diff options
| author | Michael Tänzer <neo@nhng.de> | 2011-08-21 02:07:40 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2011-08-21 02:07:40 +0200 |
| commit | ce4bfbaf0c2babb5bba2568d3b8712e1615aa651 (patch) | |
| tree | bcdd82ada2066eff6fc21f6dfc2fe01844f1550f | |
| parent | 983a7dced2bc15cfb5760b81659bc72fb39b2567 (diff) | |
| download | cacert-devel-ce4bfbaf0c2babb5bba2568d3b8712e1615aa651.tar.gz cacert-devel-ce4bfbaf0c2babb5bba2568d3b8712e1615aa651.tar.xz cacert-devel-ce4bfbaf0c2babb5bba2568d3b8712e1615aa651.zip | |
Source code taken from cacert-20110820.tar.bz2
| -rwxr-xr-x | CommModule/client.pl | 2 | ||||
| -rw-r--r-- | includes/account.php | 9 | ||||
| -rw-r--r-- | includes/general.php | 29 | ||||
| -rw-r--r-- | includes/lib/account.php | 51 | ||||
| -rw-r--r-- | includes/loggedin.php | 3 | ||||
| -rw-r--r-- | includes/wot.inc.php | 509 | ||||
| -rw-r--r-- | pages/account/14.php | 10 | ||||
| -rw-r--r-- | pages/index/1.php | 4 | ||||
| -rw-r--r-- | pages/index/6.php | 4 | ||||
| -rw-r--r-- | pages/wot/15.php | 29 | ||||
| -rw-r--r-- | scripts/assurer.php | 2 | ||||
| -rw-r--r-- | www/cats/cats_import.php | 5 | ||||
| -rw-r--r-- | www/index.php | 2 | ||||
| -rw-r--r-- | www/wot.php | 12 |
14 files changed, 641 insertions, 30 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl index 4e09c46..323ee27 100755 --- a/CommModule/client.pl +++ b/CommModule/client.pl @@ -540,7 +540,7 @@ sub OpenPGPextractExpiryDate ($) print OUT $_; unless ($r) { - if ( /^\s*version \d+, created (\d+), md5len 0, sigclass \d+\s*$/ ) + if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ ) { SysLog "Detected CTS: $1\n"; $cts = int($1); diff --git a/includes/account.php b/includes/account.php index 14702b9..24c61d8 100644 --- a/includes/account.php +++ b/includes/account.php @@ -1290,6 +1290,8 @@ showheader(_("My CAcert.org Account!")); if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2']) { + echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), + '</h3>', "\n"; echo _("New Pass Phrases specified don't match or were blank."); } else { $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], @@ -1306,14 +1308,21 @@ } if(strlen($_SESSION['_config']['user']['pword1']) < 6) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("The Pass Phrase you submitted was too short."); } else if($score < 3) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else if($rc <= 0) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); + echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n"; echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n"; $body .= _("You are receiving this email because you or someone else")."\n"; diff --git a/includes/general.php b/includes/general.php index 16b75e4..ebdf20e 100644 --- a/includes/general.php +++ b/includes/general.php @@ -38,6 +38,7 @@ $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); + require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php'); if(array_key_exists('HTTP_HOST',$_SERVER) && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && @@ -248,8 +249,7 @@ } } - function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) - { + function checkpwlight($pwd) { $points = 0; if(strlen($pwd) > 15) @@ -279,7 +279,19 @@ $points++; //echo "Points due to length and charset: $points<br/>"; + + // check for historical password proposal + if ($pwd === "Fr3d Sm|7h") { + return 0; + } + + return $points; + } + function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) + { + $points = checkpwlight($pwd); + if(@strstr(strtolower($pwd), strtolower($email))) $points--; @@ -836,19 +848,6 @@ $text=preg_replace("/[^\w-.@]/","",$text); return($text); } - - function fix_assurer_flag($userID) - { - // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID). - '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'. - ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100 - - // Reset flag if requirements are not met - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID). - '\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'. - ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)'); - } // returns 0 if $userID is an Assurer // Otherwise : diff --git a/includes/lib/account.php b/includes/lib/account.php new file mode 100644 index 0000000..f7a24fa --- /dev/null +++ b/includes/lib/account.php @@ -0,0 +1,51 @@ +<?php +/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +function fix_assurer_flag($userID) +{ + // Update Assurer-Flag on users table if 100 points. + // Should the number of points be SUM(points) or SUM(awarded)? + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + 'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '. + 'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '. + '`cp`.`user_id` = `u`.`id`) AND '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100'); + // Challenge has been passed and non-expired points >= 100 + + if (!$query) { + return false; + } + + // Reset flag if requirements are not met + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '. + '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '. + 'AND `cp`.`user_id` = `u`.`id`) OR '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)'); + + if (!$query) { + return false; + } + + return true; +}
