summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-08-25 00:46:28 +0200
committerMichael Tänzer <neo@nhng.de>2013-08-25 00:46:28 +0200
commitb3f92f6473bc302bddb5efe7f3b6e200625cfacb (patch)
tree1a4310594093c7d65b60509eadef34109f114c36
parentc6fd753005d2651382fc8aa21933376225035a31 (diff)
parenta82f507306a9eba8a9f5dff82d2091dbd29edf71 (diff)
downloadcacert-devel-b3f92f6473bc302bddb5efe7f3b6e200625cfacb.tar.gz
cacert-devel-b3f92f6473bc302bddb5efe7f3b6e200625cfacb.tar.xz
cacert-devel-b3f92f6473bc302bddb5efe7f3b6e200625cfacb.zip
Merge branch 'release' into bug-1123bug-1123
Conflicts: includes/account.php pages/account/10.php pages/account/3.php pages/gpg/0.php www/gpg.php Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/account.php395
-rw-r--r--includes/general.php21
-rw-r--r--includes/loggedin.php47
-rw-r--r--includes/notary.inc.php16
-rw-r--r--pages/account/10.php6
-rw-r--r--pages/account/12.php36
-rw-r--r--pages/account/16.php20
-rw-r--r--pages/account/18.php20
-rw-r--r--pages/account/20.php14
-rw-r--r--pages/account/22.php27
-rw-r--r--pages/account/3.php36
-rw-r--r--pages/account/43.php108
-rw-r--r--pages/account/5.php39
-rw-r--r--pages/account/58.php61
-rw-r--r--pages/account/6.php90
-rw-r--r--pages/account/8.php4
-rw-r--r--pages/gpg/0.php2
-rw-r--r--pages/gpg/2.php24
-rw-r--r--pages/index/0.php91
-rw-r--r--pages/index/10.php13
-rw-r--r--scripts/49de-lt2013-berlin-email.txt17
-rw-r--r--scripts/49de-lt2013-berlin-mail.php.txt119
-rw-r--r--scripts/50de-ate-luebeck-email.txt91
-rw-r--r--scripts/50de-ate-luebeck-mail.php.txt123
-rw-r--r--scripts/51at-ate-graz-email.txt91
-rw-r--r--scripts/51at-ate-graz-mail.php.txt126
-rwxr-xr-xscripts/cron/warning.php43
-rw-r--r--www/disputes.php34
-rw-r--r--www/gpg.php178
-rw-r--r--www/wot.php21
30 files changed, 1422 insertions, 491 deletions
diff --git a/includes/account.php b/includes/account.php
index aecbd36..4636231 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -17,8 +17,8 @@
*/
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
- require_once('lib/check_weak_key.php');
- require_once('notary.inc.php');
+ require_once("../includes/lib/check_weak_key.php");
+ require_once("../includes/notary.inc.php");
loadem("account");
@@ -250,6 +250,11 @@
$_REQUEST['keytype'] = "MS";
$csr = clean_csr($_REQUEST['optionalCSR']);
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 4)
@@ -335,7 +340,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -346,15 +352,15 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
@@ -379,8 +385,8 @@
$csrsubject="";
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
- if(strlen($user['mname']) == 1)
- $user['mname'] .= '.';
+ if(strlen($user['mname']) == 1)
+ $user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
@@ -435,7 +441,8 @@
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -469,10 +476,10 @@
csrf_check("adddomain");
if(strstr($_REQUEST['newdomain'],"\x00"))
{
- showheader(_("My CAcert.org Account!"));
- echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+ showfooter();
+ exit;
}
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
@@ -636,13 +643,14 @@
echo $row['domain']."<br>\n";
$dres = mysql_query(
- "select distinct `domaincerts`.`id`
- from `domaincerts`, `domlink`
+ "select `domaincerts`.`id`
+ from `domaincerts`
where `domaincerts`.`domid` = '$id'
- or (
- `domaincerts`.`id` = `domlink`.`certid`
- and `domlink`.`domid` = '$id'
- )");
+ union distinct
+ select `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$id'");
while($drow = mysql_fetch_assoc($dres))
{
mysql_query(
@@ -683,8 +691,8 @@
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
- // In case the CSR is missing the ---BEGIN lines, add them automatically:
- $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
@@ -695,6 +703,12 @@
exit;
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -761,7 +775,7 @@
$subject = "";
$count = 0;
$supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
@@ -798,13 +812,15 @@
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
} else {
showheader(_("My CAcert.org Account!"));
echo _("Domain not verified.");
@@ -886,7 +902,8 @@
`modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."'";
+ `pkhash`='".$row['pkhash']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
@@ -1024,6 +1041,24 @@
exit;
}
+ if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
{
showheader(_("My CAcert.org Account!"));
@@ -1062,7 +1097,8 @@
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1161,26 +1197,47 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
- showheader(_("My CAcert.org Account!"));
- //echo _("Now changing the settings for the following certificates:")."<br>\n";
- foreach($_REQUEST as $id => $val)
- {
- //echo $id."<br/>";
- if(substr($id,0,5)=="cert_")
- {
- $id = intval(substr($id,5));
- $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
- //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
- //$row = mysql_fetch_assoc($res);
- }
- }
- echo(_("Certificate settings have been changed.")."<br/>\n");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,5)=="cert_")
+ {
+ $cid = intval(substr($id,5));
+ $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+ mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ if(!empty($_REQUEST['check_comment_'.$cid])) {
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
+ if($oldid == 6 && $_REQUEST['certid'] != "")
+ {
+ if(trim($_REQUEST['description']) != ""){
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $description= "";
}
+ if(trim($_REQUEST['disablelogin']) == "1"){
+ $disablelogin = 1;
+ }else{
+ $disablelogin = 0;
+ }
+ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+
+ }
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@@ -1197,42 +1254,42 @@
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
- if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
- {
- $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
- $id = $oldid;
+ if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+ $id = $oldid;
$oldid=0;
- }
+ }
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -1415,6 +1472,13 @@
}
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1444,6 +1508,12 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1490,6 +1560,7 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
$emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{
@@ -1506,7 +1577,8 @@
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1518,15 +1590,15 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
@@ -1596,7 +1668,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1671,7 +1744,8 @@
`created`='".$row['created']."',
`modified`=NOW(),
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1763,6 +1837,24 @@
exit;
}
+ if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
@@ -1776,6 +1868,12 @@
exit;
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1851,8 +1949,8 @@
exit;
}
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
$query = "select * from `org`,`orginfo` where
`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
`orginfo`.`id`=`org`.`orgid` and
@@ -1899,25 +1997,27 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['rows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- } else {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['altrows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- }
