summaryrefslogtreecommitdiff
path: root/pages
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-12-16 21:03:54 +0100
committerBenny Baumann <BenBE@geshi.org>2014-12-16 21:08:25 +0100
commit0988a0c268653910f78a50e16d34edf14a89dc13 (patch)
tree3c8bcc1e070b4c15825758e16b4a426a58cf1fe0 /pages
parentdd6c8d16286f10c22b0fe7e4908825e18db9d703 (diff)
parent5596d4a37845019c6053c184a94689101a7d48a8 (diff)
downloadcacert-devel-0988a0c268653910f78a50e16d34edf14a89dc13.tar.gz
cacert-devel-0988a0c268653910f78a50e16d34edf14a89dc13.tar.xz
cacert-devel-0988a0c268653910f78a50e16d34edf14a89dc13.zip
Merge branch 'release' into bug-1131bug-1131
Conflicts: pages/wot/6.php www/policy/CAcertCommunityAgreement.php The conflict in the CCA document page was introduced due to the rename of the file. This instance can be safely ignored, as bug 1131 introduces a new version superseeding the old document. The instance in pages/wot/6.php is a bit more complicated, but basically results from a change of bug 1137 and the modified paths to the policy documents.
Diffstat (limited to 'pages')
-rw-r--r--pages/account/10.php67
-rw-r--r--pages/account/11.php86
-rw-r--r--pages/account/12.php54
-rw-r--r--pages/account/13.php101
-rw-r--r--pages/account/15.php2
-rw-r--r--pages/account/16.php99
-rw-r--r--pages/account/17.php9
-rw-r--r--pages/account/18.php184
-rw-r--r--pages/account/19.php6
-rw-r--r--pages/account/20.php63
-rw-r--r--pages/account/21.php72
-rw-r--r--pages/account/22.php180
-rw-r--r--pages/account/23.php2
-rw-r--r--pages/account/3.php139
-rw-r--r--pages/account/43.php1886
-rw-r--r--pages/account/44.php27
-rw-r--r--pages/account/5.php64
-rw-r--r--pages/account/50.php6
-rw-r--r--pages/account/52.php107
-rw-r--r--pages/account/55.php234
-rw-r--r--pages/account/56.php82
-rw-r--r--pages/account/57.php48
-rw-r--r--pages/account/58.php4
-rw-r--r--pages/account/59.php385
-rw-r--r--pages/account/6.php250
-rw-r--r--pages/account/8.php4
-rw-r--r--pages/gpg/0.php10
-rw-r--r--pages/gpg/2.php35
-rw-r--r--pages/index/0.php102
-rw-r--r--pages/index/1.php53
-rw-r--r--pages/index/21.php39
-rw-r--r--pages/index/52.php33
-rw-r--r--pages/wot/1.php22
-rw-r--r--pages/wot/10.php30
-rw-r--r--pages/wot/15.php4
-rw-r--r--pages/wot/4.php2
-rw-r--r--pages/wot/5.php47
-rw-r--r--pages/wot/6.php61
-rw-r--r--pages/wot/9.php25
39 files changed, 2937 insertions, 1687 deletions
diff --git a/pages/account/10.php b/pages/account/10.php
index a394695..17999a7 100644
--- a/pages/account/10.php
+++ b/pages/account/10.php
@@ -17,7 +17,7 @@
*/
include_once("../includes/shutdown.php");
?>
-<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
@@ -30,13 +30,66 @@
<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p>
<form method="post" action="account.php">
+<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="80" size="80" />
+</p>
+<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br />
+ <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea>
+</p>
+
+<fieldset>
+<legend>
+ <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" />
+ <label for="expertbox"><?=_("Advanced Options")?></label>
+</legend>
+<div id="advanced_options">
+
<? if($_SESSION['profile']['points'] >= 50) { ?>
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<ul class="no_indent">
+ <li>
+ <input type="radio" id="root1" name="rootcert" value="1" />
+ <label for="root1"><?=_("Sign by class 1 root certificate")?></label>
+ </li>
+ <li>
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" />
+ <label for="root2"><?=_("Sign by class 3 root certificate")?></label>
+ </li>
+</ul>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?>
-<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+
+<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
+<ul class="no_indent">
+<?
+foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+?>
+ <li>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
+ </li>
+<?
+}
+?>
+</ul>
+
+</div>
+</fieldset>
+
+<p><input type="checkbox" id="CCA" name="CCA" /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please note: You need to accept the CCA to proceed.")?></label></p>
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
+
+
+<script language="javascript">
+function showExpert(a)
+{
+ var options=document.getElementById("advanced_options");
+ options.style.display = (a) ? "" : "none";
+
+ var checkbox=document.getElementById("expertbox");
+ checkbox.style.display = "";
+}
+showExpert(false);
+</script>
diff --git a/pages/account/11.php b/pages/account/11.php
index 4e070cb..5f94122 100644
--- a/pages/account/11.php
+++ b/pages/account/11.php
@@ -15,39 +15,61 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+
<p>
-<?=_("Please make sure the following details are correct before proceeding any further.")?>
+<?=_("Please make sure the following details are correct before proceeding ".
+ "any further.")?>
</p>
-<?// print_r($_SESSION['_config']['altrows']); ?>
+
+<p><?
+if (is_array($_SESSION['_config']['rows'])) {
+ foreach ($_SESSION['_config']['rows'] as $row) {
+ echo _("CommonName"), ": $row<br>\n";
+ }
+}
+
+if (is_array($_SESSION['_config']['altrows'])) {
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ echo _("subjectAltName"), ": $row<br>\n";
+ }
+}
+?></p>
+
<p>
-<? if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row) { ?>
-<?=_("CommonName")?>: <?=$row?><br>
-<? } ?>
-<? if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row) { ?>
-<?=_("subjectAltName")?>: <?=$row?><br>
-<? } ?>
-<? if(1 == 0) { ?>
-<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br>
-<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br>
-<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br>
-<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br>
-<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br>
-<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br>
-<? } ?>
-<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?>
-<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?>
-<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br>
-<? foreach($_SESSION['_config']['rejected'] as $row) { ?>
-<?=_("Rejected")?>: <a href="account.php?id=7&amp;newdomain=<?=$row?>"><?=$row?></a><br>
-<? } } ?>
-<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?>
-<form method="post" action="account.php">
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-<? } else { ?>
-<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b>
-<? } ?>
+<?=_("No additional information will be included on certificates because it ".
+ "can not be automatically checked by the system.")?>
</p>
+
+<p><?
+if (array_key_exists('rejected',$_SESSION['_config']) &&
+ is_array($_SESSION['_config']['rejected'])) {
+ echo _("The following hostnames were rejected because the system couldn't ".
+ "link them to your account, if they are valid please verify the ".
+ "domains against your account."), "<br>\n";
+
+ foreach ($_SESSION['_config']['rejected'] as $row) {
+ echo _("Rejected");
+ echo ": <a href='account.php?id=7&amp;newdomain=$row'>$row</a><br>\n";
+ }
+}
+?></p>
+
+<?
+if (is_array($_SESSION['_config']['rows']) ||
+ is_array($_SESSION['_config']['altrows'])) {
+ ?>
+ <form method="post" action="account.php">
+ <p>
+ <input type="submit" name="process" value="<?=_("Submit")?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </p>
+ </form>
+ <?
+} else {
+ ?>
+ <p>
+ <b><?=_("Unable to continue as no valid commonNames or ".
+ "subjectAltNames were present on your certificate request.")?></b>
+ </p>
+ <?
+}
diff --git a/pages/account/12.php b/pages/account/12.php
index fa8b41a..f4428aa 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -19,37 +19,42 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
</tr>
<?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
- `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`
+ `domaincerts`.`expire`,
+ `domaincerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`,
+ if (`domaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`domaincerts`.`modified`) as `modified`,
+ `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
from `domaincerts`,`domains`
where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1)
{
$query .= "AND `revoked`=0 AND `renewed`=0 ";
- $query .= "HAVING `timeleft` > 0 ";
+ $query .= "HAVING `timeleft` > 0 or `expire` = 0 ";
}
- $query .= "ORDER BY `domaincerts`.`modified` desc";
+ $query .= "ORDER BY `modified` desc";
//echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,33 +67,46 @@
$verified = _("Pending");
if($row['revoked'] > 0)
$verified = _("Revoked");
- if($row['revoked'] == 0)
- $row['revoke'] = _("Not Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td>
<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
- <td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><?=$row['expire']?></td>
+ <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <td class="DataTD" colspan="8">
+ <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>"/>&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
+ <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
+<input type="hidden" name="oldid" value="<?=intval($id)?>"/>
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form>
diff --git a/pages/account/13.php b/pages/account/13.php
index c2b7cc5..ea28c0e 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -16,30 +16,34 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
- $res = mysql_query($query);
- $user = mysql_fetch_assoc($res);
+ $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ $user = mysql_fetch_assoc($res);
- $year = intval(substr($user['dob'], 0, 4));
- $month = intval(substr($user['dob'], 5, 2));
- $day = intval(substr($user['dob'], 8, 2));
+ $year = intval(substr($user['dob'], 0, 4));
+ $month = intval(substr($user['dob'], 5, 2));
+ $day = intval(substr($user['dob'], 8, 2));
+ $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0;
- $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
- $body .= _("You receive this automatic mail since you yourself or someone ".
- "else looked up your secret questions and answers for a forgotten ".
- "password.\n\n".
- "If it was you who looked up or changed that data, or clicked ".
- "through the menu in your account, everything is in best order ".
- "and you can ignore this mail.\n\n".
- "But if you received this mail without a recognisable reason, ".
- "there is a danger that an unauthorised person accessed your ".
- "account, and you should promptly change your password and your ".
- "secret questions and answers.")."\n\n";
+ if($showdetails){
+ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
+ $body .= _("You receive this automatic mail since you yourself or someone ".
+ "else looked up your secret questions and answers for a forgotten ".
+ "password.\n\n".
+ "If it was you who looked up or changed that data, or clicked ".
+ "through the menu in your account, everything is in best order ".
+ "and you can ignore this mail.\n\n".
+ "But if you received this mail without a recognisable reason, ".
+ "there is a danger that an unauthorised person accessed your ".
+ "account, and you should promptly change your password and your ".
+ "secret questions and answers.")."\n\n";
- $body .= _("Best regards")."\n"._("CAcert Support");
+ $body .= _("Best regards")."\n"._("CAcert Support");
- sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+ sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+ }
?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
@@ -48,46 +52,46 @@
<? if($_SESSION['profile']['points'] == 0) { ?>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
- <td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td>
+ <td class="DataTD" width="125"><input type="text" name="fname" value="<?=sanitizeHTML($user['fname'])?>"></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($user['mname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
- <td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td>
+ <td class="DataTD"><input type="text" name="lname" value="<?=sanitizeHTML($user['lname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($user['suffix'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><nobr><select name="day">
<?
- for($i = 1; $i <= 31; $i++)
- {
- echo "<option";
- if($day == $i)
- echo " selected='selected'";
- echo ">$i</option>";
- }
+ for($i = 1; $i <= 31; $i++)
+ {
+ echo "<option";
+ if($day == $i)
+ echo " selected='selected'";
+ echo ">$i</option>";
+ }
?>
</select>
<select name="month">
<?
