysql_query($query); + } + + function get_user_agreement_status($memid, $type="CCA"){ + //returns 0 - no user agreement, 1- at least one entry + $query="SELECT u.`document` FROM `user_agreements` u + WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + $res = mysql_query($query); + if(mysql_num_rows($res) <=0){ + return 0; + }else{ + return 1; + } + } + + function get_first_user_agreement($memid, $active=1, $type="CCA"){ + //returns an array (`document`,`date`,`method`, `comment`,`active`) + if($active==1){ + $filter="u.`memid`=".$memid; + }else{ + $filter="u.`secmemid`=".$memid; + } + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u + WHERE u.`document` = '".$type."' AND ".$filter." + ORDER BY u.`date` Limit 1;"; + $res = mysql_query($query); + if(mysql_num_rows($res) >0){ + $row = mysql_fetch_assoc($res); + $rec['document']= $row['document']; + $rec['date']= $row['date']; + $rec['method']= $row['method']; + $rec['comment']= $row['comment']; + $rec['active']= $row['active']; + }else{ + $rec=array(); + } + return $rec; + } + + function get_last_user_agreement($memid, $type="CCA"){ + //returns an array (`document`,`date`,`method`, `comment`,`active`) + $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) + union + (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + $res = mysql_query($query); + if(mysql_num_rows($res) >0){ + $row = mysql_fetch_assoc($res); + $rec['document']= $row['document']; + $rec['date']= $row['date']; + $rec['method']= $row['method']; + $rec['comment']= $row['comment']; + $rec['active']= $row['active']; + }else{ + $rec=array(); + } + return $rec; +} + + function delete_user_agreement($memid, $type="CCA"){ + //deletes all entries to an user for the given type of user agreements + mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); + mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); + } + ?> diff --git a/includes/wot.inc.php b/includes/wot.inc.php index 6b3bcc8..9471bee 100644 --- a/includes/wot.inc.php +++ b/includes/wot.inc.php @@ -40,6 +40,15 @@ return intval($row['list']); } + + function get_number_of_ttpassurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } function get_number_of_assurees ($userid) { diff --git a/locale/Makefile b/locale/Makefile index 1517066..4215a4f 100644 --- a/locale/Makefile +++ b/locale/Makefile @@ -176,7 +176,8 @@ upload.clean: template.clean messages.pot: $(GETTEXT_FILES) xgettext --output - --sort-by-file --copyright-holder "CAcert Inc." \ --package-name "CAcert" --package-version "$(VERSION)" \ - --msgid-bugs-address "translations-admin@cacert.org" $^ | \ + --msgid-bugs-address "translations-admin@cacert.org" \ + --add-comments=TRANSLATORS $^ | \ # replace place holders in the lines before the first msgid\ sed '1,/^msgid/ { s/SOME DESCRIPTIVE TITLE/$(DESCRITPION)/; s/YEAR/$(COPYRIGHT_YEAR)/; s/PACKAGE/$(PACKAGE)/ }' \ > $@ diff --git a/pages/account/10.php b/pages/account/10.php index 848077a..f83e0d8 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -26,7 +26,8 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> -<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p> +<p><b>*** <?=_("Please note: All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not.")?> ***</b></p> +<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <form method="post" action="account.php"> <? if($_SESSION['profile']['points'] >= 50) { ?> diff --git a/pages/account/12.php b/pages/account/12.php index 32524e2..6d4e86e 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -38,7 +38,7 @@ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, `domaincerts`.`description` from `domaincerts`,`domains` - where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; + where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) { $query .= "AND `revoked`=0 AND `renewed`=0 "; @@ -51,7 +51,7 @@ { ?> <tr> - <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -95,8 +95,10 @@ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td> </tr> <? } ?> + <tr> + <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> + </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"/> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> </form> -<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/17.php b/pages/account/17.php index 2ba5390..8ac8b65 100644 --- a/pages/account/17.php +++ b/pages/account/17.php @@ -14,124 +14,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> -<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work.")?> -</object> -<form method="post" action="account.php" name="CertReqForm"><p> -<input type="hidden" name="session" value="UsedXenroll"> -<?=_("Key Strength:")?> <select name="CspProvider"></select> -<input type="hidden" name="oldid" value="<?=$id?>"> -<INPUT TYPE=HIDDEN NAME="CSR"> -<input type="hidden" name="keytype" value="MS"> -<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?> -<input type="submit" name="GenReq" value="Create Certificate"><br> -</p></form> -<script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next +*/ - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - cec.GenKeyFlags = &h04000001 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = &h04000000 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub - -GetProviderList() ---> -</script> -<? } else { ?> -<p> -<form method="post" action="account.php"> -<input type="hidden" name="keytype" value="NS"> -<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> - - -<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -</p> -<? } ?> +require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); diff --git a/pages/account/4.php b/pages/account/4.php index a4d6597..8ac8b65 100644 --- a/pages/account/4.php +++ b/pages/account/4.php @@ -14,177 +14,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> -<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?> -</object> -<form method="post" action="account.php" name="CertReqForm"><p> -<input type="hidden" name="session" value="UsedXenroll"> -<?=_("Key Strength:")?> <select name="CspProvider"></select> -<input type="hidden" name="oldid" value="<?=$id?