summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-09-08 21:35:14 +0200
committerMichael Tänzer <neo@nhng.de>2013-09-08 21:35:14 +0200
commit9d4ec70dda220ab42c013de4313d26b3914ba668 (patch)
treeb6879403ab958023da59c70447997b9af8e19adc /www
parentaea694d929d09db48b008eda40fc2a77ea086e8d (diff)
downloadcacert-devel-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.gz
cacert-devel-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.xz
cacert-devel-9d4ec70dda220ab42c013de4313d26b3914ba668.zip
Source code taken from cacert-20130906.tar.bz2
Diffstat (limited to 'www')
-rw-r--r--www/disputes.php32
-rw-r--r--www/gpg.php228
-rw-r--r--www/images/btn_paynowCC_LG.gifbin2432 -> 2410 bytes
-rw-r--r--www/images/btn_subscribeCC_LG.gifbin0 -> 2172 bytes
-rw-r--r--www/wot.php87
5 files changed, 213 insertions, 134 deletions
diff --git a/www/disputes.php b/www/disputes.php
index 4944d8c..34a447a 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -17,6 +17,7 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
+ require_once("../includes/notary.inc.php");
loadem("account");
@@ -58,24 +59,13 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
-
- $do = `../scripts/runclient`;
- $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
- mysql_query($query);
+ account_email_delete($row['id']);
}
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
+ $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysql_query("select * from `users` where `id`='$oldmemid'");
+ $user = mysql_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
@@ -160,17 +150,13 @@
showheader(_("Domain Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
+ //new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
- echo $_SESSION['_config']['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
- $query = "select * from `domlink` where `domid`='$domainid'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
- $do = `../scripts/runserver`;
+ echo $_SESSION['_config']['domain']."<br>\n";
+ account_domain_delete($domainid);
}
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();
diff --git a/www/gpg.php b/www/gpg.php
index 345b559..f24d84c 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -17,6 +17,8 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
+ require_once("../includes/lib/general.php");
+ require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
@@ -52,7 +54,7 @@ if(0)
{
showheader(_("Welcome to CAcert.org"));
echo "The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience.";
-
+
exit(0);
}
}
@@ -82,17 +84,44 @@ function verifyEmail($email)
$state=0;
if($oldid == "0" && $CSR != "")
{
- $debugkey = $gpgkey = clean_gpgcsr($CSR);
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
- $tnam = tempnam('/tmp/', '__gpg');
- $fp = fopen($tnam, 'w');
- fwrite($fp, $gpgkey);
- fclose($fp);
- $debugpg = $gpg = trim(`gpg --with-colons --homedir /tmp 2>&1 < $tnam`);
- unlink($tnam);
+ $err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX',
+ "",
+ $tmpdir);
+ if (!$tmpdir)
+ {
+ $err = true;
+ }
+
+ if (!$err)
+ {
+ $err = runCommand("gpg --with-colons --homedir $tmpdir 2>&1",
+ clean_gpgcsr($CSR),
+ $gpg);
+
+ `rm -r $tmpdir`;
+ }
+
+ if ($err)
+ {
+ showheader(_("Welcome to CAcert.org"));
+
+ echo "<p style='color:#ff0000'>"._("There was an error parsing your key.")."</p>";
+ unset($_REQUEST['process']);
+ $id = $oldid;
+ unset($oldid);
+ exit();
+ }
$lines = "";
- $gpgarr = explode("\n", $gpg);
+ $gpgarr = explode("\n", trim($gpg));
foreach($gpgarr as $line)
{
#echo "Line[]: $line <br/>\n";
@@ -143,7 +172,7 @@ function verifyEmail($email)
$uidformatwrong=0;
if(sizeof($bits)<10) $uidformatwrong=1;
-
+
if(preg_match("/\@.*\@/",$bits[9]))
{
showheader(_("Welcome to CAcert.org"));
@@ -251,7 +280,6 @@ function verifyEmail($email)
}
$resulttable.="</table>";
-
if($nok==0)
{
showheader(_("Welcome to CAcert.org"));
@@ -261,7 +289,6 @@ function verifyEmail($email)
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
- $do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
exit();
}
elseif($nerr)
@@ -275,12 +302,22 @@ function verifyEmail($email)
if($oldid == "0" && $CSR != "")
{
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
+ //set variable for comment
+ if(trim($_REQUEST['description']) == ""){
+ $description= "";
+ }else{
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }
+