- for($i = 1; $i <= 12; $i++)
- {
- echo "<option value='$i'";
- if($month == $i)
- echo " selected='selected'";
- echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
- }
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
+ }
?>
</select>
<input type="text" name="year" value="<?=$year?>" size="4"></nobr>
@@ -96,39 +100,36 @@
<? } else { ?>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
- <td class="DataTD" width="125"><?=$user['fname']?></td>
+ <td class="DataTD" width="125"><?=sanitizeHTML($user['fname'])?></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
- <td class="DataTD"><?=$user['mname']?></td>
+ <td class="DataTD"><?=sanitizeHTML($user['mname'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
- <td class="DataTD"><?=$user['lname']?></td>
+ <td class="DataTD"><?=sanitizeHTML($user['lname'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
- <td class="DataTD"><?=$user['suffix']?></td>
+ <td class="DataTD"><?=sanitizeHTML($user['suffix'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
- (<?=_("dd/mm/yyyy")?>)</td>
+ (<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><?=$day?> <?=ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$month,1,1))))?> <?=$year?></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD"><?=_("OTP Hash")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otphash"></td>
+ <td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
- <td class="DataTD"><?=_("OTP PIN")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otppin"></td>
+ <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td>
</tr>
+ <? if($showdetails){ ?>
<tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
@@ -153,9 +154,11 @@
<td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
</tr>
<tr>
+ <input type="hidden" name="showdetails" value="1" />
+ <? } ?>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" />
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
</form>
diff --git a/pages/account/15.php b/pages/account/15.php
index 6cd3115..405cb44 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/16.php b/pages/account/16.php
index 514ecfd..829897f 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -25,41 +25,102 @@
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
-<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails']))
- foreach($_SESSION['_config']['emails'] as $val) { ?>
+<?
+if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) {
+ $i = 1;
+ foreach($_SESSION['_config']['emails'] as $val) {
+?>
<tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
+ <td class="DataTD"><label for="email<?=$i?>"><?=_("Email")?></label></td>
+ <td class="DataTD"><input type="text" id="email<?=$i?>" name="emails[]" value="<?=$val?>"/></td>
</tr>
-<? } ?>
+<?
+ $i++;
+ }
+} ?>
<tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]"></td>
+ <td class="DataTD"><label for="email0"><?=_("Email")?></td>
+ <td class="DataTD"><input type="text" id="email0" name="emails[]"/></td>
</tr>
<tr>
- <td class="DataTD"><?=_("Name")?>:</td>
- <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
+ <td class="DataTD"><label for="name"><?=_("Name")?></label></td>
+ <td class="DataTD"><input type="text" id="name" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr>
<tr>
- <td class="DataTD"><?=_("Department")?>:</td>
- <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
+ <td class="DataTD"><label for="OU"><?=_("Department")?></label></td>
+ <td class="DataTD"><input type="text" id="OU" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td>
</tr>
- <tr>
+
+ <tr name="expertoff" style="display:none">
+ <td class="DataTD">
+ <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
+ </td>
+ <td class="DataTD">
+ <label for="expertbox"><?=_("Show advanced options")?></label>
+ </td>
+ </tr>
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
+ <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 60))?>
+ </td>
+ </tr>
+
+ <tr name="expert">
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
- <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
+ <?=_("Hash algorithm used when signing the certificate:")?><br />
+ <?
+ foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+ ?>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
+ <?
+ }
+ ?>
</td>
</tr>
+
<? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?>
- <tr>
- <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="checkbox" id="codesign" name="codesign" value="1" />
+ <label for="codesign"><?=_("Code Signing")?></label>
+ </td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
- <input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <td class="DataTD" colspan="2" align="left">
+ <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="80" size="80" />
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2">
+ <input type="submit" name="add_email" value="<?=_("Add Another Email Address")?>">
+ <input type="submit" name="process" value="<?=_("Next")?>" />
+ </td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
+<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>
+
+<script language="javascript">
+function showExpert(a)
+{
+ b=document.getElementsByName("expert");
+ for(i=0;b.length>i;i++)
+ {
+ if(!a) {b[i].setAttribute("style","display:none"); }
+ else {b[i].removeAttribute("style");}
+ }
+ b=document.getElementsByName("expertoff");
+ for(i=0;b.length>i;i++)
+ {
+ b[i].removeAttribute("style");
+ }
+
+}
+showExpert(false);
+</script>
diff --git a/pages/account/17.php b/pages/account/17.php
index 8ac8b65..0d5c2c7 100644
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -17,3 +17,12 @@
*/
require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
+
+?>
+ -- <?=_("or")?> --
+ <form method="post" action="account.php">
+ <input type="hidden" name="keytype" value="VI">
+ <textarea rows="20" cols="40" name="CSR"></textarea>
+ <input type="submit" name="submit" value="<?=_("Submit CSR")?>">
+ <input type="hidden" name="oldid" value="17">
+ </form>
diff --git a/pages/account/18.php b/pages/account/18.php
index 13dcc30..ca0a3c8 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -14,60 +14,144 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+*/
+
+$orgfilterid = array_key_exists('orgfilterid',$_SESSION['_config']) ? intval($_SESSION['_config']['orgfilterid']) : 0;
+$sorting = array_key_exists('sorting',$_SESSION['_config']) ? intval($_SESSION['_config']['sorting']) : 0;
+$status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_config']['status']) : 0;
+?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="9" class="title"><?=_("Organisation Client Certificates")?> </td>
</tr>
<tr>
- <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
- <td class="DataTD"><?=_("Status")?></td>
- <td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="9" class="title"><?=_("Filter/Sorting")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation")?></td>
+ <td colspan="8" class="DataTD" >
+ <select name="orgfilterid">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $orgfilterid ? " selected" : "" ,_("All")) ?>
+<? $query = "select `orginfo`.`O`, `orginfo`.`id`
+ from `org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
+ ORDER BY `orginfo`.`O` ";
+ $reso = mysql_query($query);
+ if(mysql_num_rows($reso) >= 1){
+ while($row = mysql_fetch_assoc($reso)){
+ printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
+ }
+ }?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Sorting")?></td>
+ <td colspan="8" class="DataTD" >
+ <select name="sorting">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $sorting ? " selected" : "" ,_("expire date (desc)")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $sorting ? " selected" : "" ,_("OU, expire date (desc)")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',2, 2 == $sorting ? " selected" : "" ,_("Common name, expire date (desc)")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Certificate status")?></td>
+ <td colspan="8" class="DataTD" >
+ <select name="status">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $status ? " selected" : "" ,_("Current/Active")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $status ? " selected" : "" ,_("All")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="9"><input type="submit" name="reset" value="<?=_("Reset")?>" />&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" name="filter" value="<?=_("Apply filter/sort")?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="DataTD"> </td>
+ </tr>
<?
- $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`,
- UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
- UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
- `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
- `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`
- from `orgemailcerts` as `oemail`, `org`
- where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
- `org`.`orgid`=`oemail`.`orgid` ";
- if($viewall != 1)
- {
- $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
- $query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
- }
- $query .= "ORDER BY `oemail`.`modified` desc";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
+ $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`,
+ UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
+ `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
+ if (`oemail`.`expire`=0,CURRENT_TIMESTAMP(),`oemail`.`modified`) as `modified`,
+ `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
+ `oemail`.`description`, `oemail`.`ou`, `orginfo`.`O`
+ from `orgemailcerts` as `oemail`, `org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
+ `org`.`orgid`=`oemail`.`orgid` and `orginfo`.`id` = `org`.`orgid`";
+ if($orgfilterid>0)
+ {
+ $query .= "AND `org`.`orgid`=$orgfilterid ";
+ }
+
+ if(0==$status)
+ {
+ $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 AND `revoked`=0 or `expires` = 0 ";
+ }
+ switch ($sorting){
+ case 0:
+ $query .= "ORDER BY `orginfo`.`O`, `modified` desc";
+ break;
+ case 1:
+ $query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `modified` desc";
+ break;
+ case 2:
+ $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc";
+ break;
+ }
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
?>
+
<tr>
- <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="9" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
- {
- if($row['timeleft'] > 0)
- $verified = _("Valid");
- if($row['timeleft'] < 0)
- $verified = _("Expired");
- if($row['expired'] == 0)
- $verified = _("Pending");
- if($row['revoked'] > 0)
- $verified = _("Revoked");
- if($row['revoked'] == 0)
- $row['revoke'] = _("Not Revoked");
+ $orgname='';
+ while($row = mysql_fetch_assoc($res))
+ {
+ if ($row['O']<>$orgname) {
+ $orgname=$row['O'];?>
+ <tr>
+ <td colspan="9" class="title"></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="title"><? printf(_("Certificates for %s"), $orgname)?> </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("OU/Department")?></td>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ </tr>
+ <?
+ }
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
<tr>
-<? if($verified == _("Valid") || $verified == _("Expired")) { ?>
+ <td class="DataTD"><?=$row['ou']?></td>
+ <? if($verified == _("Valid") || $verified == _("Expired")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
@@ -80,18 +164,28 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
+ <td class="DataTD" colspan="9">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="9"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
-</form>
-<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
+</form> \ No newline at end of file
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..d7259f3 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -31,7 +31,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
if($row['keytype'] == "NS")
{
@@ -52,6 +52,10 @@
showfooter();
exit;
}
+ } else if($row['keytype'] == "VI"){
+ showheader(_("My CAcert.org Account!"));
+ echo "<pre>".$cert."</pre>";
+ showfooter();
} else {
showheader(_("My CAcert.org Account!"));
?>
diff --git a/pages/account/20.php b/pages/account/20.php
index 510b708..89bbc30 100644
--- a/pages/account/20.php
+++ b/pages/account/20.php
@@ -17,7 +17,7 @@
*/
include_once("../includes/shutdown.php");
?>
-<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
@@ -27,11 +27,60 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="80" size="80" />
+</p>
+<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br />
+ <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea>
+</p>
+
+<fieldset>
+<legend>
+ <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" />
+ <label for="expertbox"><?=_("Advanced Options")?></label>
+</legend>
+<div id="advanced_options">
+<ul class="no_indent">
+ <li>
+ <input type="radio" id="root1" name="rootcert" value="1" />
+ <label for="root1"><?=_("Sign by class 1 root certificate")?></label>
+ </li>
+ <li>
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" />
+ <label for="root2"><?=_("Sign by class 3 root certificate")?></label>
+ </li>
+</ul>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
-<p><?=_("Paste your CSR below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+
+<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
+<ul class="no_indent">
+<?
+foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+?>
+ <li>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
+ </li>
+<?
+}
+?>
+</ul>
+
+</div>
+</fieldset>
+
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
+
+<script language="javascript">
+function showExpert(a)
+{
+ var options=document.getElementById("advanced_options");
+ options.style.display = (a) ? "" : "none";
+
+ var checkbox=document.getElementById("expertbox");
+ checkbox.style.display = "";
+}
+showExpert(false);
+</script>
diff --git a/pages/account/21.php b/pages/account/21.php
index 6c3786b..c5832b9 100644
--- a/pages/account/21.php
+++ b/pages/account/21.php
@@ -14,41 +14,57 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $org = $_SESSION['_config']['row'];
- if($org['id'] <= 0)
- $org = $_SESSION['_config']['altrow'];
+*/
+
+$org = $_SESSION['_config']['row'];
+if ($org['id'] <= 0) {
+ $org = $_SESSION['_config']['altrow'];
+}
?>
+
<p>
-<?=_("Please make sure the following details are correct before proceeding any further.")?>
+<?=_("Please make sure the following details are correct before proceeding ".