>"> -<INPUT TYPE=HIDDEN NAME="CSR"> -<input type="hidden" name="keytype" value="MS"> -<input type="submit" name="GenReq" value="Create Certificate"><br> -</p></form> -<script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next +*/ - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - // Vista: - Set csps = CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) Then - csps.AddAvailableCsps() - Document.CertReqForm.keytype.value="VI" - For j = 0 to csps.Count-1 - Set oOption = document.createElement("OPTION") - oOption.text = csps.ItemByIndex(j).Name - oOption.value = j - Document.CertReqForm.CspProvider.add(oOption) - Next - - Else - - // 2000,XP: - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if - End If -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - - - // Vista - if Document.CertReqForm.keytype.value="VI" Then - - Dim g_objClassFactory - Dim obj - Dim objPrivateKey - Dim g_objRequest - Dim g_objRequestCMC - - Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - //Msgbox exit function - objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text - // "Microsoft Enhanced RSA and AES Cryptographic Provider" - objPrivateKey.ProviderType = "24" - objPrivateKey.KeySpec = "1" - objPrivateKey.ExportPolicy = 1 - objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - objDN.Encode("CN=CAcertRequest") - objRequest.Subject = objDN - - // obj.Initialize(1) - obj.InitializeFromRequest(objRequest) - obj.CertificateDescription="Description" - obj.CertificateFriendlyName="FriendlyName" - CSR=obj.CreateRequest(1) - If len(CSR)<>0 Then Exit Function - Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>" - - else - // XP - - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - cec.GenKeyFlags = &h04000001 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = &h04000000 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - End if -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub - -GetProviderList() ---> -</script> -<? } else { ?> -<p> -<form method="post" action="account.php"> -<input type="hidden" name="keytype" value="NS"> -<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> - -<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -</p> -<? } ?> +require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); diff --git a/pages/account/41.php b/pages/account/41.php index 4ea9b10..d61d8db 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -73,8 +73,12 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - echo "<option value='".sanitizeHTML($row['locale'])."'"; - echo ">".$row['country']." - ".$row['lang']."</option>\n"; + printf("<option value=\"%s\">[%s] %s (%s)</option>\n", + sanitizeHTML($row['locale']), + sanitizeHTML($row['locale']), + $row['lang'], + $row['country'] + ); } ?> </select> diff --git a/pages/account/43.php b/pages/account/43.php index 7bf6d04..a926a98 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -173,6 +173,10 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <input type="submit" value="Go"></form></nobr></td> </tr> <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> <td class="DataTD"><?=_("Trainings")?>:</td> <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> </tr> diff --git a/pages/account/57.php b/pages/account/57.php new file mode 100644 index 0000000..76eee27 --- /dev/null +++ b/pages/account/57.php @@ -0,0 +1,107 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php'); + + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + + echo _('You do not have access to this page'); + + } else { + $user_id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + $row = mysql_fetch_assoc($res); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_('CCA agreement of').' '.sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname'])?></td> + </tr> +</table> + + +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><b><?=_('CCA type')?></b></td> + <td class="DataTD"><b><?=_('Date')?></b></td> + <td class="DataTD"><b><?=_('Method')?></b></td> + <td class="DataTD"><b><?=_('Type')?></b></td> + </tr> +<? + $data=get_first_user_agreement($user_id,1); + if (!isset($data['active'])){ + $type=''; + }else{ + $type=_('active'); + } +?> + <tr> + <td class="DataTD"><?=_('First active CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +<? + $data=get_first_user_agreement($user_id,0); + if (!isset($data['active'])){ + $type=""; + }else{ + $type=_('passive'); + } +?> + <tr> + <td class="DataTD"><?=_('First passive CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +<? + $data=get_last_user_agreement($user_id); + if (!isset($data['active'])){ + $type=""; + }elseif($data['active']==1){ + $type=_('active'); + }else{ + $type=_('passive'); + } +?> + <tr> + <td class="DataTD"><?=_('Last CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +</table> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { +?> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr> +<? } +?> </table> +<? + } +} +?> diff --git a/pages/index/0.php b/pages/index/0.php index 81ab2b1..e7356c7 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -118,8 +118,7 @@ <p><?=_("If you are located in Australia, use bank transfer instead.")?></p> <p><?=_("CAcert bank account details:")?></p> - -<ul> +<ul class="no_indent"> <li>Account Name: CAcert Inc</li> <li>SWIFT: WPACAU2S</li> <li>BSB: 032073</li> diff --git a/pages/index/3.php b/pages/index/3.php index c2cb391..a107c29 100644 --- a/pages/index/3.php +++ b/pages/index/3.php @@ -18,38 +18,45 @@ <p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p> -<p> -Class 1 <?=_("PKI Key")?><br> -<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer 5.x/6.x")?></a><br> -<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br> -<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a><br> -<a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a><br> -<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a><br> -<?=_("Fingerprint")?> SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33<br/> -<?=_("Fingerprint")?> MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B<br/> -</p> +<h3><?=_("Windows Installer") ?></h3> +<ul class="no_indent"> + <li><? printf(_("%s Windows installer package %s for browsers that use the Windows certificate store %s (for example Internet Explorer, Chrome on Windows and Safari on Windows)"), '<a href="certs/CAcert_Root_Certificates.msi">', '</a>', '<br/>')?></li> + <li><?=_("SHA1 Hash:") ?> 2db1957db31aa0d778d1a65ea146760ee1e67611</li> + <li><?=_("SHA256 Hash:") ?> 88883f2e3117bae6f43922fbaef8501b94efe4143c12116244ca5d0c23bcbb16</li> +</ul> -<p> -Class 3 <?