- mysql_query($query);
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['rows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ } else {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['altrows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ }
+ mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1991,7 +2091,8 @@
`modified`=NOW(),
`subject`='".$row['subject']."',
`type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -2092,6 +2193,24 @@
exit;
}
+ if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -2483,7 +2602,7 @@
}
if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
- ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+ ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
$id = 53;
@@ -2493,7 +2612,7 @@
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+ $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2751,24 +2870,24 @@
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
}
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
- {
- csrf_check('admsetassuret');
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- }
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
+ {
+ csrf_check('admsetassuret');
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer'];
+ mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ }
+
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
+ {
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer_blocked'];
+ mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ }
if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
{
diff --git a/includes/general.php b/includes/general.php
index bcbe38d..d89c0e6 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -21,10 +21,10 @@
session_name("cacert");
session_start();
- session_register("_config");
- session_register("profile");
- session_register("signup");
- session_register("lostpw");
+// session_register("_config");
+// session_register("profile");
+// session_register("signup");
+// session_register("lostpw");
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();
@@ -536,17 +536,22 @@
$myemail = mysql_real_escape_string($email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
- list($username,$domain)=split('@',$email);
+ list($username,$domain)=explode('@',$email,2);
$dom = escapeshellarg($domain);
$line = trim(`dig +short MX $dom 2>&1`);
#echo $email."-$dom-$line-\n";
#echo `dig +short mx heise.de 2>&1`."-<br>\n";
$list = explode("\n", $line);
- foreach($list as $row)
- list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1));
+ foreach($list as $row) {
+ if(!strstr($row, " ")) {
+ continue;
+ }
+ list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
+ }
$mxhosts[] = $domain;
-#print_r($mxhosts); die;
+ array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
+
foreach($mxhosts as $key => $domain)
{
$fp = @fsockopen($domain,25,$errno,$errstr,5);
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 5734fad..4f9b8e8 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -18,20 +18,29 @@
include_once("../includes/lib/general.php");
require_once("../includes/lib/l10n.php");
+ include_once("../includes/mysql.php");
+
+ if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
+ $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+ }
+ if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
+ $_SESSION['profile']['id'] = 0;
+ $_SESSION['profile']['loggedin'] = 0;
+ }
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
$uid = $_SESSION['profile']['id'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
@@ -50,14 +59,14 @@
{
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
@@ -69,16 +78,16 @@
} else {
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_GET as $key => $val)
{
@@ -127,9 +136,9 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
header("location: https://".$normalhost."/index.php");
@@ -138,11 +147,11 @@
if($_SESSION['profile']['loggedin'] < 1)
{
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_REQUEST as $key => $val)
{
- if($_SESSION['_config']['oldlocation'])
+ if('' != $_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$key = str_replace(array("\n", "\r"), '', $key);
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 240b649..d6f86a8 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
function query_init ($query)
{
@@ -52,8 +52,8 @@
function get_top_assurer_position ($no_of_assurances)
{
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
@@ -83,7 +83,7 @@
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
-
+
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
@@ -129,7 +129,7 @@
$awarded = 100;
}
else
- $experience = 0;
+ $experience = 0;
switch ($row['method'])
{
@@ -303,7 +303,7 @@
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
-<? }
+<? }
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
@@ -319,7 +319,7 @@
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<? } else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
@@ -374,7 +374,7 @@
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
- $fromuser = get_user (intval($row['to']));
+ $fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));
diff --git a/pages/account/10.php b/pages/account/10.php
index 7ada977..6371f76 100644
--- a/pages/account/10.php
+++ b/pages/account/10.php
@@ -31,10 +31,12 @@
<form method="post" action="account.php">
<? if($_SESSION['profile']['points'] >= 50) { ?>
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br />
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?>
+<p><?=_("Optional comment, only used in the certifictate overview")?><br>
+ <input type="text" name="description" maxlength="80" size=80/></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br />
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
diff --git a/pages/account/12.php b/pages/account/12.php
index fa8b41a..6d85cdc 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -19,22 +19,24 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
</tr>
<?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
from `domaincerts`,`domains`
where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1)
@@ -49,7 +51,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,33 +64,41 @@
$verified = _("Pending");
if($row['revoked'] > 0)
$verified = _("Revoked");
- if($row['revoked'] == 0)
- $row['revoke'] = _("Not Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>"/>&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
+ <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>"/>
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form>
diff --git a/pages/account/16.php b/pages/account/16.php
index 514ecfd..6f055d7 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -29,25 +29,25 @@
foreach($_SESSION['_config']['emails'] as $val) { ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
+ <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]"></td>
+ <td class="DataTD"><input type="text" name="emails[]"/></td>
</tr>
<tr>
<td class="DataTD"><?=_("Name")?>:</td>
- <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
+ <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
- <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
+ <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
+ <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
+ <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
</td>
</tr>
@@ -56,9 +56,15 @@
<td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