\ No newline at end of file diff --git a/includes/loggedin.php b/includes/loggedin.php index 355527f..640bc6c 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -131,13 +131,12 @@ $normalhost=$_SESSION['_config']['normalhostname']; $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { unset($_SESSION[$key]); unset($$key); session_unregister($key); } - unset($_SESSION); header("location: https://".$normalhost."/index.php"); exit; diff --git a/includes/wot.inc.php b/includes/wot.inc.php new file mode 100644 index 0000000..ce35ed6 --- /dev/null +++ b/includes/wot.inc.php @@ -0,0 +1,509 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + function query_init ($query) + { + return mysql_query($query); + } + + function query_getnextrow ($res) + { + $row1 = mysql_fetch_assoc($res); + return $row1; + } + + function query_get_number_of_rows ($resultset) + { + return intval(mysql_num_rows($resultset)); + } + + function get_number_of_assurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `notary`.`from` != `notary`.`to` AND `notary`.`from`='".intval($userid)."'"); + $row = query_getnextrow($res); + + return intval($row['list']); + } + + function get_number_of_assurees ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `notary`.`from` != `notary`.`to` AND `notary`.`to`='".intval($userid)."'"); + $row = query_getnextrow($res); + + return intval($row['list']); + } + + function get_top_assurer_position ($no_of_assurances) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + GROUP BY `notary`.`from` HAVING count(*) > '".intval($no_of_assurances)."'"); + return intval(query_get_number_of_rows($res)+1); + } + + function get_top_assuree_position ($no_of_assurees) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + GROUP BY `notary`.`to` HAVING count(*) > '".intval($no_of_assurees)."'"); + return intval(query_get_number_of_rows($res)+1); + } + + function get_given_assurances ($userid) + { + $res = query_init ("select * from `notary` where `notary`.`from`='".intval($userid)."' and `notary`.`from` != `to` order by `notary`.`id` asc"); + return $res; + } + + function get_received_assurances ($userid) + { + $res = query_init ("select * from `notary` where `notary`.`to`='".intval($userid)."' and `notary`.`from` != `notary`.`to` order by `notary`.`id` asc "); + return $res; + } + + function get_given_assurances_summary ($userid) + { + $res = query_init ("select count(*) as number,points,awarded,method from notary where `notary`.`from`='".intval($userid)."' group by points,awarded,method"); + return $res; + } + + function get_received_assurances_summary ($userid) + { + $res = query_init ("select count(*) as number,points,awarded,method from notary where `notary`.`to`='".intval($userid)."' group by points,awarded,method"); + return $res; + } + + function get_user ($userid) + { + $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); + return mysql_fetch_assoc($res); + } + + function get_cats_state ($userid) + { + + $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 + WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); + return mysql_num_rows($res); + } + + function calc_experience ($row,&$points,&$experience,&$sum_experience) + { + $points += $row['awarded']; + $experience = " "; + if ($row['method'] == "Face to Face Meeting") + { + $sum_experience = $sum_experience +2; + $experience = "2"; + } + return $row['awarded']; + } + + function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded) + { + $awarded = calc_points($row); + + if ($awarded > 100) + { + $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) + $awarded = 100; + } + else + $experience = 0; + + switch ($row['method']) + { + case 'Thawte Points Transfer': + case 'CT Magazine - Germany': + case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented + $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked")); + $experience=0; + break; + default: + $points += $awarded; + } + $sumexperience = $sumexperience + $experience; + } + + + function show_user_link ($name,$userid) + { + $name = trim($name); + if($name == "") + $name = _("Deleted before