=_("PKI Key")?><br> -<a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a><br/> -<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/> -<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/> -<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/> +<h3><?=_("Class 1 PKI Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li> + <li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li> + <li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li> + <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li> + <li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li> + <li><?=_("MD5 Fingerprint:")?> A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B</li> +</ul> + +<h3><?=_("Class 3 PKI Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li> + <li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li> + <li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li> + <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li> <?php /* class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration */ ?> -<?=_("Fingerprint")?> SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE<br/> -<?=_("Fingerprint")?> MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42<br/> -</p> + <li><?=_("SHA1 Fingerprint:")?> AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE</li> + <li><?=_("MD5 Fingerprint:")?> F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42</li> +</ul> -<p> -<?=_("GPG Key")?><br> -<a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a><br> -</p> +<h3><?=_("GPG Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a></li> + <li><?=_("GPG Key ID:")?> 0x65D0FD58</li> + <li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li> +</ul> -<p> -<?=_("PKI finger/thumb print signed by the CAcert GPG Key")?><br> +<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4> <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @@ -82,8 +89,8 @@ TG1yj+lkktROGGyn0hJ5SbM= =tXoj -----END PGP SIGNATURE----- </pre> -</p> +<h3><?=_("History")?></h3> <p> <? printf(_('An overview over all CA certificates ever issued can be found in '. '%sthe wiki%s.'), diff --git a/pages/index/4.php b/pages/index/4.php index ffbfe26..384ea56 100644 --- a/pages/index/4.php +++ b/pages/index/4.php @@ -25,11 +25,11 @@ ?> <? if($_SESSION['_config']['hostname'] == $_SESSION['_config']['securehostname']) { ?> -<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p> +<p><?=sprintf(_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your email/pass phrase to get a new certificate, by clicking on %sPassword Login%s on the right side of this page."),"<a href='https://".$_SESSION['_config']['normalhostname']."/index.php?id=4'>", "</a>")?></p> <? } else { ?> <style> .box2 {width:100%;text-align:center;} -.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:250px;width:300px;padding:1em;} +.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;} .smalltext {font-size:10px;} label {width:100px;display:block;float:left;} text {width:166px;display:block;float:left;} @@ -45,15 +45,15 @@ h1 {font-size:1.9em;text-align:center;} <label for="email"><?=_("Email Address")?>:</label><input type='text' name="email" value="<?=sanitizeHTML(array_key_exists("email",$_REQUEST)?$_REQUEST['email']:"")?>" <? if(array_key_exists('notauto',$_REQUEST) && $_REQUEST['noauto'] == 1) echo " autocomplete='off'"; ?>/><br /> <label for="pword"><?=_("Pass Phrase")?>:</label><input type='password' name='pword' autocomplete="off"/><br /> <input type='submit' name="process" value="<?=_("Login")?>" /><br /><br /> -<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> - -<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> - +<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> - +<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> - <a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&noauto=1'><?=_("Net Cafe Login")?></a><br /> <p class='smalltext'><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> <input type="hidden" name="oldid" value="<?=$id?>"> </form> </div> </div> -<? } +<? } if(array_key_exists("oldlocation",$_SESSION['_config']) && $_SESSION['_config']['oldlocation']!="") { echo "<br/><center>"._("If you want to use certificate login instead of username+password, please")." <a href='https://secure.cacert.org/".sanitizeHTML($_SESSION['_config']['oldlocation'])."'>"._("click here")."</a></center>"; diff --git a/pages/wot/2.php b/pages/wot/2.php index a75bc57..eda77bb 100644 --- a/pages/wot/2.php +++ b/pages/wot/2.php @@ -15,22 +15,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<span style="background-color: #FF8080; font-size: 150%"> -Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br> -Until a subsidiary policy under AP is written, it is against AP rules.<br> -</span> - <br> -<h3><?=_("To become an Assurer")?></h3> -<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p> +<h3><?=_('To become an Assurer')?></h3> -<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p> +<p><?=_('To become a CAcert Assurer you need to fulfill the following requirements:')?></p> +<ol> + <li><?=_('You have to reach 100 Assurance points')?></li> + <li><?=_('You have to pass the CATS test')?></li> +</ol> -<p>CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia</p> +<p><?=_('To reach 100 Assurance Points you have to meet with assurers who assure you under the CAcert Assurance Programme according to Assurance Policy. During the face to face meeting you need to show at least one governmental issued photo ID.')?></p> + +<p><?=sprintf(_('The 2nd requirement in becoming assurer is to pass the CAcert Assurer Challenge, which can be started at %s. For more information explore the wiki regarding the %s.'),'<a href="https://cats.cacert.org">https://cats.cacert.org</a>','<a href="//wiki.cacert.org/AssurerChallenge">Assurer Challenge</a>')?><p> + +<p><?=sprintf(_('In case you cannot meet an Assurer (eg there are not many assurer in your area) you can be assured under the alternate %sTTP-assisted-assurance programme%s. Read the pages %s for the basic way how the TTP-assisted-assurance programme works for you and %s whether the TTP programme affects the country where you are located.'),'<a href="/wot.php?id=4">', '</a>','<a href="//wiki.cacert.org/TTP/TTPuser">TTPuser</a>','<a href="//wiki.cacert.org/TTP/TTPAL">TTPAL</a>')?