</tr>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Optional comment, only used in the certifictate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 />
+ </td>
+ </tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
- <input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
diff --git a/pages/account/18.php b/pages/account/18.php
index 13dcc30..2fbb8b4 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -19,13 +19,14 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Comment")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
@@ -35,7 +36,8 @@
UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
`oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
- `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`
+ `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
+ `oemail`.`description`
from `orgemailcerts` as `oemail`, `org`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`oemail`.`orgid` ";
@@ -50,7 +52,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -80,14 +82,22 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
</tr>
<? } ?>
</table>
diff --git a/pages/account/20.php b/pages/account/20.php
index 510b708..0187013 100644
--- a/pages/account/20.php
+++ b/pages/account/20.php
@@ -27,11 +27,13 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br />
+<p> <?=_("Optional comment, only used in the certifictate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<p><?=_("Paste your CSR below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
+<textarea name="CSR" cols="80" rows="15"></textarea><br />
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
+</form> \ No newline at end of file
diff --git a/pages/account/22.php b/pages/account/22.php
index 9df8200..cb40cf2 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -19,16 +19,16 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
@@ -36,7 +36,8 @@
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
`orgdomaincerts`.`serial`,
- `orgdomaincerts`.`id` as `id`
+ `orgdomaincerts`.`id` as `id`,
+ `orgdomaincerts`.`description`
from `orgdomaincerts`,`org`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
if($viewall != 1)
@@ -51,7 +52,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -77,18 +78,26 @@
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/3.php b/pages/account/3.php
index 4c839f7..d991086 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -52,20 +52,19 @@ if($_SESSION['profile']['points'] >= 50)
$lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix'];
?>
- <tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
- <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
+ <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
+ <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
+ <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
-<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
-<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
-<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
-<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
+ <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br />
+ <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?>
+ <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?>
+ <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?>
+ <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?>
</td>
</tr>
<? } ?>
@@ -83,13 +82,18 @@ if($_SESSION['profile']['points'] >= 50)
<tr>
<td class="DataTD">
- <input type="checkbox" name="login" value="1" checked="checked">
+ <input type="checkbox" name="login" value="1" checked="checked" />
</td>
<td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
</td>
</tr>
-
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Optional comment, only used in the certifictate overview max. 100 characters")?><br />
+ <input type="text" name="description" maxlength="100" size="100" />
+ </td>
+ </tr>
<tr name="expertoff" style="display:none">
<td class="DataTD">
@@ -102,12 +106,14 @@ if($_SESSION['profile']['points'] >= 50)
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br>
- <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br>
+ <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br />
+ <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
</td>
</tr>
+
+
<tr name="expert">
<td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
</tr>
@@ -124,10 +130,10 @@ if($_SESSION['profile']['points'] >= 50)
</td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
<script language="javascript">
diff --git a/pages/account/43.php b/pages/account/43.php
index a926a98..234e01a 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -35,6 +35,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
+ $_REQUEST['userid'] = 0;
+
$emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
@@ -53,14 +55,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
} else {
// $email contains non-digits ==> search for mail addresses
// Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`email` like '$emailsearch'
+ where (`email`.`email` like '$emailsearch'
or `users`.`email` like '$emailsearch')
and `users`.`deleted`=0
group by `users`.`id` limit 100";
}
- // bug-975 ted+uli changes --- end
+ // bug-975 ted+uli changes --- end
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -342,7 +344,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td colspan="2" class="title"><?=_("Account State")?></td>
</tr>
-<?
+<?
// --- bug-975 begin ---
// potential db inconsistency like in a20110804.1
// Admin console -> don't list user account
@@ -363,7 +365,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
4. email.email = primary-email (???) or'd
not covered by admin console find user routine, but may block users login
5. users.verified = 0|1
- further "special settings"
+ further "special settings"
6. users.locked (setting displayed in display form)
7. users.assurer_blocked (setting displayed in display form)
@@ -374,7 +376,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
1. users.verified = 1
2. users.deleted = 0
3. users.locked = 0
- 4. users.email = primary-email
+ 4. users.email = primary-email
--- Assurer, assure someone find user query
select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
@@ -388,11 +390,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
1. email.hash = '' Yes No No
2. email.deleted = 0 Yes No No
3. users.deleted = 0 Yes Yes Yes
- 4. users.verified = 1 No Yes No
+ 4. users.verified = 1 No Yes No
5. users.locked = 0 No Yes No
6. users.email = prim-email No Yes Yes
7. email.email = prim-email Yes No No
-
+
full usable account needs all 7 requirements fulfilled
so if one setting isn't set/cleared there is an inconsistency either way
if eg email.email is not avail, admin console cannot open user info
@@ -436,7 +438,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
}
-
+
if ($drow) {
$eemail = $drow['eemail'];
$edeleted = $drow['edeleted'];
@@ -455,11 +457,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if ($edeleted!=0) {
$inconsistency += 8;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
}
if ($ehash!='') {
$inconsistency += 16;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
}
} else {
$inconsistency = 32;
@@ -478,14 +480,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
"operations and needs to be fixed manually through arbitration/critical ".