+ "any further.")?>
</p>
-<p>
-<? if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row) { ?>
-<?=_("CommonName")?>: <?=$row?><br>
-<? } ?>
-<? if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row) { ?>
-<?=_("subjectAltName")?>: <?=$row?><br>
-<? } ?>
-<?=_("Organisation")?>: <?=$org['O']?><br>
-<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br>
-<?=_("Location")?>: <?=$org['L']?><br>
-<?=_("State/Province")?>: <?=$org['ST']?><br>
-<?=_("Country")?>: <?=$org['C']?><br>
+<p><?
+if (is_array($_SESSION['_config']['rows'])) {
+ foreach ($_SESSION['_config']['rows'] as $row) {
+ echo _("CommonName"), ": $row<br>\n";
+ }
+}
+if (is_array($_SESSION['_config']['altrows'])) {
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ echo _("subjectAltName"), ": $row<br>\n";
+ }
+}
-<form method="post" action="account.php">
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+echo _("Organisation"), ": {$org['O']}<br>\n";
+echo _("Org. Unit"), ": ", sanitizeHTML($_SESSION['_config']['OU']), "<br>\n";
+echo _("Location"), ": {$org['L']}<br>\n";
+echo _("State/Province"), ": {$org['ST']}<br>\n";
+echo _("Country"), ": {$org['C']}<br>\n";
+?>
+<form method="post" action="account.php">
+ <p>
+ <input type="submit" name="process" value="<?=_("Submit")?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </p>
-<? if($_SESSION['profile']['admin'] == 1) { ?>
-<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
-<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?>
-<? } ?>
+ <?
+ if ($_SESSION['profile']['admin'] == 1) {
+ ?>
+ <p>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <input type="checkbox" name="ocspcert" value="OCSPCert"/>
+ <?=_("OCSP certificate")?>
+ </p>
+ <?
+ }
+ ?>
</form>
-</p>
diff --git a/pages/account/22.php b/pages/account/22.php
index 9df8200..7b7db2d 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -14,56 +14,139 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+*/
+
+$orgfilterid = array_key_exists('dorgfilterid',$_SESSION['_config']) ? intval($_SESSION['_config']['dorgfilterid']) : 0;
+$sorting = array_key_exists('dsorting',$_SESSION['_config']) ? intval($_SESSION['_config']['dsorting']) : 0;
+$status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_config']['dstatus']) : 0;
+?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Organisation Server Certificates")?> </td>
</tr>
<tr>
- <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
- <td class="DataTD"><?=_("Status")?></td>
- <td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="8" class="title"><?=_("Filter/Sorting")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation")?></td>
+ <td colspan="7" class="DataTD" >
+ <select name="dorgfilterid">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $orgfilterid ? " selected" : "" ,_("All")) ?>
+<? $query = "select `orginfo`.`O`, `orginfo`.`id`
+ from `org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
+ ORDER BY `orginfo`.`O` ";
+ $reso = mysql_query($query);
+ if(mysql_num_rows($reso) >= 1){
+ while($row = mysql_fetch_assoc($reso)){
+ printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
+ }
+ }?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Sorting")?></td>
+ <td colspan="7" class="DataTD" >
+ <select name="dsorting">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $sorting ? " selected" : "" ,_("expire date (desc)")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $sorting ? " selected" : "" ,_("Common name, expire date (desc)")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Certificate status")?></td>
+ <td colspan="7" class="DataTD" >
+ <select name="dstatus">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $status ? " selected" : "" ,_("Current/Active")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $status ? " selected" : "" ,_("All")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="8"><input type="submit" name="reset" value="<?=_("Reset")?>" />&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" name="filter" value="<?=_("Apply filter/sort")?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="DataTD"> </td>
+ </tr>
+
<?
- $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
- UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
- UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
- `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
- `orgdomaincerts`.`serial`,
- `orgdomaincerts`.`id` as `id`
- from `orgdomaincerts`,`org`
- where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
- if($viewall != 1)
- {
- $query .= "AND `revoked`=0 AND `renewed`=0 ";
- $query .= "HAVING `timeleft` > 0 ";
- }
- $query .= "ORDER BY `orgdomaincerts`.`modified` desc";
+ $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
+ `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoked`,
+ if (`orgdomaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`orgdomaincerts`.`modified`) as `modified`,
+ `CN`,
+ `orgdomaincerts`.`serial`,
+ `orgdomaincerts`.`id` as `id`,
+ `orgdomaincerts`.`description`, `orginfo`.`O`
+ from `orgdomaincerts`,`org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
+ and `orgdomaincerts`.`orgid`=`org`.`orgid` and `orginfo`.`id` = `org`.`orgid`";
+
+ if($orgfilterid>0)
+ {
+ $query .= "AND `org`.`orgid`=$orgfilterid ";
+ }
+
+ if(0==$status)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 or `expires` = 0 ";
+ }
+ switch ($sorting){
+ case 0:
+ $query .= "ORDER BY `orginfo`.`O`, `modified` desc";
+ break;
+ case 1:
+ $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `modified` desc";
+ break;
+ }
+
+
//echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
- {
- if($row['timeleft'] > 0)
- $verified = _("Valid");
- if($row['timeleft'] < 0)
- $verified = _("Expired");
- if($row['expired'] == 0)
- $verified = _("Pending");
- if($row['revoked'] > 0)
- $verified = _("Revoked");
+ $orgname='';
+ while($row = mysql_fetch_assoc($res))
+ {
+ if ($row['O']<>$orgname) {
+ $orgname=$row['O'];?>
+ <tr>
+ <td colspan="9" class="title"></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="title"><? printf(_("Certificates for %s"), $orgname)?> </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ </tr>
+ <?
+ }
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
if($row['revoked'] == 0)
$row['revoke'] = _("Not Revoked");
?>
@@ -77,18 +160,29 @@
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="9"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
</form>
-<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
+
diff --git a/pages/account/23.php b/pages/account/23.php
index 4ec56c3..4255b47 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/3.php b/pages/account/3.php
index 5590488..cd62ce0 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -24,7 +24,7 @@
<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
-<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
+<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -34,6 +34,7 @@
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
+ </tr>
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
@@ -41,10 +42,10 @@
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
- <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
- <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
+ <td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr>
-<? }
+<? }
if($_SESSION['profile']['points'] >= 50)
{
$fname = $_SESSION['profile']['fname'];
@@ -54,64 +55,125 @@ if($_SESSION['profile']['points'] >= 50)
?>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
- <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
+ <input type="radio" id="incname0" name="incname" value="0" checked="checked" />
+ <label for="incname0"><?=_("No Name")?></label><br />
+ <? if($fname && $lname) { ?>
+ <input type="radio" id="incname1" name="incname" value="1" />
+ <label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br />
+ <? } ?>
+ <? if($fname && $mname && $lname) { ?>
+ <input type="radio" id="incname2" name="incname" value="2" />
+ <label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br />
+ <? } ?>
+ <? if($fname && $lname && $suffix) { ?>
+ <input type="radio" id="incname3" name="incname" value="3" />
+ <label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br />
+ <? } ?>
+ <? if($fname && $mname && $lname && $suffix) { ?>
+ <input type="radio" id="incname4" name="incname" value="4" />
+ <label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br />
+ <? } ?>
</td>
</tr>
+<? } ?>
+
<tr>
- <td class="DataTD" colspan="2" align="left">
- <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
-<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
-<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
-<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
-<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
+ <td class="DataTD">
+ <input type="checkbox" id="login" name="login" value="1" checked="checked" />
+ </td>
+ <td class="DataTD" align="left">
+ <label for="login"><?=_("Enable certificate login with this certificate")?><br />
+ <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label>
</td>
</tr>
-<? } ?>
-<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr>
+ <td class="DataTD" colspan="2" align="left">
+ <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="100" size="100" />
+ </td>
+ </tr>
+
+ <tr name="expertoff" style="display:none">
+ <td class="DataTD">
+ <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
+ </td>
<td class="DataTD" align="left">
- <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td>
- <td class="DataTD" align="left">
- <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
+ <label for="expertbox"><?=_("Show advanced options")?></label>
+ </td>
+ </tr>
+
+<?
+if($_SESSION['profile']['points'] >= 50)
+{
+?>
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
+ <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?>
</td>
</tr>
<? } ?>
- <tr>
+ <tr name="expert">
<td class="DataTD" colspan="2" align="left">
- <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br>
- <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
+ <?=_("Hash algorithm used when signing the certificate:")?><br />
+ <?
+ foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+ ?>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
+ <?
+ }
+ ?>
</td>
</tr>
+<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
+ <tr name="expert">
+ <td class="DataTD">
+ <input type="checkbox" id="codesign" name="codesign" value="1" />
+ </td>
+ <td class="DataTD" align="left">
+ <label for="codesign"><?=_("Code Signing")?><br />
+ <?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label>
+ </td>
+ </tr>
+<? } ?>
- <tr name="expertoff" style="display:none">
- <td class="DataTD" colspan="2" align="left">
- <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?>
+ <tr name="expert">
+ <td class="DataTD">
+ <input type="checkbox" id="SSO" name="SSO" value="1" />
+ </td>
+ <td class="DataTD" align="left">
+ <label for="SSO"><?=_("Add Single Sign On ID Information")?><br />
+ <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
+ <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label>
</td>
</tr>
<tr name="expert">
- <td class="DataTD" colspan="2" align="left">
- <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br>
- <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br>
- <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
- <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
+ <td class="DataTD" colspan="2">
+ <label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br />
+ <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
</td>
</tr>
- <tr name="expert">
- <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
- </tr>
- <tr name="expert">
- <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+
+
+ <tr>
+ <td class="DataTD">
+ <input type="checkbox" id="CCA" name="CCA" />
+ </td>
+ <td class="DataTD" align="left">
+ <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please note: You need to accept the CCA to proceed.")?></label>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
<script language="javascript">
@@ -132,4 +194,3 @@ function showExpert(a)
}
showExpert(false);
</script>
-
diff --git a/pages/account/43.php b/pages/account/43.php
index d34362d..c889ce3 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -14,28 +14,30 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
+*/
+
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+$ticketno='';
+$ticketvalidation=FALSE;
- if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
- {
- $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
- $row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
- if ($res) {
- $row = mysql_fetch_assoc($res);
- }
- mysql_query("delete from `notary` where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
- }
- }
+if (isset($_SESSION['ticketno'])) {
+ $ticketno = $_SESSION['ticketno'];
+ $ticketvalidation = valid_ticket_number($ticketno);
+}
+if (isset($_SESSION['ticketmsg'])) {
+ $ticketmsg = $_SESSION['ticketmsg'];
+} else {
+ $ticketmsg = '';
+}
+
+
+// search for an account by email search, if more than one is found display list to choose
+if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
+{
+ $_REQUEST['userid'] = 0;
- if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
- {
- $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -43,864 +45,1036 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// bug-975 ted+uli changes --- begin
if(preg_match("/^[0-9]+$/", $email)) {
- // $email consists of digits only ==> search for IDs
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`id`='$email' or `users`.`id`='$email')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // $email consists of digits only ==> search for IDs
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`id`='$email' or `users`.`id`='$email')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
} else {
- // $email contains non-digits ==> search for mail addresses
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`email` like '$emailsearch'
- or `users`.`email` like '$emailsearch')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // $email contains non-digits ==> search for mail addresses
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`email` like '$emailsearch'
+ or `users`.`email` like '$emailsearch')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
}
// bug-975 ted+uli changes --- end
$res = mysql_query($query);
- if(mysql_num_rows($res) > 1) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("User ID")?></td>
- <td class="DataTD"><?=_("Email")?></td>
- </tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
- <tr>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- </tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
- <tr>
- <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
- </tr>
-<? } ?>
-</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
- $_REQUEST['userid'] = $row['id'];
- } else {
- printf(_("No users found matching %s"), sanitizeHTML($email));
- }
- }
-
- if(intval($_REQUEST['userid']) > 0)
- {
- $id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
+ if(mysql_num_rows($res) > 1) {
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("First Name")?>:</td>
- <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
- <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
- <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Middle Name")?>:</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Last Name")?>:</td>
- <td class="DataTD"> <input type="hidden" name="oldid" value="43">
- <input type="hidden" name="action" value="updatedob">
- <input type="hidden" name="userid" value="<?=intval($id)?>">
- <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Suffix")?>:</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Date of Birth")?>:</td>
- <td class="DataTD">
-<?