> </p> -<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p> -<p><?=_("Once you have received at least 100 Assurance Points you will have to pass a test called Assurer Challenge, which can be started at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>!'?></p> diff --git a/pages/wot/4.php b/pages/wot/4.php index 04997ba..befdfe4 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -14,7 +14,9 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> +*/ +require_once(dirname(__FILE__).'/../../includes/wot.inc.php'); +?> <h3><?=_("Trusted Third Parties")?></h3> @@ -32,4 +34,49 @@ <p><?=sprintf(_("If you are interested in the TTP programme, read the pages %s for the basic way how the TTP programme works for you, and %s whether the TTP programme affects the country where you are located."),"<a href='//wiki.cacert.org/TTP/TTPuser'>https://wiki.cacert.org/TTP/TTPuser</a>","<a href='//wiki.cacert.org/TTP/TTPAL'>https://wiki.cacert.org/TTP/TTPAL</a>")?> </p> -<p><?=sprintf(_("If you want to take part in the TTP programme, send an email to %s with your name, the main email address of your CAcert account and the country that you want to see the TTP. CAcert will then send you the needed forms and guide you through the process."),"<a href='mailto:support@cacert.org'>support@cacert.org</a>")?></p> +<? +// test for points <100 +if ($_SESSION['profile']['points']<100){ + // test for TTP assurances + if (get_number_of_ttpassurances(intval($_SESSION['profile']['id']))<2){?> + <p><?=_("If you want to ask for TTP assurances fill out the missing data and send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p> + <form method="post" action="wot.php"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><?=_("Country where you want to visit the TTP")?></td> + <td class="DataTD"><select size="1" name="country"> + <option>Australia</option> + <option>Puerto Rico</option> + <option>USA</option> + </select></td> + </tr> + <tr> + <td class="DataTD"><?=_("I want to take part in the TTP Topup programme")?></td> + <td class="DataTD"><input type="checkbox" name="ttptopup" value="1"></td> + </tr> + <tr> + <td colspan="2" > + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + <input type="submit" name="ttp" value="<?=_("I need a TTP assurance")?>"> + </td> + </tr> + </table> + </form> +<? //" + } else { + /* As soon as the TPP TOPUP Programme is established this routine should be used + <p><?=_("As you have already got 2 TTP assurances you can only take part in the TTP TOPUP programme. If you want to ask for the TTP TOPUP programme use the submit button to send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p> + <form method="post" action="wot.php"> + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + <input type="submit" name="ttptopup" value="<?=_("I need a TTP TOPUP")?>"> + </form> +*/ +?> + <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p> +<? + } +} else { +?> + <p><?=_("You reached the maximum points that can be granted by the TTP programme and therefore you cannot take part in the TTP programme any more.")?></p> +<? +} diff --git a/scripts/47us-fudcon-lawrence-email.txt b/scripts/47us-fudcon-lawrence-email.txt new file mode 100644 index 0000000..d2b6e97 --- /dev/null +++ b/scripts/47us-fudcon-lawrence-email.txt @@ -0,0 +1,26 @@ +Hi,
+
+I'm a Fedora developer and sysadmin (and a CAcert Assurer), and am going to be attending the Fedora Users and Developers Conference which will be held at the University of Kansas, located in Lawrence, KS, from January 18–20, 2013.
+
+We have a GPG/PGP keysigning party planned, and I'm interested in getting some people together to offer CAcert assurances. This is especially important since CAcert will be removing all points formerly obtained by Thawte Point Transfer very soon.
+
+The CAcert Assurance Event will be held on Saturday, January 19, 2013, beginning at 15:30.
+The GPG Keysigning Event will begin at 16:30.
+
+If you are interested in either event, please sign up at:
+http://bit.ly/fudcon2013-keysigning for the keysigning event
+and/or
+http://bit.ly/fudcon2013-cacert-assurance for the CAcert assurance event.
+
+Please contact me at either nb@fedoraproject.org or nb@cacert.org if you have any questions.
+
+Nick
+
+Further infos:
+ * [https://wiki.cacert.org/Events/FUDConLawrence]
+ * CAcert organizing wiki page
+ * [http://fedoraproject.org/wiki/FUDCon:Lawrence_2013]
+ * has more information about FUDCon.
+
+
+Contact: events@cacert.org
diff --git a/scripts/47us-fudcon-lawrence-mail.php.txt b/scripts/47us-fudcon-lawrence-mail.php.txt new file mode 100644 index 0000000..4bb3c8a --- /dev/null +++ b/scripts/47us-fudcon-lawrence-mail.php.txt @@ -0,0 +1,109 @@ +#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("47us-fudcon-lawrence-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+ $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+ $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+ $city = "January 19th 2013";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/48de-ate-kiel-email.txt b/scripts/48de-ate-kiel-email.txt new file mode 100644 index 0000000..d522cdc --- /dev/null +++ b/scripts/48de-ate-kiel-email.txt @@ -0,0 +1,68 @@ +[Deutsch]
+
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Dienstag, den 11. Februar 2013
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Toppoint e.V.
+- Eckernförder Str. 20
+- 24103 Kiel
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2013-02-11ATE-Kiel]
+Blog [http://blog.cacert.org/2013/01/586.html]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Kiel teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+
+[English]
+
+During the last year many changes took place inside CAcert. Many "oral" rules have been put into Policies. New procedures (e.g. Assurer Challenge) and obligations (e.g. CAcert Community Agreement) have been put into live. The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances, to measure the quality of assurances in the daily routine. Here are some possible errors and pitfalls which need to be found. Assurers have the opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers and includes parts which contribute directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Tuesday 11. February 2013
+- during 19:00 - ca. 22:00
+- Toppoint e.V.