$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
`email`='".mysql_real_escape_string($lastvalidemail)."',
`level`='1',
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."',
- `keyid`='".mysql_real_escape_string($keyid)."'";
+ `keyid`='".mysql_real_escape_string($keyid)."',
+ `description`='".mysql_real_escape_string($description)."'";
mysql_query($query);
$id = mysql_insert_id();
@@ -296,7 +333,7 @@ function verifyEmail($email)
system("gpg --homedir $cwd --import $cwd/gpg.csr");
- $debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`);
+ $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`);
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
@@ -334,7 +371,7 @@ function verifyEmail($email)
}
$mail="";
- if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
+ if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
//echo "Found: ".$match[1];
$mail = trim(hex2bin($match[1]));
}
@@ -342,7 +379,7 @@ function verifyEmail($email)
{
//echo "Not found!\n";
}
-
+
$emailok=verifyEmail($mail);
$uidid=$bits[7];
@@ -384,95 +421,89 @@ function verifyEmail($email)
}
}
+ if(count($ToBeDeleted)>0)
+ {
+ $descriptorspec = array(
+ 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
+ 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
+ 2 => array("pipe", "w") // stderr is a file to write to
+ );
+ $stderr = fopen('php://stderr', 'w');
+ //echo "Keyid: $keyid\n";
- if(count($ToBeDeleted)>0)
- {
+ $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
+ //echo "Process: $process\n";
+ //fputs($stderr,"Process: $process\n");
- $descriptorspec = array(
- 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
- 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
- 2 => array("pipe", "w") // stderr is a file to write to
- );
-
- $stderr = fopen('php://stderr', 'w');
-
-
- //echo "Keyid: $keyid\n";
-
- $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
-
- //echo "Process: $process\n";
- //fputs($stderr,"Process: $process\n");
-
- if (is_resource($process)) {
- //echo("it is a resource\n");
- // $pipes now looks like this:
- // 0 => writeable handle connected to child stdin
- // 1 => readable handle connected to child stdout
- // Any error output will be appended to /tmp/error-output.txt
- while (!feof($pipes[1]))
- {
- $buffer = fgets($pipes[1], 4096);
- //echo $buffer;
-
- if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
- {
- fputs($pipes[0],"yes\n");
- }
- elseif($buffer == "[GNUPG:] GOT_IT\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
- {
- fputs($pipes[0],"yes\n");
- }
- elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
- {
- if(count($ToBeDeleted)>0)
- {
- $delthisuid=array_pop($ToBeDeleted);
- //echo "Deleting an UID $delthisuid\n";
- fputs($pipes[0],"uid ".$delthisuid."\n");
- }
- else
- {
- //echo "Saving\n";
- fputs($pipes[0],$state?"save\n":"deluid\n");
- $state++;
- }
- }
- elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
- {
- echo "Key expired!\n";
- exit;
- }
- elseif($buffer == "")
- {
- //echo "Empty!\n";
- }
- else
- {
- echo "ERROR: UNKNOWN $buffer\n";
- }
+ if (is_resource($process)) {
+ //echo("it is a resource\n");
+ // $pipes now looks like this:
+ // 0 => writeable handle connected to child stdin
+ // 1 => readable handle connected to child stdout
+ // Any error output will be appended to /tmp/error-output.txt
+ while (!feof($pipes[1]))
+ {
+ $buffer = fgets($pipes[1], 4096);
+ //echo $buffer;
+
+ if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif($buffer == "[GNUPG:] GOT_IT\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
+ {
+ if(count($ToBeDeleted)>0)
+ {
+ $delthisuid=array_pop($ToBeDeleted);
+ //echo "Deleting an UID $delthisuid\n";
+ fputs($pipes[0],"uid ".$delthisuid."\n");
+ }
+ else
+ {
+ //echo "Saving\n";
+ fputs($pipes[0],$state?"save\n":"deluid\n");
+ $state++;
+ }
+ }
+ elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
+ {
+ echo "Key expired!\n";
+ exit;
+ }
+ elseif($buffer == "")
+ {
+ //echo "Empty!\n";
+ }
+ else
+ {
+ echo "ERROR: UNKNOWN $buffer\n";
+ }
}
//echo "Fertig\n";
fclose($pipes[0]);
-
+
//echo stream_get_contents($pipes[1]);
fclose($pipes[1]);
-
+
// It is important that you close any pipes before calling
// proc_close in order to avoid a deadlock
$return_value = proc_close($process);
-
+
//echo "command returned $return_value\n";
}
else
@@ -508,6 +539,23 @@ function verifyEmail($email)
exit;
}
