source code taken from cacert-20100204.tar.bz2

11 files changed, 65 insertions, 32 deletions

diff --git a/cacert/pages/account/0.php b/cacert/pages/account/0.php
index b595b84..84b581e 100644
--- a/cacert/pages/account/0.php
+++ b/cacert/pages/account/0.php
@@ -28,4 +28,6 @@
 <h4><?=_("Org Client and Server Certificates")?></h4>
 <p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p>
 <h4><?=_("CAcert Web of Trust")?></h4>
-<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons. You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu")?></p>
+<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons.")?></p>
+<p><b><?=_("The former TTP (Trusted Third Party) System has been stopped, and is currently not available.")?></b></p>
+<? // "You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu</p> ?>
diff --git a/cacert/pages/account/13.php b/cacert/pages/account/13.php
index 829b543..e8dad73 100644
--- a/cacert/pages/account/13.php
+++ b/cacert/pages/account/13.php
@@ -24,11 +24,19 @@
 	$month = intval(substr($user['dob'], 5, 2));
 	$day = intval(substr($user['dob'], 8, 2));
 
-	$body  = sprintf(_("Hi %s,"),$user['fname'])."\n";
-	$body .= _("You are receiving this email because you or someone else")."\n";
-	$body .= _("has viewed your lost password questions.")."\n";
+	$body  = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
+	$body .= _("You receive this automatic mail since you yourself or")."\n";
+	$body .= _("someone else looked up your secret questions and answers")."\n";
+	$body .= _("for a forgotten password.")."\n\n";
+	$body .= _("If it was you who looked up or changed that data, or clicked")."\n";
+	$body .= _("through the menu in your account, everything is in best order and")."\n";
+	$body .= _("you can ignore this mail.")."\n\n";
+	$body .= _("But if you received this mail without a recognisable reason,")."\n";
+	$body .= _("there is a danger that an unauthorised person accessed your")."\n";
+	$body .= _("account, and you should promptly change your password and your")."\n";
+	$body .= _("secret questions and answers.")."\n\n";
 
-	$body .= _("Best regards")."\n"._("CAcert.org Support!");
+	$body .= _("With kind regards,")."\n\n"._("CAcert Support");
 
 	sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
 ?>
@@ -125,24 +133,24 @@
     <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
   </tr>
   <tr>
-    <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=$user['Q1']?>"></td>
-    <td class="DataTD"><input type="text" name="A1" value="<?=$user['A1']?>"></td>
+    <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=sanitizeHTML($user['Q1'])?>"></td>
+    <td class="DataTD"><input type="text" name="A1" value="<?=sanitizeHTML($user['A1'])?>"></td>
   </tr>
   <tr>
-    <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=$user['Q2']?>"></td>
-    <td class="DataTD"><input type="text" name="A2" value="<?=$user['A2']?>"></td>
+    <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=sanitizeHTML($user['Q2'])?>"></td>
+    <td class="DataTD"><input type="text" name="A2" value="<?=sanitizeHTML($user['A2'])?>"></td>
   </tr>
   <tr>
-    <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=$user['Q3']?>"></td>
-    <td class="DataTD"><input type="text" name="A3" value="<?=$user['A3']?>"></td>
+    <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=sanitizeHTML($user['Q3'])?>"></td>
+    <td class="DataTD"><input type="text" name="A3" value="<?=sanitizeHTML($user['A3'])?>"></td>
   </tr>
   <tr>
-    <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=$user['Q4']?>"></td>
-    <td class="DataTD"><input type="text" name="A4" value="<?=$user['A4']?>"></td>
+    <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=sanitizeHTML($user['Q4'])?>"></td>
+    <td class="DataTD"><input type="text" name="A4" value="<?=sanitizeHTML($user['A4'])?>"></td>
   </tr>
   <tr>
-    <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=$user['Q5']?>"></td>
-    <td class="DataTD"><input type="text" name="A5" value="<?=$user['A5']?>"></td>
+    <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=sanitizeHTML($user['Q5'])?>"></td>
+    <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
   </tr>
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
diff --git a/cacert/pages/account/40.php b/cacert/pages/account/40.php
index 0142682..1b76f9c 100755
--- a/cacert/pages/account/40.php
+++ b/cacert/pages/account/40.php
@@ -15,7 +15,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
-	$_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
+if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
 ?>
 <H3><?=_("Contact Us")?></H3>
 