"team.")?>
</td>
- </tr>
+ </tr>
<? }
// --- bug-975 end ---
?>
</table>
<br>
-<?
+<?
// End - Debug infos
?>
@@ -514,12 +516,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
-
+
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
-
+
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `domains` inner join `domaincerts`
@@ -530,7 +532,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
-
+
$query = "select COUNT(*) as `expired`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
@@ -539,7 +541,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
-
+
$query = "select COUNT(*) as `revoked`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
@@ -572,12 +574,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
-
+
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
-
+
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `emailcerts`
@@ -587,7 +589,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
-
+
$query = "select COUNT(*) as `expired`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
@@ -595,7 +597,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
-
+
$query = "select COUNT(*) as `revoked`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
@@ -627,12 +629,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
-
+
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
-
+
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `gpg`
@@ -641,7 +643,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
-
+
$query = "select COUNT(*) as `expired`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
@@ -649,7 +651,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
-
+
?>
<td class="DataTD"><?=intval($total)?></td>
<td class="DataTD"><?=intval($valid)?></td>
@@ -666,7 +668,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
</tr>
<tr>
- <td class="DataTD"><?=_("Org Server")?>:</td>
+ <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
<?
$query = "select COUNT(*) as `total`,
MAX(`orgcerts`.`expire`) as `maxexpire`
@@ -676,12 +678,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
-
+
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
-
+
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `orgdomaincerts` as `orgcerts` inner join `org`
@@ -692,7 +694,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
-
+
$query = "select COUNT(*) as `expired`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@@ -701,7 +703,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
-
+
$query = "select COUNT(*) as `revoked`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@@ -736,12 +738,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
-
+
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
-
+
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `orgemailcerts` as `orgcerts` inner join `org`
@@ -752,7 +754,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
-
+
$query = "select COUNT(*) as `expired`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@@ -761,7 +763,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
-
+
$query = "select COUNT(*) as `revoked`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@@ -831,7 +833,7 @@ function showassuredto()
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>
@@ -877,7 +879,7 @@ function showassuredby()
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=$drow['location']?></td>
<td class="DataTD"><?=$drow['method']?></td>
- <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>
@@ -888,19 +890,21 @@ function showassuredby()
</table>
<? } ?>
<br><br>
-<? } }
-
-switch ($_GET['shownotary'])
- {
- case 'assuredto': showassuredto();
- break;
- case 'assuredby': showassuredby();
- break;
- case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
- break;
- case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
- break;
- }
-
-
-?>
+<? } }
+
+if(isset($_GET['shownotary'])) {
+ switch($_GET['shownotary']) {
+ case 'assuredto':
+ showassuredto();
+ break;
+ case 'assuredby':
+ showassuredby();
+ break;
+ case 'assuredto15':
+ output_received_assurances(intval($_GET['userid']),1);
+ break;
+ case 'assuredby15':
+ output_given_assurances(intval($_GET['userid']),1);
+ break;
+ }
+}
diff --git a/pages/account/5.php b/pages/account/5.php
index 5c131ba..9607850 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,28 +19,29 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
- `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`expire` as `expires`,
`emailcerts`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
- emailcerts.disablelogin as `disablelogin`
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
";
@@ -56,7 +57,7 @@
{
?>
<tr>
- <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -86,31 +87,39 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD">
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
- <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
</td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
-<? } ?>
+ <? } ?>
<tr>
- <td class="DataTD" colspan="8">
+ <td class="DataTD" colspan="9">
<a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td>
</tr>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="9">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
- <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/58.php b/pages/account/58.php
new file mode 100644
index 0000000..1f6b1a0
--- /dev/null
+++ b/pages/account/58.php
@@ -0,0 +1,61 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ echo _('You do not have access to this page');
+} else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) != 1){
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ if ($row = mysql_fetch_assoc($res)){
+ $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
+ $query = "select `orginfo`.`o`, `org`.`masteracc`
+ FROM `orginfo`, `org`
+ WHERE `orginfo`.`id` = `org`.`orgid`
+ AND `org`.`memid`='$user_id' order by `orginfo`.`o`";
+ $res1 = mysql_query($query);?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><?
+ if (mysql_num_rows($res1) <= 0) {?>
+ <tr>
+ <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td>
+ </tr>
+ <?}else{?>
+ <tr>
+ <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_('Organisation')?></b></td>
+ <td class="DataTD"><b><?=_('Masteraccount')?></b></td>
+ </tr><?
