diff options
| author | Markus Warg <mw@it-sls.de> | 2010-03-29 09:54:06 +0200 |
|---|---|---|
| committer | Markus Warg <mw@it-sls.de> | 2010-03-29 09:54:06 +0200 |
| commit | 9dceece06fbdc98add6f76f0b1aec05891a394c4 (patch) | |
| tree | f7227c28ca5f79f30c2ec81ba1a09a4fe3972436 /www/wot.php | |
| parent | 5b68967def224a00f54eb54946ff17301bbd3cdb (diff) | |
| download | cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.gz cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.xz cacert-devel-9dceece06fbdc98add6f76f0b1aec05891a394c4.zip | |
remove cacert/ prefix
Diffstat (limited to 'www/wot.php')
| -rw-r--r-- | www/wot.php | 473 |
1 files changed, 473 insertions, 0 deletions
diff --git a/www/wot.php b/www/wot.php new file mode 100644 index 0000000..25eb213 --- /dev/null +++ b/www/wot.php @@ -0,0 +1,473 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + require_once("../includes/loggedin.php"); + + loadem("account"); + + if(array_key_exists('date',$_POST) && $_POST['date'] != "") + $_SESSION['_config']['date'] = $_POST['date']; + + if(array_key_exists('location',$_POST) && $_POST['location'] != "") + $_SESSION['_config']['location'] = $_POST['location']; + + $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0; + + if($oldid == 12) + { + $id = $oldid; + } + + if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6)) + { + if (!is_assurer($_SESSION['profile']['id'])) { + showheader(_("My CAcert.org Account!")); + echo "<p>".get_assurer_reason($_SESSION['profile']['id'])."</p>"; + showfooter(); + exit; + } + } + + if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0) + { + $oldid=0; + $id = 5; + } + + if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "") + { + $body = ""; + if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU") + { + $userlang = $_POST['reminder-lang']; + $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang']; + putenv("LANG=".$userlang); + setlocale(LC_ALL, $userlang); + + $body .= $_SESSION['_config']['translations'][$userlang].":\n\n"; + $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n"; + $body .= _("Best regards")."\n"; + $body .= _("CAcert Support Team"); + + $body .= "\n\nEnglish:\n\n"; + } + + $body .= sprintf("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued.", $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n"; + $body .= "Best regards"."\n"; + $body .= "CAcert Support Team"; + + sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']); + + if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU") + { + $userlang = $_SESSION['profile']['language']; + putenv("LANG=".$userlang); + setlocale(LC_ALL, $userlang); + } + + $_SESSION['_config']['remindersent'] = 1; + $_SESSION['_config']['error'] = _("A reminder notice has been sent."); + + $id = $oldid; + $oldid=0; + } + + if($oldid == 5) + { + $_SESSION['_config']['noemailfound'] = 0; + $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) != 1) + { + $id = $oldid; + $oldid=0; + $_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information."); + $_SESSION['_config']['noemailfound'] = 1; + } else { + $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res); + } + } + + if($oldid == 5 || $oldid == 6) + { + if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "") + { + header("location: wot.php"); + exit; + } + + if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id']) + { + $id = 5; + $oldid=0; + $_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!"); + } + } + + if($oldid == 5 || $oldid == 6) + { + $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and + `to`='".$_SESSION['_config']['notarise']['id']."'"; + $_SESSION['_config']['alreadydone'] = 0; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200) + { + $id = 5; + $oldid=0; + $_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!"); + } elseif($oldid == 5) { + $id = 6; + } + if($id == 6 && mysql_num_rows($res) > 0) + { + $_SESSION['_config']['alreadydone'] = 1; + } + unset($_SESSION['_config']['pointsalready']); + if($id == 6 && $_SESSION['profile']['points'] >= 100) + { + $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; + $res = mysql_query($query); + $drow = mysql_fetch_assoc($res); + $_SESSION['_config']['pointsalready'] = $drow['total']; + } + unset($_SESSION['_config']['verified']); + if($id == 6 && $_SESSION['profile']['points'] >= 100) + { + $query = "select `verified` from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; + $res = mysql_query($query); + $drow = mysql_fetch_assoc($res); + $_SESSION['_config']['verified'] = $drow['verified']; + } + } + + if($oldid == 6) + { + if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1 || !array_key_exists('rules',$_POST) || $_POST['rules'] != 1) + { + $id = $oldid; + $oldid=6; + $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"); + } + + if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1) + { + $id = $oldid; + $oldid=6; + $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"); + } + } + + if($oldid == 6 && $_SESSION['profile']['ttpadmin'] != 1) + { + if($_POST['location'] == "") + { + $id = $oldid; + $oldid=0; + $_SESSION['_config']['error'] = _("You failed to enter a location of your meeting."); + } + } + + if($oldid == 6) + { + $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; + $res = mysql_query($query); + $row = mysql_fetch_assoc($res); + $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; + if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) + { + $id = $oldid; + $oldid=0; + $_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."); + } + } + + if($oldid == 6 && $_REQUEST['points'] == "") + { + $id = $oldid; + $oldid=0; + $_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person."); + } + + if($oldid == 6) + { + $max = maxpoints(); + $awarded = $newpoints = intval($_POST['points']); + if($newpoints > $max) + $newpoints = $max; + $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; + $res = mysql_query($query); + $drow = mysql_fetch_assoc($res); + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && $drow['total'] > 150) + { + showheader(_("My CAcert.org Account!")); + echo "<p>"._("You tried to give a temporary points increase to someone that already has more then 150 points. Can't continue.")."</p>"; + showfooter(); + exit; + } + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) <= 0) + { + showheader(_("My CAcert.org Account!")); + echo "<p>"._("You didn't list a valid sponsor for this action.")."</p>"; + showfooter(); + exit; + } + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) > 0) + { + $resc = mysql_query("select * from `users` where `id`='".intval($_POST['sponsor'])."' and `board`='1'"); + $rc = mysql_num_rows($resc); + $sponsor = mysql_fetch_assoc($resc); + if($rc <= 0) + { + showheader(_("My CAcert.org Account!")); + echo "<p>"._("You listed an invalid sponsor for this action.")."