+- Eckernförder Str. 20
+- 24103 Kiel
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2013-02-11ATE-Kiel]
+Blog [http://blog.cacert.org/2013/01/586.html]
+
+User reply for registration: 'I will attend the ATE-Kiel'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/48de-ate-kiel-mail.php.txt b/scripts/48de-ate-kiel-mail.php.txt new file mode 100644 index 0000000..9f3ab46 --- /dev/null +++ b/scripts/48de-ate-kiel-mail.php.txt @@ -0,0 +1,114 @@ +#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("48de-ate-kiel-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+// $city = "January 19th 2013";
+
+// ATE-Kiel 2013-02-11
+ $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+ $eventname = "ATE-Kiel";
+ $city = "11. Februar 2013";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/cron/removedead.php b/scripts/cron/removedead.php index aadda81..2257dc8 100755 --- a/scripts/cron/removedead.php +++ b/scripts/cron/removedead.php @@ -19,7 +19,8 @@ require_once(dirname(__FILE__).'/../../includes/mysql.php'); require_once(dirname(__FILE__).'/../../includes/lib/l10n.php'); - + require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); + $query = "select * from `users` where `users`.`verified`=0 and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800"; $res = mysql_query($query); @@ -27,6 +28,7 @@ { mysql_query("delete from `email` where `memid`='".$row['id']."'"); mysql_query("delete from `users` where `id`='".$row['id']."'"); + delete_user_agreement($row['id']); } $query = "delete from `domains` where `hash`!='' and diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php index 5cf7c31..0c97ba2 100755 --- a/scripts/cron/warning.php +++ b/scripts/cron/warning.php @@ -72,32 +72,37 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid foreach($days as $day => $warning) { - $query = - "SELECT DISTINCT `domaincerts`.`id`, + $select_clause = + "`domaincerts`.`id`, `users`.`fname`, `users`.`lname`, `users`.`email`, `domains`.`memid`, `domaincerts`.`subject`, `domaincerts`.`crt_name`, `domaincerts`.`CN`, `domaincerts`.`serial`, - (UNIX_TIMESTAMP(`domaincerts`.`expire`) - - UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft` - - FROM `users`, `domaincerts`, `domlink`, `domains` - WHERE UNIX_TIMESTAMP(`domaincerts`.`expire`) - + (UNIX_TIMESTAMP(`domaincerts`.`expire`) - + UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft`"; + $where_clause = + "UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP(NOW()) > -7 * 86400 - AND UNIX_TIMESTAMP(`domaincerts`.`expire`) - + AND UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP(NOW()) < $day * 86400 - AND `domaincerts`.`renewed` = 0 - AND `domaincerts`.`warning` <= '$warning' - AND `domaincerts`.`revoked` = 0 - AND ( - `domaincerts`.`domid` = `domains`.`id` - OR ( - `domaincerts`.`id` = `domlink`.`certid` - AND `domlink`.`domid` = `domains`.`id` - ) - ) - AND `domains`.`memid` = `users`.`id`"; + AND `domaincerts`.`renewed` = 0 + AND `domaincerts`.`warning` <= '$warning' + AND `domaincerts`.`revoked` = 0 + AND `domains`.`memid` = `users`.`id`"; + $query = + "SELECT $select_clause + FROM `users`, `domaincerts`, `domains` + WHERE $where_clause + AND `domaincerts`.`domid` = `domains`.`id` + UNION DISTINCT + SELECT $select_clause + FROM `users`, + `domaincerts` LEFT JOIN `domlink` ON + (`domaincerts`.`id` = `domlink`.`certid`), + `domains` + WHERE $where_clause + AND `domlink`.`domid` = `domains`.`id`"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { diff --git a/scripts/db_migrations/version2.sh b/scripts/db_migrations/version2.sh index 7d940ff..7d940ff 100644..100755 --- a/scripts/db_migrations/version2.sh +++ b/scripts/db_migrations/version2.sh diff --git a/www/certs/CAcert_Root_Certificates.msi b/www/certs/CAcert_Root_Certificates.msi Binary files differnew file mode 100644 index 0000000..f60567e --- /dev/null +++ b/www/certs/CAcert_Root_Certificates.msi diff --git a/www/disputes.php b/www/disputes.php index 5b78c1e..f195ed5 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -264,7 +264,7 @@ echo _("You aren't allowed to dispute your own email addresses. Can't continue."); showfooter(); exit; - } + } $res = mysql_query("select * from `users` where `id`='$oldmemid'"); $user = mysql_fetch_assoc($res); @@ -319,12 +319,20 @@ } unset($oldid); $query = "select * from `domains` where `domain`='$domain' and `deleted`=0"; - $email = ""; if(array_key_exists('email',$_REQUEST)) $email=trim(mysql_real_escape_string($_REQUEST['email'])); $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { + $query = "select 1 from `orgdomains` where `domain`='$domain'"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + showheader(_("Domain Dispute")); + printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>'); + showfooter(); + exit; + } showheader(_("Domain Dispute")); - printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email)); + printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($domain)); showfooter(); exit; } @@ -336,7 +344,7 @@ echo _("You aren't allowed to dispute your own domains. Can't continue."); showfooter(); exit; - } + } $domainid = $row['id']; $_SESSION['_config']['domainid'] = $domainid; diff --git a/www/index.php b/www/index.php index 35d22d7..c7cc03e 100644 --- a/www/index.php +++ b/www/index.php @@ -18,6 +18,7 @@ require_once('../includes/lib/l10n.php'); + $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; @@ -544,6 +545,8 @@ require_once('../includes/lib/l10n.php'); `regional`='".$_SESSION['signup']['regional']."', `radius`='".$_SESSION['signup']['radius']."'"; mysql_query($query); + include_once("../includes/notary.inc.php"); + write_user_agreement($memid, "CCA", "account creation", "", 1); $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; diff --git a/www/keygenIE.js b/www/keygenIE.js new file mode 100644 index 0000000..be2d184 --- /dev/null +++ b/www/keygenIE.js @@ -0,0 +1,609 @@ +/* +LibreSSL - CAcert web application +Copyright (C) 2004-2012 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +var CAcert_keygen_IE = function () { + + /// Makes a new DOM text node + var textnode = function (text) { + return document.createTextNode(text); + } + + /// makes a new <p> element + var paragraph = function (text) { + var paragraph = document.createElement("p"); + paragraph.appendChild(textnode(text)); + return paragraph; + } + + /// makes a new <pre> elemtent + var pre = function (text) { + var pre = document.createElement("pre"); + pre.appendChild(textnode(text)); + return pre; + } + + /// makes a new <option> element + var option = function (text, value) { + var option = document.createElement("option"); + if (value !