+ while($drow = mysql_fetch_assoc($res1)){?>
+ <tr>
+ <td class="DataTD"><?=$drow['o']?></td>
+ <td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td>
+ </tr>
+ <?}
+ }
+ ?></table>
+<? }else{
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ }
+ }
+}
+?>
diff --git a/pages/account/6.php b/pages/account/6.php
index 38af8e8..ae72730 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -18,7 +18,24 @@
<?
$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
- $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+// $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`crt_name`,
+ `emailcerts`.`keytype`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`id`='$certid' and `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -127,10 +144,73 @@
<p><?=_("Your certificate:")?></p>
<pre><?=$cert?></pre>
+
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Information about the certificte")?></td>
+ </tr>
<?
-
- showfooter();
- exit;
- }
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td>
+<? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td>
+<? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+<? } ?>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=$verified?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Login")?></td>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Comment")?></td>
+ <td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="6">
+<input type="hidden" name="certid" value="<?=$certid?>">
+</form>
+<?
+ showfooter();
+ exit;
+} \ No newline at end of file
diff --git a/pages/account/8.php b/pages/account/8.php
index 6b3de01..79448d1 100644
--- a/pages/account/8.php
+++ b/pages/account/8.php
@@ -25,7 +25,7 @@
if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr>
- <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td>
+ <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?> /></td>
<td class="DataTD" width="175"><?=$add?></td>
</tr>
<? } ?>
@@ -34,5 +34,5 @@
</tr>
</table>
<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/gpg/0.php b/pages/gpg/0.php
index 60b1784..f490511 100644
--- a/pages/gpg/0.php
+++ b/pages/gpg/0.php
@@ -19,6 +19,8 @@
?>
<p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
<form method="post" action="gpg.php">
+<p><?=_("Optional comment, only used in the certifictate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?></p>
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index e10935e..cc8a872 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -15,29 +15,30 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+<form method="post" action="gpg.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
+ <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Key ID")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
- `expire` as `expires`, `id`, `level`,
- `email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,10 +63,19 @@
<? } ?>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
-
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="6">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
+ </tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/index/0.php b/pages/index/0.php
index e7356c7..a2c2e5a 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -29,61 +29,47 @@
<div class="newsbox">
<?
-/*
- $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
- if($row['story'] != "")
- echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n";
- }
- if(mysql_num_rows(mysql_query("select * from `news`")) > 2)
- echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>";
-*/
- $rss = "";
- $open = $items = 0;
- $fp = @fopen("/www/pages/index/feed.rss", "r");
- if($fp)
- {
- echo '<p id="lnews">'._('Latest News').'</p>';
-
-
- while(!feof($fp))
- $rss .= trim(fgets($fp, 4096));
- fclose($fp);
- $rss = str_replace("><", ">\n<", $rss);
- $lines = explode("\n", $rss);
- foreach($lines as $line)
- {
- $line = trim($line);
-
- if($line != "<item>" && $open == 0)
- continue;
-
- if($line == "<item>" && $open == 0)
- {
- $open = 1;
- continue;
- }
-
- if($line == "</item>" && $open == 1)
- {
- $items++;
- if($items >= 3)
- break;
- $open == 0;
- continue;
- }
- if(substr($line, 0, 7) == "<title>")
- echo "<h3>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 7, -8)))))."</h3>\n";
- if(substr($line, 0, 13) == "<description>")
- echo "<p>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 13, -14)))))."</p>\n";
- if(substr($line, 0, 6) == "<link>")
- echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n";
+ printf("<p id='lnews'>%s</p>\n\n",_('Latest News'));
+
+ $xml = "/www/pages/index/feed.rss"; // FIXME: use relative path to allow operation with different document root
+ $dom = new DOMDocument();
+ $dom->preserveWhiteSpace = false;
+ $dom->Load($xml);
+
+ $xpath = new DOMXPath($dom); //Create an XPath query
+
+ $query = "//channel/item";
+ $items = $xpath->query($query);
+
+ $count = 0;
+ foreach($items as $id => $item) {
+ $query = "./title";
+ $nodeList = $xpath->query($query, $item);
+ $title = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
+
+ $query = "./link";
+ $nodeList = $xpath->query($query, $item);
+ $link = htmlspecialchars($nodeList->item(0)->nodeValue);
+
+ $query = "./description";
+ $nodeList = $xpath->query($query, $item);
+ $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
+
+ printf("<h3> %s </h3>\n", $title);
+ printf("<p> %s </p>\n", $description);
+ printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story"));
+
+ $title = '';
+ $description = '';
+ $link = '';
+
+ $count++;
+ if ($count >= 3) {
+ break;
}
}
?>
+
[ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ]
</div>
<hr/>
@@ -127,4 +113,3 @@
<br /><br />
<?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>.
-
diff --git a/pages/index/10.php b/pages/index/10.php
index 9e09bb8..7280e09 100644
--- a/pages/index/10.php
+++ b/pages/index/10.php
@@ -14,11 +14,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<p style="background-color: #FF8080; font-size: 150%">
-<?
-printf(_('This page has been moved to the %spolicy directory%s. Please update '.