diff --git a/cacert/pages/index/1.php b/cacert/pages/index/1.php
index c5b181e..d9ce8a8 100644
--- a/cacert/pages/index/1.php
+++ b/cacert/pages/index/1.php
@@ -46,7 +46,7 @@
   <tr>
     <td class="DataTD"><?=_("Suffix")?><br>
       (<?=_("optional")?>)</td>
-    <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"></td>
+    <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write %sName Suffixes%s into this field."),'<a href="http://en.wikipedia.org/wiki/Suffix_%28name%29" target="_blank">','</a>')?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Date of Birth")?><br>
diff --git a/cacert/pages/index/11.php b/cacert/pages/index/11.php
index 0142682..1b76f9c 100644
--- a/cacert/pages/index/11.php
+++ b/cacert/pages/index/11.php
@@ -15,7 +15,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
-	$_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
+if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
 ?>
 <H3><?=_("Contact Us")?></H3>
 
diff --git a/cacert/pages/index/19.php b/cacert/pages/index/19.php
index bd3a3d1..c58eb68 100644
--- a/cacert/pages/index/19.php
+++ b/cacert/pages/index/19.php
@@ -15,6 +15,11 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<span style="background-color: #FF8080; font-size: 150%">
+Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
+Until a subsidiary policy under AP is written, it is against AP rules.<br>
+</span>
+&nbsp;<br>
 <h3><?=_("Information")?></h3>
 <table border="0" align="center" cellspacing="0" cellpadding="0">
   <tr>
diff --git a/cacert/pages/index/8.php b/cacert/pages/index/8.php
index 368760b..26acaa9 100644
--- a/cacert/pages/index/8.php
+++ b/cacert/pages/index/8.php
@@ -17,12 +17,11 @@
 */ ?>
 <p><b><? printf(_("The current %s board, and roles."), "CAcert Inc."); ?></b></p>
 <p>
-Nick Bebout - <?=_("President")?><br/>
-Mark Lipscombe - <?=_("Vice-President")?><br/>
-Philipp Dunkel - <?=_("Secretary")?><br/>
+Lambert Hofstra - <?=_("President")?><br/>
+Daniel Black - <?=_("Vice-President")?><br/>
+Mark Lipscombe - <?=_("Secretary")?>, <?=_("Public Officer")?><br/>
 Ernestine Schwob - <?=_("Treasurer")?><br/>
-Andreas B&uuml;rki - <?=_("member")?><br/>
-Guillaume Romagny - <?=_("member")?><br/>
+Nick Bebout - <?=_("member")?><br/>
 Ian Grigg - <?=_("member")?><br/>
-Robert Cruikshank - <?=_("Public Officer")?><br/>
+Mario Lipinski - <?=_("member")?><br/>
 </p>
diff --git a/cacert/pages/wot/1.php b/cacert/pages/wot/1.php
index 8eaab6b..a45b5df 100644
--- a/cacert/pages/wot/1.php
+++ b/cacert/pages/wot/1.php
@@ -87,7 +87,8 @@
 	} elseif($locid > 0){
 		echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
 	}
-
+        if($locid>0 || $regid>0 || $ccid>0)
+	{
 	$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
 			`ccid`='".$ccid."' and `regid`='".$regid."' and
 			`locid`='".$locid."' and `users`.`id`=`notary`.`to`
@@ -102,6 +103,8 @@
     <td class="title"><?=_("Max Points")?></td>
     <td class="title"><?=_("Contact Details")?></td>
     <td class="title"><?=_("Email Assurer")?></td>
+    <td class="title"><?=_("Assurer Challenge")?></td>
+
   </tr>
 <? while($row = mysql_fetch_assoc($list)) { ?>
   <tr>
@@ -109,8 +112,12 @@
     <td class="DataTD"><?=maxpoints($row['id'])?></td>
     <td class="DataTD"><?=$row['contactinfo']?></td>
     <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
+    <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
+
   </tr>
-<? } ?>
+<? } 
+        }
+?>
 </table>
 <br>
 <? } ?>
diff --git a/cacert/pages/wot/2.php b/cacert/pages/wot/2.php
index 692d552..a75bc57 100644
--- a/cacert/pages/wot/2.php
+++ b/cacert/pages/wot/2.php
@@ -15,6 +15,11 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<span style="background-color: #FF8080; font-size: 150%">
+Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
+Until a subsidiary policy under AP is written, it is against AP rules.<br>
+</span>
+&nbsp;<br>
 <h3><?=_("To become an Assurer")?></h3>
 