Verification"); + else + $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>$name</a>"; + return $name; + } + + function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer) + { + $num_of_assurances = get_number_of_assurances (intval($userid)); + $rank_of_assurer = get_top_assurer_position($num_of_assurances); + } + + function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree) + { + $num_of_assurees = get_number_of_assurees (intval($userid)); + $rank_of_assuree = get_top_assuree_position($num_of_assurees); + } + + +// ************* html table definitions ****************** + + function output_ranking($userid) + { + get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer); + get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree); + +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="title"><?=_("Assurer Ranking")?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> + </tr> +</table> +<br/> +<? + } + + function output_assurances_header($title) + { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="7" class="title"><?=$title?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("ID")?></strong></td> + <td class="DataTD"><strong><?=_("Date")?></strong></td> + <td class="DataTD"><strong><?=_("Who")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Location")?></strong></td> + <td class="DataTD"><strong><?=_("Method")?></strong></td> + <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> + </tr> +<? + } + + function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience) + { +?> + <tr> + <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"> </td> + <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> + <td class="DataTD"><?=$sumexperience?></td> + </tr> +</table> +<br/> +<? + } + + function output_assurances_row($assuranceid,$date,$name,$points,$location,$method,$experience) + { +?> + <tr> + <td class="DataTD"><?=$assuranceid?></td> + <td class="DataTD"><?=$date?></td> + <td class="DataTD"><?=$name?></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=$location?></td> + <td class="DataTD"><?=$method?></td> + <td class="DataTD"><?=$experience?></td> + </tr> +<? + } + + function output_summary_header() + { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_("Summary of your Points")?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("Description")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> + <td class="DataTD"><strong><?=_("Remark")?></strong></td> + </tr> +<? + } + + function output_summary_footer() + { +?> +</table> +<br/> +<? + } + + function output_summary_row($title,$points,$points_countable,$remark) + { +?> + <tr> + <td class="DataTD"><strong><?=$title?></strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=$points_countable?></td> + <td class="DataTD"><?=$remark?></td> + </tr> +<? + } + + function output_cats_needed() + { +?> + <tr> + <td class="DataTD" colspan=4><strong style='color: red'><?=_("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")?></strong></td> + </tr> +<? + } + + +// ************* output given assurances ****************** + + function output_given_assurances_content($userid,&$points,&$sum_experience) + { + $points = 0; + $sumexperience = 0; + $res = get_given_assurances(intval($userid)); + while($row = mysql_fetch_assoc($res)) + { + $fromuser = get_user (intval($row['to'])); + calc_experience ($row,$points,$experience,$sum_experience); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); + output_assurances_row (intval($row['id']),$row['date'],$name,intval($row['awarded']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); + } + } + +// ************* output received assurances ****************** + + function output_received_assurances_content($userid,&$points,&$sum_experience) + { + $points = 0; + $sumexperience = 0; + $res = get_received_assurances(intval($userid)); + while($row = mysql_fetch_assoc($res)) + { + $fromuser = get_user (intval($row['from'])); + calc_assurances ($row,$points,$experience,$sum_experience,$awarded); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); + output_assurances_row (intval($row['id']),$row['date'],$name,$awarded,$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); + } + } + +// ************* output summary table ****************** + + function check_date_limit ($userid,$age) + { + $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age)); + $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'"); + return intval(query_get_number_of_rows($res)); + } + + function calc_points($row) + { + if (intval($row['points']) < intval($row['awarded'])) + $points = intval($row['awarded']); // if 'sum of added points' > 100, awarded shows correct value + else + $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value + switch ($row['method']) + { + case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) + case 'CT Magazine - Germany': // revoke c't (only one test-entry) + case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) + $points = 0; + break; + case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) + if ($points <= 2) // maybe limit to 35/50 pts in the future? + $points = 0; + break; + case 'unknown': // to be revoked in the future? limit to max 50 pts? + case 'Trusted 3rd Parties': // to be revoked in the future? limit to max 35 pts? + case '': // to be revoked in the future? limit to max 50 pts? + case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? + break; + default: // should never happen ... ;-) + $points = 0; + } + if ($points < 0) // ignore negative points (bug needs to be fixed) + $points = 0; + return $points; + } + + function max_points($userid) + { + return output_summary_content ($userid,0); + } + + function output_summary_content($userid,$display_output) + { + $sum_points = 0; + $sum_experience = 0; + $sum_experience_other = 0; + $max_points = 100; + $max_experience = 50; + + $experience_limit_reached_txt = _("Limit reached"); + + if (check_date_limit($userid,18) != 1) + { + $max_experience = 10; + $experience_limit_reached_txt = _("Limit given by PoJAM reached"); + } + if (check_date_limit($userid,14) != 1) + { + $max_experience = 0; + $experience_limit_reached_txt = _("Limit given by PoJAM reached"); + } + + $res = get_received_assurances_summary($userid); + while($row = mysql_fetch_assoc($res)) + { + $points = calc_points ($row); + + if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) + { + $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']); + $points = $max_points; + } + $sum_points += $points*intval($row['number']); + } + + $res = get_given_assurances_summary($userid); + while($row = mysql_fetch_assoc($res)) + { + switch ($row['method']) + { + case 'Face to Face Meeting': // count Face to Face only + $sum_experience += 2*intval($row['number']); + break; + } + + } + + if ($sum_points > $max_points) + { + $sum_points_countable = $max_points; + $remark_points = _("Limit reached"); + } + else + { + $sum_points_countable = $sum_points; + $remark_points = " "; + } + if ($sum_experience > $max_experience) + { + $sum_experience_countable = $max_experience; + $remark_experience = $experience_limit_reached_txt; + } + else + { + $sum_experience_countable = $sum_experience; + $remark_experience = " "; + } + + if ($sum_experience_countable + $sum_experience_other > $max_experience) + { + $sum_experience_other_countable = $max_experience-$sum_experience_countable; + $remark_experience_other = $experience_limit_reached_txt; + } + else + { + $sum_experience_other_countable = $sum_experience_other; + $remark_experience_other = " "; + } + + if ($sum_points_countable < $max_points) + { + if ($sum_experience_countable != 0) + $remark_experience = $points_on_hold_txt;_("Points on hold due to less assurance points"); + $sum_experience_countable = 0; + if ($sum_experience_other_countable != 0) + $remark_experience_other = _("Points on hold due to less assurance points"); + $sum_experience_other_countable = 0; + } + + $issue_points = 0; + $cats_test_passed = get_cats_state ($userid); + if ($cats_test_passed == 0) + $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>"; + else + { + $experience_total = $sum_experience_countable+$sum_experience_other_countable; + $issue_points_txt = ""; + if ($sum_points_countable == $max_points) + $issue_points = 10; + if ($experience_total >= 10) + $issue_points = 15; + if ($experience_total >= 20) + $issue_points = 20; + if ($experience_total >= 30) + $issue_points = 25; + if ($experience_total >= 40) + $issue_points = 30; + if ($experience_total >= 50) + $issue_points = 35; + if ($issue_points != 0) + $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points); + } + if ($display_output) + { + output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points); + output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience); + output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other); + output_summary_row (_("Total Points")," ",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt); + } + return $issue_points; + } + + function output_given_assurances($userid) + { + output_assurances_header(_("Assurance Points You Issued")); + output_given_assurances_content($userid,$points,$sum_experience); + output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience); + } + + function output_received_assurances($userid) + { + output_assurances_header(_("Your Assurance Points")); + output_received_assurances_content($userid,$points,$sum_experience); + output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience); + } + + function output_summary($userid) + { + output_summary_header(); + output_summary_content($userid,1); + output_summary_footer(); + } + + function output_end_of_page() + { +?