- 'your bookmarks and report any broken links.'),
- '<a href="/policy/PrivacyPolicy.html">', '</a>');
-?>
-</p>
+*/
+
+ header('HTTP/1.0 301 Moved Permanently');
+ header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php');
+ exit();
diff --git a/scripts/49de-lt2013-berlin-email.txt b/scripts/49de-lt2013-berlin-email.txt
new file mode 100644
index 0000000..3759160
--- /dev/null
+++ b/scripts/49de-lt2013-berlin-email.txt
@@ -0,0 +1,17 @@
+Hallo CAcert-Mitglieder und Assurer,
+
+Der diesjaehrige LinuxTag auf der Messe Berlin findet von Mittwoch, 22. Mai bis Samstag, 25. Mai statt und steht unter dem Motto "Open minds create effective solutions!"
+
+Effektive Loesungen finden bei CAcert besonders gut dann statt, wenn ein reger Informationsaustausch stattfindet. Dafuer steht CAcert mit einem Stand auf der Messe am Stand 140 in Halle 7.1a. Wir freuen uns dabei nicht nur auf Besucher, sondern wir sind auch in hohem Masse auf die Mithilfe der Community angewiesen. Wir freuen uns deshalb besonders, auch Dich am Stand als Standbetreuer, Assurer und Netzwerker begruessen zu koennen. Bei dieser Gelegenheit koennen wir uns auch gerne ueber die aktuellen Entwicklungen bei CAcert unterhalten.
+
+Weitere Details stehen in unserem Wiki unter
+[https://wiki.cacert.org/Events/LinuxTag2013]
+
+Fuer Assurer, die als Standbetreuer mithelfen moechten bitte
+Rueckantwort bitte an events@cacert.org
+ 'Ich moechte beim Linuxtag mithelfen'
+Dafuer koennen wir auch kostenlose Eintrittskarten zur Verfuegung stellen, rechtzeitige Absprache ist dafuer natuerlich Voraussetzung.
+
+Vielen Dank fuer eure Unterstuetzung!
+
+Kontakt: events@cacert.org
diff --git a/scripts/49de-lt2013-berlin-mail.php.txt b/scripts/49de-lt2013-berlin-mail.php.txt
new file mode 100644
index 0000000..a5bef69
--- /dev/null
+++ b/scripts/49de-lt2013-berlin-mail.php.txt
@@ -0,0 +1,119 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("49de-lt2013-berlin-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 50;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+// $city = "January 19th 2013";
+
+// ATE-Kiel 2013-02-11
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $eventname = "ATE-Kiel";
+// $city = "11. Februar 2013";
+
+// Linuxtag, Berlin, May 22-25, 2013,
+ $locid = 228950; // Berlin
+ $eventname = "Linuxtag Berlin";
+ $city = "22.-25. Mai, 2013";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/50de-ate-luebeck-email.txt b/scripts/50de-ate-luebeck-email.txt
new file mode 100644
index 0000000..5bbfb70
--- /dev/null
+++ b/scripts/50de-ate-luebeck-email.txt
@@ -0,0 +1,91 @@
+[Deutsch]
+
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das ersteMal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Freitag, den 7. Juni 2013
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Jugendzentrum Burgtor
+- Grosse Burgstrasse 2
+- 23539 Luebeck
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/events/2013-06-07ATE-Luebeck]
+Blog [http://blog.cacert.org/2013/05/595.html]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Luebeck teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+
+[English]
+
+During the last year many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Friday 07. June 2013
+- during 19:00 - ca. 22:00
+- Jugendzentrum Burgtor
+- Grosse Burgstrasse 2
+- 23539 Luebeck
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/events/2013-06-07ATE-Luebeck]
+Blog [http://blog.cacert.org/2013/05/595.html]
+
+User reply for registration: 'I will attend the ATE-Luebeck'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/50de-ate-luebeck-mail.php.txt b/scripts/50de-ate-luebeck-mail.php.txt
new file mode 100644
index 0000000..41721c5
--- /dev/null
+++ b/scripts/50de-ate-luebeck-mail.php.txt
@@ -0,0 +1,123 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("50de-ate-luebeck-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+// $city = "January 19th 2013";
+
+// ATE-Kiel 2013-02-11
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $eventname = "ATE-Kiel";
+// $city = "11. Februar 2013";
+
+// Linuxtag, Berlin, May 22-25, 2013,
+// $locid = 228950; // Berlin
+// $eventname = "Linuxtag Berlin";
+// $city = "22.-25. Mai, 2013";
+
+ $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+ $eventname = "ATE-Luebeck";
+ $city = "07. Juni 2013";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/51at-ate-graz-email.txt b/scripts/51at-ate-graz-email.txt
new file mode 100644
index 0000000..0d77dfe
--- /dev/null
+++ b/scripts/51at-ate-graz-email.txt
@@ -0,0 +1,91 @@
+[Deutsch]
+
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das ersteMal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Freitag, den 16. August 2013
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Realraum Graz