+ if($oldid == 2 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
$id = intval($id);
showheader(_("Welcome to CAcert.org"));
diff --git a/www/images/btn_paynowCC_LG.gif b/www/images/btn_paynowCC_LG.gif
index f2edb8f..99fda23 100644
--- a/www/images/btn_paynowCC_LG.gif
+++ b/www/images/btn_paynowCC_LG.gif
Binary files differ
diff --git a/www/images/btn_subscribeCC_LG.gif b/www/images/btn_subscribeCC_LG.gif
new file mode 100644
index 0000000..a5cd278
--- /dev/null
+++ b/www/images/btn_subscribeCC_LG.gif
Binary files differ
diff --git a/www/wot.php b/www/wot.php
index 1b84f51..8395a58 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -18,6 +18,8 @@
<?
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
+require_once("../includes/notary.inc.php");
+
function show_page($target,$message,$error)
@@ -113,9 +115,6 @@ function send_reminder()
$_SESSION['_config']['error'] = _("A reminder notice has been sent.");
}
-
-
-
loadem("account");
if(array_key_exists('date',$_POST) && $_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
@@ -127,7 +126,7 @@ function send_reminder()
if($oldid == 12)
$id = $oldid;
-
+
if($oldid == 4)
{
if ($_POST['ttp']!='') {
@@ -238,37 +237,79 @@ function send_reminder()
if($oldid == 6)
{
$iecho= "c";
+ //date checks
+ if(trim($_REQUEST['date']) == '')
+ {
+ show_page("VerifyData","",_("You must enter the date when you met the assuree."));
+ exit;
+ }
+
+ if(!check_date_format(trim($_REQUEST['date'])))
+ {
+ show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
+ exit;
+ }
+
+ if(!check_date_difference(trim($_REQUEST['date'])))
+ {
+ show_page("VerifyData","",_("You must not enter a date in the future."));
+ exit;
+ }
+
+ //proof of identity check and accept arbitration, implements CCA
if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
-/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+ //proof of CCA agreement by assuree after 2010-01-01
+ if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
+ {
+ show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
+ exit;
+ }
+
+ //assurance done according to rules
+ if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
-*/
- if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
+ //met assuree in person, not appliciable for TTP / TTP Topup assurances
+ if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_REQUEST['method'] != "Trusted 3rd Parties")
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
- if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
+ //check location, min 3 characters
+ if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
{
show_page("VerifyData","",_("You failed to enter a location of your meeting."));
exit;
}
- if($_REQUEST['points'] == "")
+ if(strlen(trim($_REQUEST['location']))<=2)
+ {
+ show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
+ exit;
+ }
+
+ //check for points in range 0-35, for nucleus 35 + 15 temporary
+ if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
{
show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
exit;
}
+ if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+ {
+ show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+ exit;
+ }
+
$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
@@ -315,7 +356,7 @@ $iecho= "c";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
- show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
+ show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
exit;
}
}
@@ -328,6 +369,10 @@ $iecho= "c";
`location`='".mysql_escape_string(stripslashes($_POST['location']))."',
`date`='".mysql_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
+ //record active acceptance by Assurer
+ if (check_date_format(trim($_REQUEST['date']),2010)) {
+ write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
+ }
if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
}
@@ -404,16 +449,16 @@ $iecho= "c";
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
?><form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Assure Someone")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
- </tr>
+ <tr>
+ <td colspan="2" class="title"><?=_("Assure Someone")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
</table>
<input type="hidden" name="oldid" value="5">
</form>
@@ -466,7 +511,7 @@ $iecho= "c";
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
- $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{