- $year = intval(substr($row['dob'], 0, 4));
- $month = intval(substr($row['dob'], 5, 2));
- $day = intval(substr($row['dob'], 8, 2));
- ?><nobr><select name="day">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("User ID")?></td>
+ <td class="DataTD"><?=_("Email")?></td>
+ </tr>
<?
- for($i = 1; $i <= 31; $i++)
+ while($row = mysql_fetch_assoc($res))
{
- echo "<option";
- if($day == $i)
- echo " selected='selected'";
- echo ">$i</option>";
- }
?>
- </select>
- <select name="month">
+ <tr>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ </tr>
<?
- for($i = 1; $i <= 12; $i++)
- {
- echo "<option value='$i'";
- if($month == $i)
- echo " selected='selected'";
- echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
}
+
+ if(mysql_num_rows($res) >= 100) {
?>
- </select>
- <input type="text" name="year" value="<?=$year?>" size="4">
- <input type="submit" value="Go"></form></nobr></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("CCA accepted")?>:</td>
- <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Trainings")?>:</td>
- <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Is Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Account Locking")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Code Signing")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Org Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("TTP Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Location Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Ad Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("General Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Regional Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Change Password")?>:</td>
- <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Delete Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
- </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
<?
- // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
- if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
+ } else {
?>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD"><?=_("Assurance Points")?>:</td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- </tr>
-</table>
-<br><?
- $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
- and `email`!='".mysql_escape_string($row['email'])."'";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Secondary Emails")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
- </tr>
-<? } ?>
-</table>
-<br><? } ?>
-<?
- $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Verified Domains")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Domain")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
- </tr>
-<? } ?>
-</table>
-<br>
-<? } ?>
-<? // Begin - Debug infos ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Account State")?></td>
- </tr>
-
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
<?
- // --- bug-975 begin ---
- // potential db inconsistency like in a20110804.1
- // Admin console -> don't list user account
- // User login -> impossible
- // Assurer, assure someone -> user displayed
- /* regular user account search with regular settings
-
- --- Admin Console find user query
- $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
- where `users`.`id`=`email`.`memid` and
- (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
- `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
- group by `users`.`id` limit 100";
- => requirements
- 1. email.hash = ''
- 2. email.deleted = 0
- 3. users.deleted = 0
- 4. email.email = primary-email (???) or'd
- not covered by admin console find user routine, but may block users login
- 5. users.verified = 0|1
- further "special settings"
- 6. users.locked (setting displayed in display form)
- 7. users.assurer_blocked (setting displayed in display form)
-
- --- User login user query
- select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
- `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
- => requirements
- 1. users.verified = 1
- 2. users.deleted = 0
- 3. users.locked = 0
- 4. users.email = primary-email
-
- --- Assurer, assure someone find user query
- select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
- and `deleted`=0
- => requirements
- 1. users.deleted = 0
- 2. users.email = primary-email
- Admin User Assurer
- bit Console Login assure someone
-
- 1. email.hash = '' Yes No No
- 2. email.deleted = 0 Yes No No
- 3. users.deleted = 0 Yes Yes Yes
- 4. users.verified = 1 No Yes No
- 5. users.locked = 0 No Yes No
- 6. users.email = prim-email No Yes Yes
- 7. email.email = prim-email Yes No No
-
- full usable account needs all 7 requirements fulfilled
- so if one setting isn't set/cleared there is an inconsistency either way
- if eg email.email is not avail, admin console cannot open user info
- but user can login and assurer can display user info
- if user verified is not set to 1, admin console displays user record
- but user cannot login, but assurer can search for the user and the data displays
-
- consistency check:
- 1. search primary-email in users.email
- 2. search primary-email in email.email
- 3. userid = email.memid
- 4. check settings from table 1. - 5.
-
- */
-
- $inconsistency = 0;
- $inconsistencydisp = "";
- $inccause = "";
- // current userid intval($row['id'])
- $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
- from `users` where `id`='".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $uemail = $drow['uemail'];
- $udeleted = $drow['udeleted'];
- $uverified = $drow['verified'];
- $ulocked = $drow['locked'];
-
- $query = "select `hash`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."' and
- `deleted` = 0";
- $dres = mysql_query($query);
- if ($drow = mysql_fetch_assoc($dres)) {
- $drow['edeleted'] = 0;
- } else {
- // try if there are deleted entries
- $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- }
-
- if ($drow) {
- $eemail = $drow['eemail'];
- $edeleted = $drow['edeleted'];
- $ehash = $drow['hash'];
- if ($udeleted!=0) {
- $inconsistency += 1;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
- }
- if ($uverified!=1) {
- $inconsistency += 2;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
- }
- if ($ulocked!=0) {
- $inconsistency += 4;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
- }
- if ($edeleted!=0) {
- $inconsistency += 8;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
- }
- if ($ehash!='') {
- $inconsistency += 16;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
- }
- } else {
- $inconsistency = 32;
- $inccause = _("Prim. email, Email record doesn't exist");
- }
- if ($inconsistency>0) {
- // $inconsistencydisp = _("Yes");
-?>
- <tr>
- <td class="DataTD"><?=_("Account inconsistency")?>:</td>
- <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
- </tr>
- <tr>
- <td colspan="2" class="DataTD" style="max-width: 75ex">
- <?=_("Account inconsistency can cause problems in daily account ".
- "operations and needs to be fixed manually through arbitration/critical ".
- "team.")?>
- </td>
- </tr>
-<? }
-
- // --- bug-975 end ---
+ }
?>
-</table>
-<br>
+ </table><br><br>
<?
- // End - Debug infos
-?>
+ } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['userid'] = $row['id'];
+ } else {
+ printf(_("No users found matching %s"), sanitizeHTML($email));
+ }
+}
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="6" class="title"><?=_("Certificates")?></td>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("Cert Type")?>:</td>
- <td class="DataTD"><?=_("Total")?></td>
- <td class="DataTD"><?=_("Valid")?></td>
- <td class="DataTD"><?=_("Expired")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Latest Expire")?></td>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("Server")?>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`domaincerts`.`expire`) as `maxexpire`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `revoked` = '0000-00-00 00:00:00'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("Client")?>:</td>
- <?
- $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `revoked` = '0000-00-00 00:00:00'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("GPG")?>:</td>
- <?
- $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
- from `gpg`
- where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `gpg`
- where `memid` = '".intval($row['id'])."'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-
- <tr>
- <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`orgcerts`.`expire`) as `maxexpire`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
- and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("Org Client")?>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`orgcerts`.`expire`) as `maxexpire`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
- and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-</table>
-<br>
-
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
-<br />
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
-<br />
+// display user information for given user id
+if(intval($_REQUEST['userid']) > 0) {
+ $userid = intval($_REQUEST['userid']);
+ $res =get_user_data($userid);
+ if(mysql_num_rows($res) <= 0) {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $alerts =get_alerts(intval($row['id']));
-<?
-// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+//display account data
-function showassuredto()
-{
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
-<?
- $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
- $points += $drow['points'];
-?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
+//deletes an assurance
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
+ {
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
+ $ticketmsg=_("Writing to the admin log failed. Can't continue.");
+ } else {
+ $assurance = intval($_REQUEST['assurance']);
+ $trow = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
+ if ($res) {
+ $trow = mysql_fetch_assoc($res);
+ if ($trow) {
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
+ fix_assurer_flag($trow['to']);
+ }
+ }
+ }
+ } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
+ $ticketmsg=_('No assurance revoked. Ticket number is missing!');
+ }
-<?
-function showassuredby()
-{
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
-<?
- $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
- $points += $drow['points'];
+//Ticket number
?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=$drow['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=$drow['points']?></td>
- <td class="DataTD"><?=$drow['location']?></td>
- <td class="DataTD"><?=$drow['method']?></td>
- <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
-<br><br>
-<? } }
-
-switch ($_GET['shownotary'])
- {
- case 'assuredto': showassuredto();
- break;
- case 'assuredby': showassuredby();
- break;
- case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
- break;
- case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
- break;
- }
+<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Ticket no')?>:</td>
+ <td class="DataTD"><input type="text" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
+ </tr>
+ <tr>
+ <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
+ </tr>
+ </table>
+</form>
+<br/>
-?>
+
+<!-- display data table -->
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("First Name")?>:</td>
+ <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
+ <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
+ <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Middle Name")?>:</td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>:</td>
+ <td class="DataTD"> <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="action" value="updatedob">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?>:</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?>:</td>
+ <td class="DataTD">
+ <?
+ $year = intval(substr($row['dob'], 0, 4));
+ $month = intval(substr($row['dob'], 5, 2));
+ $day = intval(substr($row['dob'], 8, 2));
+ ?>
+ <nobr>
+ <select name="day">
+ <?
+ for($i = 1; $i <= 31; $i++) {
+ echo "<option";
+ if($day == $i) {
+ echo " selected='selected'";
+ }
+ echo ">$i</option>";
+ }
+ ?>
+ </select>
+ <select name="month">
+ <?
+ for($i = 1; $i <= 12; $i++) {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
+ }
+ ?>
+ </select>
+ <input type="text" name="year" value="<?=$year?>" size="4">
+ <input type="submit" value="Go">
+ <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
+ </form>
+ </nobr>
+ </td>
+ </tr>
+
+ <? // list of flags ?>
+ <tr>
+ <td class="DataTD"><?=_("CCA accepted")?>:</td>
+ <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Trainings")?>:</td>
+ <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer_blocked'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['locked'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['codesign'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['orgadmin'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['ttpadmin'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=$row['locadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['admin'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
+ </tr>
+ <!-- presently not needed
+ <tr>
+ <td class="DataTD"><?=_("Tverify Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td>
+ </tr>
+ -->
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;country=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['country'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['regional'])?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['radius'])?></a></td>
+ </tr>
+ <? //change password, view secret questions and delete account section ?>
+ <tr>
+ <td class="DataTD"><?=_("Change Password")?>:</td>
+ <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Change Password")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Delete Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Delete Account")?></a></td>
+ </tr>
+ <?
+ // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <?
+ } else {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
+ </tr>
+ <?
+ }
+ } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <?
+ } else {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <? }
+
+ // list assurance points
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Assurance Points")?>:</td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ </tr>
+ <?
+ // show account history
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_('Show account history')?></a></td>
+ </tr>
+ </table>
+ <br/>
+ <?
+ //list secondary email addresses
+ $dres = get_email_addresses(intval($row['id']),$row['email']);
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
+ </tr>
+ <?
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Secondary Emails")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+
+ // list of domains
+ $dres=get_domains(intval($row['id']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Verified Domains")?></td>
+ </tr>
+ <?
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+ ?>
+ <? // Begin - Debug infos ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Account State")?></td>
+ </tr>
+
+ <?
