summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2011-06-29 01:06:25 +0200
committerMichael Tänzer <neo@nhng.de>2011-06-29 01:06:25 +0200
commitffbe879decc16bc8cc15ace5698b622d01342513 (patch)
tree7235b958720dca9c7fe05f44f22bb06e200e9506
parent70333fec47ea19a5c994a03675fd69f7e74853dc (diff)
downloadcacert-devel-ffbe879decc16bc8cc15ace5698b622d01342513.tar.gz
cacert-devel-ffbe879decc16bc8cc15ace5698b622d01342513.tar.xz
cacert-devel-ffbe879decc16bc8cc15ace5698b622d01342513.zip
bug 942: move fix_assurer_flag() into a library file that may also be called by
shell scripts and call it from cats_import.php bug 942: CATS import interface is not fit to handle non-Assurer Challenge tests Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/general.php14
-rw-r--r--includes/lib/account.php51
-rw-r--r--www/cats/cats_import.php8
3 files changed, 55 insertions, 18 deletions
diff --git a/includes/general.php b/includes/general.php
index 5789875..30b0f72 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -38,6 +38,7 @@
$_SESSION['_config']['filepath'] = "/www";
require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
+ require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php');
if(array_key_exists('HTTP_HOST',$_SERVER) &&
$_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
@@ -836,19 +837,6 @@
$text=preg_replace("/[^\w-.@]/","",$text);
return($text);
}
-
- function fix_assurer_flag($userID)
- {
- // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
- $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).
- '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
- ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100
-
- // Reset flag if requirements are not met
- $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID).
- '\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
- ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)');
- }
// returns 0 if $userID is an Assurer
// Otherwise :
diff --git a/includes/lib/account.php b/includes/lib/account.php
new file mode 100644
index 0000000..f9ab3d8
--- /dev/null
+++ b/includes/lib/account.php
@@ -0,0 +1,51 @@
+<?php
+/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+function fix_assurer_flag($userID)
+{
+ // Update Assurer-Flag on users table if 100 points.
+ // Should the number of points be SUM(points) or SUM(awarded)?
+ $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '.
+ '`u`.`id` = \''.(int)intval($userID).'\' AND '.
+ 'EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
+ 'WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '.
+ '`tp`.`user_id` = `u`.`id`) AND '.
+ '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
+ 'AND `expire` < now()) >= 100');
+ // Challenge has been passed and non-expired points >= 100
+
+ if (!$query) {
+ return false;
+ }
+
+ // Reset flag if requirements are not met
+ $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '.
+ '`u`.`id` = \''.(int)intval($userID).'\' AND '.
+ '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS '.
+ '`cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '.
+ 'AND `tp`.`user_id` = `u`.`id`) OR '.
+ '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
+ 'AND `n`.`expire` < now()) < 100)');
+
+ if (!$query) {
+ return false;
+ }
+
+ return true;
+} \ No newline at end of file
diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php
index 7662fce..56dd0cf 100644
--- a/www/cats/cats_import.php
+++ b/www/cats/cats_import.php
@@ -24,6 +24,8 @@
API for CATS to import passed tests into main CAcert database.
*/
+require_once('../../includes/lib/account.php');
+
function sanitize_string($buffer) {
return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES);
}
@@ -154,11 +156,7 @@ if (!$query) {
}
// Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
-$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 '.
- 'WHERE `u`.`id` = \''.(int)intval($userID).'\' '.
- 'AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`) '.
- 'AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100
-if (!$query) {
+if (!fix_assurer_flag($userID)) {
echo 'Invalid query'."\r\n";
trigger_error('Invalid query', E_USER_ERROR);
exit();