summaryrefslogtreecommitdiff
path: root/scripts/cron/permissionreview.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2012-03-28 23:35:54 +0200
committerMichael Tänzer <neo@nhng.de>2012-03-28 23:35:54 +0200
commit02d307527b6797e8dd6f6117b8ff24707d007137 (patch)
tree8235c0241681f92203cdc51f8b310a7a9f2e6912 /scripts/cron/permissionreview.php
parentd4bd109238aec503ad1d8abc1cd12ad8a12bba46 (diff)
parentb9d60cb4824796dc85d60e672d076ae25e534682 (diff)
downloadcacert-devel-02d307527b6797e8dd6f6117b8ff24707d007137.tar.gz
cacert-devel-02d307527b6797e8dd6f6117b8ff24707d007137.tar.xz
cacert-devel-02d307527b6797e8dd6f6117b8ff24707d007137.zip
Merge branch 'release' into bug-1024
Conflicts: includes/lib/account.php Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'scripts/cron/permissionreview.php')
-rwxr-xr-xscripts/cron/permissionreview.php102
1 files changed, 102 insertions, 0 deletions
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
new file mode 100755
index 0000000..572c1fd
--- /dev/null
+++ b/scripts/cron/permissionreview.php
@@ -0,0 +1,102 @@
+#!/usr/bin/php -q
+<?php
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+require_once(dirname(__FILE__).'/../../includes/mysql.php');
+
+$BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
+
+$flags = array(
+ 'admin' => 'Support Engineer',
+ 'orgadmin' => 'Organisation Assurer',
+ 'board' => 'Board Member',
+ 'ttpadmin' => 'Trusted Third Party Admin',
+ 'tverify' => 'Tverify Admin',
+ 'locadmin' => 'Location Admin'
+ );
+
+$adminlist = array();
+
+foreach ($flags as $flag => $description) {
+ $query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
+ if(! $res = mysql_query($query) ) {
+ fwrite(STDERR,
+ "MySQL query for flag $flag failed:\n".
+ "\"$query\"\n".
+ mysql_error()
+ );
+
+ continue;
+ }
+
+ $admins = array();
+ $adminlist[$flag] = "";
+
+ while ($row = mysql_fetch_assoc($res)) {
+ $admins[] = $row;
+ $adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n";
+ }
+
+ foreach ($admins as $admin) {
+ $message = <<<EOF
+Hello $admin[fname],
+
+you get this message, because you are listed as $description on
+CAcert.org. Please review the following list of persons with the same privilege
+and report to the responsible team leader or board
+($BOARD_PRIVATE) if you spot any errors.
+
+$adminlist[$flag]
+
+
+Best Regards,
+CAcert Support
+EOF;
+ sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+ }
+}
+
+
+
+$message = <<<EOF
+Dear Board Members,
+
+it's time for the permission review again. Here is the list of privileged users
+in the CAcert web application. Please review them and also ask the persons
+responsible for an up-to-date copy of access lists not directly recorded in the
+web application (critical admins, software assessors etc.)
+
+
+EOF;
+
+foreach ($flags as $flag => $description) {
+ $message .= <<<EOF
+List of ${description}s:
+$adminlist[$flag]
+
+EOF;
+}
+
+$message .= <<<EOF
+
+Best Regards,
+CAcert Support
+EOF;
+
+sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org');