== undefined) { + option.setAttribute("value", value); + } + option.appendChild(textnode(text)); + return option; + } + + /// Removes all child nodes from the element + var removeChildren = function (element) { + element.innerHTML = ""; + } + + /// Show error message to user from exception + var showError = function (message, exception) { + window.alert( + message + + "\n\nError: " + exception.message + + " (0x" + (0xFFFFFFFF + exception.number + 1).toString(16) + + " / " + exception.number + ")" + ); + } + + // Get important elements from the DOM + var form = document.getElementById("CertReqForm"); + var securityLevel = document.getElementById("SecurityLevel"); + var customSettings = document.getElementById("customSettings"); + var provider = document.getElementById("CspProvider"); + var algorithm = document.getElementById("algorithm"); + var algorithmParagraph = document.getElementById("algorithmParagraph"); + var keySize = document.getElementById("keySize"); + var keySizeMin = document.getElementById("keySizeMin"); + var keySizeMax = document.getElementById("keySizeMax"); + var keySizeStep = document.getElementById("keySizeStep"); + var genReq = document.getElementById("GenReq"); + var csr = document.getElementById("CSR"); + var noActiveX = document.getElementById("noActiveX"); + var generatingKeyNotice = document.getElementById("generatingKeyNotice"); + var createRequestErrorChooseAlgorithm = document.getElementById("createRequestErrorChooseAlgorithm"); + var createRequestErrorConfirmDialogue = document.getElementById("createRequestErrorConfirmDialogue"); + var createRequestErrorConnectDevice = document.getElementById("createRequestErrorConnectDevice"); + var createRequestError = document.getElementById("createRequestError"); + var invalidKeySizeError = document.getElementById("invalidKeySizeError"); + var unsupportedPlatformError = document.getElementById("unsupportedPlatformError"); + + /// Initialise the CertEnroll code (Vista and higher) + /// returns false if initialisation fails + var initCertEnroll = function () { + var factory = null; + var providerList = null; + var cspStats = null; + + // Try to initialise the ActiveX element. Requires permissions by the user + try { + factory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory"); + if (!factory) { + throw { + name: "NoObjectError", + message: "Got null at object creation" + }; + } + + // also try to create a useless object here so the library gets + // initialised and we don't need to check everytime later + factory.CreateObject("X509Enrollment.CObjectId"); + + form.style.display = ""; + noActiveX.style.display = "none"; + } catch (e) { + return false; + } + + /// Get the selected provider + var getProvider = function () { + var providerIndex = provider.options[provider.selectedIndex].value; + return providerList.ItemByIndex(providerIndex); + } + + /// Get the selected algorithm + var getAlgorithm = function () { + var algorithmIndex = algorithm.options[algorithm.selectedIndex].value; + return alg = cspStats.ItemByIndex(algorithmIndex).CspAlgorithm; + } + + /// Get the selected key size + var getKeySize = function () { + var alg = getAlgorithm(); + + var bits = parseInt(keySize.value, 10); + if ( + (bits < alg.MinLength) || + (bits > alg.MaxLength) || + ( + alg.IncrementLength && + ((bits - alg.MinLength) % alg.IncrementLength !== 0) + ) + ) { + return false; + } + + return bits; + } + + /// Fill the key size list + var getKeySizeList = function () { + if (!cspStats) { + return false; + } + + var alg = getAlgorithm(); + + // HTML5 attributes + keySize.setAttribute("min", alg.MinLength); + keySize.setAttribute("max", alg.MaxLength); + keySize.setAttribute("step", alg.IncrementLength); + keySize.setAttribute("value", alg.DefaultLength); + keySize.value = ""+alg.DefaultLength; + + // ugly, but buggy otherwise if done with text nodes + keySizeMin.innerHTML = alg.MinLength; + keySizeMax.innerHTML = alg.MaxLength; + keySizeStep.innerHTML = alg.IncrementLength; + + return true; + } + + /// Fill the algorithm list + var getAlgorithmList = function () { + var i; + + if (!providerList) { + return false; + } + + var csp = getProvider(); + + cspStats = providerList.GetCspStatusesFromOperations( + 0x1c, //XCN_NCRYPT_ANY_ASYMMETRIC_OPERATION + //0x10, //XCN_NCRYPT_SIGNATURE_OPERATION + //0x8, //XCN_NCRYPT_SECRET_AGREEMENT_OPERATION + //0x4, //XCN_NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION + csp + ); + + removeChildren(algorithm); + for (i = 0; i < cspStats.Count; i++) { + var alg = cspStats.ItemByIndex(i).CspAlgorithm; + algorithm.appendChild(option(alg.Name, i)); + } + + return getKeySizeList(); + } + + /// Fill the crypto provider list + var getProviderList = function () { + var i; + + var csps = factory.CreateObject("X509Enrollment.CCspInformations"); + + // Get provider information + csps.AddAvailableCsps(); + + removeChildren(provider); + + for (i = 0; i < csps.Count; i++) { + var csp = csps.ItemByIndex(i); + provider.appendChild(option(csp.Name, i)); + } + + providerList = csps; + + return getAlgorithmList(); + } + + /// Generate a key and create and submit the actual CSR + var createCSR = function () { + var providerName, algorithmOid, bits; + + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + providerName = getProvider().Name; + var alg = getAlgorithm(); + algorithmOid = alg.GetAlgorithmOid(0, 0) + bits = getKeySize(); + if (!bits) { + window.alert(invalidKeySizeError.innerHTML); + return false; + } + } else { + providerName = "Microsoft Software Key Storage Provider"; + + algorithmOid = factory.CreateObject("X509Enrollment.CObjectId"); + algorithmOid.InitializeFromValue("1.2.840.113549.1.1.1"); // RSA + // "1.2.840.10040.4.1" == DSA + // "1.2.840.10046.2.1" == DH + + if (level.value === "high") { + bits = 4096; + } else { // medium + bits = 2048; + } + } + + var privateKey = factory.CreateObject("X509Enrollment.CX509PrivateKey"); + privateKey.ProviderName = providerName; + privateKey.Algorithm = algorithmOid; + privateKey.Length = bits; + privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES + + var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10"); + request.InitializeFromPrivateKey( + 1, // ContextUser + privateKey, + "" // don't use a template + ); + + var enroll = factory.CreateObject("X509Enrollment.CX509Enrollment"); + enroll.InitializeFromRequest(request); + + generatingKeyNotice.style.display = ""; + + // The request needs to be created after we return so the "please wait" + // message gets rendered + var createCSRHandler = function () { + try { + csr.value = enroll.CreateRequest(0x1); //XCN_CRYPT_STRING_BASE64 + form.submit(); + } catch (e) { + showError(createRequestErrorChooseAlgorithm.innerHTML, e); + } + + generatingKeyNotice.style.display = "none"; + } + + window.setTimeout(createCSRHandler, 0); + + // Always return false, form is submitted by deferred method + return false; + } + + /// Call if securityLevel has changed + var refreshSecurityLevel = function () { + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + getProviderList(); + customSettings.style.display = ""; + } else { + customSettings.style.display = "none"; + } + } + + securityLevel.onchange = refreshSecurityLevel; + provider.onchange = getAlgorithmList; + algorithm.onchange = getKeySizeList; + genReq.onclick = createCSR; + + return true; + } // end of initCertEnroll() + + /// Initialise Xenroll code (XP and lower) + /// returns false if initialisation fails + var initXEnroll = function () { + cenroll = null; + + providerTypes = Array( + 1, //PROV_RSA_FULL + 2, //PROV_RSA_SIG + 3, //PROV_DSS + 4, //PROV_FORTEZZA + 5, //PROV_MS_EXCHANGE + 6, //PROV_SSL + 12, //PROV_RSA_SCHANNEL + 13, //PROV_DSS_DH + 14, //PROV_EC_ECDSA_SIG + 15, //PROV_EC_ECNRA_SIG + 16, //PROV_EC_ECDSA_FULL + 17, //PROV_EC_ECNRA_FULL + 18, //PROV_DH_SCHANNEL + 20, //PROV_SPYRUS_LYNKS + 21, //PROV_RNG + 22, //PROV_INTEL_SEC + 23, //PROV_REPLACE_OWF + 24 //PROV_RSA_AES + ); + + algClasses = Array( + 1 << 13, //ALG_CLASS_SIGNATURE + //2 << 13, //ALG_CLASS_MSG_ENCRYPT + //3 << 13, //ALG_CLASS_DATA_ENCRYPT + //4 << 13, //ALG_CLASS_HASH + 5 << 13 //ALG_CLASS_KEY_EXCHANGE + ); + + // Try to initialise the ActiveX element. + try { + cenroll = new ActiveXObject("CEnroll.CEnroll"); + + if (!cenroll) { + throw { + name: "NoObjectError", + message: "Got null at object creation" + }; + } + + form.style.display = ""; + algorithm.disabled = true; + noActiveX.style.display = "none"; + } catch (e) { + return false; + } + + /// Get the name of the selected provider + var getProviderName = function () { + return provider.options[provider.selectedIndex].text; + } + + /// Get the type of the selected provider + var getProviderType = function () { + return parseInt(provider.options[provider.selectedIndex].value, 10); + } + + var refreshProvider = function () { + cenroll.ProviderName = getProviderName(); + cenroll.ProviderType = getProviderType(); + } + + /// Get the ID of the selected algorithm + var getAlgorithmId = function () { + return parseInt(algorithm.options[algorithm.selectedIndex].value, 10); + } + + /// Minimum bit length for exchange keys + var getMinExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(true, true); + } catch (e) { + return false; + } + } + + /// Maximum bit length for exchange keys + var getMaxExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(false, true); + } catch (e) { + return false; + } + } + + /// Step size for exchange keys + /// This might not be available on older platforms + var getStepExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLenEx(3, 1); + } catch (e) { + return false; + } + } + + /// Minimum bit length for signature keys + var getMinSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(true, false); + } catch (e) { + return false; + } + } + + /// Maximum bit length for signature keys + var getMaxSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(false, false); + } catch (e) { + return false; + } + } + + /// Step size for signature keys + /// This might not be available on older platforms + var getStepSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLenEx(3, 2); + } catch (e) { + return false; + } + } + + /// Get the selected key size + var getKeySize = function () { + var bits = parseInt(keySize.value, 10); + if ( + (bits < getMinSigKeyLength()) || + (bits > getMaxSigKeyLength()) || + ( + getStepSigKeyLength() && + ((bits - getMinSigKeyLength()) % getStepSigKeyLength() !== 0) + ) + ) { + return false; + } + + return bits; + } + + var getKeySizeLimits = function () { + // HTML5 attributes + keySize.setAttribute("min", getMinSigKeyLength()); + keySize.setAttribute("max", getMaxSigKeyLength()); + if (getStepSigKeyLength()) { + keySize.setAttribute("step", getStepSigKeyLength()); + } + + // ugly, but buggy otherwise if done with text nodes + keySizeMin.innerHTML = getMinSigKeyLength(); + keySizeMax.innerHTML = getMaxSigKeyLength(); + keySizeStep.innerHTML = getStepSigKeyLength(); + + if (getMinSigKeyLength() === getMaxSigKeyLength()) { + keySize.value = getMaxSigKeyLength(); + } + + return true; + } + + /// Fill the algorithm selection box + var getAlgorithmList = function () { + var i, j; + + refreshProvider(); + + removeChildren(algorithm); + + for (i = 0; i < algClasses.length; ++i) { + for (j = 0; true; ++j) { + try { + var algId = cenroll.EnumAlgs(j, algClasses[i]); + var algName = cenroll.GetAlgName(algId); + algorithm.appendChild(option(algName, algId)); + } catch (e) { + break; + } + } + } + + getKeySizeLimits(); + } + + /// Fill the provider selection box + var getProviderList = function () { + var i, j; + + removeChildren(provider); + + for (i = 0; i < providerTypes.length; ++i) { + cenroll.providerType = providerTypes[i]; + + var providerName = "invalid"; + for (j = 0; true; ++j) { + try { + providerName = cenroll.enumProviders(j, 0); + provider.appendChild(option(providerName, providerTypes[i])); + } catch (e) { + break; + } + } + } + + return getAlgorithmList(); + } + + var createCSR = function () { + var providerName, bits; + + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + refreshProvider(); + + bits = getKeySize(); + if (bits === false) { + window.alert(invalidKeySizeError.innerHTML); + return false; + } + } else { + cenroll.