> + <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> +<? + } +?> diff --git a/pages/account/14.php b/pages/account/14.php index 342ab46..29aeb21 100644 --- a/pages/account/14.php +++ b/pages/account/14.php @@ -15,6 +15,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> +<? + if (intval($_REQUEST['force']) === 1) +{ +?> + +<p style="border:dotted 1px #900;padding:0.3em;bold;color:#ffffff;background-color:#ff0000;"><strong><center> +<?=_("For your own security you should change your pass phrase immediately!"); ?></center></strong> +</p> +<?}?> + <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> diff --git a/pages/index/1.php b/pages/index/1.php index d9ce8a8..f4343e7 100644 --- a/pages/index/1.php +++ b/pages/index/1.php @@ -18,9 +18,7 @@ <p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> <p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> -<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br> -<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br> -<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br> +<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br> <b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b> </p> diff --git a/pages/index/6.php b/pages/index/6.php index 8eefa44..fe57d81 100644 --- a/pages/index/6.php +++ b/pages/index/6.php @@ -16,9 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> -<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br> -<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br> -<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?> +<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?> </p> <form method="post" action="index.php" autocomplete="off"> diff --git a/pages/wot/15.php b/pages/wot/15.php new file mode 100644 index 0000000..8579588 --- /dev/null +++ b/pages/wot/15.php @@ -0,0 +1,29 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + + $userid = intval($_SESSION['profile']['id']); + + output_ranking($userid); + output_summary($userid); + output_given_assurances($userid); + output_received_assurances($userid); + + output_end_of_page(); +?> diff --git a/scripts/assurer.php b/scripts/assurer.php index c649fbf..d85a2a6 100644 --- a/scripts/assurer.php +++ b/scripts/assurer.php @@ -30,7 +30,7 @@ $query = " select u.email, fname, lname, sum(n.points) from users u, notary n where n.to=u.id - and not exists(select 1 from cats_passed cp where cp.user_id=u.id) + and not EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`) and exists(select 1 from notary n2 where n2.from=u.id and year(n2.`when`)>2007) and (select count(*) from notary n3 where n3.from=u.id) > 1 group by email, fname, lname diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php index 6d77a75..56dd0cf 100644 --- a/www/cats/cats_import.php +++ b/www/cats/cats_import.php @@ -24,6 +24,8 @@ API for CATS to import passed tests into main CAcert database. */ +require_once('../../includes/lib/account.php'); + function sanitize_string($buffer) { return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES); } @@ -154,8 +156,7 @@ if (!$query) { } // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? -$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100 -if (!$query) { +if (!fix_assurer_flag($userID)) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); diff --git a/www/index.php b/www/index.php index 13e8dc6..7330877 100644 --- a/www/index.php +++ b/www/index.php @@ -332,6 +332,8 @@ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>"; $_SESSION['_config']['oldlocation'] = "account.php?id=13"; } + if (checkpwlight($pword) < 3) + $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1"; if($_SESSION['_config']['oldlocation'] != "") header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']); else diff --git a/www/wot.php b/www/wot.php index 2bd4622..7fa572f 100644 --- a/www/wot.php +++ b/www/wot.php @@ -206,9 +206,15 @@ if($oldid == 6) { $max = maxpoints(); - $awarded = $newpoints = intval($_POST['points']); - if($newpoints > $max) - $newpoints = $max; + + if (intval($_POST['points']) > $max) { + $awarded = $newpoints = $max; + } elseif (intval($_POST['points']) < 0) { + $awarded = $newpoints = 0; + } else { + $awarded = $newpoints = intval($_POST['points']); + } + $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; $res = mysql_query($query); $drow = mysql_fetch_assoc($res); |