+ // --- bug-975 begin ---
+ // potential db inconsistency like in a20110804.1
+ // Admin console -> don't list user account
+ // User login -> impossible
+ // Assurer, assure someone -> user displayed
+ /* regular user account search with regular settings
+
+ --- Admin Console find user query
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ => requirements
+ 1. email.hash = ''
+ 2. email.deleted = 0
+ 3. users.deleted = 0
+ 4. email.email = primary-email (???) or'd
+ not covered by admin console find user routine, but may block users login
+ 5. users.verified = 0|1
+ further "special settings"
+ 6. users.locked (setting displayed in display form)
+ 7. users.assurer_blocked (setting displayed in display form)
+
+ --- User login user query
+ select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+ `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+ => requirements
+ 1. users.verified = 1
+ 2. users.deleted = 0
+ 3. users.locked = 0
+ 4. users.email = primary-email
+
+ --- Assurer, assure someone find user query
+ select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+ and `deleted`=0
+ => requirements
+ 1. users.deleted = 0
+ 2. users.email = primary-email
+
+ Admin User Assurer
+ bit Console Login assure someone
+
+ 1. email.hash = '' Yes No No
+ 2. email.deleted = 0 Yes No No
+ 3. users.deleted = 0 Yes Yes Yes
+ 4. users.verified = 1 No Yes No
+ 5. users.locked = 0 No Yes No
+ 6. users.email = prim-email No Yes Yes
+ 7. email.email = prim-email Yes No No
+
+ full usable account needs all 7 requirements fulfilled
+ so if one setting isn't set/cleared there is an inconsistency either way
+ if eg email.email is not avail, admin console cannot open user info
+ but user can login and assurer can display user info
+ if user verified is not set to 1, admin console displays user record
+ but user cannot login, but assurer can search for the user and the data displays
+
+ consistency check:
+ 1. search primary-email in users.email
+ 2. search primary-email in email.email
+ 3. userid = email.memid
+ 4. check settings from table 1. - 5.
+
+ */
+
+ $inconsistency = 0;
+ $inconsistencydisp = "";
+ $inccause = "";
+
+ // current userid intval($row['id'])
+ $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+ from `users` where `id`='".intval($row['id'])."' ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $uemail = $drow['uemail'];
+ $udeleted = $drow['udeleted'];
+ $uverified = $drow['verified'];
+ $ulocked = $drow['locked'];
+
+ $query = "select `hash`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."' and
+ `deleted` = 0";
+ $dres = mysql_query($query);
+ if ($drow = mysql_fetch_assoc($dres)) {
+ $drow['edeleted'] = 0;
+ } else {
+ // try if there are deleted entries
+ $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ }
+
+ if ($drow) {
+ $eemail = $drow['eemail'];
+ $edeleted = $drow['edeleted'];
+ $ehash = $drow['hash'];
+ if ($udeleted!=0) {
+ $inconsistency += 1;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
+ }
+ if ($uverified!=1) {
+ $inconsistency += 2;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
+ }
+ if ($ulocked!=0) {
+ $inconsistency += 4;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
+ }
+ if ($edeleted!=0) {
+ $inconsistency += 8;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
+ }
+ if ($ehash!='') {
+ $inconsistency += 16;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
+ }
+ } else {
+ $inconsistency = 32;
+ $inccause = _("Prim. email, Email record doesn't exist");
+ }
+ if ($inconsistency>0) {
+ // $inconsistencydisp = _("Yes");
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Account inconsistency")?>:</td>
+ <td class="DataTD"><?=$inccause?><br>code: <?=intval($inconsistency)?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTD" style="max-width: 75ex;">
+ <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
+ </td>
+ </tr>
+ <?
+ }
+
+ // --- bug-975 end ---
+ ?>
+ </table>
+ <br />
+ <?
+ // End - Debug infos
+
+ // certificate overview
+ ?>
+
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Certificates")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Cert Type")?>:</td>
+ <td class="DataTD"><?=_("Total")?></td>
+ <td class="DataTD"><?=_("Valid")?></td>
+ <td class="DataTD"><?=_("Expired")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Latest Expire")?></td>
+ </tr>
+ <!-- server certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Server")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`domaincerts`.`expire`) as `maxexpire`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- gpg certificates -->
+ <tr>
+ <td class="DataTD"><?=_("GPG")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org server certificates -->
+ <tr>
+ <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Org Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <tr>
+ <td colspan="6" class="title">
+ <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
+ <input type="hidden" name="action" value="revokecert">
+ <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="submit" value="<?=_('revoke certificates')?>">
+ <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
+ </form>
+ </td>
+ </tr>
+ </table>
+ <br />
+ <? // list assurances ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user got")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user gave")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ </table>
+ <?
+ // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+
+
+ function showassuredto($ticketno)
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=intval($points)?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?
+ }
+
+ function showassuredby($ticketno)
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
+ $points += intval($drow['points']);
+ ?>
+ <tr>
+ <td class="DataTD"><?=intval($drow['id'])?></td>
+ <td class="DataTD"><?=$drow['date']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>&assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=intval($points)?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?} ?>
+<br/><br/>
+<?
+} }
+
+if(isset($_GET['shownotary'])) {
+ switch($_GET['shownotary']) {
+ case 'assuredto':
+ showassuredto($ticketno);
+ break;
+ case 'assuredby':
+ showassuredby($ticketno);
+ break;
+ case 'assuredto15':
+ output_received_assurances(intval($_GET['userid']),1,$ticketno);
+ break;
+ case 'assuredby15':
+ output_given_assurances(intval($_GET['userid']),1, $ticketno);
+ break;
+ }
+}
diff --git a/pages/account/44.php b/pages/account/44.php
index fd34612..718f0e0 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -14,8 +14,28 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+*/
+
+if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") {
+ ?>
+ <div style="color: orange;">ERROR: <?=$_SESSION['_config']['error']?></div>
+ <?
+ unset($_SESSION['_config']['error']);
+}
+
+$ticketno = "";
+if (array_key_exists('ticketno', $_SESSION)) {
+ $ticketno = $_SESSION['ticketno'];
+}
+
+if (!valid_ticket_number($ticketno)) {
+ printf(_("I'm sorry, you did not enter a ticket number! %s You cannot reset the password."), '<br/>');
+ echo '<br/><a href="account.php?id=43&amp;userid='.intval($_REQUEST['userid']).'">'._('Back to previous page.').'</a>';
+ showfooter();
+ exit;
+ }
+?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -34,5 +54,6 @@
</tr>
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form>
diff --git a/pages/account/5.php b/pages/account/5.php
index 5c131ba..efed0ab 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,44 +19,46 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
- `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`expire`,
`emailcerts`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ if (`emailcerts`.`expire`=0,CURRENT_TIMESTAMP(),`emailcerts`.`modified`) as `modified` ,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
- emailcerts.disablelogin as `disablelogin`
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
from `emailcerts`
- where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
+ where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'
";
if($viewall != 1)
$query .= " AND `revoked`=0 AND `renewed`=0 ";
$query .= " GROUP BY `emailcerts`.`id` ";
if($viewall != 1)
- $query .= " HAVING `timeleft` > 0 ";
- $query .= " ORDER BY `emailcerts`.`modified` desc";
+ $query .= " HAVING `timeleft` > 0 or `expire` = 0 ";
+ $query .= " ORDER BY `modified` desc";
// echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -74,43 +76,51 @@
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td>
<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
- <td class="DataTD"><?=$row['revoke']?></td>
- <td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td>
<td class="DataTD">
- <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
- <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
+ <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
+ <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
</td>
+ <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
-<? } ?>
+ <? } ?>
+ <tr>
+ <td class="DataTD" colspan="9">
+ <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+ </td>
+ </tr>
+
<tr>
- <td class="DataTD" colspan="8">
- <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+ <td class="DataTD" colspan="9">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
</td>
</tr>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
- <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/50.php b/pages/account/50.php
index 1604156..a4c2413 100644
--- a/pages/account/50.php
+++ b/pages/account/50.php
@@ -19,13 +19,17 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="2" class="title"><?=_("Change Password")?></td>
+ <td colspan="2" class="title"><?=_("Delete Account")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
</tr>
<tr>
+ <td class="DataTD"><?=_("New Username from arbitration number + sequence number a20xxyyzz.a.b")?>:</td>
+ <td class="DataTD"><input type="text" name="arbitrationno"></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
</tr>
<tr>
diff --git a/pages/account/52.php b/pages/account/52.php
index 77a3bae..6c00c26 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -14,45 +14,51 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
-<?
+*/
+
+if($_SESSION['profile']['tverify'] <= 0) {
+ echo _("You don't have access to this area.");
+} else {
$uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
$res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
+ if(mysql_num_rows($res) > 0) {
$row = mysql_fetch_assoc($res);
$memid = intval($row['memid']);
- $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
- if($rc2 > 0)
- {
+ $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $rc2 = mysql_num_rows(mysql_query($query2));
+ if($rc2 > 0) {
showheader(_("My CAcert.org Account!"));
echo _("You have already voted on this request.");
showfooter();
exit;
}
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='$memid'";
+ $query = "select * from `users` where `id`='".intval($memid)."'";
$user = mysql_fetch_assoc(mysql_query($query));
$tobe = 50 - $notary['points'];
- if($row['URL'] != '' && $row['photoid'] != '')
+ if($row['URL'] != '' && $row['photoid'] != '') {
$tobe = 150 - $notary['points'];
- else if($row['URL'] != '')
+ } else if($row['URL'] != '') {
$tobe = 90 - $notary['points'];
- if(intval($tobe) <= 0)
+ }
+ if(intval($tobe) <= 0) {
$tobe = 0;
+ }
?>
<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
-<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
-<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
-<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
-<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
+<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
+<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
+<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
+<? if($row['URL'] != '') { ?>
+<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
+<? } ?>
+<? if($row['photoid'] != '') { ?>
+<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
+<? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
<?=_("Potential Points")?>: <?=intval($tobe)?><br>
<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
@@ -63,40 +69,37 @@
<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=$uid?>">
+<input type="hidden" name="uid" value="<?=intval($uid)?>">
</form>
-<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo _("This UID has already been voted on.")."<br/>";
+<?
} else {
- if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
- }
-
- // Search for open requests:
- $query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res))
- {
- $uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
- if($rc3 <= 0)
- {
- echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0) {
+ echo _("This UID has already been voted on.")."<br/>";
+ } else {
+ if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
+ }
+
+ // Search for open requests:
+ $query = "select * from `tverify` where `modified`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0) {
+ echo "<br/>"._("The following requests are still open:")."<br/><ul>";
+ while($row = mysql_fetch_assoc($res)) {
+ $uid=intval($row['id']);
+ $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $rc3 = mysql_num_rows(mysql_query($query3));
+ if($rc3 <= 0)
+ {
+ echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
+ }
}
- }
- echo "</ul>\n<br>\n";
- }
- else
- {
- echo "<br/>"._("There are no pending requests where you haven't voted yet.");
+ echo "</ul>\n<br>\n";
+ } else {
+ echo "<br/>"._("There are no pending requests where you haven't voted yet.");
+ }
}
+}
-
- } } ?>
+?>
diff --git a/pages/account/55.php b/pages/account/55.php
index ec401a0..24cc86d 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -1,112 +1,122 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
- $user_id = intval($_SESSION['profile']['id']);
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
- </tr>
-</table>
-<?
- } else {
- $user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- }
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
- </tr>
-</table>
-
-<?
- }
-?>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Test")?></b></td>
- <td class="DataTD"><b><?=_("Variant")?></b></td>
- </tr>
-<?