 <p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
@@ -28,6 +33,4 @@ Australia</p>
 
 <p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p>
 
-<p><?=_("The only other way to receive assurance points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampant. Please contact us if you would like more details about this.")?></p>
-
 <p><?=_("Once you have received at least 100 Assurance Points you will have to pass a test called Assurer Challenge, which can be started at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>!'?></p>
diff --git a/cacert/pages/wot/4.php b/cacert/pages/wot/4.php
index 8ad267f..0da72da 100644
--- a/cacert/pages/wot/4.php
+++ b/cacert/pages/wot/4.php
@@ -15,6 +15,11 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<span style="background-color: #FF8080; font-size: 150%">
+Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
+Until a subsidiary policy under AP is written, it is against AP rules.<br>
+</span>
+&nbsp;<br>
 <h3><?=_("Trusted Third Parties")?></h3>
 
 <p><?=_("A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers.")?></p>
diff --git a/cacert/pages/wot/6.php b/cacert/pages/wot/6.php
index 5cc6f32..bc37aa2 100644
--- a/cacert/pages/wot/6.php
+++ b/cacert/pages/wot/6.php
@@ -82,7 +82,7 @@
   </tr>
 <? } ?>
   <tr>
-    <td class="DataTD" colspan="2" align="left"><? printf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. Gross negligence may cause you to be liable."), $row['fname']); ?></td>
+    <td class="DataTD" colspan="2" align="left"><? printf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $row['fname']); ?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Name")?>:</td>
@@ -143,11 +143,15 @@
 <? } ?>
   <tr>
     <td class="DataTD"><input type="checkbox" name="assertion" value="1"<? if(array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1) echo " checked='checked'"; ?>></td>
-    <td class="DataTD"><?=_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that CAcert may challenge this assurance and call upon me to prove the basis for it, and that I may be held responsible if I cannot provide such proof.")?></td>
+    <td class="DataTD"><?=_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible.")?></td>
   </tr>
   <tr>
     <td class="DataTD"><input type="checkbox" name="rules" value="1"<? if(array_key_exists('rules',$_POST) && $_POST['rules'] == 1) echo " checked='checked'"; ?>></td>
-    <td class="DataTD"><?=_("I have read and understood the Rules For Assurers and am making this assurance subject to and in compliance with these rules.")?></td>
+    <td class="DataTD"><?=_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook.")?></td>
+  </tr>
+  <tr>
+    <td class="DataTD"><?=_("Policy")?>:</td>
+    <td class="DataTD"><a href="/policy/AssurancePolicy.php" target="_NEW"><?=_("Assurance Policy")?></a> - <a href="http://wiki.cacert.org/AssuranceHandbook2" target="_NEW"><?=_("Assurance Handbook")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Points")?>:<br><nobr>(Max <?=maxpoints()?>)</nobr></td>
@@ -158,7 +162,7 @@
     <td class="DataTD"><a href="<?=$cap?>" target="_NEW">A4 - <?=_("WoT Form")?></a> <a href="<?=$cap?>&amp;format=letter" target="_NEW">US - <?=_("WoT Form")?></a></td>
   </tr>
   <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I am sure of myself")?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
+    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I confirm this Assurance")?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
   </tr>
 </table>
 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">