+- Jakomistraße 16
+- 8010 Graz
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2013-08-16ATE-Graz]
+Blog [http://blog.cacert.org/2013/07/ate-graz-at-2013-08-16/]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Graz teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+
+[English]
+
+During the last year many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Friday 16. August 2013
+- during 19:00 - ca. 22:00
+- Realraum Graz
+- Jakomistraße 16
+- 8010 Graz
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2013-08-16ATE-Graz]
+Blog [http://blog.cacert.org/2013/07/ate-graz-at-2013-08-16/]
+
+User reply for registration: 'I will attend the ATE-Graz'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/51at-ate-graz-mail.php.txt b/scripts/51at-ate-graz-mail.php.txt
new file mode 100644
index 0000000..56dd4ff
--- /dev/null
+++ b/scripts/51at-ate-graz-mail.php.txt
@@ -0,0 +1,126 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("51at-ate-graz-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+// $city = "January 19th 2013";
+
+// ATE-Kiel 2013-02-11
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $eventname = "ATE-Kiel";
+// $city = "11. Februar 2013";
+
+// Linuxtag, Berlin, May 22-25, 2013,
+// $locid = 228950; // Berlin
+// $eventname = "Linuxtag Berlin";
+// $city = "22.-25. Mai, 2013";
+
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $eventname = "ATE-Luebeck";
+// $city = "07. Juni 2013";
+
+ $locid = 675661; // Graz, Steiermark, Austria
+ $eventname = "ATE-Graz";
+ $city = "16. August 2013";
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php
index 5cf7c31..0c97ba2 100755
--- a/scripts/cron/warning.php
+++ b/scripts/cron/warning.php
@@ -72,32 +72,37 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid
foreach($days as $day => $warning)
{
- $query =
- "SELECT DISTINCT `domaincerts`.`id`,
+ $select_clause =
+ "`domaincerts`.`id`,
`users`.`fname`, `users`.`lname`, `users`.`email`,
`domains`.`memid`,
`domaincerts`.`subject`, `domaincerts`.`crt_name`,
`domaincerts`.`CN`,
`domaincerts`.`serial`,
- (UNIX_TIMESTAMP(`domaincerts`.`expire`) -
- UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft`
-
- FROM `users`, `domaincerts`, `domlink`, `domains`
- WHERE UNIX_TIMESTAMP(`domaincerts`.`expire`) -
+ (UNIX_TIMESTAMP(`domaincerts`.`expire`) -
+ UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft`";
+ $where_clause =
+ "UNIX_TIMESTAMP(`domaincerts`.`expire`) -
UNIX_TIMESTAMP(NOW()) > -7 * 86400
- AND UNIX_TIMESTAMP(`domaincerts`.`expire`) -
+ AND UNIX_TIMESTAMP(`domaincerts`.`expire`) -
UNIX_TIMESTAMP(NOW()) < $day * 86400
- AND `domaincerts`.`renewed` = 0
- AND `domaincerts`.`warning` <= '$warning'
- AND `domaincerts`.`revoked` = 0
- AND (
- `domaincerts`.`domid` = `domains`.`id`
- OR (
- `domaincerts`.`id` = `domlink`.`certid`
- AND `domlink`.`domid` = `domains`.`id`
- )
- )
- AND `domains`.`memid` = `users`.`id`";
+ AND `domaincerts`.`renewed` = 0
+ AND `domaincerts`.`warning` <= '$warning'
+ AND `domaincerts`.`revoked` = 0
+ AND `domains`.`memid` = `users`.`id`";
+ $query =
+ "SELECT $select_clause
+ FROM `users`, `domaincerts`, `domains`
+ WHERE $where_clause
+ AND `domaincerts`.`domid` = `domains`.`id`
+ UNION DISTINCT
+ SELECT $select_clause
+ FROM `users`,
+ `domaincerts` LEFT JOIN `domlink` ON
+ (`domaincerts`.`id` = `domlink`.`certid`),
+ `domains`
+ WHERE $where_clause
+ AND `domlink`.`domid` = `domains`.`id`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
diff --git a/www/disputes.php b/www/disputes.php
index f195ed5..4944d8c 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -236,6 +236,23 @@
exit;
}
+ //check if email belongs to locked account
+ $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Email Dispute"));
+ printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+ $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
+ $body = sprintf("Someone has just attempted to dispute this email '%s', which belongs to a locked account:\n".
+ "Username(ID): %s (%s)\n".
+ "email: %s\n".
+ "IP/Hostname: %s\n", $email, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
+ sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
+
+ showfooter();
+ exit;
+ }
+
$res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
if(mysql_num_rows($res) > 0)
{
@@ -308,6 +325,23 @@
exit;
}
+ //check if domain belongs to locked account
+ $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Domain Dispute"));
+ printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+ $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
+ $body = sprintf("Someone has just attempted to dispute this domain '%s', which belongs to a locked account:\n".
+ "Username(ID): %s (%s)\n".
+ "email: %s\n".