- $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
- " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
- " ORDER BY `CP`.`pass_date`";
-
- $res = mysql_query($query);
-
- $HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
- {
- if ($row[1] == "Assurer Challenge") {
- $HaveTest=1;
- }
-?>
- <tr>
- <td class="DataTD"><?=$row[0]?></td>
- <td class="DataTD"><?=$row[1]?></td>
- <td class="DataTD"><?=$row[2]?></td>
- </tr>
-<? }
-?>
-</table>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
-<?
- if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
-?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
-<? } else {
- $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
- ' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
- if (!$res) {
- print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
- } else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
- if ($HaveTest && ($row[2]>=100)) {
- if (!$row[1]) {
- // This should not happen...
- fix_assurer_flag($_SESSION['profile']['id']);
- }
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
-<? } elseif (($row[2]>=100) && !$HaveTest) {
-?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
-<? } elseif ($HaveTest && ($row[2]<100)) {
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
-<? }
- }
- }
-?> </tr>
-</table>
-
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ $user_id = intval($_SESSION['profile']['id']);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
+ </tr>
+</table>
+<?
+ } else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ }
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
+ </tr>
+</table>
+
+<?
+ }
+?>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Test")?></b></td>
+ <td class="DataTD"><b><?=_("Variant")?></b></td>
+ </tr>
+<?
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
+ " ORDER BY `CP`.`pass_date`";
+
+ $res = mysql_query($query);
+
+ $HaveTest=0;
+ while($row = mysql_fetch_array($res, MYSQL_NUM))
+ {
+ if ($row[1] == "Assurer Challenge") {
+ $HaveTest=1;
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
+ </tr>
+<? }
+?>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
+<?
+ } else {
+ $query = '
+ SELECT `u`.`id`,
+ `u`.`assurer`,
+ SUM(`points`)
+ FROM `users` AS `u`,
+ `notary` AS `n`
+ WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\'
+ AND `n`.`to` = `u`.`id`
+ AND `expire` < NOW()
+ AND `n`.`deleted` = 0
+ GROUP BY `u`.`id`, `u`.`assurer`
+ ';
+ $res = mysql_query($query);
+ if (!$res) {
+ print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
+ } else {
+ $row = mysql_fetch_array($res, MYSQL_NUM);
+ if ($HaveTest && ($row[2]>=100)) {
+ if (!$row[1]) {
+ // This should not happen...
+ fix_assurer_flag($_SESSION['profile']['id']);
+ }
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
+<? } elseif (($row[2]>=100) && !$HaveTest) {
+?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
+<? } elseif ($HaveTest && ($row[2]<100)) {
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
+<? }
+ }
+ }
+?> </tr>
+</table>
+
diff --git a/pages/account/56.php b/pages/account/56.php
index 348cc49..cabe8e0 100644
--- a/pages/account/56.php
+++ b/pages/account/56.php
@@ -1,41 +1,41 @@
-<? /*
-LibreSSL - CAcert web application
-Copyright (C) 2004-2008 CAcert Inc.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?=_("List of Organisation Assurers:")?>
-
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="1" class="title"><?=_("Name")?></td>
- <td colspan="1" class="title"><?=_("Email")?></td>
- <td colspan="1" class="title"><?=_("Country")?></td>
- </tr>
- <?
- $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- ?>
- <tr>
- <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
- <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- <td><?=sanitizeHTML($row['name'])?></td>
- </tr>
- <?
- }
-?>
-</table>
-
+<? /*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2008 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?=_("List of Organisation Assurers:")?>
+
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="1" class="title"><?=_("Name")?></td>
+ <td colspan="1" class="title"><?=_("Email")?></td>
+ <td colspan="1" class="title"><?=_("Country")?></td>
+ </tr>
+ <?
+ $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ ?>
+ <tr>
+ <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
+ <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ <td><?=sanitizeHTML($row['name'])?></td>
+ </tr>
+ <?
+ }
+?>
+</table>
+
diff --git a/pages/account/57.php b/pages/account/57.php
index 76eee27..9db7ccf 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -17,18 +17,18 @@
*/ ?>
<?
include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php');
-
+
if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
echo _('You do not have access to this page');
- } else {
+ } else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
$row = mysql_fetch_assoc($res);
?>
@@ -38,7 +38,7 @@
</tr>
</table>
-
+
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -48,21 +48,21 @@
<td class="DataTD"><b><?=_('Type')?></b></td>
</tr>
<?
- $data=get_first_user_agreement($user_id,1);
+ $data=get_first_user_agreement($user_id, 'CCA', 1);
if (!isset($data['active'])){
$type='';
- }else{
+ }else{
$type=_('active');
- }
+ }
?>
<tr>
<td class="DataTD"><?=_('First active CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
<?
- $data=get_first_user_agreement($user_id,0);
+ $data=get_first_user_agreement($user_id, 'CCA', 0);
if (!isset($data['active'])){
$type="";
}else{
@@ -71,35 +71,35 @@
?>
<tr>
<td class="DataTD"><?=_('First passive CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
<?
- $data=get_last_user_agreement($user_id);
+ $data=get_last_user_agreement($user_id, 'CCA');
if (!isset($data['active'])){
- $type="";
- }elseif($data['active']==1){
- $type=_('active');
- }else{
- $type=_('passive');
- }
+ $type="";
+ }elseif($data['active']==1){
+ $type=_('active');
+ }else{
+ $type=_('passive');
+ }
?>
<tr>
<td class="DataTD"><?=_('Last CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
</table>
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
-<? }
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
+<? }
?> </table>
<?
}
diff --git a/pages/account/58.php b/pages/account/58.php
index 1f6b1a0..af26b70 100644
--- a/pages/account/58.php
+++ b/pages/account/58.php
@@ -23,7 +23,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
$query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1){
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
if ($row = mysql_fetch_assoc($res)){
$username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
@@ -54,7 +54,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
}
?></table>
<? }else{
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
}
}
}
diff --git a/pages/account/59.php b/pages/account/59.php
new file mode 100644
index 0000000..1c73ae5
--- /dev/null
+++ b/pages/account/59.php
@@ -0,0 +1,385 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
+
+$userid = intval($_REQUEST['userid']);
+
+$res = get_user_data($userid);
+if (mysql_num_rows($res) <= 0)
+{
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
+ exit;
+}
+
+$user = mysql_fetch_assoc($res);
+
+$fname = $user['fname'];
+$mname = $user['mname'];
+$lname = $user['lname'];
+$suffix = $user['suffix'];
+$dob = $user['dob'];
+$username = $fname." ".$mname." ".$lname." ".$suffix;
+$email = $user['email'];
+$alerts =get_alerts($userid);
+
+$ticketno = "";
+if (array_key_exists('ticketno', $_SESSION)) {
+ $ticketno = $_SESSION['ticketno'];
+}
+
+$oldid = 0;
+if (array_key_exists('oldid', $_REQUEST)) {
+ $oldid = intval($_REQUEST['oldid']);
+}
+
+// Support Engineer access restrictions
+$support=0;
+if ($userid != $_SESSION['profile']['id']) {
+ // Check if support engineer
+ if (array_key_exists('admin', $_SESSION['profile']) &&
+ $_SESSION['profile']['admin'] != 0)
+ {
+ $support=$_SESSION['profile']['admin'];
+
+ } else {
+ echo _("You do not have access to this page.");
+ showfooter();
+ exit;
+ }
+
+ if (!valid_ticket_number($ticketno)) {
+ printf(_("I'm sorry, you did not enter a ticket number! %s Support is not allowed to view the account history without a ticket number."), '<br/>');
+ echo '<br/><a href="account.php?id=43&amp;userid='.intval($userid).'">'. _('Back to previous page.') .'</a>';
+ showfooter();
+ exit;
+ }
+
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $ticketno)) {
+ echo _("Writing to the admin log failed. Can't continue.");
+ echo '<br/><a href="account.php?id=43&amp;userid='.intval($userid).'">'. _('Back to previous page.') .'</a>';
+ showfooter();
+ exit;
+ }
+}
+
+// Account details
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?printf(_('Account history of %s'),$username)?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="title"><?=_('User actions')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('User name')?></td>
+ <td class="DataTD"><?=sanitizeHTML($username)?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Date of Birth')?></td>
+ <td class="DataTD"><?=sanitizeHTML($dob)?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><?= ($user['assurer']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><?= ($user['assurer_blocked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><?= ($user['locked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><?= ($user['codesign']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><?= ($user['orgadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><?= $user['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><?= ($user['locadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><?= ($user['admin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><?= $user['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['country']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['regional']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['radius']==0)? _('No'):_('Yes')?></td>
+ </tr>
+</table>
+<br/>
+<?
+
+// Email addresses
+$dres = get_email_addresses($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Email addresses')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_log_email_header();
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_email($drow,$email);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="3" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+</table>
+<br/>
+<?
+
+// Domains
+$dres = get_domains($userid, 1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Domains')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_log_domains_header();
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_domains($drow);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="3" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+</table>
+<br/>
+
+<?
+// Trainings
+$dres = get_training_results($userid);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Trainings')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_log_training_header();
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_training($drow);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="3" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+</table>
+<br/>
+
+<?
+// User Agreements
+$dres = get_user_agreements($userid);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_('User agreements')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_log_agreement_header();
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_agreement($drow);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="4" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+</table>
+<br/>
+
+<?
+// Client Certificates
+$dres = get_client_certs($userid, 1);
+$colspan=8;
+if (1 == $support) {
+ $colspan=6;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_client_cert_header($support);
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_client_cert($drow,$support);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+</table>
+<br/>
+
+<?
+// Server Certificates
+$dres = get_server_certs($userid,1);
+$colspan = 7;
+if (1 == $support) {
+ $colspan = 5;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_server_certs_header($support);
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_server_certs($drow,$support);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+</table>
+<br/>
+
+<?
+// GPG Certificates
+$dres = get_gpg_certs($userid,1);
+$colspan = 6;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_gpg_certs_header($support);
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_gpg_certs($drow, $support);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}?>
+</table>
+<br/>
+
+<?
+
+output_given_assurances($userid, $support, $ticketno, 1);
+?><br/><?
+
+output_received_assurances($userid, $support, $ticketno, 1);
+?><br/><?
+
+$dres = get_se_log($userid);
+$colspan = 2;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
+ </tr>
+<?
+if (mysql_num_rows($dres) > 0) {
+ output_log_se_header($support);
+ while ($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_se($drow,$support);
+ }
+} else {
+ ?>
+ <tr>
+ <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
+ </tr>
+ <?
+}
+?>
+<tr>
+ <td colspan="<?=$colspan?>" >
+ <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&amp;userid=<?=intval($userid)?>"><?= _('Back to previous page.')?></a>
+ </td>
+</tr>
+
+</table>
diff --git a/pages/account/6.php b/pages/account/6.php
index 38af8e8..de8d1a3 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -14,123 +14,155 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
-
- $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- showheader(_("My CAcert.org Account!"));
- echo _("No such certificate attached to your account.");
- showfooter();
- exit;
+*/
+
+// Get certificate information
+$certid = 0;
+if(array_key_exists('cert',$_REQUEST)) {
+ $certid = intval($_REQUEST['cert']);
+}
+
+$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`crt_name`,
+ `emailcerts`.`keytype`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`id`='$certid' and
+ `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+$res = mysql_query($query);
+if(mysql_num_rows($res) <= 0) {
+ showheader(_("My CAcert.org Account!"));
+ echo _("No such certificate attached to your account.");
+ showfooter();
+ exit;
+}
+$row = mysql_fetch_assoc($res);
+
+
+if (array_key_exists('format', $_REQUEST)) {
+ // Which output format?