</p>"; + showfooter(); + exit; + } + } + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) + { + $_POST['method'] == "Administrative Increase"; + $newpoints = 200 - $drow['total']; + if(intval($_POST['expire']) > 45) + $_POST['expire'] = 45; + if(intval($_POST['expire']) <= 7) + $_POST['expire'] = 7; + } else { + $_POST['expire'] = 0; + if(($drow['total'] + $newpoints) > 100 && $max < 100) + $newpoints = 100 - $drow['total']; + if(($drow['total'] + $newpoints) > $max && $max >= 100) + $newpoints = $max - $drow['total']; + if($newpoints < 0) + $newpoints = 0; + } + + if(mysql_escape_string(stripslashes($_POST['date'])) == "") + $_POST['date'] = date("Y-m-d H:i:s"); + + $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND + `to`='".$_SESSION['_config']['notarise']['id']."' AND + `awarded`='$awarded' AND + `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND + `date`='".mysql_escape_string(stripslashes($_POST['date']))."'"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $id = $oldid; + $oldid=0; + $_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue."); + } + } + + if($oldid == 6) + { + $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', + `to`='".$_SESSION['_config']['notarise']['id']."', + `points`='$newpoints', `awarded`='$awarded', + `location`='".mysql_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + `when`=NOW()"; + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) + { + $query .= ",\n`method`='Temporary Increase'"; + $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)"; + $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'"; + } else if($_SESSION['profile']['board'] == 1) { + $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'"; + } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) { + $query .= ",\n`method`='Trusted Third Parties'"; + } + mysql_query($query); + fix_assurer_flag($_SESSION['_config']['notarise']['id']); + + if($_SESSION['profile']['points'] < 150) + { + $addpoints = 0; + if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100) + $addpoints = 2; + else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100) + $addpoints = 1; + $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', + `to`='".$_SESSION['profile']['id']."', + `points`='$addpoints', `awarded`='$addpoints', + `location`='".mysql_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + `method`='Administrative Increase', + `when`=NOW()"; + mysql_query($query); + // No need to fix_assurer_flag here, this should only happen for assurers... + $_SESSION['profile']['points'] += $addpoints; + } + + if($_SESSION['_config']['notarise']['language'] != "") + { + $userlang = $_SESSION['_config']['notarise']['language']; + putenv("LANG=".$userlang); + setlocale(LC_ALL, $userlang); + } + + $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n"; + if($_POST['points'] != $newpoints) + $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n"; + else + $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n"; + + if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50) + { + $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n"; + } + + if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0) + { +// $body .= _("You now have over 100 points and can start assuring others.")."\n\n"; + $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the")." "; + $body .= _("Assurer Challenge")." ( https://cats.cacert.org )\n\n"; + $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n"; + $body .= "https://www.cacert.org/wot.php?id=8\n\n"; + $body .= _("You can list your location by going to:")."\n\n"; + $body .= "https://www.cacert.org/wot.php?id=13\n\n"; + } + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) + $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n"; + + $body .= _("Best regards")."\n"; + $body .= _("CAcert Support Team"); + + sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website"); + + putenv("LANG=".$_SESSION['profile']['language']); + setlocale(LC_ALL, $_SESSION['profile']['language']); + + $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n"; + if($_POST['points'] != $newpoints) + $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n"; + else + $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n"; + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) + $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n"; + $body .= _("Best regards")."\n"; + $body .= _("CAcert Support Team"); + + sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support"); + + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) + { + $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n"; + + sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website"); + } + + showheader(_("My CAcert.org Account!")); + echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>"; +?><form method="post" action="wot.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Assure Someone")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="email" id="email" value=""></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="5"> +</form> +<SCRIPT LANGUAGE="JavaScript"> +//<![CDATA[ + function my_init() + { + document.getElementById("email").focus(); + } + + window.onload = my_init(); +//]]> +</script> +<? + showfooter(); + exit; + } + + if($oldid == 8) + { + csrf_check("chgcontact"); + + $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); + $listme = intval($_POST['listme']); + if($listme < 0 || $listme > 1) + $listme = 0; + + $_SESSION['profile']['listme'] = $listme; + $_SESSION['profile']['contactinfo'] = $info; + + $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + + showheader(_("My CAcert.org Account!")); + echo "<p>"._("Your account information has been updated.")."</p>"; + showfooter(); + exit; + } + + if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0) + { + if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid']) + { + $oldid=0; + $id = 9; + $error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."); + } else { + $body = $_REQUEST['message']; + $subject = $_REQUEST['subject']; + $userid = intval($_REQUEST['userid']); + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); + $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); + if($points > 0) + { + sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'], + $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); + showheader(_("My CAcert.org Account!")); + echo "<p>"._("Your email has been sent to")." ".$user['fname'].".</p>"; + echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n"; + showfooter(); + exit; + } else { + showheader(_("My CAcert.org Account!")); + echo _("Sorry, I was unable to locate that user."); + showfooter(); + exit; + } + } + } elseif($oldid == 9) { + $oldid=0; + $error = _("There was an error and I couldn't proceed"); + $id = 9; + } + + showheader(_("My CAcert.org Account!")); + includeit($id, "wot"); + showfooter(); +?> |