+ "IP/Hostname: %s\n", $domain, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
+ sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
+
+ showfooter();
+ exit;
+ }
+
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
diff --git a/www/gpg.php b/www/gpg.php
index 267fabd..4133cd9 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -53,7 +53,7 @@ if(0)
{
showheader(_("Welcome to CAcert.org"));
echo "The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience.";
-
+
exit(0);
}
}
@@ -152,7 +152,7 @@ function verifyEmail($email)
$uidformatwrong=0;
if(sizeof($bits)<10) $uidformatwrong=1;
-
+
if(preg_match("/\@.*\@/",$bits[9]))
{
showheader(_("Welcome to CAcert.org"));
@@ -260,7 +260,6 @@ function verifyEmail($email)
}
$resulttable.="</table>";
-
if($nok==0)
{
showheader(_("Welcome to CAcert.org"));
@@ -286,12 +285,20 @@ function verifyEmail($email)
{
write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+ //set variable for comment
+ if(trim($_REQUEST['description']) == ""){
+ $description= "";
+ }else{
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }
+
$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
`email`='".mysql_real_escape_string($lastvalidemail)."',
`level`='1',
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."',
- `keyid`='".mysql_real_escape_string($keyid)."'";
+ `keyid`='".mysql_real_escape_string($keyid)."',
+ `description`='".mysql_real_escape_string($description)."'";
mysql_query($query);
$id = mysql_insert_id();
@@ -345,7 +352,7 @@ function verifyEmail($email)
}
$mail="";
- if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
+ if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
//echo "Found: ".$match[1];
$mail = trim(hex2bin($match[1]));
}
@@ -353,7 +360,7 @@ function verifyEmail($email)
{
//echo "Not found!\n";
}
-
+
$emailok=verifyEmail($mail);
$uidid=$bits[7];
@@ -395,95 +402,89 @@ function verifyEmail($email)
}
}
+ if(count($ToBeDeleted)>0)
+ {
+ $descriptorspec = array(
+ 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
+ 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
+ 2 => array("pipe", "w") // stderr is a file to write to
+ );
+ $stderr = fopen('php://stderr', 'w');
+ //echo "Keyid: $keyid\n";
- if(count($ToBeDeleted)>0)
- {
+ $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
+ //echo "Process: $process\n";
+ //fputs($stderr,"Process: $process\n");
- $descriptorspec = array(
- 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
- 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
- 2 => array("pipe", "w") // stderr is a file to write to
- );
-
- $stderr = fopen('php://stderr', 'w');
-
-
- //echo "Keyid: $keyid\n";
-
- $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
-
- //echo "Process: $process\n";
- //fputs($stderr,"Process: $process\n");
-
- if (is_resource($process)) {
- //echo("it is a resource\n");
- // $pipes now looks like this:
- // 0 => writeable handle connected to child stdin
- // 1 => readable handle connected to child stdout
- // Any error output will be appended to /tmp/error-output.txt
- while (!feof($pipes[1]))
- {
- $buffer = fgets($pipes[1], 4096);
- //echo $buffer;
-
- if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
- {
- fputs($pipes[0],"yes\n");
- }
- elseif($buffer == "[GNUPG:] GOT_IT\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
- {
- fputs($pipes[0],"yes\n");
- }
- elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
- {
- if(count($ToBeDeleted)>0)
- {
- $delthisuid=array_pop($ToBeDeleted);
- //echo "Deleting an UID $delthisuid\n";
- fputs($pipes[0],"uid ".$delthisuid."\n");
- }
- else
- {
- //echo "Saving\n";
- fputs($pipes[0],$state?"save\n":"deluid\n");
- $state++;
- }
- }
- elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
- {
- echo "Key expired!\n";
- exit;
- }
- elseif($buffer == "")
- {
- //echo "Empty!\n";
- }
- else
- {
- echo "ERROR: UNKNOWN $buffer\n";
- }
+ if (is_resource($process)) {
+ //echo("it is a resource\n");
+ // $pipes now looks like this:
+ // 0 => writeable handle connected to child stdin
+ // 1 => readable handle connected to child stdout
+ // Any error output will be appended to /tmp/error-output.txt
+ while (!feof($pipes[1]))
+ {
+ $buffer = fgets($pipes[1], 4096);
+ //echo $buffer;
+
+ if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif($buffer == "[GNUPG:] GOT_IT\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
+ {
+ if(count($ToBeDeleted)>0)
+ {
+ $delthisuid=array_pop($ToBeDeleted);
+ //echo "Deleting an UID $delthisuid\n";
+ fputs($pipes[0],"uid ".$delthisuid."\n");
+ }
+ else
+ {
+ //echo "Saving\n";
+ fputs($pipes[0],$state?"save\n":"deluid\n");
+ $state++;
+ }
+ }
+ elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
+ {
+ echo "Key expired!\n";
+ exit;
+ }
+ elseif($buffer == "")
+ {
+ //echo "Empty!\n";
+ }
+ else
+ {
+ echo "ERROR: UNKNOWN $buffer\n";
+ }
}
//echo "Fertig\n";
fclose($pipes[0]);
-
+
//echo stream_get_contents($pipes[1]);
fclose($pipes[1]);
-
+
// It is important that you close any pipes before calling
// proc_close in order to avoid a deadlock
$return_value = proc_close($process);
-
+
//echo "command returned $return_value\n";
}
else
@@ -519,6 +520,23 @@ function verifyEmail($email)
exit;
}
+ if($oldid == 2 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
$id = intval($id);
showheader(_("Welcome to CAcert.org"));
diff --git a/www/wot.php b/www/wot.php
index ed4f0cd..858f81b 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -328,14 +328,7 @@ $iecho= "c";
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- {
- $query .= ",\n`method`='Temporary Increase'";
- $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
- $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
- } else if($_SESSION['profile']['board'] == 1) {
- $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
- } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+ if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
}
mysql_query($query);
@@ -389,9 +382,6 @@ $iecho= "c";
$body .= "https://www.cacert.org/wot.php?id=13\n\n";
}
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
-
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
@@ -405,20 +395,11 @@ $iecho= "c";
else
$body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- {
- $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
-
- sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
- }
-
showheader(_("My CAcert.org Account!"));
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
?><form method="post" action="wot.php">