+ if ($_REQUEST['format'] === 'der') {
+ $outform = '-outform DER';
+ $extension = 'cer';
+ } else {
+ $outform = '-outform PEM';
+ $extension = 'crt';
}
- $row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
-
- if($row['keytype'] == "NS")
- {
- if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1)
- {
- header("Content-Type: application/x-x509-user-cert");
- header("Content-Length: ".strlen($cert));
- $fname=sanitizeFilename($row['CN']);
- if($fname=="") $fname="certificate";
- header('Content-Disposition: inline; filename="'.$fname.'.crt"');
- echo $cert;
- exit;
- } else {
- showheader(_("My CAcert.org Account!"));
- echo "<h3>"._("Installing your certificate")."</h3>\n";
- echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n";
- echo "<p><a href='account.php?id=6&amp;cert=$certid&amp;install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n";
- showfooter();
- exit;
- }
- } else {
- showheader(_("My CAcert.org Account!"));
-?>
-<h3><?=_("Installing your certificate")?></h3>
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform");
-<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?>
+ header("Content-Type: application/pkix-cert");
+ header("Content-Length: ".strlen($cert));
-<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work.")?>
-</OBJECT>
-<FORM >
-<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>">
-</FORM>
+ $fname = sanitizeFilename($row['CN']);
+ if ($fname=="") $fname="certificate";
+ header("Content-Disposition: attachment; filename=\"${fname}.${extension}\"");
-</P>
+ echo $cert;
+ exit;
-<SCRIPT LANGUAGE=VBS>
- Sub CertInst_OnClick
- certchain = _
-<?
- $lines = explode("\n", $cert);
- if(is_array($lines))
- foreach($lines as $line)
- {
- $line = trim($line);
- if($line != "-----END CERTIFICATE-----")
- echo "\"$line\" & _\n";
- else {
- echo "\"$line\"\n";
- break;
- }
- }
-?>
+} elseif (array_key_exists('install', $_REQUEST)) {
+ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) &&
+ strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
- On Error Resume Next
-
- Dim obj
- Set obj=CreateObject("X509Enrollment.CX509Enrollment")
- If IsObject(obj) Then
- obj.Initialize(1)
- obj.InstallResponse 0,certchain,0,""
- if err.number<>0 then
- msgbox err.Description
- else
- msgbox "<?=_("Certificate installed successfully. Please don't forget to backup now")?>"
- end if
- else
-
-
-
-
- cec.DeleteRequestCert = FALSE
- err.clear
-
- cec.WriteCertToCSP = TRUE
- cec.acceptPKCS7(certchain)
- if err.number <> 0 Then
- cec.WriteCertToCSP = FALSE
- end if
- err.clear
- cec.acceptPKCS7(certchain)
- if err.number <> 0 then
- errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _
- "(Error code " & err.number & ")"
- msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>")
- else
- okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _
- "See Tools->Internet Options->Content->Certificates"
- msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>")
- end if
- End If
- End Sub
-</SCRIPT>
-
-<p><?=_("Your certificate:")?></p>
-<pre><?=$cert?></pre>
-<?
-
- showfooter();
+ // Handle IE
+ //TODO
+
+ } else {
+ // All other browsers
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER");
+
+ header("Content-Type: application/x-x509-user-cert");
+ header("Content-Length: ".strlen($cert));
+
+ $fname = sanitizeFilename($row['CN']);
+ if ($fname=="") $fname="certificate";
+ header("Content-Disposition: inline; filename=\"${fname}.cer\"");
+
+ echo $cert;
exit;
}
-?>
+} else {
+ showheader(_("My CAcert.org Account!"), _("Install your certificate"));
+ echo '<ul class="no_indent">';
+ echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;install'>".
+ _("Install the certificate into your browser").
+ "</a></li>\n";
+
+ echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;format=pem'>".
+ _("Download the certificate in PEM format")."</a></li>\n";
+
+ echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;format=der'>".
+ _("Download the certificate in DER format")."</a></li>\n";
+ echo '</ul>';
+
+ // Allow to directly copy and paste the cert in PEM format
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
+ echo "<pre>$cert</pre>";
+
+ ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Information about the certificate")?></td>
+ </tr>
+<?
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+?>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=$verified?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=$row['expire']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Login")?></td>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin" disabled="disabled" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Comment")?></td>
+ <td class="DataTD"><?=htmlspecialchars($row['description'])?></td>
+ </tr>
+</table>
+<?
+ showfooter();
+ exit;
+}
diff --git a/pages/account/8.php b/pages/account/8.php
index 6b3de01..79448d1 100644
--- a/pages/account/8.php
+++ b/pages/account/8.php
@@ -25,7 +25,7 @@
if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr>
- <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td>
+ <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?> /></td>
<td class="DataTD" width="175"><?=$add?></td>
</tr>
<? } ?>
@@ -34,5 +34,5 @@
</tr>
</table>
<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/gpg/0.php b/pages/gpg/0.php
index ce3b72a..a11c4bf 100644
--- a/pages/gpg/0.php
+++ b/pages/gpg/0.php
@@ -19,7 +19,11 @@
?>
<p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
<form method="post" action="gpg.php">
-<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<p><?=_("Optional comment, only used in the certificate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
+<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
+<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please Note: You need to accept the CCA to proceed.")?></p>
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index e10935e..84e11d2 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -15,33 +15,35 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+<form method="post" action="gpg.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
+ <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Key ID")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
- `expire` as `expires`, `id`, `level`,
- `email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
+ `expire`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
{
+ $verified = '';
if($row['timeleft'] > 0)
$verified = _("Valid");
if($row['timeleft'] < 0)
@@ -52,20 +54,29 @@
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><?=$row['email']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
<? } else { ?>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } ?>
- <td class="DataTD"><?=$row['expires']?></td>
- <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
-
+ <td class="DataTD"><?=$row['expire']?></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td>
+ <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="6">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
+ </tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>" />
</form>
diff --git a/pages/index/0.php b/pages/index/0.php
index 7ee2286..6cca117 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -17,7 +17,11 @@
*/ ?>
<h3><?=_("Are you new to CAcert?")?></h3>
-<p><?=sprintf(_("If you want to have free certificates issued to you, join the %s CAcert Community %s."),"<a href=\"https://www.cacert.org/index.php?id=1\">","</a>")?></p>
+<p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p>
+
+<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p>
+
+<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p>
<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.html">',"</a>")?>
<?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p>
@@ -29,61 +33,52 @@
<div class="newsbox">
<?
-/*
- $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
- if($row['story'] != "")
- echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n";
- }
- if(mysql_num_rows(mysql_query("select * from `news`")) > 2)
- echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>";
-*/
- $rss = "";
- $open = $items = 0;
- $fp = @fopen("/www/pages/index/feed.rss", "r");
- if($fp)
- {
- echo '<p id="lnews">'._('Latest News').'</p>';
-
-
- while(!feof($fp))
- $rss .= trim(fgets($fp, 4096));
- fclose($fp);
- $rss = str_replace("><", ">\n<", $rss);
- $lines = explode("\n", $rss);
- foreach($lines as $line)
- {
- $line = trim($line);
-
- if($line != "<item>" && $open == 0)
- continue;
-
- if($line == "<item>" && $open == 0)
- {
- $open = 1;
- continue;
- }
-
- if($line == "</item>" && $open == 1)
- {
- $items++;
- if($items >= 3)
- break;
- $open == 0;
- continue;
- }
- if(substr($line, 0, 7) == "<title>")
- echo "<h3>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 7, -8)))))."</h3>\n";
- if(substr($line, 0, 13) == "<description>")
- echo "<p>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 13, -14)))))."</p>\n";
- if(substr($line, 0, 6) == "<link>")
- echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n";
+ printf("<p id='lnews'>%s</p>\n\n",_('Latest News'));
+
+ $xml = "/www/pages/index/feed.rss"; // FIXME: use relative path to allow operation with different document root
+ $dom = new DOMDocument();
+ $dom->preserveWhiteSpace = false;
+ $dom->Load($xml);
+
+ $xpath = new DOMXPath($dom); //Create an XPath query
+
+ $query = "//channel/item";
+ $items = $xpath->query($query);
+
+ $count = 0;
+ foreach($items as $id => $item) {
+ $query = "./title";
+ $nodeList = $xpath->query($query, $item);
+ $title = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
+
+ $query = "./link";
+ $nodeList = $xpath->query($query, $item);
+ $link = htmlspecialchars($nodeList->item(0)->nodeValue);
+
+ $query = "./description";
+ $nodeList = $xpath->query($query, $item);
+ $description = $nodeList->item(0)->nodeValue;
+ // The description may contain HTML entities => convert them
+ $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+ // Description may contain HTML markup and unicode characters => encode them
+ // If we didn't decode and then encode again, (i.e. take the content
+ // as it is in the RSS feed) we might inject harmful markup
+ $description = recode_string("UTF8..html", $description);
+
+ printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
+ printf("<p>%s</p>\n", nl2br($description));
+
+ $title = '';
+ $description = '';
+ $link = '';
+
+ $count++;
+ if ($count >= 3) {
+ break;
}
}
?>
+
[ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ]
</div>
<hr/>
@@ -127,4 +122,3 @@
<br /><br />
<?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>.