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; + cenroll.ProviderType = 1; //PROV_RSA_FULL + + if (level.value === "high") { + bits = 4096; + } else { // medium + bits = 2048; + } + } + + cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits + //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE + + generatingKeyNotice.style.display = ""; + + // The request needs to be created after we return so the "please wait" + // message gets rendered + var createCSRHandler = function () { + try { + csr.value = cenroll.createPKCS10("", "1.3.6.1.5.5.7.3.2"); + form.submit(); + } catch (e) { + if (e.number === -2147023673) { + // 0x800704c7 => dialogue declined + showError(createRequestErrorConfirmDialogue.innerHTML, e); + } else if (e.number === -2146435043) { + // 0x8010001d => crypto-device not connected + showError(createRequestErrorConnectDevice.innerHTML, e); + } else { + showError(createRequestError.innerHTML, e); + } + } + + generatingKeyNotice.style.display = "none"; + cenroll.Reset(); + } + + window.setTimeout(createCSRHandler, 0); + + // Always return false, form is submitted by deferred method + return false; + } + + /// Call if securityLevel has changed + var refreshSecurityLevel = function () { + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + getProviderList(); + customSettings.style.display = ""; + } else { + customSettings.style.display = "none"; + } + } + + securityLevel.onchange = refreshSecurityLevel; + provider.onchange = getAlgorithmList; + algorithm.onchange = getKeySizeLimits; + genReq.onclick = createCSR; + + return true; + }; + + // Run the init functions until one is successful + if (initCertEnroll()) { + form.style.display = ""; + noActiveX.style.display = "none"; + } else if (initXEnroll()) { + form.style.display = ""; + noActiveX.style.display = "none"; + } else { + window.alert(unsupportedPlatformError.innerHTML); + } +} (); diff --git a/www/styles/default.css b/www/styles/default.css index c97e429..f2b3c95 100644 --- a/www/styles/default.css +++ b/www/styles/default.css @@ -86,11 +86,9 @@ padding-left: 5px; border-left: 0px; } -ul { +ul.no_indent { list-style: none; -margin: 0px 0px 0px 15px; -padding-left: 5px; -border-left: 1px dotted #000; +padding: 0px; } /***********************************************/ diff --git a/www/wot.php b/www/wot.php index 9e41891..ed4f0cd 100644 --- a/www/wot.php +++ b/www/wot.php @@ -115,6 +115,7 @@ function send_reminder() + loadem("account"); if(array_key_exists('date',$_POST) && $_POST['date'] != "") $_SESSION['_config']['date'] = $_POST['date']; @@ -126,6 +127,40 @@ function send_reminder() if($oldid == 12) $id = $oldid; + + if($oldid == 4) + { + if ($_POST['ttp']!='') { + //This mail does not need to be translated + $body = "Hi TTP adminstrators,\n\n"; + $body .= "User ".$_SESSION['profile']['fname']." ". + $_SESSION['profile']['lname']." with email address '". + $_SESSION['profile']['email']."' is requesting a TTP assurances for ". + mysql_escape_string(stripslashes($_POST['country'])).".\n\n"; + if ($_POST['ttptopup']=='1') { + $body .= "The user is also requesting TTP TOPUP.\n\n"; + }else{ + $body .= "The user is NOT requesting TTP TOPUP.\n\n"; + } + $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n"; + $body .= "Please start the TTP assurance process."; + sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website"); + + //This mail needs to be translated + $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n"; + if ($_POST['ttptopup']=='1') { + $body .=_("You are requesting TTP TOPUP.")."\n\n"; + }else{ + $body .=_("You are NOT requesting TTP TOPUP.")."\n\n"; + } + $body .= _("Best regards")."\n"; + $body .= _("CAcert Support Team"); + + sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support"); + + } + + } if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6)) if (!is_assurer($_SESSION['profile']['id'])) @@ -228,7 +263,7 @@ $iecho= "c"; exit; } - if($_REQUEST['points'] == "") + if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points'])) { show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person.")); exit; @@ -305,6 +340,11 @@ $iecho= "c"; } mysql_query($query); fix_assurer_flag($_SESSION['_config']['notarise']['id']); + include_once("../includes/notary.inc.php"); +/*to be activated after CCA accept option is implemented in form + write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/ +/* to be activated after the CCA recording is announced + write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */ if($_SESSION['profile']['points'] < 150) { @@ -321,6 +361,7 @@ $iecho= "c"; `method`='Administrative Increase', `when`=NOW()"; mysql_query($query); + // No need to fix_assurer_flag here, this should only happen for assurers... $_SESSION['profile']['points'] += $addpoints; } @@ -341,14 +382,8 @@ $iecho= "c"; if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0) { - $body .= _("You have at least 100 Assurance Points. If you want ". - "to become an assurer try the Assurer Challenge"). - " ( https://cats.cacert.org ).\n\n"; - $body .= _("To make it easier for others in your area to find ". - "you, it's helpful to list yourself as an assurer (this ". - "is voluntary), as well as a physical location where you ". - "live or work the most. You can flag your account to be ". - "listed, and add a comment to the display by going to:")."\n"; + $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n"; + $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n"; $body .= "https://www.cacert.org/wot.php?id=8\n\n"; $body .= _("You can list your location by going to:")."\n"; $body .= "https://www.cacert.org/wot.php?id=13\n\n"; |