-
diff --git a/pages/index/1.php b/pages/index/1.php
index 5385f0b..0f63e7b 100644
--- a/pages/index/1.php
+++ b/pages/index/1.php
@@ -15,9 +15,14 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
+<p><?=_("By joining CAcert and becoming a member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
+<b><?=_("Note: Please enter your date of birth and names as they are written in your official documents.")?></b><br /><br />
+<?=_("Because CAcert is a certificate authority (CA) people rely on us knowing about the identity of the users of our certificates. So even as we value privacy very much, we need to collect at least some basic information about our members. This is especially the case for everybody who wants to take part in our web of trust.")?>
+<?=_("Your private information will be used for internal procedures only and will not be shared with third parties.")?>
+</p>
+<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
<b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b>
</p>
@@ -30,7 +35,7 @@
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
- <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
+ <td class="DataTD" width="125"><input type="text" name="fname" size="30" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
<td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td>
</tr>
@@ -38,18 +43,18 @@
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="mname" size="30" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
- <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="lname" size="30" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
+ <td class="DataTD"><input type="text" name="suffix" size="30" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
</tr>
<tr>
@@ -84,18 +89,18 @@
<tr>
<td class="DataTD"><?=_("Email Address")?>: </td>
- <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="email" size="30" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td>
<td class="DataTD"><?=_("I own or am authorised to control this email address")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td>
- <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td>
+ <td class="DataTD"><input type="password" name="pword1" size="30" autocomplete="off"></td>
<td class="DataTD" rowspan="2">&nbsp;</td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
- <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td>
+ <td class="DataTD"><input type="password" name="pword2" size="30" autocomplete="off"></td>
</tr>
<tr>
@@ -107,29 +112,39 @@
</tr>
<tr>
- <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
- <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
- <td class="DataTD" rowspan="5">&nbsp;</td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><?=_("Question")?></td>
+ <td class="DataTD"><?=_("Answer")?></td>
+ </tr>
+
+ <tr>
+ <td class="DataTD">1)</td>
+ <td class="DataTD"><input type="text" name="Q1" size="30" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A1" size="30" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
- <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
+ <td class="DataTD">2)</td>
+ <td class="DataTD"><input type="text" name="Q2" size="30" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A2" size="30" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
- <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
+ <td class="DataTD">3)</td>
+ <td class="DataTD"><input type="text" name="Q3" size="30" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A3" size="30"value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
- <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
+ <td class="DataTD">4)</td>
+ <td class="DataTD"><input type="text" name="Q4" size="30"" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A4" size="30" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
- <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
+ <td class="DataTD">5)</td>
+ <td class="DataTD"><input type="text" name="Q5" size="30" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A5" size="30" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
</tr>
<tr>
diff --git a/pages/index/21.php b/pages/index/21.php
index 0521f67..f07bbb8 100644
--- a/pages/index/21.php
+++ b/pages/index/21.php
@@ -14,34 +14,36 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? /*
-page called from the following pages
+*/
+
+/*
+page called from the following pages
a. https://wiki.cacert.org/Price [^]
b. https://wiki.cacert.org/CacertMembership/DE [^]
c. https://wiki.cacert.org/CacertMembership [^]
d. https://wiki.cacert.org/CAcertInc [^]
- e. https://wiki.cacert.org/Brain/CAcertInc [^]
- */ ?>
+ e. https://wiki.cacert.org/Brain/CAcertInc [^]
+*/ ?>
+
<h3><?=_("For CAcert Association Members")?></h3>
-<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b>
-<p><?=_("If not then select this PayPal button to establish annual payment of your US$10 membership fee.")?></p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<p><b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b></p>
+
+<p><?=_("If not then select this PayPal button to establish annual payment of your 10 EUR membership fee.")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
-<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal">
-<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7-----
-">
+<input type="hidden" name="hosted_button_id" value="AMCDNMBBDXGA2">
+<input type="image" src="/images/btn_subscribeCC_LG.gif" border="0" name="submit" alt="Subscription payment for membership fee">
</form>
-<p><?=_("To do a single US$10 Membership-Fee Payment, please use this button:")?></p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<p><?=_("To do a single 10 EUR membership fee payment, please use this button:")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
-<input type="hidden" name="hosted_button_id" value="586280">
-<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt="">
-</form>
+<input type="hidden" name="hosted_button_id" value="8F4WL72WX857J">
+<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt="Single payment for membership fee">
+</form>
-<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p>
+<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of 10 EUR in AUD.")?></p>
<p><?=_("Please also include your name in the transaction so we know who it came from and send an email to secretary at cacert dot org with the details:")?></p>
@@ -49,6 +51,5 @@ page called from the following pages
<li>Account Name: CAcert Inc</li>
<li>SWIFT: WPACAU2S</li>
<li>BSB: 032073</li>
-<li>Account No.: 180264</li>
+<li>Account No: 180264</li>
</ul>
-<br/><br/>
diff --git a/pages/index/52.php b/pages/index/52.php
new file mode 100644
index 0000000..0926780
--- /dev/null
+++ b/pages/index/52.php
@@ -0,0 +1,33 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+?>
+
+<div style="text-align: center;">
+ <h1><?=_('CAcert Community Agreement Acceptance')?></h1>
+ <p><?=sprintf(_('To get access to your account your agreement to the %s CAcert Community Agreement %s (CCA) is required.'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p>
+ <p><?=_('Every member, who has agreed to the CCA, should be able to rely on the fact that every other user of CAcert has also agreed to the CCA and that the same rules apply to everybody. Moreover it is a basic requirement for the audit to be able to tell who has accepted our rules.')?></p>
+ <p><?=_('Originally the acceptance was not recorded. Up until now, we do not have your agreement on record. Once you have accepted the CCA (again) your agreement is recorded and you will not need to do this step again.')?></p>
+ <p><?=sprintf(_('If you do not wish to accept the CCA you should consider to ask for the closing of your account as you will not be able to access our system. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p>
+ <p><?=_('If you do not want to decide about the acceptance of the CCA now, you can come back at any time.')?></p>
+ <form method="post" action="index.php">
+ <input type="submit" name="agree" value="<?=_('I agree to the CCA')?>">
+ <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </form>
+</div>
diff --git a/pages/wot/1.php b/pages/wot/1.php
index a45b5df..9047f27 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -14,9 +14,9 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+*/
+
+ $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
$total1 =$res['summe'];
$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@@ -91,7 +91,7 @@
{
$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
`ccid`='".$ccid."' and `regid`='".$regid."' and
- `locid`='".$locid."' and `users`.`id`=`notary`.`to`
+ `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query);
if(mysql_num_rows($list) > 0)
@@ -104,19 +104,19 @@
<td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Assurer")?></td>
<td class="title"><?=_("Assurer Challenge")?></td>
-
</tr>
-<? while($row = mysql_fetch_assoc($list)) { ?>
+
+<? while($row = mysql_fetch_assoc($list)) { ?>
<tr>
- <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
+ <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
- <td class="DataTD"><?=$row['contactinfo']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
<td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
-
</tr>
-<? }
- }
+<?
+ }
+ }
?>
</table>
<br>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..b5e146c 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -24,7 +24,7 @@
<td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
-<?
+<?// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,18 +64,18 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
- <td class="DataTD"><?=$row['id']?></td>
+ <td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><?=$row['points']?></td>
- <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td>
+ <td class="DataTD"><?=intval($row['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
</tr>
<?
@@ -114,30 +114,30 @@ if ($thawte)
</tr>
<?
$points = 0;
- $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
- $points += $row['points'];
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
+ $points += intval($row['points']);
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
$name = _("Deleted before Verification");
else
- $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
+ $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>";
?>
<tr>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><?=$name?></td>
<td class="DataTD"><?=intval($row['points'])?></td>
- <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="2">&nbsp;</td>
</tr>
</table>
diff --git a/pages/wot/15.php b/pages/wot/15.php
index 8579588..c1f3e0f 100644
--- a/pages/wot/15.php
+++ b/pages/wot/15.php
@@ -14,9 +14,9 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
- include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
+ require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$userid = intval($_SESSION['profile']['id']);
diff --git a/pages/wot/4.php b/pages/wot/4.php
index befdfe4..628e6a5 100644
--- a/pages/wot/4.php
+++ b/pages/wot/4.php
@@ -15,7 +15,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-require_once(dirname(__FILE__).'/../../includes/wot.inc.php');
+require_once(dirname(__FILE__).'/../../includes/notary.inc.php');
?>
<h3><?=_("Trusted Third Parties")?></h3>
diff --git a/pages/wot/5.php b/pages/wot/5.php
index c1a6438..565dd6a 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -18,14 +18,24 @@
include_once("../includes/shutdown.php");
require_once("../includes/lib/l10n.php");
?>
-<?
- if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
+<?
+ if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
{
?><font color="orange" size="+1">
<? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
</font>
<?unset($_SESSION['_config']['error']);
- }
+ }
+
+ if (!isset($_SESSION['assuresomeone']['year'])) {
+ $_SESSION['assuresomeone']['year'] = 0;
+ }
+ if (!isset($_SESSION['assuresomeone']['month'])) {
+ $_SESSION['assuresomeone']['month'] = 0;
+ }
+ if (!isset($_SESSION['assuresomeone']['day'])) {
+ $_SESSION['assuresomeone']['day'] = 0;
+ }
?>
<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
<form method="post" action="wot.php">
@@ -60,6 +70,37 @@
<td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
<? } ?>
</tr>
+ <tr>
+ <td class="DataTD">
+ <?=_("Date of Birth")?><br/>
+ (<?=_("yyyy/mm/dd")?>)</td>
+ <td class="DataTD">
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
+ <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+ echo "<option value='$i'";
+ if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i)
+ echo " selected=\"selected\"";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+ </select>
+ <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+ echo "<option";
+ if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i)
+ echo " selected=\"selected\"";
+ echo ">$i</option>";
+}
+?>
+ </select>
+ </td>
+ </tr>
+
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index b75f6fa..39605f3 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -24,6 +24,9 @@
}
$row = $_SESSION['_config']['notarise'];
+ $_SESSION['assuresomeone']['year'] = 0;
+ $_SESSION['assuresomeone']['month'] = 0;
+ $_SESSION['assuresomeone']['day'] = 0;
if($_SESSION['profile']['ttpadmin'] == 1)
// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
@@ -32,28 +35,54 @@
else
$methods = array("Face to Face Meeting");
- $fname = $row['fname'];
- $mname = $row['mname'];
- $lname = $row['lname'];
- $suffix = $row['suffix'];
+ $mnames = array(
+ '01' => _('January'),
+ '02' => _('February'),
+ '03' => _('March'),
+ '04' => _('April'),
+ '05' => _('May'),
+ '06' => _('June'),
+ '07' => _('July'),
+ '08' => _('August'),
+ '09' => _('September'),
+ '10' => _('October'),
+ '11' => _('November'),
+ '12' => _('December')
+ );
+
+ $fname = sanitizeHTML($row['fname']);
+ $mname = sanitizeHTML($row['mname']);
+ $lname = sanitizeHTML($row['lname']);
+ $suffix = sanitizeHTML($row['suffix']);
$dob = $row['dob'];
+
+ $dob_date = explode('-', $dob, 3);
+ $dob_print = sprintf(
+ '<tt class="accountdetail">%s-%s-%s</tt> (%d %s %d)',
+ $dob_date[0], $dob_date[1], $dob_date[2],
+ intval($dob_date[2], 10), $mnames[$dob_date[1]], intval($dob_date[0], 10)
+ );
+
$name = $fname." ".$mname." ".$lname." ".$suffix;
$_SESSION['_config']['wothash'] = md5($name."-".$dob);
- include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
+ require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
- AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname));
- AssureTextLine(_("Name"),$name);
- AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")");
- AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
- AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
- AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day"));
- AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face."));
+ AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s %s %s %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname, $mname, $lname, $suffix));
+ AssureTextLine(_("Name"), sprintf(
+ "<tt><span class=\"accountdetail name\"><span class=\"accountdetail fname\">%s</span> <span class=\"accountdetail mname\">%s</span> <span class=\"accountdetail lname\">%s</span> <span class=\"accountdetail suffix\">%s</span></span></tt>",
+ $fname, $mname, $lname, $suffix
+ ));
+ AssureTextLine(_("Date of Birth"),$dob_print);
+ AssureMethodLine(_("Method"),$methods,'');
+ AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
+ AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
+ AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"","");
+ AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
+ AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
- AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
- AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.html\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
+ AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
+ AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.html\" target=\"_blank\">"._("CAcert Community Agreement")."</a> - <a href=\"/policy/AssurancePolicy.html\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
- AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.html\">CAcert Community Agreement</a>"),$fname));
- AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.html\">CAcert Community Agreement</a>"));
AssureFoot($id,_("I confirm this Assurance"));
?>
diff --git a/pages/wot/9.php b/pages/wot/9.php
index bfa7a98..20f2c6d 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -15,9 +15,9 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-
+
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
-
+
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0)
@@ -26,11 +26,10 @@
} else {
$user = mysql_fetch_array($res);
- $userlang = $user['language'];
+ $userlang = L10n::normalise_translation($user['language']);
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
- if($points <= 0)
- {
+ where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
+ if($points <= 0) {
echo _("Sorry, I was unable to locate that user.");
} else {
@@ -38,31 +37,31 @@
?>
<? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
-<input type="hidden" name="userid" value="<?=$user['id']?>">
+<input type="hidden" name="userid" value="<?=intval($user['id'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Contact Assurer")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("To")?>:</td>
- <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td>
+ <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td>
</tr>
<? if($userlang != "") { ?>
<tr>
<td class="DataTD"><?=_("Language")?>:</td>
- <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td>
+ <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td>
</tr>
<? } ?>
<?
- $query = "select * from `addlang` where `userid`='".$user['id']."'";
+ $query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
- <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td>
+ <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td>
</tr>
<? } ?>
<tr>
@@ -79,7 +78,7 @@
</table>
<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
</form>
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<? } } ?>